From: Wietse Venema Date: Sat, 21 Dec 2013 05:00:00 +0000 (-0500) Subject: postfix-2.11-20131221 X-Git-Tag: v2.11.0-RC1~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=35467ac47f297b9978e8d4a2f7ae93a9ad09669a;p=thirdparty%2Fpostfix.git postfix-2.11-20131221 --- diff --git a/postfix/.indent.pro b/postfix/.indent.pro index 5b4b23196..32948b150 100644 --- a/postfix/.indent.pro +++ b/postfix/.indent.pro @@ -361,6 +361,7 @@ -TXSASL_SERVER_IMPL_INFO -Tbind_props -Tcipher_probe_t +-Td2i_X509_t -Tdane_digest -Tfilter_ctx -Tgeneral_name_stack_t diff --git a/postfix/HISTORY b/postfix/HISTORY index 02fbe4dd6..6ca997e3f 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -19423,3 +19423,20 @@ Apologies for any names omitted. Documentation: typo in SASL_README. Patrick Ben Koetter. File: proto/SASL_README.html. + + Documentation: increased the *.[0-9].html manpage width + from the historical 65 columns to the more contemporary 78 + columns, and future-proofed the pattern that eliminates + redundant text from the "README FILES" section. Files: + mantools/postlink, mantools/man2html, man/Makefile.in. + + Documentation: misc manual page cleanups. Files: + postconf/postconf.c, postmulti/postmulti.c. + +20131221 + + Testbed: TLS support. Viktor Dukhovni. Files: tls/Makefile.in, + tls/tls_dane.c, tls/tls_dane.sh, tls/tls_mgr.c, .indent.pro. + + Documentation: added section on how to verify that forward + secrecy works. File: proto/FORWARD_SECRECY_README.html. diff --git a/postfix/README_FILES/FORWARD_SECRECY_README b/postfix/README_FILES/FORWARD_SECRECY_README index 14d75417c..b2bce2d34 100644 --- a/postfix/README_FILES/FORWARD_SECRECY_README +++ b/postfix/README_FILES/FORWARD_SECRECY_README @@ -34,11 +34,18 @@ cost constraints on the efficacy of bulk surveillance, recovering all past traffic is generally infeasible, and even recovery of individual sessions may be infeasible given a sufficiently-strong key agreement method. +Forward secrecy protects network communication in the absence of active +attacks, i.e. no forged DNS replies, and no forged TLS server certificates. If +active attacks are a concern, then you will need to authenticate the remote +SMTP server in a secure manner. For example, by the fingerprint of the public +key or certificate. Conventional PKI relies on too many trusted parties. + Topics covered in this document: * Forward Secrecy in TLS * Forward Secrecy in the Postfix SMTP Server * Forward Secrecy in the Postfix SMTP Client + * How do I know that it works? * Credits And last but not least, for the impatient: @@ -199,24 +206,70 @@ not secret, after all these are sent to all SMTP clients in the clear. Mode Once the parameters are in place, update main.cf as follows: - main.cf: - # Postfix >= 2.6 - smtpd_tls_eecdh_grade = strong - # All versions of Postfix: - smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem - smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem + /etc/postfix/main.cf: + # Postfix >= 2.6 + smtpd_tls_eecdh_grade = strong + # All versions of Postfix: + smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem + smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem If some of your MSA clients don't support 2048-bit EDH, you may need to adjust the submission entry in master.cf accordingly: - master.cf: - submission inet n - n - - smtpd - # Some submission clients may not yet do 2048-bit EDH, if such - # clients use your MSA, configure 1024-bit EDH instead: - -o smtpd_tls_dh1024_param_file=${config_directory}/dh1024.pem - -o smtpd_tls_security_level=encrypt - -o smtpd_sasl_auth_enable=yes - ... + /etc/postfix/master.cf: + submission inet n - n - - smtpd + # Some submission clients may not yet do 2048-bit EDH, if such + # clients use your MSA, configure 1024-bit EDH instead: + -o smtpd_tls_dh1024_param_file=${config_directory}/dh1024.pem + -o smtpd_tls_security_level=encrypt + -o smtpd_sasl_auth_enable=yes + ... + +HHooww ddoo II kknnooww tthhaatt iitt wwoorrkkss?? + +Postfix reports TLS connection information in several ways: + + * With "smtp_tls_loglevel = 1" and "smtpd_tls_loglevel = 1", the Postfix SMTP + client and server will log information about, among others, the remote peer + certificate or public-key verification status, the negotiated cipher, and + key lengths. The general logfile format is: + + postfix/smtp[xxx]: Trusted TLS connection established to + host.example.com[192.168.0.2]:25: TLSv1 with cipher XXX (YYY/ZZZ bits) + + postfix/smtpd[xxx]: Untrusted TLS connection established from + host.example.com[192.168.0.2]: TLSv1 with cipher XXX (YYY/ZZZ bits) + + * With "smtpd_tls_received_header = yes", the Postfix SMTP server will record + similar information in the Received: header in the form of comments (text + inside parentheses). The general format is: + + Received: from host.example.com (host.example.com [192.168.0.2]) + (using TLSv1 with cipher XXX (YYY/ZZZ bits)) + (Client CN "host.example.com", Issuer "Wietse Venema" (not + verified)) + +There are dozens of ciphers that support forward secrecy. What follows is the +beginning of a list of 51 ciphers available with OpenSSL 1.0.1e: + + $ openssl ciphers -v \ + 'aNULL:-aNULL:kEECDH:kEDH:+RC4:!eNULL:!EXPORT:!LOW:@STRENGTH' | + awk '{printf "%-32s %s\n", $1, $3}' + AECDH-AES256-SHA Kx=ECDH + ECDHE-RSA-AES256-GCM-SHA384 Kx=ECDH + ECDHE-ECDSA-AES256-GCM-SHA384 Kx=ECDH + ECDHE-RSA-AES256-SHA384 Kx=ECDH + ECDHE-ECDSA-AES256-SHA384 Kx=ECDH + ECDHE-RSA-AES256-SHA Kx=ECDH + ECDHE-ECDSA-AES256-SHA Kx=ECDH + ADH-AES256-GCM-SHA384 Kx=DH + ADH-AES256-SHA256 Kx=DH + ADH-AES256-SHA Kx=DH + ADH-CAMELLIA256-SHA Kx=DH + DHE-DSS-AES256-GCM-SHA384 Kx=DH + DHE-RSA-AES256-GCM-SHA384 Kx=DH + DHE-RSA-AES256-SHA256 Kx=DH + ... CCrreeddiittss diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 9e4effbf0..5e83044e9 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -1,13 +1,13 @@ Wish list: - Un-break "make tests" under src/smtpd. + To un-break "make tests" under src/smtpd, make tests + independent from the DNS and native routines for host + name/address lookup. Make been_here flag BH_FLAG_FOLD configurable for masochists. - Change html/Makefile to ".pl 99999" and ".ll 78". - - Replace some redundant TLS_README sections with pointers to - FORWARD_SECRECY_README. + Replace some redundant TLS_README sections with pointers + to FORWARD_SECRECY_README. Move html/index.html source to proto/. diff --git a/postfix/html/FORWARD_SECRECY_README.html b/postfix/html/FORWARD_SECRECY_README.html index a636b6a80..4878dccb7 100644 --- a/postfix/html/FORWARD_SECRECY_README.html +++ b/postfix/html/FORWARD_SECRECY_README.html @@ -55,6 +55,13 @@ all past traffic is generally infeasible, and even recovery of individual sessions may be infeasible given a sufficiently-strong key agreement method.

+

Forward secrecy protects network communication in the absence +of active attacks, i.e. no forged DNS replies, and no forged TLS +server certificates. If active attacks are a concern, then you will +need to authenticate the remote SMTP server in a secure manner. +For example, by the fingerprint of the public key or certificate. +Conventional PKI relies on too many trusted parties.

+

Topics covered in this document:

@@ -271,12 +280,12 @@ sent to all SMTP clients in the clear. Mode 0644 is fine. 

- main.cf:
-   # Postfix ≥ 2.6
-   smtpd_tls_eecdh_grade = strong
-   # All versions of Postfix:
-   smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
-   smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem
+/etc/postfix/main.cf:
+    # Postfix ≥ 2.6
+    smtpd_tls_eecdh_grade = strong
+    # All versions of Postfix:
+    smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
+    smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem
@@ -285,14 +294,76 @@ need to adjust the submission entry in master.cf acc 
-master.cf:
-  submission inet n       -       n       -       -       smtpd
-    # Some submission clients may not yet do 2048-bit EDH, if such
-    # clients use your MSA, configure 1024-bit EDH instead:
-    -o smtpd_tls_dh1024_param_file=${config_directory}/dh1024.pem
-    -o smtpd_tls_security_level=encrypt
-    -o smtpd_sasl_auth_enable=yes
-    ...
+/etc/postfix/master.cf:
+    submission inet n       -       n       -       -       smtpd
+        # Some submission clients may not yet do 2048-bit EDH, if such
+        # clients use your MSA, configure 1024-bit EDH instead:
+        -o smtpd_tls_dh1024_param_file=${config_directory}/dh1024.pem
+        -o smtpd_tls_security_level=encrypt
+        -o smtpd_sasl_auth_enable=yes
+        ...
+
+
+ +

How do I know that it works?

+ +

Postfix reports TLS connection information in several ways:

+ + + +

There are dozens of ciphers that support forward secrecy. What +follows is the beginning of a list of 51 ciphers available with +OpenSSL 1.0.1e:

+ +
+
+$ openssl ciphers -v \
+        'aNULL:-aNULL:kEECDH:kEDH:+RC4:!eNULL:!EXPORT:!LOW:@STRENGTH' | 
+    awk '{printf "%-32s %s\n", $1, $3}'
+AECDH-AES256-SHA                 Kx=ECDH
+ECDHE-RSA-AES256-GCM-SHA384      Kx=ECDH
+ECDHE-ECDSA-AES256-GCM-SHA384    Kx=ECDH
+ECDHE-RSA-AES256-SHA384          Kx=ECDH
+ECDHE-ECDSA-AES256-SHA384        Kx=ECDH
+ECDHE-RSA-AES256-SHA             Kx=ECDH
+ECDHE-ECDSA-AES256-SHA           Kx=ECDH
+ADH-AES256-GCM-SHA384            Kx=DH
+ADH-AES256-SHA256                Kx=DH
+ADH-AES256-SHA                   Kx=DH
+ADH-CAMELLIA256-SHA              Kx=DH
+DHE-DSS-AES256-GCM-SHA384        Kx=DH
+DHE-RSA-AES256-GCM-SHA384        Kx=DH
+DHE-RSA-AES256-SHA256            Kx=DH
+...
diff --git a/postfix/html/Makefile.in b/postfix/html/Makefile.in index a9d4b1169..5a2ae6b37 100644 --- a/postfix/html/Makefile.in +++ b/postfix/html/Makefile.in @@ -24,7 +24,7 @@ CONFIG = access.5.html aliases.5.html canonical.5.html relocated.5.html \ master.5.html nisplus_table.5.html generic.5.html bounce.5.html \ postfix-wrapper.5.html sqlite_table.5.html socketmap_table.5.html OTHER = postfix-manuals.html -AWK = awk '{ print; if (NR == 2) print ".pl 9999\n.ll 65" }' +AWK = awk '{ print; if (NR == 2) print ".pl 99999\n.ll 78" }' MAN2HTML = man2html -t "Postfix manual - `IFS=.; set \`echo $@\`; echo \"$$1($$2)\"`" NROFF = GROFF_NO_SGR=1 nroff diff --git a/postfix/html/access.5.html b/postfix/html/access.5.html index 6c7a904d2..29a68b96c 100644 --- a/postfix/html/access.5.html +++ b/postfix/html/access.5.html @@ -17,110 +17,96 @@ ACCESS(5) ACCESS(5) postmap -q - /etc/postfix/access <inputfile DESCRIPTION - This document describes access control on remote SMTP - client information: host names, network addresses, and - envelope sender or recipient addresses; it is implemented - by the Postfix SMTP server. See header_checks(5) or - body_checks(5) for access control on the content of email - messages. - - Normally, the access(5) table is specified as a text file - that serves as input to the postmap(1) command. The - result, an indexed file in dbm or db format, is used for - fast searching by the mail system. Execute the command - "postmap /etc/postfix/access" to rebuild an indexed file + This document describes access control on remote SMTP client informa- + tion: host names, network addresses, and envelope sender or recipient + addresses; it is implemented by the Postfix SMTP server. See + header_checks(5) or body_checks(5) for access control on the content of + email messages. + + Normally, the access(5) table is specified as a text file that serves + as input to the postmap(1) command. The result, an indexed file in dbm + or db format, is used for fast searching by the mail system. Execute + the command "postmap /etc/postfix/access" to rebuild an indexed file after changing the corresponding text file. - When the table is provided via other means such as NIS, - LDAP or SQL, the same lookups are done as for ordinary - indexed files. + When the table is provided via other means such as NIS, LDAP or SQL, + the same lookups are done as for ordinary indexed files. - Alternatively, the table can be provided as a regular- - expression map where patterns are given as regular expres- - sions, or lookups can be directed to TCP-based server. In - those cases, the lookups are done in a slightly different - way as described below under "REGULAR EXPRESSION TABLES" - or "TCP-BASED TABLES". + Alternatively, the table can be provided as a regular-expression map + where patterns are given as regular expressions, or lookups can be + directed to TCP-based server. In those cases, the lookups are done in a + slightly different way as described below under "REGULAR EXPRESSION + TABLES" or "TCP-BASED TABLES". CASE FOLDING - The search string is folded to lowercase before database - lookup. As of Postfix 2.3, the search string is not case - folded with database types such as regexp: or pcre: whose - lookup fields can match both upper and lower case. + The search string is folded to lowercase before database lookup. As of + Postfix 2.3, the search string is not case folded with database types + such as regexp: or pcre: whose lookup fields can match both upper and + lower case. TABLE FORMAT The input format for the postmap(1) command is as follows: pattern action - When pattern matches a mail address, domain or host - address, perform the corresponding action. + When pattern matches a mail address, domain or host address, + perform the corresponding action. blank lines and comments - Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character - is a `#'. + Empty lines and whitespace-only lines are ignored, as are lines + whose first non-whitespace character is a `#'. multi-line text - A logical line starts with non-whitespace text. A - line that starts with whitespace continues a logi- - cal line. + A logical line starts with non-whitespace text. A line that + starts with whitespace continues a logical line. EMAIL ADDRESS PATTERNS - With lookups from indexed files such as DB or DBM, or from - networked tables such as NIS, LDAP or SQL, patterns are - tried in the order as listed below: + With lookups from indexed files such as DB or DBM, or from networked + tables such as NIS, LDAP or SQL, patterns are tried in the order as + listed below: user@domain Matches the specified mail address. domain.tld - Matches domain.tld as the domain part of an email - address. + Matches domain.tld as the domain part of an email address. - The pattern domain.tld also matches subdomains, but - only when the string smtpd_access_maps is listed in - the Postfix parent_domain_matches_subdomains con- - figuration setting. + The pattern domain.tld also matches subdomains, but only when + the string smtpd_access_maps is listed in the Postfix par- + ent_domain_matches_subdomains configuration setting. .domain.tld - Matches subdomains of domain.tld, but only when the - string smtpd_access_maps is not listed in the Post- - fix parent_domain_matches_subdomains configuration - setting. + Matches subdomains of domain.tld, but only when the string + smtpd_access_maps is not listed in the Postfix par- + ent_domain_matches_subdomains configuration setting. - user@ Matches all mail addresses with the specified user - part. + user@ Matches all mail addresses with the specified user part. - Note: lookup of the null sender address is not possible - with some types of lookup table. By default, Postfix uses - <> as the lookup key for such addresses. The value is - specified with the smtpd_null_access_lookup_key parameter - in the Postfix main.cf file. + Note: lookup of the null sender address is not possible with some types + of lookup table. By default, Postfix uses <> as the lookup key for such + addresses. The value is specified with the smtpd_null_access_lookup_key + parameter in the Postfix main.cf file. EMAIL ADDRESS EXTENSION - When a mail address localpart contains the optional recip- - ient delimiter (e.g., user+foo@domain), the lookup order - becomes: user+foo@domain, user@domain, domain, user+foo@, - and user@. + When a mail address localpart contains the optional recipient delimiter + (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, + user@domain, domain, user+foo@, and user@. HOST NAME/ADDRESS PATTERNS - With lookups from indexed files such as DB or DBM, or from - networked tables such as NIS, LDAP or SQL, the following - lookup patterns are examined in the order as listed: + With lookups from indexed files such as DB or DBM, or from networked + tables such as NIS, LDAP or SQL, the following lookup patterns are + examined in the order as listed: domain.tld Matches domain.tld. - The pattern domain.tld also matches subdomains, but - only when the string smtpd_access_maps is listed in - the Postfix parent_domain_matches_subdomains con- - figuration setting. + The pattern domain.tld also matches subdomains, but only when + the string smtpd_access_maps is listed in the Postfix par- + ent_domain_matches_subdomains configuration setting. .domain.tld - Matches subdomains of domain.tld, but only when the - string smtpd_access_maps is not listed in the Post- - fix parent_domain_matches_subdomains configuration - setting. + Matches subdomains of domain.tld, but only when the string + smtpd_access_maps is not listed in the Postfix par- + ent_domain_matches_subdomains configuration setting. net.work.addr.ess @@ -128,23 +114,21 @@ ACCESS(5) ACCESS(5) net.work - net Matches the specified IPv4 host address or subnet- - work. An IPv4 host address is a sequence of four - decimal octets separated by ".". + net Matches the specified IPv4 host address or subnetwork. An IPv4 + host address is a sequence of four decimal octets separated by + ".". - Subnetworks are matched by repeatedly truncating - the last ".octet" from the remote IPv4 host address - string until a match is found in the access table, - or until further truncation is not possible. + Subnetworks are matched by repeatedly truncating the last + ".octet" from the remote IPv4 host address string until a match + is found in the access table, or until further truncation is not + possible. - NOTE 1: The access map lookup key must be in canon- - ical form: do not specify unnecessary null charac- - ters, and do not enclose network address informa- - tion with "[]" characters. + NOTE 1: The access map lookup key must be in canonical form: do + not specify unnecessary null characters, and do not enclose net- + work address information with "[]" characters. - NOTE 2: use the cidr lookup table type to specify - network/netmask patterns. See cidr_table(5) for - details. + NOTE 2: use the cidr lookup table type to specify network/net- + mask patterns. See cidr_table(5) for details. net:work:addr:ess @@ -152,27 +136,25 @@ ACCESS(5) ACCESS(5) net:work - net Matches the specified IPv6 host address or subnet- - work. An IPv6 host address is a sequence of three - to eight hexadecimal octet pairs separated by ":". + net Matches the specified IPv6 host address or subnetwork. An IPv6 + host address is a sequence of three to eight hexadecimal octet + pairs separated by ":". - Subnetworks are matched by repeatedly truncating - the last ":octetpair" from the remote IPv6 host - address string until a match is found in the access - table, or until further truncation is not possible. + Subnetworks are matched by repeatedly truncating the last + ":octetpair" from the remote IPv6 host address string until a + match is found in the access table, or until further truncation + is not possible. - NOTE 1: the truncation and comparison are done with - the string representation of the IPv6 host address. - Thus, not all the ":" subnetworks will be tried. + NOTE 1: the truncation and comparison are done with the string + representation of the IPv6 host address. Thus, not all the ":" + subnetworks will be tried. - NOTE 2: The access map lookup key must be in canon- - ical form: do not specify unnecessary null charac- - ters, and do not enclose network address informa- - tion with "[]" characters. + NOTE 2: The access map lookup key must be in canonical form: do + not specify unnecessary null characters, and do not enclose net- + work address information with "[]" characters. - NOTE 3: use the cidr lookup table type to specify - network/netmask patterns. See cidr_table(5) for - details. + NOTE 3: use the cidr lookup table type to specify network/net- + mask patterns. See cidr_table(5) for details. IPv6 support is available in Postfix 2.2 and later. @@ -180,77 +162,72 @@ ACCESS(5) ACCESS(5) OK Accept the address etc. that matches the pattern. all-numerical - An all-numerical result is treated as OK. This for- - mat is generated by address-based relay authoriza- - tion schemes such as pop-before-smtp. + An all-numerical result is treated as OK. This format is gener- + ated by address-based relay authorization schemes such as pop- + before-smtp. For other accept actions, see "OTHER ACTIONS" below. REJECT ACTIONS - Postfix version 2.3 and later support enhanced status - codes as defined in RFC 3463. When no code is specified - at the beginning of the text below, Postfix inserts a - default enhanced status code of "5.7.1" in the case of - reject actions, and "4.7.1" in the case of defer actions. - See "ENHANCED STATUS CODES" below. + Postfix version 2.3 and later support enhanced status codes as defined + in RFC 3463. When no code is specified at the beginning of the text + below, Postfix inserts a default enhanced status code of "5.7.1" in the + case of reject actions, and "4.7.1" in the case of defer actions. See + "ENHANCED STATUS CODES" below. 4NN text 5NN text - Reject the address etc. that matches the pattern, - and respond with the numerical three-digit code and - text. 4NN means "try again later", while 5NN means - "do not try again". + Reject the address etc. that matches the pattern, and respond + with the numerical three-digit code and text. 4NN means "try + again later", while 5NN means "do not try again". - The following responses have special meaning for - the Postfix SMTP server: + The following responses have special meaning for the Postfix + SMTP server: 421 text (Postfix 2.3 and later) 521 text (Postfix 2.6 and later) - After responding with the numerical three- - digit code and text, disconnect immediately - from the SMTP client. This frees up SMTP - server resources so that they can be made + After responding with the numerical three-digit code and + text, disconnect immediately from the SMTP client. This + frees up SMTP server resources so that they can be made available to another SMTP client. - Note: The "521" response should be used only - with botnets and other malware where inter- - operability is of no concern. The "send 521 - and disconnect" behavior is NOT defined in - the SMTP standard. + Note: The "521" response should be used only with botnets + and other malware where interoperability is of no con- + cern. The "send 521 and disconnect" behavior is NOT + defined in the SMTP standard. REJECT optional text... - Reject the address etc. that matches the pattern. - Reply with "$access_map_reject_code optional - text..." when the optional text is specified, oth- - erwise reply with a generic error response message. + Reject the address etc. that matches the pattern. Reply with + "$access_map_reject_code optional text..." when the optional + text is specified, otherwise reply with a generic error response + message. DEFER optional text... - Reject the address etc. that matches the pattern. - Reply with "$access_map_defer_code optional - text..." when the optional text is specified, oth- - erwise reply with a generic error response message. + Reject the address etc. that matches the pattern. Reply with + "$access_map_defer_code optional text..." when the optional text + is specified, otherwise reply with a generic error response mes- + sage. This feature is available in Postfix 2.6 and later. DEFER_IF_REJECT optional text... - Defer the request if some later restriction would - result in a REJECT action. Reply with - "$access_map_defer_code 4.7.1 optional text..." - when the optional text is specified, otherwise - reply with a generic error response message. + Defer the request if some later restriction would result in a + REJECT action. Reply with "$access_map_defer_code 4.7.1 optional + text..." when the optional text is specified, otherwise reply + with a generic error response message. Prior to Postfix 2.6, the SMTP reply code is 450. This feature is available in Postfix 2.1 and later. DEFER_IF_PERMIT optional text... - Defer the request if some later restriction would - result in a an explicit or implicit PERMIT action. - Reply with "$access_map_defer_code 4.7.1 optional - text..." when the optional text is specified, oth- - erwise reply with a generic error response message. + Defer the request if some later restriction would result in a an + explicit or implicit PERMIT action. Reply with + "$access_map_defer_code 4.7.1 optional text..." when the + optional text is specified, otherwise reply with a generic error + response message. Prior to Postfix 2.6, the SMTP reply code is 450. @@ -260,192 +237,166 @@ ACCESS(5) ACCESS(5) OTHER ACTIONS restriction... - Apply the named UCE restriction(s) (permit, reject, + Apply the named UCE restriction(s) (permit, reject, reject_unauth_destination, and so on). BCC user@domain - Send one copy of the message to the specified - recipient. + Send one copy of the message to the specified recipient. - If multiple BCC actions are specified within the - same SMTP MAIL transaction, only the last action - will be used. + If multiple BCC actions are specified within the same SMTP MAIL + transaction, only the last action will be used. - This feature is not part of the stable Postfix - release. + This feature is not part of the stable Postfix release. DISCARD optional text... - Claim successful delivery and silently discard the - message. Log the optional text if specified, oth- - erwise log a generic message. + Claim successful delivery and silently discard the message. Log + the optional text if specified, otherwise log a generic message. - Note: this action currently affects all recipients - of the message. To discard only one recipient - without discarding the entire message, use the - transport(5) table to direct mail to the discard(8) - service. + Note: this action currently affects all recipients of the mes- + sage. To discard only one recipient without discarding the + entire message, use the transport(5) table to direct mail to the + discard(8) service. This feature is available in Postfix 2.0 and later. - DUNNO Pretend that the lookup key was not found. This - prevents Postfix from trying substrings of the - lookup key (such as a subdomain name, or a network - address subnetwork). + DUNNO Pretend that the lookup key was not found. This prevents Postfix + from trying substrings of the lookup key (such as a subdomain + name, or a network address subnetwork). This feature is available in Postfix 2.0 and later. FILTER transport:destination - After the message is queued, send the entire mes- - sage through the specified external content filter. - The transport name specifies the first field of a - mail delivery agent definition in master.cf; the - syntax of the next-hop destination is described in - the manual page of the corresponding delivery - agent. More information about external content - filters is in the Postfix FILTER_README file. - - Note 1: do not use $number regular expression sub- - stitutions for transport or destination unless you - know that the information has a trusted origin. - - Note 2: this action overrides the main.cf con- - tent_filter setting, and affects all recipients of - the message. In the case that multiple FILTER - actions fire, only the last one is executed. - - Note 3: the purpose of the FILTER command is to - override message routing. To override the recipi- - ent's transport but not the next-hop destination, - specify an empty filter destination (Postfix 2.7 - and later), or specify a transport:destination that - delivers through a different Postfix instance - (Postfix 2.6 and earlier). Other options are using - the recipient-dependent transport_maps or the sen- - der-dependent sender_dependent_default_transport- - _maps features. + After the message is queued, send the entire message through the + specified external content filter. The transport name specifies + the first field of a mail delivery agent definition in mas- + ter.cf; the syntax of the next-hop destination is described in + the manual page of the corresponding delivery agent. More + information about external content filters is in the Postfix + FILTER_README file. + + Note 1: do not use $number regular expression substitutions for + transport or destination unless you know that the information + has a trusted origin. + + Note 2: this action overrides the main.cf content_filter set- + ting, and affects all recipients of the message. In the case + that multiple FILTER actions fire, only the last one is exe- + cuted. + + Note 3: the purpose of the FILTER command is to override message + routing. To override the recipient's transport but not the + next-hop destination, specify an empty filter destination (Post- + fix 2.7 and later), or specify a transport:destination that + delivers through a different Postfix instance (Postfix 2.6 and + earlier). Other options are using the recipient-dependent trans- + port_maps or the sender-dependent sender_dependent_default- + _transport_maps features. This feature is available in Postfix 2.0 and later. HOLD optional text... - Place the message on the hold queue, where it will - sit until someone either deletes it or releases it - for delivery. Log the optional text if specified, - otherwise log a generic message. + Place the message on the hold queue, where it will sit until + someone either deletes it or releases it for delivery. Log the + optional text if specified, otherwise log a generic message. - Mail that is placed on hold can be examined with - the postcat(1) command, and can be destroyed or - released with the postsuper(1) command. + Mail that is placed on hold can be examined with the postcat(1) + command, and can be destroyed or released with the postsuper(1) + command. - Note: use "postsuper -r" to release mail that was - kept on hold for a significant fraction of $maxi- - mal_queue_lifetime or $bounce_queue_lifetime, or - longer. Use "postsuper -H" only for mail that will - not expire within a few delivery attempts. + Note: use "postsuper -r" to release mail that was kept on hold + for a significant fraction of $maximal_queue_lifetime or + $bounce_queue_lifetime, or longer. Use "postsuper -H" only for + mail that will not expire within a few delivery attempts. - Note: this action currently affects all recipients - of the message. + Note: this action currently affects all recipients of the mes- + sage. This feature is available in Postfix 2.0 and later. PREPEND headername: headervalue - Prepend the specified message header to the mes- - sage. When more than one PREPEND action executes, - the first prepended header appears before the sec- - ond etc. prepended header. + Prepend the specified message header to the message. When more + than one PREPEND action executes, the first prepended header + appears before the second etc. prepended header. - Note: this action must execute before the message - content is received; it cannot execute in the con- - text of smtpd_end_of_data_restrictions. + Note: this action must execute before the message content is + received; it cannot execute in the context of + smtpd_end_of_data_restrictions. This feature is available in Postfix 2.1 and later. REDIRECT user@domain - After the message is queued, send the message to - the specified address instead of the intended - recipient(s). + After the message is queued, send the message to the specified + address instead of the intended recipient(s). - Note: this action overrides the FILTER action, and - currently affects all recipients of the message. + Note: this action overrides the FILTER action, and currently + affects all recipients of the message. This feature is available in Postfix 2.1 and later. WARN optional text... - Log a warning with the optional text, together with - client information and if available, with helo, - sender, recipient and protocol information. + Log a warning with the optional text, together with client + information and if available, with helo, sender, recipient and + protocol information. This feature is available in Postfix 2.1 and later. ENHANCED STATUS CODES - Postfix version 2.3 and later support enhanced status - codes as defined in RFC 3463. When an enhanced status - code is specified in an access table, it is subject to - modification. The following transformations are needed - when the same access table is used for client, helo, - sender, or recipient access restrictions; they happen - regardless of whether Postfix replies to a MAIL FROM, RCPT - TO or other SMTP command. - - o When a sender address matches a REJECT action, the - Postfix SMTP server will transform a recipient DSN - status (e.g., 4.1.1-4.1.6) into the corresponding - sender DSN status, and vice versa. - - o When non-address information matches a REJECT - action (such as the HELO command argument or the - client hostname/address), the Postfix SMTP server - will transform a sender or recipient DSN status - into a generic non-address DSN status (e.g., - 4.0.0). + Postfix version 2.3 and later support enhanced status codes as defined + in RFC 3463. When an enhanced status code is specified in an access + table, it is subject to modification. The following transformations are + needed when the same access table is used for client, helo, sender, or + recipient access restrictions; they happen regardless of whether Post- + fix replies to a MAIL FROM, RCPT TO or other SMTP command. + + o When a sender address matches a REJECT action, the Postfix SMTP + server will transform a recipient DSN status (e.g., 4.1.1-4.1.6) + into the corresponding sender DSN status, and vice versa. + + o When non-address information matches a REJECT action (such as + the HELO command argument or the client hostname/address), the + Postfix SMTP server will transform a sender or recipient DSN + status into a generic non-address DSN status (e.g., 4.0.0). REGULAR EXPRESSION TABLES - This section describes how the table lookups change when - the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, - see regexp_table(5) or pcre_table(5). - - Each pattern is a regular expression that is applied to - the entire string being looked up. Depending on the appli- - cation, that string is an entire client hostname, an - entire client IP address, or an entire mail address. Thus, - no parent domain or parent network search is done, - user@domain mail addresses are not broken up into their - user@ and domain constituent parts, nor is user+foo broken - up into user and foo. - - Patterns are applied in the order as specified in the ta- - ble, until a pattern is found that matches the search - string. - - Actions are the same as with indexed file lookups, with - the additional feature that parenthesized substrings from - the pattern can be interpolated as $1, $2 and so on. + This section describes how the table lookups change when the table is + given in the form of regular expressions. For a description of regular + expression lookup table syntax, see regexp_table(5) or pcre_table(5). + + Each pattern is a regular expression that is applied to the entire + string being looked up. Depending on the application, that string is an + entire client hostname, an entire client IP address, or an entire mail + address. Thus, no parent domain or parent network search is done, + user@domain mail addresses are not broken up into their user@ and + domain constituent parts, nor is user+foo broken up into user and foo. + + Patterns are applied in the order as specified in the table, until a + pattern is found that matches the search string. + + Actions are the same as with indexed file lookups, with the additional + feature that parenthesized substrings from the pattern can be interpo- + lated as $1, $2 and so on. TCP-BASED TABLES - This section describes how the table lookups change when - lookups are directed to a TCP-based server. For a descrip- - tion of the TCP client/server lookup protocol, see tcp_ta- - ble(5). This feature is not available up to and including - Postfix version 2.4. - - Each lookup operation uses the entire query string once. - Depending on the application, that string is an entire - client hostname, an entire client IP address, or an entire - mail address. Thus, no parent domain or parent network - search is done, user@domain mail addresses are not broken - up into their user@ and domain constituent parts, nor is + This section describes how the table lookups change when lookups are + directed to a TCP-based server. For a description of the TCP + client/server lookup protocol, see tcp_table(5). This feature is not + available up to and including Postfix version 2.4. + + Each lookup operation uses the entire query string once. Depending on + the application, that string is an entire client hostname, an entire + client IP address, or an entire mail address. Thus, no parent domain + or parent network search is done, user@domain mail addresses are not + broken up into their user@ and domain constituent parts, nor is user+foo broken up into user and foo. Actions are the same as with indexed file lookups. EXAMPLE - The following example uses an indexed file, so that the - order of table entries does not matter. The example per- - mits access by the client at address 1.2.3.4 but rejects - all other clients in 1.2.3.0/24. Instead of hash lookup - tables, some systems use dbm. Use the command "postconf - -m" to find out what lookup tables Postfix supports on - your system. + The following example uses an indexed file, so that the order of table + entries does not matter. The example permits access by the client at + address 1.2.3.4 but rejects all other clients in 1.2.3.0/24. Instead of + hash lookup tables, some systems use dbm. Use the command "postconf + -m" to find out what lookup tables Postfix supports on your system. /etc/postfix/main.cf: smtpd_client_restrictions = @@ -455,11 +406,11 @@ ACCESS(5) ACCESS(5) 1.2.3 REJECT 1.2.3.4 OK - Execute the command "postmap /etc/postfix/access" after - editing the file. + Execute the command "postmap /etc/postfix/access" after editing the + file. BUGS - The table format does not understand quoting conventions. + The table format does not understand quoting conventions. SEE ALSO postmap(1), Postfix lookup table manager @@ -472,8 +423,7 @@ ACCESS(5) ACCESS(5) DATABASE_README, Postfix lookup table overview LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/aliases.5.html b/postfix/html/aliases.5.html index aa1b053e0..c550f7dda 100644 --- a/postfix/html/aliases.5.html +++ b/postfix/html/aliases.5.html @@ -13,31 +13,27 @@ ALIASES(5) ALIASES(5) newaliases DESCRIPTION - The aliases(5) table provides a system-wide mechanism to - redirect mail for local recipients. The redirections are - processed by the Postfix local(8) delivery agent. - - Normally, the aliases(5) table is specified as a text file - that serves as input to the postalias(1) command. The - result, an indexed file in dbm or db format, is used for - fast lookup by the mail system. Execute the command - newaliases in order to rebuild the indexed file after + The aliases(5) table provides a system-wide mechanism to redirect mail + for local recipients. The redirections are processed by the Postfix + local(8) delivery agent. + + Normally, the aliases(5) table is specified as a text file that serves + as input to the postalias(1) command. The result, an indexed file in + dbm or db format, is used for fast lookup by the mail system. Execute + the command newaliases in order to rebuild the indexed file after changing the Postfix alias database. - When the table is provided via other means such as NIS, - LDAP or SQL, the same lookups are done as for ordinary - indexed files. + When the table is provided via other means such as NIS, LDAP or SQL, + the same lookups are done as for ordinary indexed files. - Alternatively, the table can be provided as a regular- - expression map where patterns are given as regular expres- - sions. In this case, the lookups are done in a slightly - different way as described below under "REGULAR EXPRESSION - TABLES". + Alternatively, the table can be provided as a regular-expression map + where patterns are given as regular expressions. In this case, the + lookups are done in a slightly different way as described below under + "REGULAR EXPRESSION TABLES". - Users can control delivery of their own mail by setting up - .forward files in their home directory. Lines in per-user - .forward files have the same syntax as the right-hand side - of aliases(5) entries. + Users can control delivery of their own mail by setting up .forward + files in their home directory. Lines in per-user .forward files have + the same syntax as the right-hand side of aliases(5) entries. The format of the alias database input file is as follows: @@ -45,158 +41,137 @@ ALIASES(5) ALIASES(5) name: value1, value2, ... - o Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character - is a `#'. + o Empty lines and whitespace-only lines are ignored, as are lines + whose first non-whitespace character is a `#'. - o A logical line starts with non-whitespace text. A - line that starts with whitespace continues a logi- - cal line. + o A logical line starts with non-whitespace text. A line that + starts with whitespace continues a logical line. - The name is a local address (no domain part). Use double - quotes when the name contains any special characters such - as whitespace, `#', `:', or `@'. The name is folded to - lowercase, in order to make database lookups case insensi- - tive. + The name is a local address (no domain part). Use double quotes when + the name contains any special characters such as whitespace, `#', `:', + or `@'. The name is folded to lowercase, in order to make database + lookups case insensitive. - In addition, when an alias exists for owner-name, delivery - diagnostics are directed to that address, instead of to - the originator of the message. This is typically used to - direct delivery errors to the maintainer of a mailing - list, who is in a better position to deal with mailing - list delivery problems than the originator of the undeliv- - ered mail. + In addition, when an alias exists for owner-name, delivery diagnostics + are directed to that address, instead of to the originator of the mes- + sage. This is typically used to direct delivery errors to the main- + tainer of a mailing list, who is in a better position to deal with + mailing list delivery problems than the originator of the undelivered + mail. The value contains one or more of the following: address - Mail is forwarded to address, which is compatible - with the RFC 822 standard. + Mail is forwarded to address, which is compatible with the RFC + 822 standard. /file/name - Mail is appended to /file/name. See local(8) for - details of delivery to file. Delivery is not lim- - ited to regular files. For example, to dispose of - unwanted mail, deflect it to /dev/null. + Mail is appended to /file/name. See local(8) for details of + delivery to file. Delivery is not limited to regular files. + For example, to dispose of unwanted mail, deflect it to + /dev/null. |command - Mail is piped into command. Commands that contain - special characters, such as whitespace, should be - enclosed between double quotes. See local(8) for - details of delivery to command. - - When the command fails, a limited amount of command - output is mailed back to the sender. The file - /usr/include/sysexits.h defines the expected exit - status codes. For example, use "|exit 67" to simu- - late a "user unknown" error, and "|exit 0" to - implement an expensive black hole. + Mail is piped into command. Commands that contain special char- + acters, such as whitespace, should be enclosed between double + quotes. See local(8) for details of delivery to command. + + When the command fails, a limited amount of command output is + mailed back to the sender. The file /usr/include/sysexits.h + defines the expected exit status codes. For example, use "|exit + 67" to simulate a "user unknown" error, and "|exit 0" to imple- + ment an expensive black hole. :include:/file/name - Mail is sent to the destinations listed in the - named file. Lines in :include: files have the same - syntax as the right-hand side of alias entries. + Mail is sent to the destinations listed in the named file. + Lines in :include: files have the same syntax as the right-hand + side of alias entries. - A destination can be any destination that is - described in this manual page. However, delivery to - "|command" and /file/name is disallowed by default. - To enable, edit the allow_mail_to_commands and - allow_mail_to_files configuration parameters. + A destination can be any destination that is described in this + manual page. However, delivery to "|command" and /file/name is + disallowed by default. To enable, edit the allow_mail_to_com- + mands and allow_mail_to_files configuration parameters. ADDRESS EXTENSION - When alias database search fails, and the recipient local- - part contains the optional recipient delimiter (e.g., - user+foo), the search is repeated for the unextended - address (e.g., user). + When alias database search fails, and the recipient localpart contains + the optional recipient delimiter (e.g., user+foo), the search is + repeated for the unextended address (e.g., user). - The propagate_unmatched_extensions parameter controls - whether an unmatched address extension (+foo) is propa- - gated to the result of table lookup. + The propagate_unmatched_extensions parameter controls whether an + unmatched address extension (+foo) is propagated to the result of table + lookup. CASE FOLDING - The local(8) delivery agent always folds the search string - to lowercase before database lookup. + The local(8) delivery agent always folds the search string to lowercase + before database lookup. REGULAR EXPRESSION TABLES - This section describes how the table lookups change when - the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, - see regexp_table(5) or pcre_table(5). NOTE: these formats - do not use ":" at the end of a pattern. + This section describes how the table lookups change when the table is + given in the form of regular expressions. For a description of regular + expression lookup table syntax, see regexp_table(5) or pcre_table(5). + NOTE: these formats do not use ":" at the end of a pattern. - Each regular expression is applied to the entire search - string. Thus, a search string user+foo is not broken up - into user and foo. + Each regular expression is applied to the entire search string. Thus, a + search string user+foo is not broken up into user and foo. - Regular expressions are applied in the order as specified - in the table, until a regular expression is found that - matches the search string. + Regular expressions are applied in the order as specified in the table, + until a regular expression is found that matches the search string. - Lookup results are the same as with indexed file lookups. - For security reasons there is no support for $1, $2 etc. - substring interpolation. + Lookup results are the same as with indexed file lookups. For security + reasons there is no support for $1, $2 etc. substring interpolation. SECURITY - The local(8) delivery agent disallows regular expression - substitution of $1 etc. in alias_maps, because that would - open a security hole. + The local(8) delivery agent disallows regular expression substitution + of $1 etc. in alias_maps, because that would open a security hole. - The local(8) delivery agent will silently ignore requests - to use the proxymap(8) server within alias_maps. Instead - it will open the table directly. Before Postfix version - 2.2, the local(8) delivery agent will terminate with a - fatal error. + The local(8) delivery agent will silently ignore requests to use the + proxymap(8) server within alias_maps. Instead it will open the table + directly. Before Postfix version 2.2, the local(8) delivery agent will + terminate with a fatal error. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The following main.cf parameters are especially relevant. The text + below provides only a parameter summary. See postconf(5) for more + details including examples. alias_database - List of alias databases that are updated by the - newaliases(1) command. + List of alias databases that are updated by the newaliases(1) + command. alias_maps - List of alias databases queried by the local(8) - delivery agent. + List of alias databases queried by the local(8) delivery agent. allow_mail_to_commands - Restrict the usage of mail delivery to external - command. + Restrict the usage of mail delivery to external command. allow_mail_to_files - Restrict the usage of mail delivery to external - file. + Restrict the usage of mail delivery to external file. expand_owner_alias - When delivering to an alias that has an owner- com- - panion alias, set the envelope sender address to - the right-hand side of the owner alias, instead - using of the left-hand side address. + When delivering to an alias that has an owner- companion alias, + set the envelope sender address to the right-hand side of the + owner alias, instead using of the left-hand side address. propagate_unmatched_extensions - A list of address rewriting or forwarding mecha- - nisms that propagate an address extension from the - original address to the result. Specify zero or - more of canonical, virtual, alias, forward, - include, or generic. + A list of address rewriting or forwarding mechanisms that propa- + gate an address extension from the original address to the + result. Specify zero or more of canonical, virtual, alias, for- + ward, include, or generic. owner_request_special - Give special treatment to owner-listname and list- - name-request addresses. + Give special treatment to owner-listname and listname-request + addresses. recipient_delimiter - Delimiter that separates recipients from address - extensions. + Delimiter that separates recipients from address extensions. Available in Postfix version 2.3 and later: frozen_delivered_to - Update the local(8) delivery agent's Delivered-To: - address (see prepend_delivered_header) only once, - at the start of a delivery; do not update the - Delivered-To: address while expanding aliases or - .forward files. + Update the local(8) delivery agent's Delivered-To: address (see + prepend_delivered_header) only once, at the start of a delivery; + do not update the Delivered-To: address while expanding aliases + or .forward files. STANDARDS RFC 822 (ARPA Internet Text Messages) @@ -211,8 +186,7 @@ ALIASES(5) ALIASES(5) DATABASE_README, Postfix lookup table overview LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/anvil.8.html b/postfix/html/anvil.8.html index b081554c9..0bd441baa 100644 --- a/postfix/html/anvil.8.html +++ b/postfix/html/anvil.8.html @@ -13,36 +13,34 @@ ANVIL(8) ANVIL(8) anvil [generic Postfix daemon options] DESCRIPTION - The Postfix anvil(8) server maintains statistics about - client connection counts or client request rates. This - information can be used to defend against clients that - hammer a server with either too many simultaneous ses- - sions, or with too many successive requests within a con- - figurable time interval. This server is designed to run - under control by the Postfix master(8) server. - - In the following text, ident specifies a (service, client) - combination. The exact syntax of that information is - application-dependent; the anvil(8) server does not care. + The Postfix anvil(8) server maintains statistics about client connec- + tion counts or client request rates. This information can be used to + defend against clients that hammer a server with either too many simul- + taneous sessions, or with too many successive requests within a config- + urable time interval. This server is designed to run under control by + the Postfix master(8) server. + + In the following text, ident specifies a (service, client) combination. + The exact syntax of that information is application-dependent; the + anvil(8) server does not care. CONNECTION COUNT/RATE CONTROL - To register a new connection send the following request to - the anvil(8) server: + To register a new connection send the following request to the anvil(8) + server: request=connect ident=string - The anvil(8) server answers with the number of simultane- - ous connections and the number of connections per unit - time for the (service, client) combination specified with - ident: + The anvil(8) server answers with the number of simultaneous connections + and the number of connections per unit time for the (service, client) + combination specified with ident: status=0 count=number rate=number - To register a disconnect event send the following request - to the anvil(8) server: + To register a disconnect event send the following request to the + anvil(8) server: request=disconnect ident=string @@ -52,159 +50,151 @@ ANVIL(8) ANVIL(8) status=0 MESSAGE RATE CONTROL - To register a message delivery request send the following - request to the anvil(8) server: + To register a message delivery request send the following request to + the anvil(8) server: request=message ident=string - The anvil(8) server answers with the number of message - delivery requests per unit time for the (service, client) - combination specified with ident: + The anvil(8) server answers with the number of message delivery + requests per unit time for the (service, client) combination specified + with ident: status=0 rate=number RECIPIENT RATE CONTROL - To register a recipient request send the following request - to the anvil(8) server: + To register a recipient request send the following request to the + anvil(8) server: request=recipient ident=string - The anvil(8) server answers with the number of recipient - addresses per unit time for the (service, client) combina- - tion specified with ident: + The anvil(8) server answers with the number of recipient addresses per + unit time for the (service, client) combination specified with ident: status=0 rate=number TLS SESSION NEGOTIATION RATE CONTROL - The features described in this section are available with - Postfix 2.3 and later. + The features described in this section are available with Postfix 2.3 + and later. - To register a request for a new (i.e. not cached) TLS ses- - sion send the following request to the anvil(8) server: + To register a request for a new (i.e. not cached) TLS session send the + following request to the anvil(8) server: request=newtls ident=string - The anvil(8) server answers with the number of new TLS - session requests per unit time for the (service, client) - combination specified with ident: + The anvil(8) server answers with the number of new TLS session requests + per unit time for the (service, client) combination specified with + ident: status=0 rate=number - To retrieve new TLS session request rate information with- - out updating the counter information, send: + To retrieve new TLS session request rate information without updating + the counter information, send: request=newtls_report ident=string - The anvil(8) server answers with the number of new TLS - session requests per unit time for the (service, client) - combination specified with ident: + The anvil(8) server answers with the number of new TLS session requests + per unit time for the (service, client) combination specified with + ident: status=0 rate=number SECURITY - The anvil(8) server does not talk to the network or to - local users, and can run chrooted at fixed low privilege. + The anvil(8) server does not talk to the network or to local users, and + can run chrooted at fixed low privilege. - The anvil(8) server maintains an in-memory table with - information about recent clients requests. No persistent - state is kept because standard system library routines are - not sufficiently robust for update-intensive applications. + The anvil(8) server maintains an in-memory table with information about + recent clients requests. No persistent state is kept because standard + system library routines are not sufficiently robust for update-inten- + sive applications. - Although the in-memory state is kept only temporarily, - this may require a lot of memory on systems that handle - connections from many remote clients. To reduce memory - usage, reduce the time unit over which state is kept. + Although the in-memory state is kept only temporarily, this may require + a lot of memory on systems that handle connections from many remote + clients. To reduce memory usage, reduce the time unit over which state + is kept. DIAGNOSTICS Problems and transactions are logged to syslogd(8). - Upon exit, and every anvil_status_update_time seconds, the - server logs the maximal count and rate values measured, - together with (service, client) information and the time - of day associated with those events. In order to avoid - unnecessary overhead, no measurements are done for activ- - ity that isn't concurrency limited or rate limited. + Upon exit, and every anvil_status_update_time seconds, the server logs + the maximal count and rate values measured, together with (service, + client) information and the time of day associated with those events. + In order to avoid unnecessary overhead, no measurements are done for + activity that isn't concurrency limited or rate limited. BUGS - Systems behind network address translating routers or - proxies appear to have the same client address and can run - into connection count and/or rate limits falsely. - - In this preliminary implementation, a count (or rate) lim- - ited server process can have only one remote client at a - time. If a server process reports multiple simultaneous - clients, state is kept only for the last reported client. - - The anvil(8) server automatically discards client request - information after it expires. To prevent the anvil(8) - server from discarding client request rate information too - early or too late, a rate limited service should always - register connect/disconnect events even when it does not - explicitly limit them. + Systems behind network address translating routers or proxies appear to + have the same client address and can run into connection count and/or + rate limits falsely. + + In this preliminary implementation, a count (or rate) limited server + process can have only one remote client at a time. If a server process + reports multiple simultaneous clients, state is kept only for the last + reported client. + + The anvil(8) server automatically discards client request information + after it expires. To prevent the anvil(8) server from discarding + client request rate information too early or too late, a rate limited + service should always register connect/disconnect events even when it + does not explicitly limit them. CONFIGURATION PARAMETERS - On low-traffic mail systems, changes to main.cf are picked - up automatically as anvil(8) processes run for only a lim- - ited amount of time. On other mail systems, use the com- - mand "postfix reload" to speed up a change. + On low-traffic mail systems, changes to main.cf are picked up automati- + cally as anvil(8) processes run for only a limited amount of time. On + other mail systems, use the command "postfix reload" to speed up a + change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. anvil_rate_time_unit (60s) - The time unit over which client connection rates - and other rates are calculated. + The time unit over which client connection rates and other rates + are calculated. anvil_status_update_time (600s) - How frequently the anvil(8) connection and rate - limiting server logs peak usage information. + How frequently the anvil(8) connection and rate limiting server + logs peak usage information. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". SEE ALSO smtpd(8), Postfix SMTP server @@ -215,8 +205,7 @@ ANVIL(8) ANVIL(8) TUNING_README, performance tuning LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY The anvil service is available in Postfix 2.2 and later. diff --git a/postfix/html/bounce.5.html b/postfix/html/bounce.5.html index 2c0e46eee..1c0860e97 100644 --- a/postfix/html/bounce.5.html +++ b/postfix/html/bounce.5.html @@ -15,58 +15,52 @@ BOUNCE(5) BOUNCE(5) postconf -b [template_file] DESCRIPTION - The Postfix bounce(8) server produces delivery status - notification (DSN) messages for undeliverable mail, - delayed mail, successful delivery or address verification - requests. + The Postfix bounce(8) server produces delivery status notification + (DSN) messages for undeliverable mail, delayed mail, successful deliv- + ery or address verification requests. - By default, these notifications are generated from built- - in templates with message headers and message text. Sites - can override the built-in information by specifying a - bounce template file with the bounce_template_file config- - uration parameter. + By default, these notifications are generated from built-in templates + with message headers and message text. Sites can override the built-in + information by specifying a bounce template file with the bounce_tem- + plate_file configuration parameter. - This document describes the general procedure to create a - bounce template file, followed by the specific details of - bounce template formats. + This document describes the general procedure to create a bounce tem- + plate file, followed by the specific details of bounce template for- + mats. GENERAL PROCEDURE - To create a customized bounce template file, create a tem- - porary copy of the file /etc/postfix/bounce.cf.default and - edit the temporary file. + To create a customized bounce template file, create a temporary copy of + the file /etc/postfix/bounce.cf.default and edit the temporary file. - To preview the results of $name expansions in the template - text, use the command + To preview the results of $name expansions in the template text, use + the command postconf -b temporary_file - Errors in the template will be reported to the standard - error stream and to the syslog daemon. + Errors in the template will be reported to the standard error stream + and to the syslog daemon. - While previewing the text, be sure to pay particular - attention to the expansion of time value parameters that - appear in the delayed mail notification text. + While previewing the text, be sure to pay particular attention to the + expansion of time value parameters that appear in the delayed mail + notification text. - Once the result is satisfactory, copy the template to the - Postfix configuration directory and specify in main.cf - something like: + Once the result is satisfactory, copy the template to the Postfix con- + figuration directory and specify in main.cf something like: /etc/postfix/main.cf: bounce_template_file = /etc/postfix/bounce.cf TEMPLATE FILE FORMAT - The template file can specify templates for failed mail, - delayed mail, successful delivery or for address verifica- - tion. These templates are named failure_template, - delay_template, success_template and verify_template, - respectively. You can but do not have to specify all four - templates in a bounce template file. - - Each template starts with "template_name = <<EOF" and ends - with a line that contains the word "EOF" only. You can - change the word EOF, but you can't enclose it in quotes as - with the shell or with Perl (template_name = <<'EOF'). - Here is an example: + The template file can specify templates for failed mail, delayed mail, + successful delivery or for address verification. These templates are + named failure_template, delay_template, success_template and ver- + ify_template, respectively. You can but do not have to specify all + four templates in a bounce template file. + + Each template starts with "template_name = <<EOF" and ends with a line + that contains the word "EOF" only. You can change the word EOF, but you + can't enclose it in quotes as with the shell or with Perl (tem- + plate_name = <<'EOF'). Here is an example: # The failure template is used for undeliverable mail. @@ -89,100 +83,86 @@ BOUNCE(5) BOUNCE(5) The mail system EOF - The usage and specification of bounce templates is subject - to the following restrictions: + The usage and specification of bounce templates is subject to the fol- + lowing restrictions: - o No special meaning is given to the backslash char- - acter or to leading whitespace; these are always - taken literally. + o No special meaning is given to the backslash character or to + leading whitespace; these are always taken literally. - o Inside the << context, the "$" character is spe- - cial. To produce a "$" character as output, specify - "$$". + o Inside the << context, the "$" character is special. To produce + a "$" character as output, specify "$$". - o Outside the << context, lines beginning with "#" - are ignored, as are empty lines, and lines consist- - ing of whitespace only. + o Outside the << context, lines beginning with "#" are ignored, as + are empty lines, and lines consisting of whitespace only. - Examples of all templates can be found in the file - bounce.cf.default in the Postfix configuration directory. + Examples of all templates can be found in the file bounce.cf.default in + the Postfix configuration directory. TEMPLATE HEADER FORMAT - The first portion of a bounce template consists of - optional template headers. Some become message headers in - the delivery status notification; some control the format- - ting of that notification. Headers not specified in a tem- - plate will be left at their default value. + The first portion of a bounce template consists of optional template + headers. Some become message headers in the delivery status notifica- + tion; some control the formatting of that notification. Headers not + specified in a template will be left at their default value. The following headers are supported: Charset: - The MIME character set of the template message - text. See the "TEMPLATE MESSAGE TEXT FORMAT" - description below. + The MIME character set of the template message text. See the + "TEMPLATE MESSAGE TEXT FORMAT" description below. - From: The sender address in the message header of the - delivery status notification. + From: The sender address in the message header of the delivery status + notification. Subject: - The subject in the message header of the delivery - status notification that is returned to the sender. + The subject in the message header of the delivery status notifi- + cation that is returned to the sender. Postmaster-Subject: - The subject that will be used in Postmaster copies - of undeliverable or delayed mail notifications. - These copies are sent under control of the - notify_classes configuration parameter. + The subject that will be used in Postmaster copies of undeliver- + able or delayed mail notifications. These copies are sent under + control of the notify_classes configuration parameter. - The usage and specification of template message headers is - subject to the following restrictions: + The usage and specification of template message headers is subject to + the following restrictions: - o Template message header names can be specified in - upper case, lower case or mixed case. Postfix - always produces bounce message header labels of the - form "From:" and "Subject:". + o Template message header names can be specified in upper case, + lower case or mixed case. Postfix always produces bounce message + header labels of the form "From:" and "Subject:". - o Template message headers must not span multiple - lines. + o Template message headers must not span multiple lines. - o Template message headers do not support $parameter - expansions. + o Template message headers do not support $parameter expansions. - o Template message headers must contain ASCII charac- - ters only, and must not contain ASCII null charac- - ters. + o Template message headers must contain ASCII characters only, and + must not contain ASCII null characters. TEMPLATE MESSAGE TEXT FORMAT - The second portion of a bounce template consists of mes- - sage text. As the above example shows, template message - text may contain main.cf $parameters. Besides the parame- - ters that are defined in main.cf, the following parameters - are treated specially depending on the suffix that is - appended to their name. + The second portion of a bounce template consists of message text. As + the above example shows, template message text may contain main.cf + $parameters. Besides the parameters that are defined in main.cf, the + following parameters are treated specially depending on the suffix that + is appended to their name. delay_warning_time_suffix - Expands into the value of the delay_warning_time - parameter, expressed in the time unit specified by - suffix, which is one of seconds, minutes, hours, - days, or weeks. + Expands into the value of the delay_warning_time parameter, + expressed in the time unit specified by suffix, which is one of + seconds, minutes, hours, days, or weeks. maximal_queue_lifetime_suffix - Expands into the value of the maximal_queue_life- - time parameter, expressed in the time unit speci- - fied by suffix. See above under delay_warning_time - for possible suffix values. - - The usage and specification of template message text is - subject to the following restrictions: - - o The template message text is not sent in Postmaster - copies of delivery status notifications. - - o If the template message text contains non-ASCII - characters, Postfix requires that the Charset: tem- - plate header is updated. Specify an appropriate - superset of US-ASCII. A superset is needed because - Postfix appends ASCII text after the message tem- + Expands into the value of the maximal_queue_lifetime parameter, + expressed in the time unit specified by suffix. See above under + delay_warning_time for possible suffix values. + + The usage and specification of template message text is subject to the + following restrictions: + + o The template message text is not sent in Postmaster copies of + delivery status notifications. + + o If the template message text contains non-ASCII characters, + Postfix requires that the Charset: template header is updated. + Specify an appropriate superset of US-ASCII. A superset is + needed because Postfix appends ASCII text after the message tem- plate when it sends a delivery status notification. SEE ALSO @@ -190,12 +170,11 @@ BOUNCE(5) BOUNCE(5) postconf(5), configuration parameters LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY - The Postfix bounce template format was originally devel- - oped by Nicolas Riendeau. + The Postfix bounce template format was originally developed by Nicolas + Riendeau. AUTHOR(S) Wietse Venema diff --git a/postfix/html/bounce.8.html b/postfix/html/bounce.8.html index 4896b1f11..8d7d38f08 100644 --- a/postfix/html/bounce.8.html +++ b/postfix/html/bounce.8.html @@ -13,34 +13,30 @@ BOUNCE(8) BOUNCE(8) bounce [generic Postfix daemon options] DESCRIPTION - The bounce(8) daemon maintains per-message log files with - delivery status information. Each log file is named after - the queue file that it corresponds to, and is kept in a - queue subdirectory named after the service name in the - master.cf file (either bounce, defer or trace). This pro- - gram expects to be run from the master(8) process manager. - - The bounce(8) daemon processes two types of service - requests: - - o Append a recipient (non-)delivery status record to - a per-message log file. - - o Enqueue a delivery status notification message, - with a copy of a per-message log file and of the - corresponding message. When the delivery status - notification message is enqueued successfully, the - per-message log file is deleted. - - The software does a best notification effort. A non-deliv- - ery notification is sent even when the log file or the - original message cannot be read. - - Optionally, a bounce (defer, trace) client can request - that the per-message log file be deleted when the - requested operation fails. This is used by clients that - cannot retry transactions by themselves, and that depend - on retry logic in their own client. + The bounce(8) daemon maintains per-message log files with delivery sta- + tus information. Each log file is named after the queue file that it + corresponds to, and is kept in a queue subdirectory named after the + service name in the master.cf file (either bounce, defer or trace). + This program expects to be run from the master(8) process manager. + + The bounce(8) daemon processes two types of service requests: + + o Append a recipient (non-)delivery status record to a per-message + log file. + + o Enqueue a delivery status notification message, with a copy of a + per-message log file and of the corresponding message. When the + delivery status notification message is enqueued successfully, + the per-message log file is deleted. + + The software does a best notification effort. A non-delivery notifica- + tion is sent even when the log file or the original message cannot be + read. + + Optionally, a bounce (defer, trace) client can request that the per- + message log file be deleted when the requested operation fails. This + is used by clients that cannot retry transactions by themselves, and + that depend on retry logic in their own client. STANDARDS RFC 822 (ARPA Internet Text Messages) @@ -55,104 +51,94 @@ BOUNCE(8) BOUNCE(8) Problems and transactions are logged to syslogd(8). CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically, as - bounce(8) processes run for only a limited amount of time. - Use the command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically, as bounce(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. 2bounce_notice_recipient (postmaster) - The recipient of undeliverable mail that cannot be - returned to the sender. + The recipient of undeliverable mail that cannot be returned to + the sender. backwards_bounce_logfile_compatibility (yes) - Produce additional bounce(8) logfile records that - can be read by Postfix versions before 2.0. + Produce additional bounce(8) logfile records that can be read by + Postfix versions before 2.0. bounce_notice_recipient (postmaster) - The recipient of postmaster notifications with the - message headers of mail that Postfix did not - deliver and of SMTP conversation transcripts of - mail that Postfix did not receive. + The recipient of postmaster notifications with the message head- + ers of mail that Postfix did not deliver and of SMTP conversa- + tion transcripts of mail that Postfix did not receive. bounce_size_limit (50000) - The maximal amount of original message text that is - sent in a non-delivery notification. + The maximal amount of original message text that is sent in a + non-delivery notification. bounce_template_file (empty) - Pathname of a configuration file with bounce mes- - sage templates. + Pathname of a configuration file with bounce message templates. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. delay_notice_recipient (postmaster) - The recipient of postmaster notifications with the - message headers of mail that cannot be delivered - within $delay_warning_time time units. + The recipient of postmaster notifications with the message head- + ers of mail that cannot be delivered within $delay_warning_time + time units. deliver_lock_attempts (20) - The maximal number of attempts to acquire an exclu- - sive lock on a mailbox file or bounce(8) logfile. + The maximal number of attempts to acquire an exclusive lock on a + mailbox file or bounce(8) logfile. deliver_lock_delay (1s) - The time between attempts to acquire an exclusive - lock on a mailbox file or bounce(8) logfile. + The time between attempts to acquire an exclusive lock on a + mailbox file or bounce(8) logfile. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are sub- - ject to before-queue content inspection by - non_smtpd_milters, header_checks and body_checks. + What categories of Postfix-generated mail are subject to before- + queue content inspection by non_smtpd_milters, header_checks and + body_checks. mail_name (Postfix) - The mail system name that is displayed in Received: - headers, in the SMTP greeting banner, and in - bounced mail. + The mail system name that is displayed in Received: headers, in + the SMTP greeting banner, and in bounced mail. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. notify_classes (resource, software) - The list of error classes that are reported to the - postmaster. + The list of error classes that are reported to the postmaster. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". FILES /var/spool/postfix/bounce/* non-delivery records @@ -168,8 +154,7 @@ BOUNCE(8) BOUNCE(8) syslogd(8), system logging LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/canonical.5.html b/postfix/html/canonical.5.html index 58c522cef..1c405c373 100644 --- a/postfix/html/canonical.5.html +++ b/postfix/html/canonical.5.html @@ -17,247 +17,222 @@ CANONICAL(5) CANONICAL(5) postmap -q - /etc/postfix/canonical <inputfile DESCRIPTION - The optional canonical(5) table specifies an address map- - ping for local and non-local addresses. The mapping is - used by the cleanup(8) daemon, before mail is stored into - the queue. The address mapping is recursive. - - Normally, the canonical(5) table is specified as a text - file that serves as input to the postmap(1) command. The - result, an indexed file in dbm or db format, is used for - fast searching by the mail system. Execute the command - "postmap /etc/postfix/canonical" to rebuild an indexed - file after changing the corresponding text file. - - When the table is provided via other means such as NIS, - LDAP or SQL, the same lookups are done as for ordinary - indexed files. - - Alternatively, the table can be provided as a regular- - expression map where patterns are given as regular expres- - sions, or lookups can be directed to TCP-based server. In - those cases, the lookups are done in a slightly different - way as described below under "REGULAR EXPRESSION TABLES" - or "TCP-BASED TABLES". - - By default the canonical(5) mapping affects both message - header addresses (i.e. addresses that appear inside mes- - sages) and message envelope addresses (for example, the - addresses that are used in SMTP protocol commands). This - is controlled with the canonical_classes parameter. - - NOTE: Postfix versions 2.2 and later rewrite message head- - ers from remote SMTP clients only if the client matches - the local_header_rewrite_clients parameter, or if the - remote_header_rewrite_domain configuration parameter spec- - ifies a non-empty value. To get the behavior before Post- - fix 2.2, specify "local_header_rewrite_clients = + The optional canonical(5) table specifies an address mapping for local + and non-local addresses. The mapping is used by the cleanup(8) daemon, + before mail is stored into the queue. The address mapping is recur- + sive. + + Normally, the canonical(5) table is specified as a text file that + serves as input to the postmap(1) command. The result, an indexed file + in dbm or db format, is used for fast searching by the mail system. + Execute the command "postmap /etc/postfix/canonical" to rebuild an + indexed file after changing the corresponding text file. + + When the table is provided via other means such as NIS, LDAP or SQL, + the same lookups are done as for ordinary indexed files. + + Alternatively, the table can be provided as a regular-expression map + where patterns are given as regular expressions, or lookups can be + directed to TCP-based server. In those cases, the lookups are done in a + slightly different way as described below under "REGULAR EXPRESSION + TABLES" or "TCP-BASED TABLES". + + By default the canonical(5) mapping affects both message header + addresses (i.e. addresses that appear inside messages) and message + envelope addresses (for example, the addresses that are used in SMTP + protocol commands). This is controlled with the canonical_classes + parameter. + + NOTE: Postfix versions 2.2 and later rewrite message headers from + remote SMTP clients only if the client matches the local_header_re- + write_clients parameter, or if the remote_header_rewrite_domain config- + uration parameter specifies a non-empty value. To get the behavior + before Postfix 2.2, specify "local_header_rewrite_clients = static:all". - Typically, one would use the canonical(5) table to replace - login names by Firstname.Lastname, or to clean up - addresses produced by legacy mail systems. + Typically, one would use the canonical(5) table to replace login names + by Firstname.Lastname, or to clean up addresses produced by legacy mail + systems. - The canonical(5) mapping is not to be confused with vir- - tual alias support or with local aliasing. To change the - destination but not the headers, use the virtual(5) or - aliases(5) map instead. + The canonical(5) mapping is not to be confused with virtual alias sup- + port or with local aliasing. To change the destination but not the + headers, use the virtual(5) or aliases(5) map instead. CASE FOLDING - The search string is folded to lowercase before database - lookup. As of Postfix 2.3, the search string is not case - folded with database types such as regexp: or pcre: whose - lookup fields can match both upper and lower case. + The search string is folded to lowercase before database lookup. As of + Postfix 2.3, the search string is not case folded with database types + such as regexp: or pcre: whose lookup fields can match both upper and + lower case. TABLE FORMAT The input format for the postmap(1) command is as follows: pattern address - When pattern matches a mail address, replace it by - the corresponding address. + When pattern matches a mail address, replace it by the corre- + sponding address. blank lines and comments - Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character - is a `#'. + Empty lines and whitespace-only lines are ignored, as are lines + whose first non-whitespace character is a `#'. multi-line text - A logical line starts with non-whitespace text. A - line that starts with whitespace continues a logi- - cal line. + A logical line starts with non-whitespace text. A line that + starts with whitespace continues a logical line. TABLE SEARCH ORDER - With lookups from indexed files such as DB or DBM, or from - networked tables such as NIS, LDAP or SQL, patterns are - tried in the order as listed below: + With lookups from indexed files such as DB or DBM, or from networked + tables such as NIS, LDAP or SQL, patterns are tried in the order as + listed below: user@domain address - Replace user@domain by address. This form has the - highest precedence. + Replace user@domain by address. This form has the highest prece- + dence. - This is useful to clean up addresses produced by - legacy mail systems. It can also be used to pro- - duce Firstname.Lastname style addresses, but see - below for a simpler solution. + This is useful to clean up addresses produced by legacy mail + systems. It can also be used to produce Firstname.Lastname + style addresses, but see below for a simpler solution. user address - Replace user@site by address when site is equal to - $myorigin, when site is listed in $mydestination, - or when it is listed in $inet_interfaces or - $proxy_interfaces. + Replace user@site by address when site is equal to $myorigin, + when site is listed in $mydestination, or when it is listed in + $inet_interfaces or $proxy_interfaces. - This form is useful for replacing login names by - Firstname.Lastname. + This form is useful for replacing login names by Firstname.Last- + name. @domain address - Replace other addresses in domain by address. This - form has the lowest precedence. - - Note: @domain is a wild-card. When this form is - applied to recipient addresses, the Postfix SMTP - server accepts mail for any recipient in domain, - regardless of whether that recipient exists. This - may turn your mail system into a backscatter - source: Postfix first accepts mail for non-existent - recipients and then tries to return that mail as - "undeliverable" to the often forged sender address. + Replace other addresses in domain by address. This form has the + lowest precedence. + + Note: @domain is a wild-card. When this form is applied to + recipient addresses, the Postfix SMTP server accepts mail for + any recipient in domain, regardless of whether that recipient + exists. This may turn your mail system into a backscatter + source: Postfix first accepts mail for non-existent recipients + and then tries to return that mail as "undeliverable" to the + often forged sender address. RESULT ADDRESS REWRITING The lookup result is subject to address rewriting: - o When the result has the form @otherdomain, the - result becomes the same user in otherdomain. + o When the result has the form @otherdomain, the result becomes + the same user in otherdomain. - o When "append_at_myorigin=yes", append "@$myorigin" - to addresses without "@domain". + o When "append_at_myorigin=yes", append "@$myorigin" to addresses + without "@domain". - o When "append_dot_mydomain=yes", append ".$mydomain" - to addresses without ".domain". + o When "append_dot_mydomain=yes", append ".$mydomain" to addresses + without ".domain". ADDRESS EXTENSION - When a mail address localpart contains the optional recip- - ient delimiter (e.g., user+foo@domain), the lookup order - becomes: user+foo@domain, user@domain, user+foo, user, and - @domain. + When a mail address localpart contains the optional recipient delimiter + (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, + user@domain, user+foo, user, and @domain. - The propagate_unmatched_extensions parameter controls - whether an unmatched address extension (+foo) is propa- - gated to the result of table lookup. + The propagate_unmatched_extensions parameter controls whether an + unmatched address extension (+foo) is propagated to the result of table + lookup. REGULAR EXPRESSION TABLES - This section describes how the table lookups change when - the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, - see regexp_table(5) or pcre_table(5). + This section describes how the table lookups change when the table is + given in the form of regular expressions. For a description of regular + expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to - the entire address being looked up. Thus, user@domain mail - addresses are not broken up into their user and @domain - constituent parts, nor is user+foo broken up into user and - foo. + Each pattern is a regular expression that is applied to the entire + address being looked up. Thus, user@domain mail addresses are not bro- + ken up into their user and @domain constituent parts, nor is user+foo + broken up into user and foo. - Patterns are applied in the order as specified in the ta- - ble, until a pattern is found that matches the search - string. + Patterns are applied in the order as specified in the table, until a + pattern is found that matches the search string. - Results are the same as with indexed file lookups, with - the additional feature that parenthesized substrings from - the pattern can be interpolated as $1, $2 and so on. + Results are the same as with indexed file lookups, with the additional + feature that parenthesized substrings from the pattern can be interpo- + lated as $1, $2 and so on. TCP-BASED TABLES - This section describes how the table lookups change when - lookups are directed to a TCP-based server. For a descrip- - tion of the TCP client/server lookup protocol, see tcp_ta- - ble(5). This feature is not available up to and including - Postfix version 2.4. + This section describes how the table lookups change when lookups are + directed to a TCP-based server. For a description of the TCP + client/server lookup protocol, see tcp_table(5). This feature is not + available up to and including Postfix version 2.4. - Each lookup operation uses the entire address once. Thus, - user@domain mail addresses are not broken up into their - user and @domain constituent parts, nor is user+foo broken - up into user and foo. + Each lookup operation uses the entire address once. Thus, user@domain + mail addresses are not broken up into their user and @domain con- + stituent parts, nor is user+foo broken up into user and foo. Results are the same as with indexed file lookups. BUGS - The table format does not understand quoting conventions. + The table format does not understand quoting conventions. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The following main.cf parameters are especially relevant. The text + below provides only a parameter summary. See postconf(5) for more + details including examples. canonical_classes - What addresses are subject to canonical address - mapping. + What addresses are subject to canonical address mapping. canonical_maps List of canonical mapping tables. recipient_canonical_maps - Address mapping lookup table for envelope and - header recipient addresses. + Address mapping lookup table for envelope and header recipient + addresses. sender_canonical_maps - Address mapping lookup table for envelope and - header sender addresses. + Address mapping lookup table for envelope and header sender + addresses. propagate_unmatched_extensions - A list of address rewriting or forwarding mecha- - nisms that propagate an address extension from the - original address to the result. Specify zero or - more of canonical, virtual, alias, forward, - include, or generic. + A list of address rewriting or forwarding mechanisms that propa- + gate an address extension from the original address to the + result. Specify zero or more of canonical, virtual, alias, for- + ward, include, or generic. Other parameters of interest: inet_interfaces - The network interface addresses that this system - receives mail on. You need to stop and start Post- - fix when this parameter changes. + The network interface addresses that this system receives mail + on. You need to stop and start Postfix when this parameter + changes. local_header_rewrite_clients - Rewrite message header addresses in mail from these - clients and update incomplete addresses with the - domain name in $myorigin or $mydomain; either don't - rewrite message headers from other clients at all, - or rewrite message headers and update incomplete - addresses with the domain specified in the - remote_header_rewrite_domain parameter. + Rewrite message header addresses in mail from these clients and + update incomplete addresses with the domain name in $myorigin or + $mydomain; either don't rewrite message headers from other + clients at all, or rewrite message headers and update incomplete + addresses with the domain specified in the remote_header_re- + write_domain parameter. proxy_interfaces - Other interfaces that this machine receives mail on - by way of a proxy agent or network address transla- - tor. + Other interfaces that this machine receives mail on by way of a + proxy agent or network address translator. masquerade_classes - List of address classes subject to masquerading: - zero or more of envelope_sender, envelope_recipi- - ent, header_sender, header_recipient. + List of address classes subject to masquerading: zero or more of + envelope_sender, envelope_recipient, header_sender, + header_recipient. masquerade_domains - List of domains that hide their subdomain struc- - ture. + List of domains that hide their subdomain structure. masquerade_exceptions - List of user names that are not subject to address - masquerading. + List of user names that are not subject to address masquerading. mydestination - List of domains that this mail system considers - local. + List of domains that this mail system considers local. myorigin The domain that is appended to locally-posted mail. owner_request_special - Give special treatment to owner-xxx and xxx-request - addresses. + Give special treatment to owner-xxx and xxx-request addresses. remote_header_rewrite_domain - Don't rewrite message headers from remote clients - at all when this parameter is empty; otherwise, re- - write message headers and append the specified - domain name to incomplete addresses. + Don't rewrite message headers from remote clients at all when + this parameter is empty; otherwise, rewrite message headers and + append the specified domain name to incomplete addresses. SEE ALSO cleanup(8), canonicalize and enqueue mail @@ -270,8 +245,7 @@ CANONICAL(5) CANONICAL(5) ADDRESS_REWRITING_README, address rewriting guide LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/cidr_table.5.html b/postfix/html/cidr_table.5.html index 18cb8206a..cfc36b0c5 100644 --- a/postfix/html/cidr_table.5.html +++ b/postfix/html/cidr_table.5.html @@ -15,66 +15,57 @@ CIDR_TABLE(5) CIDR_TABLE(5) postmap -q - cidr:/etc/postfix/filename <inputfile DESCRIPTION - The Postfix mail system uses optional lookup tables. - These tables are usually in dbm or db format. Alterna- - tively, lookup tables can be specified in CIDR (Classless - Inter-Domain Routing) form. In this case, each input is - compared against a list of patterns. When a match is - found, the corresponding result is returned and the search - is terminated. + The Postfix mail system uses optional lookup tables. These tables are + usually in dbm or db format. Alternatively, lookup tables can be spec- + ified in CIDR (Classless Inter-Domain Routing) form. In this case, each + input is compared against a list of patterns. When a match is found, + the corresponding result is returned and the search is terminated. - To find out what types of lookup tables your Postfix sys- - tem supports use the "postconf -m" command. + To find out what types of lookup tables your Postfix system supports + use the "postconf -m" command. - To test lookup tables, use the "postmap -q" command as - described in the SYNOPSIS above. + To test lookup tables, use the "postmap -q" command as described in the + SYNOPSIS above. TABLE FORMAT The general form of a Postfix CIDR table is: network_address/network_mask result - When a search string matches the specified network - block, use the corresponding result value. Specify - 0.0.0.0/0 to match every IPv4 address, and ::/0 to - match every IPv6 address. + When a search string matches the specified network block, use + the corresponding result value. Specify 0.0.0.0/0 to match every + IPv4 address, and ::/0 to match every IPv6 address. - An IPv4 network address is a sequence of four deci- - mal octets separated by ".", and an IPv6 network - address is a sequence of three to eight hexadecimal - octet pairs separated by ":". + An IPv4 network address is a sequence of four decimal octets + separated by ".", and an IPv6 network address is a sequence of + three to eight hexadecimal octet pairs separated by ":". - The network_mask is the number of high-order bits - in the network_address that the search string must - match. + The network_mask is the number of high-order bits in the net- + work_address that the search string must match. - Before comparisons are made, lookup keys and table - entries are converted from string to binary. There- - fore table entries will be matched regardless of - redundant zero characters. + Before comparisons are made, lookup keys and table entries are + converted from string to binary. Therefore table entries will be + matched regardless of redundant zero characters. - Note: address information may be enclosed inside - "[]" but this form is not required. + Note: address information may be enclosed inside "[]" but this + form is not required. IPv6 support is available in Postfix 2.2 and later. network_address result - When a search string matches the specified network - address, use the corresponding result value. + When a search string matches the specified network address, use + the corresponding result value. blank lines and comments - Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character - is a `#'. + Empty lines and whitespace-only lines are ignored, as are lines + whose first non-whitespace character is a `#'. multi-line text - A logical line starts with non-whitespace text. A - line that starts with whitespace continues a logi- - cal line. + A logical line starts with non-whitespace text. A line that + starts with whitespace continues a logical line. TABLE SEARCH ORDER - Patterns are applied in the order as specified in the ta- - ble, until a pattern is found that matches the search - string. + Patterns are applied in the order as specified in the table, until a + pattern is found that matches the search string. EXAMPLE SMTPD ACCESS MAP /etc/postfix/main.cf: diff --git a/postfix/html/cleanup.8.html b/postfix/html/cleanup.8.html index b12dd0f1c..a3489bd6b 100644 --- a/postfix/html/cleanup.8.html +++ b/postfix/html/cleanup.8.html @@ -13,46 +13,40 @@ CLEANUP(8) CLEANUP(8) cleanup [generic Postfix daemon options] DESCRIPTION - The cleanup(8) daemon processes inbound mail, inserts it - into the incoming mail queue, and informs the queue man- - ager of its arrival. + The cleanup(8) daemon processes inbound mail, inserts it into the + incoming mail queue, and informs the queue manager of its arrival. - The cleanup(8) daemon always performs the following trans- - formations: + The cleanup(8) daemon always performs the following transformations: - o Insert missing message headers: (Resent-) From:, - To:, Message-Id:, and Date:. + o Insert missing message headers: (Resent-) From:, To:, Message- + Id:, and Date:. - o Transform envelope and header addresses to the - standard user@fully-qualified-domain form that is - expected by other Postfix programs. This task is - delegated to the trivial-rewrite(8) daemon. + o Transform envelope and header addresses to the standard + user@fully-qualified-domain form that is expected by other Post- + fix programs. This task is delegated to the trivial-rewrite(8) + daemon. o Eliminate duplicate envelope recipient addresses. The following address transformations are optional: - o Optionally, rewrite all envelope and header - addresses according to the mappings specified in - the canonical(5) lookup tables. + o Optionally, rewrite all envelope and header addresses according + to the mappings specified in the canonical(5) lookup tables. - o Optionally, masquerade envelope sender addresses - and message header addresses (i.e. strip host or - domain information below all domains listed in the - masquerade_domains parameter, except for user names - listed in masquerade_exceptions). By default, - address masquerading does not affect envelope - recipients. + o Optionally, masquerade envelope sender addresses and message + header addresses (i.e. strip host or domain information below + all domains listed in the masquerade_domains parameter, except + for user names listed in masquerade_exceptions). By default, + address masquerading does not affect envelope recipients. - o Optionally, expand envelope recipients according to - information found in the virtual(5) lookup tables. + o Optionally, expand envelope recipients according to information + found in the virtual(5) lookup tables. - The cleanup(8) daemon performs sanity checks on the con- - tent of each message. When it finds a problem, by default - it returns a diagnostic status to the client, and leaves - it up to the client to deal with the problem. Alterna- - tively, the client can request the cleanup(8) daemon to - bounce the message back to the sender in case of trouble. + The cleanup(8) daemon performs sanity checks on the content of each + message. When it finds a problem, by default it returns a diagnostic + status to the client, and leaves it up to the client to deal with the + problem. Alternatively, the client can request the cleanup(8) daemon to + bounce the message back to the sender in case of trouble. STANDARDS RFC 822 (ARPA Internet Text Messages) @@ -67,176 +61,158 @@ CLEANUP(8) CLEANUP(8) Problems and transactions are logged to syslogd(8). BUGS - Table-driven rewriting rules make it hard to express if - then else and other logical relationships. + Table-driven rewriting rules make it hard to express if then else and + other logical relationships. CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically, as - cleanup(8) processes run for only a limited amount of - time. Use the command "postfix reload" to speed up a - change. + Changes to main.cf are picked up automatically, as cleanup(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. COMPATIBILITY CONTROLS undisclosed_recipients_header (see 'postconf -d' output) - Message header that the Postfix cleanup(8) server - inserts when a message contains no To: or Cc: mes- - sage header. + Message header that the Postfix cleanup(8) server inserts when a + message contains no To: or Cc: message header. Available in Postfix version 2.1 only: enable_errors_to (no) - Report mail delivery errors to the address speci- - fied with the non-standard Errors-To: message - header, instead of the envelope sender address - (this feature is removed with Postfix version 2.2, - is turned off by default with Postfix version 2.1, - and is always turned on with older Postfix ver- - sions). + Report mail delivery errors to the address specified with the + non-standard Errors-To: message header, instead of the envelope + sender address (this feature is removed with Postfix version + 2.2, is turned off by default with Postfix version 2.1, and is + always turned on with older Postfix versions). Available in Postfix version 2.6 and later: always_add_missing_headers (no) - Always add (Resent-) From:, To:, Date: or Message- - ID: headers when not present. + Always add (Resent-) From:, To:, Date: or Message-ID: headers + when not present. Available in Postfix version 2.9 and later: enable_long_queue_ids (no) - Enable long, non-repeating, queue IDs (queue file - names). + Enable long, non-repeating, queue IDs (queue file names). BUILT-IN CONTENT FILTERING CONTROLS - Postfix built-in content filtering is meant to stop a - flood of worms or viruses. It is not a general content - filter. + Postfix built-in content filtering is meant to stop a flood of worms or + viruses. It is not a general content filter. body_checks (empty) - Optional lookup tables for content inspection as - specified in the body_checks(5) manual page. + Optional lookup tables for content inspection as specified in + the body_checks(5) manual page. header_checks (empty) - Optional lookup tables for content inspection of - primary non-MIME message headers, as specified in - the header_checks(5) manual page. + Optional lookup tables for content inspection of primary non- + MIME message headers, as specified in the header_checks(5) man- + ual page. Available in Postfix version 2.0 and later: body_checks_size_limit (51200) - How much text in a message body segment (or attach- - ment, if you prefer to use that term) is subjected - to body_checks inspection. + How much text in a message body segment (or attachment, if you + prefer to use that term) is subjected to body_checks inspection. mime_header_checks ($header_checks) - Optional lookup tables for content inspection of - MIME related message headers, as described in the - header_checks(5) manual page. + Optional lookup tables for content inspection of MIME related + message headers, as described in the header_checks(5) manual + page. nested_header_checks ($header_checks) - Optional lookup tables for content inspection of - non-MIME message headers in attached messages, as - described in the header_checks(5) manual page. + Optional lookup tables for content inspection of non-MIME mes- + sage headers in attached messages, as described in the + header_checks(5) manual page. Available in Postfix version 2.3 and later: message_reject_characters (empty) - The set of characters that Postfix will reject in - message content. + The set of characters that Postfix will reject in message con- + tent. message_strip_characters (empty) - The set of characters that Postfix will remove from - message content. + The set of characters that Postfix will remove from message con- + tent. BEFORE QUEUE MILTER CONTROLS - As of version 2.3, Postfix supports the Sendmail version 8 - Milter (mail filter) protocol. When mail is not received - via the smtpd(8) server, the cleanup(8) server will simu- - late SMTP events to the extent that this is possible. For - details see the MILTER_README document. + As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail + filter) protocol. When mail is not received via the smtpd(8) server, + the cleanup(8) server will simulate SMTP events to the extent that this + is possible. For details see the MILTER_README document. non_smtpd_milters (empty) - A list of Milter (mail filter) applications for new - mail that does not arrive via the Postfix smtpd(8) - server. + A list of Milter (mail filter) applications for new mail that + does not arrive via the Postfix smtpd(8) server. milter_protocol (6) - The mail filter protocol version and optional pro- - tocol extensions for communication with a Milter - application; prior to Postfix 2.6 the default pro- - tocol is 2. + The mail filter protocol version and optional protocol exten- + sions for communication with a Milter application; prior to + Postfix 2.6 the default protocol is 2. milter_default_action (tempfail) - The default action when a Milter (mail filter) - application is unavailable or mis-configured. + The default action when a Milter (mail filter) application is + unavailable or mis-configured. milter_macro_daemon_name ($myhostname) - The {daemon_name} macro value for Milter (mail fil- - ter) applications. + The {daemon_name} macro value for Milter (mail filter) applica- + tions. milter_macro_v ($mail_name $mail_version) - The {v} macro value for Milter (mail filter) appli- - cations. + The {v} macro value for Milter (mail filter) applications. milter_connect_timeout (30s) - The time limit for connecting to a Milter (mail - filter) application, and for negotiating protocol - options. + The time limit for connecting to a Milter (mail filter) applica- + tion, and for negotiating protocol options. milter_command_timeout (30s) - The time limit for sending an SMTP command to a - Milter (mail filter) application, and for receiving - the response. + The time limit for sending an SMTP command to a Milter (mail + filter) application, and for receiving the response. milter_content_timeout (300s) - The time limit for sending message content to a - Milter (mail filter) application, and for receiving - the response. + The time limit for sending message content to a Milter (mail + filter) application, and for receiving the response. milter_connect_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) - applications after completion of an SMTP connec- - tion. + The macros that are sent to Milter (mail filter) applications + after completion of an SMTP connection. milter_helo_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) - applications after the SMTP HELO or EHLO command. + The macros that are sent to Milter (mail filter) applications + after the SMTP HELO or EHLO command. milter_mail_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) - applications after the SMTP MAIL FROM command. + The macros that are sent to Milter (mail filter) applications + after the SMTP MAIL FROM command. milter_rcpt_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) - applications after the SMTP RCPT TO command. + The macros that are sent to Milter (mail filter) applications + after the SMTP RCPT TO command. milter_data_macros (see 'postconf -d' output) - The macros that are sent to version 4 or higher - Milter (mail filter) applications after the SMTP - DATA command. + The macros that are sent to version 4 or higher Milter (mail + filter) applications after the SMTP DATA command. milter_unknown_command_macros (see 'postconf -d' output) - The macros that are sent to version 3 or higher - Milter (mail filter) applications after an unknown - SMTP command. + The macros that are sent to version 3 or higher Milter (mail + filter) applications after an unknown SMTP command. milter_end_of_data_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) - applications after the message end-of-data. + The macros that are sent to Milter (mail filter) applications + after the message end-of-data. Available in Postfix version 2.5 and later: milter_end_of_header_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) - applications after the end of the message header. + The macros that are sent to Milter (mail filter) applications + after the end of the message header. Available in Postfix version 2.7 and later: milter_header_checks (empty) - Optional lookup tables for content inspection of - message headers that are produced by Milter appli- - cations. + Optional lookup tables for content inspection of message headers + that are produced by Milter applications. MIME PROCESSING CONTROLS Available in Postfix version 2.0 and later: @@ -245,253 +221,226 @@ CLEANUP(8) CLEANUP(8) Turn off MIME processing while receiving mail. mime_boundary_length_limit (2048) - The maximal length of MIME multipart boundary - strings. + The maximal length of MIME multipart boundary strings. mime_nesting_limit (100) - The maximal recursion level that the MIME processor - will handle. + The maximal recursion level that the MIME processor will handle. strict_8bitmime (no) - Enable both strict_7bit_headers and strict_8bit- - mime_body. + Enable both strict_7bit_headers and strict_8bitmime_body. strict_7bit_headers (no) Reject mail with 8-bit text in message headers. strict_8bitmime_body (no) - Reject 8-bit message body text without 8-bit MIME - content encoding information. + Reject 8-bit message body text without 8-bit MIME content encod- + ing information. strict_mime_encoding_domain (no) - Reject mail with invalid Content-Transfer-Encoding: - information for the message/* or multipart/* MIME - content types. + Reject mail with invalid Content-Transfer-Encoding: information + for the message/* or multipart/* MIME content types. Available in Postfix version 2.5 and later: detect_8bit_encoding_header (yes) - Automatically detect 8BITMIME body content by look- - ing at Content-Transfer-Encoding: message headers; - historically, this behavior was hard-coded to be - "always on". + Automatically detect 8BITMIME body content by looking at Con- + tent-Transfer-Encoding: message headers; historically, this + behavior was hard-coded to be "always on". AUTOMATIC BCC RECIPIENT CONTROLS - Postfix can automatically add BCC (blind carbon copy) when - mail enters the mail system: + Postfix can automatically add BCC (blind carbon copy) when mail enters + the mail system: always_bcc (empty) - Optional address that receives a "blind carbon - copy" of each message that is received by the Post- - fix mail system. + Optional address that receives a "blind carbon copy" of each + message that is received by the Postfix mail system. Available in Postfix version 2.1 and later: sender_bcc_maps (empty) - Optional BCC (blind carbon-copy) address lookup - tables, indexed by sender address. + Optional BCC (blind carbon-copy) address lookup tables, indexed + by sender address. recipient_bcc_maps (empty) - Optional BCC (blind carbon-copy) address lookup - tables, indexed by recipient address. + Optional BCC (blind carbon-copy) address lookup tables, indexed + by recipient address. ADDRESS TRANSFORMATION CONTROLS - Address rewriting is delegated to the trivial-rewrite(8) - daemon. The cleanup(8) server implements table driven - address mapping. + Address rewriting is delegated to the trivial-rewrite(8) daemon. The + cleanup(8) server implements table driven address mapping. empty_address_recipient (MAILER-DAEMON) - The recipient of mail addressed to the null - address. + The recipient of mail addressed to the null address. canonical_maps (empty) - Optional address mapping lookup tables for message - headers and envelopes. + Optional address mapping lookup tables for message headers and + envelopes. recipient_canonical_maps (empty) - Optional address mapping lookup tables for envelope - and header recipient addresses. + Optional address mapping lookup tables for envelope and header + recipient addresses. sender_canonical_maps (empty) - Optional address mapping lookup tables for envelope - and header sender addresses. + Optional address mapping lookup tables for envelope and header + sender addresses. - masquerade_classes (envelope_sender, header_sender, - header_recipient) + masquerade_classes (envelope_sender, header_sender, header_recipient) What addresses are subject to address masquerading. masquerade_domains (empty) - Optional list of domains whose subdomain structure - will be stripped off in email addresses. + Optional list of domains whose subdomain structure will be + stripped off in email addresses. masquerade_exceptions (empty) - Optional list of user names that are not subjected - to address masquerading, even when their address - matches $masquerade_domains. + Optional list of user names that are not subjected to address + masquerading, even when their address matches $masquer- + ade_domains. propagate_unmatched_extensions (canonical, virtual) - What address lookup tables copy an address exten- - sion from the lookup key to the lookup result. + What address lookup tables copy an address extension from the + lookup key to the lookup result. Available before Postfix version 2.0: virtual_maps (empty) - Optional lookup tables with a) names of domains for - which all addresses are aliased to addresses in - other local or remote domains, and b) addresses - that are aliased to addresses in other local or - remote domains. + Optional lookup tables with a) names of domains for which all + addresses are aliased to addresses in other local or remote + domains, and b) addresses that are aliased to addresses in other + local or remote domains. Available in Postfix version 2.0 and later: virtual_alias_maps ($virtual_maps) - Optional lookup tables that alias specific mail - addresses or domains to other local or remote - address. + Optional lookup tables that alias specific mail addresses or + domains to other local or remote address. Available in Postfix version 2.2 and later: - canonical_classes (envelope_sender, envelope_recipient, - header_sender, header_recipient) - What addresses are subject to canonical_maps - address mapping. - - recipient_canonical_classes (envelope_recipient, + canonical_classes (envelope_sender, envelope_recipient, header_sender, header_recipient) - What addresses are subject to recipient_canoni- - cal_maps address mapping. + What addresses are subject to canonical_maps address mapping. + + recipient_canonical_classes (envelope_recipient, header_recipient) + What addresses are subject to recipient_canonical_maps address + mapping. sender_canonical_classes (envelope_sender, header_sender) - What addresses are subject to sender_canonical_maps - address mapping. + What addresses are subject to sender_canonical_maps address map- + ping. remote_header_rewrite_domain (empty) - Don't rewrite message headers from remote clients - at all when this parameter is empty; otherwise, re- - write message headers and append the specified - domain name to incomplete addresses. + Don't rewrite message headers from remote clients at all when + this parameter is empty; otherwise, rewrite message headers and + append the specified domain name to incomplete addresses. RESOURCE AND RATE CONTROLS duplicate_filter_limit (1000) - The maximal number of addresses remembered by the - address duplicate filter for aliases(5) or vir- - tual(5) alias expansion, or for showq(8) queue dis- - plays. + The maximal number of addresses remembered by the address dupli- + cate filter for aliases(5) or virtual(5) alias expansion, or for + showq(8) queue displays. header_size_limit (102400) - The maximal amount of memory in bytes for storing a - message header. + The maximal amount of memory in bytes for storing a message + header. hopcount_limit (50) - The maximal number of Received: message headers - that is allowed in the primary message headers. + The maximal number of Received: message headers that is allowed + in the primary message headers. in_flow_delay (1s) - Time to pause before accepting a new message, when - the message arrival rate exceeds the message deliv- - ery rate. + Time to pause before accepting a new message, when the message + arrival rate exceeds the message delivery rate. message_size_limit (10240000) - The maximal size in bytes of a message, including - envelope information. + The maximal size in bytes of a message, including envelope + information. Available in Postfix version 2.0 and later: header_address_token_limit (10240) - The maximal number of address tokens are allowed in - an address message header. + The maximal number of address tokens are allowed in an address + message header. mime_boundary_length_limit (2048) - The maximal length of MIME multipart boundary - strings. + The maximal length of MIME multipart boundary strings. mime_nesting_limit (100) - The maximal recursion level that the MIME processor - will handle. + The maximal recursion level that the MIME processor will handle. queue_file_attribute_count_limit (100) - The maximal number of (name=value) attributes that - may be stored in a Postfix queue file. + The maximal number of (name=value) attributes that may be stored + in a Postfix queue file. Available in Postfix version 2.1 and later: virtual_alias_expansion_limit (1000) - The maximal number of addresses that virtual alias - expansion produces from each original recipient. + The maximal number of addresses that virtual alias expansion + produces from each original recipient. virtual_alias_recursion_limit (1000) - The maximal nesting depth of virtual alias expan- - sion. + The maximal nesting depth of virtual alias expansion. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal - point when logging sub-second delay values. + The maximal number of digits after the decimal point when log- + ging sub-second delay values. delay_warning_time (0h) - The time after which the sender receives a copy of - the message headers of mail that is still queued. + The time after which the sender receives a copy of the message + headers of mail that is still queued. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. myhostname (see 'postconf -d' output) The internet hostname of this mail system. myorigin ($myhostname) - The domain name that locally-posted mail appears to - come from, and that locally posted mail is deliv- - ered to. + The domain name that locally-posted mail appears to come from, + and that locally posted mail is delivered to. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. soft_bounce (no) - Safety net to keep mail queued that would otherwise - be returned to the sender. + Safety net to keep mail queued that would otherwise be returned + to the sender. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". Available in Postfix version 2.1 and later: enable_original_recipient (yes) - Enable support for the X-Original-To message - header. + Enable support for the X-Original-To message header. FILES /etc/postfix/canonical*, canonical mapping table @@ -514,8 +463,7 @@ CLEANUP(8) CLEANUP(8) CONTENT_INSPECTION_README content inspection LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/defer.8.html b/postfix/html/defer.8.html index 4896b1f11..8d7d38f08 100644 --- a/postfix/html/defer.8.html +++ b/postfix/html/defer.8.html @@ -13,34 +13,30 @@ BOUNCE(8) BOUNCE(8) bounce [generic Postfix daemon options] DESCRIPTION - The bounce(8) daemon maintains per-message log files with - delivery status information. Each log file is named after - the queue file that it corresponds to, and is kept in a - queue subdirectory named after the service name in the - master.cf file (either bounce, defer or trace). This pro- - gram expects to be run from the master(8) process manager. - - The bounce(8) daemon processes two types of service - requests: - - o Append a recipient (non-)delivery status record to - a per-message log file. - - o Enqueue a delivery status notification message, - with a copy of a per-message log file and of the - corresponding message. When the delivery status - notification message is enqueued successfully, the - per-message log file is deleted. - - The software does a best notification effort. A non-deliv- - ery notification is sent even when the log file or the - original message cannot be read. - - Optionally, a bounce (defer, trace) client can request - that the per-message log file be deleted when the - requested operation fails. This is used by clients that - cannot retry transactions by themselves, and that depend - on retry logic in their own client. + The bounce(8) daemon maintains per-message log files with delivery sta- + tus information. Each log file is named after the queue file that it + corresponds to, and is kept in a queue subdirectory named after the + service name in the master.cf file (either bounce, defer or trace). + This program expects to be run from the master(8) process manager. + + The bounce(8) daemon processes two types of service requests: + + o Append a recipient (non-)delivery status record to a per-message + log file. + + o Enqueue a delivery status notification message, with a copy of a + per-message log file and of the corresponding message. When the + delivery status notification message is enqueued successfully, + the per-message log file is deleted. + + The software does a best notification effort. A non-delivery notifica- + tion is sent even when the log file or the original message cannot be + read. + + Optionally, a bounce (defer, trace) client can request that the per- + message log file be deleted when the requested operation fails. This + is used by clients that cannot retry transactions by themselves, and + that depend on retry logic in their own client. STANDARDS RFC 822 (ARPA Internet Text Messages) @@ -55,104 +51,94 @@ BOUNCE(8) BOUNCE(8) Problems and transactions are logged to syslogd(8). CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically, as - bounce(8) processes run for only a limited amount of time. - Use the command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically, as bounce(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. 2bounce_notice_recipient (postmaster) - The recipient of undeliverable mail that cannot be - returned to the sender. + The recipient of undeliverable mail that cannot be returned to + the sender. backwards_bounce_logfile_compatibility (yes) - Produce additional bounce(8) logfile records that - can be read by Postfix versions before 2.0. + Produce additional bounce(8) logfile records that can be read by + Postfix versions before 2.0. bounce_notice_recipient (postmaster) - The recipient of postmaster notifications with the - message headers of mail that Postfix did not - deliver and of SMTP conversation transcripts of - mail that Postfix did not receive. + The recipient of postmaster notifications with the message head- + ers of mail that Postfix did not deliver and of SMTP conversa- + tion transcripts of mail that Postfix did not receive. bounce_size_limit (50000) - The maximal amount of original message text that is - sent in a non-delivery notification. + The maximal amount of original message text that is sent in a + non-delivery notification. bounce_template_file (empty) - Pathname of a configuration file with bounce mes- - sage templates. + Pathname of a configuration file with bounce message templates. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. delay_notice_recipient (postmaster) - The recipient of postmaster notifications with the - message headers of mail that cannot be delivered - within $delay_warning_time time units. + The recipient of postmaster notifications with the message head- + ers of mail that cannot be delivered within $delay_warning_time + time units. deliver_lock_attempts (20) - The maximal number of attempts to acquire an exclu- - sive lock on a mailbox file or bounce(8) logfile. + The maximal number of attempts to acquire an exclusive lock on a + mailbox file or bounce(8) logfile. deliver_lock_delay (1s) - The time between attempts to acquire an exclusive - lock on a mailbox file or bounce(8) logfile. + The time between attempts to acquire an exclusive lock on a + mailbox file or bounce(8) logfile. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are sub- - ject to before-queue content inspection by - non_smtpd_milters, header_checks and body_checks. + What categories of Postfix-generated mail are subject to before- + queue content inspection by non_smtpd_milters, header_checks and + body_checks. mail_name (Postfix) - The mail system name that is displayed in Received: - headers, in the SMTP greeting banner, and in - bounced mail. + The mail system name that is displayed in Received: headers, in + the SMTP greeting banner, and in bounced mail. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. notify_classes (resource, software) - The list of error classes that are reported to the - postmaster. + The list of error classes that are reported to the postmaster. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". FILES /var/spool/postfix/bounce/* non-delivery records @@ -168,8 +154,7 @@ BOUNCE(8) BOUNCE(8) syslogd(8), system logging LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/discard.8.html b/postfix/html/discard.8.html index ff5574a86..2cd427aab 100644 --- a/postfix/html/discard.8.html +++ b/postfix/html/discard.8.html @@ -13,28 +13,24 @@ DISCARD(8) DISCARD(8) discard [generic Postfix daemon options] DESCRIPTION - The Postfix discard(8) delivery agent processes delivery - requests from the queue manager. Each request specifies a - queue file, a sender address, a next-hop destination that - is treated as the reason for discarding the mail, and - recipient information. The reason may be prefixed with an - RFC 3463-compatible detail code. This program expects to + The Postfix discard(8) delivery agent processes delivery requests from + the queue manager. Each request specifies a queue file, a sender + address, a next-hop destination that is treated as the reason for dis- + carding the mail, and recipient information. The reason may be pre- + fixed with an RFC 3463-compatible detail code. This program expects to be run from the master(8) process manager. - The discard(8) delivery agent pretends to deliver all - recipients in the delivery request, logs the "next-hop" - destination as the reason for discarding the mail, updates - the queue file, and either marks recipients as finished or - informs the queue manager that delivery should be tried - again at a later time. + The discard(8) delivery agent pretends to deliver all recipients in the + delivery request, logs the "next-hop" destination as the reason for + discarding the mail, updates the queue file, and either marks recipi- + ents as finished or informs the queue manager that delivery should be + tried again at a later time. - Delivery status reports are sent to the trace(8) daemon as - appropriate. + Delivery status reports are sent to the trace(8) daemon as appropriate. SECURITY - The discard(8) mailer is not security-sensitive. It does - not talk to the network, and can be run chrooted at fixed - low privilege. + The discard(8) mailer is not security-sensitive. It does not talk to + the network, and can be run chrooted at fixed low privilege. STANDARDS RFC 3463 (Enhanced Status Codes) @@ -42,68 +38,61 @@ DISCARD(8) DISCARD(8) DIAGNOSTICS Problems and transactions are logged to syslogd(8). - Depending on the setting of the notify_classes parameter, - the postmaster is notified of bounces and of other trou- - ble. + Depending on the setting of the notify_classes parameter, the postmas- + ter is notified of bounces and of other trouble. CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically as dis- - card(8) processes run for only a limited amount of time. - Use the command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically as discard(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal - point when logging sub-second delay values. + The maximal number of digits after the decimal point when log- + ging sub-second delay values. double_bounce_sender (double-bounce) - The sender address of postmaster notifications that - are generated by the mail system. + The sender address of postmaster notifications that are gener- + ated by the mail system. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". SEE ALSO qmgr(8), queue manager @@ -115,8 +104,7 @@ DISCARD(8) DISCARD(8) syslogd(8), system logging LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY This service was introduced with Postfix version 2.2. diff --git a/postfix/html/dnsblog.8.html b/postfix/html/dnsblog.8.html index 84ff7371e..67e4d8302 100644 --- a/postfix/html/dnsblog.8.html +++ b/postfix/html/dnsblog.8.html @@ -13,68 +13,62 @@ DNSBLOG(8) DNSBLOG(8) dnsblog [generic Postfix daemon options] DESCRIPTION - The dnsblog(8) server implements an ad-hoc DNS - white/blacklist lookup service. This may eventually be - replaced by an UDP client that is built directly into the - postscreen(8) server. + The dnsblog(8) server implements an ad-hoc DNS white/blacklist lookup + service. This may eventually be replaced by an UDP client that is built + directly into the postscreen(8) server. PROTOCOL - With each connection, the dnsblog(8) server receives a DNS - white/blacklist domain name, IP address, and an ID. If - the address is listed under the DNS white/blacklist, the - dnsblog(8) server logs the match and replies with the - query arguments plus an address list with the resulting IP - addresses separated by whitespace. Otherwise it replies - with the query arguments plus an empty address list. - Finally, The dnsblog(8) server closes the connection. + With each connection, the dnsblog(8) server receives a DNS white/black- + list domain name, IP address, and an ID. If the address is listed + under the DNS white/blacklist, the dnsblog(8) server logs the match and + replies with the query arguments plus an address list with the result- + ing IP addresses separated by whitespace. Otherwise it replies with + the query arguments plus an empty address list. Finally, The dns- + blog(8) server closes the connection. DIAGNOSTICS Problems and transactions are logged to syslogd(8). CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically, as dns- - blog(8) processes run for only a limited amount of time. - Use the command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically, as dnsblog(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. postscreen_dnsbl_sites (empty) - Optional list of DNS white/blacklist domains, fil- - ters and weight factors. + Optional list of DNS white/blacklist domains, filters and weight + factors. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". SEE ALSO smtpd(8), Postfix SMTP server @@ -82,8 +76,7 @@ DNSBLOG(8) DNSBLOG(8) syslogd(5), system logging LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY This service was introduced with Postfix version 2.8. diff --git a/postfix/html/error.8.html b/postfix/html/error.8.html index 63778d23a..0d4b79844 100644 --- a/postfix/html/error.8.html +++ b/postfix/html/error.8.html @@ -13,28 +13,25 @@ ERROR(8) ERROR(8) error [generic Postfix daemon options] DESCRIPTION - The Postfix error(8) delivery agent processes delivery - requests from the queue manager. Each request specifies a - queue file, a sender address, the reason for non-delivery - (specified as the next-hop destination), and recipient - information. The reason may be prefixed with an RFC - 3463-compatible detail code; if none is specified a - default 4.0.0 or 5.0.0 code is used instead. This program - expects to be run from the master(8) process manager. - - Depending on the service name in master.cf, error or - retry, the server bounces or defers all recipients in the - delivery request using the "next-hop" information as the - reason for non-delivery. The retry service name is sup- - ported as of Postfix 2.4. - - Delivery status reports are sent to the bounce(8), - defer(8) or trace(8) daemon as appropriate. + The Postfix error(8) delivery agent processes delivery requests from + the queue manager. Each request specifies a queue file, a sender + address, the reason for non-delivery (specified as the next-hop desti- + nation), and recipient information. The reason may be prefixed with an + RFC 3463-compatible detail code; if none is specified a default 4.0.0 + or 5.0.0 code is used instead. This program expects to be run from the + master(8) process manager. + + Depending on the service name in master.cf, error or retry, the server + bounces or defers all recipients in the delivery request using the + "next-hop" information as the reason for non-delivery. The retry ser- + vice name is supported as of Postfix 2.4. + + Delivery status reports are sent to the bounce(8), defer(8) or trace(8) + daemon as appropriate. SECURITY - The error(8) mailer is not security-sensitive. It does not - talk to the network, and can be run chrooted at fixed low - privilege. + The error(8) mailer is not security-sensitive. It does not talk to the + network, and can be run chrooted at fixed low privilege. STANDARDS RFC 3463 (Enhanced Status Codes) @@ -42,82 +39,73 @@ ERROR(8) ERROR(8) DIAGNOSTICS Problems and transactions are logged to syslogd(8). - Depending on the setting of the notify_classes parameter, - the postmaster is notified of bounces and of other trou- - ble. + Depending on the setting of the notify_classes parameter, the postmas- + ter is notified of bounces and of other trouble. CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically as error(8) - processes run for only a limited amount of time. Use the - command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically as error(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. 2bounce_notice_recipient (postmaster) - The recipient of undeliverable mail that cannot be - returned to the sender. + The recipient of undeliverable mail that cannot be returned to + the sender. bounce_notice_recipient (postmaster) - The recipient of postmaster notifications with the - message headers of mail that Postfix did not - deliver and of SMTP conversation transcripts of - mail that Postfix did not receive. + The recipient of postmaster notifications with the message head- + ers of mail that Postfix did not deliver and of SMTP conversa- + tion transcripts of mail that Postfix did not receive. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal - point when logging sub-second delay values. + The maximal number of digits after the decimal point when log- + ging sub-second delay values. double_bounce_sender (double-bounce) - The sender address of postmaster notifications that - are generated by the mail system. + The sender address of postmaster notifications that are gener- + ated by the mail system. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. notify_classes (resource, software) - The list of error classes that are reported to the - postmaster. + The list of error classes that are reported to the postmaster. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". SEE ALSO qmgr(8), queue manager @@ -129,8 +117,7 @@ ERROR(8) ERROR(8) syslogd(8), system logging LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/flush.8.html b/postfix/html/flush.8.html index 1c76677cb..be939188f 100644 --- a/postfix/html/flush.8.html +++ b/postfix/html/flush.8.html @@ -13,146 +13,130 @@ FLUSH(8) FLUSH(8) flush [generic Postfix daemon options] DESCRIPTION - The flush(8) server maintains a record of deferred mail by - destination. This information is used to improve the per- - formance of the SMTP ETRN request, and of its command-line - equivalent, "sendmail -qR" or "postqueue -f". This pro- - gram expects to be run from the master(8) process manager. - - The record is implemented as a per-destination logfile - with as contents the queue IDs of deferred mail. A logfile - is append-only, and is truncated when delivery is - requested for the corresponding destination. A destination - is the part on the right-hand side of the right-most @ in + The flush(8) server maintains a record of deferred mail by destination. + This information is used to improve the performance of the SMTP ETRN + request, and of its command-line equivalent, "sendmail -qR" or + "postqueue -f". This program expects to be run from the master(8) + process manager. + + The record is implemented as a per-destination logfile with as contents + the queue IDs of deferred mail. A logfile is append-only, and is trun- + cated when delivery is requested for the corresponding destination. A + destination is the part on the right-hand side of the right-most @ in an email address. - Per-destination logfiles of deferred mail are maintained - only for eligible destinations. The list of eligible des- - tinations is specified with the fast_flush_domains config- - uration parameter, which defaults to $relay_domains. + Per-destination logfiles of deferred mail are maintained only for eli- + gible destinations. The list of eligible destinations is specified with + the fast_flush_domains configuration parameter, which defaults to + $relay_domains. This server implements the following requests: add sitename queueid - Inform the flush(8) server that the message with - the specified queue ID is queued for the specified - destination. + Inform the flush(8) server that the message with the specified + queue ID is queued for the specified destination. send_site sitename - Request delivery of mail that is queued for the - specified destination. + Request delivery of mail that is queued for the specified desti- + nation. send_file queueid Request delivery of the specified deferred message. refresh - Refresh non-empty per-destination logfiles that - were not read in $fast_flush_refresh_time hours, by - simulating send requests (see above) for the corre- - sponding destinations. + Refresh non-empty per-destination logfiles that were not read in + $fast_flush_refresh_time hours, by simulating send requests (see + above) for the corresponding destinations. - Delete empty per-destination logfiles that were not - updated in $fast_flush_purge_time days. + Delete empty per-destination logfiles that were not updated in + $fast_flush_purge_time days. This request completes in the background. purge Do a refresh for all per-destination logfiles. SECURITY - The flush(8) server is not security-sensitive. It does not - talk to the network, and it does not talk to local users. - The fast flush server can run chrooted at fixed low privi- - lege. + The flush(8) server is not security-sensitive. It does not talk to the + network, and it does not talk to local users. The fast flush server + can run chrooted at fixed low privilege. DIAGNOSTICS Problems and transactions are logged to syslogd(8). BUGS - Fast flush logfiles are truncated only after a "send" - request, not when mail is actually delivered, and there- - fore can accumulate outdated or redundant data. In order - to maintain sanity, "refresh" must be executed periodi- - cally. This can be automated with a suitable wakeup timer - setting in the master.cf configuration file. - - Upon receipt of a request to deliver mail for an eligible - destination, the flush(8) server requests delivery of all - messages that are listed in that destination's logfile, - regardless of the recipients of those messages. This is - not an issue for mail that is sent to a relay_domains des- - tination because such mail typically only has recipients - in one domain. + Fast flush logfiles are truncated only after a "send" request, not when + mail is actually delivered, and therefore can accumulate outdated or + redundant data. In order to maintain sanity, "refresh" must be executed + periodically. This can be automated with a suitable wakeup timer set- + ting in the master.cf configuration file. + + Upon receipt of a request to deliver mail for an eligible destination, + the flush(8) server requests delivery of all messages that are listed + in that destination's logfile, regardless of the recipients of those + messages. This is not an issue for mail that is sent to a relay_domains + destination because such mail typically only has recipients in one + domain. CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically as flush(8) - processes run for only a limited amount of time. Use the - command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically as flush(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. fast_flush_domains ($relay_domains) - Optional list of destinations that are eligible for - per-destination logfiles with mail that is queued - to those destinations. + Optional list of destinations that are eligible for per-destina- + tion logfiles with mail that is queued to those destinations. fast_flush_refresh_time (12h) - The time after which a non-empty but unread per- - destination "fast flush" logfile needs to be - refreshed. + The time after which a non-empty but unread per-destination + "fast flush" logfile needs to be refreshed. fast_flush_purge_time (7d) - The time after which an empty per-destination "fast - flush" logfile is deleted. + The time after which an empty per-destination "fast flush" log- + file is deleted. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. - parent_domain_matches_subdomains (see 'postconf -d' out- - put) - What Postfix features match subdomains of - "domain.tld" automatically, instead of requiring an - explicit ".domain.tld" pattern. + parent_domain_matches_subdomains (see 'postconf -d' output) + What Postfix features match subdomains of "domain.tld" automati- + cally, instead of requiring an explicit ".domain.tld" pattern. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". FILES /var/spool/postfix/flush, "fast flush" logfiles. @@ -169,8 +153,7 @@ FLUSH(8) FLUSH(8) ETRN_README, Postfix ETRN howto LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY This service was introduced with Postfix version 1.0. diff --git a/postfix/html/generic.5.html b/postfix/html/generic.5.html index 9baffcd21..473ecc747 100644 --- a/postfix/html/generic.5.html +++ b/postfix/html/generic.5.html @@ -17,148 +17,132 @@ GENERIC(5) GENERIC(5) postmap -q - /etc/postfix/generic <inputfile DESCRIPTION - The optional generic(5) table specifies an address mapping - that applies when mail is delivered. This is the opposite - of canonical(5) mapping, which applies when mail is - received. - - Typically, one would use the generic(5) table on a system - that does not have a valid Internet domain name and that - uses something like localdomain.local instead. The - generic(5) table is then used by the smtp(8) client to - transform local mail addresses into valid Internet mail - addresses when mail has to be sent across the Internet. - See the EXAMPLE section at the end of this document. - - The generic(5) mapping affects both message header - addresses (i.e. addresses that appear inside messages) and - message envelope addresses (for example, the addresses - that are used in SMTP protocol commands). - - Normally, the generic(5) table is specified as a text file - that serves as input to the postmap(1) command. The - result, an indexed file in dbm or db format, is used for - fast searching by the mail system. Execute the command - "postmap /etc/postfix/generic" to rebuild an indexed file + The optional generic(5) table specifies an address mapping that applies + when mail is delivered. This is the opposite of canonical(5) mapping, + which applies when mail is received. + + Typically, one would use the generic(5) table on a system that does not + have a valid Internet domain name and that uses something like localdo- + main.local instead. The generic(5) table is then used by the smtp(8) + client to transform local mail addresses into valid Internet mail + addresses when mail has to be sent across the Internet. See the EXAM- + PLE section at the end of this document. + + The generic(5) mapping affects both message header addresses (i.e. + addresses that appear inside messages) and message envelope addresses + (for example, the addresses that are used in SMTP protocol commands). + + Normally, the generic(5) table is specified as a text file that serves + as input to the postmap(1) command. The result, an indexed file in dbm + or db format, is used for fast searching by the mail system. Execute + the command "postmap /etc/postfix/generic" to rebuild an indexed file after changing the corresponding text file. - When the table is provided via other means such as NIS, - LDAP or SQL, the same lookups are done as for ordinary - indexed files. + When the table is provided via other means such as NIS, LDAP or SQL, + the same lookups are done as for ordinary indexed files. - Alternatively, the table can be provided as a regular- - expression map where patterns are given as regular expres- - sions, or lookups can be directed to TCP-based server. In - those case, the lookups are done in a slightly different - way as described below under "REGULAR EXPRESSION TABLES" - or "TCP-BASED TABLES". + Alternatively, the table can be provided as a regular-expression map + where patterns are given as regular expressions, or lookups can be + directed to TCP-based server. In those case, the lookups are done in a + slightly different way as described below under "REGULAR EXPRESSION + TABLES" or "TCP-BASED TABLES". CASE FOLDING - The search string is folded to lowercase before database - lookup. As of Postfix 2.3, the search string is not case - folded with database types such as regexp: or pcre: whose - lookup fields can match both upper and lower case. + The search string is folded to lowercase before database lookup. As of + Postfix 2.3, the search string is not case folded with database types + such as regexp: or pcre: whose lookup fields can match both upper and + lower case. TABLE FORMAT The input format for the postmap(1) command is as follows: pattern result - When pattern matches a mail address, replace it by - the corresponding result. + When pattern matches a mail address, replace it by the corre- + sponding result. blank lines and comments - Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character - is a `#'. + Empty lines and whitespace-only lines are ignored, as are lines + whose first non-whitespace character is a `#'. multi-line text - A logical line starts with non-whitespace text. A - line that starts with whitespace continues a logi- - cal line. + A logical line starts with non-whitespace text. A line that + starts with whitespace continues a logical line. TABLE SEARCH ORDER - With lookups from indexed files such as DB or DBM, or from - networked tables such as NIS, LDAP or SQL, patterns are - tried in the order as listed below: + With lookups from indexed files such as DB or DBM, or from networked + tables such as NIS, LDAP or SQL, patterns are tried in the order as + listed below: user@domain address - Replace user@domain by address. This form has the - highest precedence. + Replace user@domain by address. This form has the highest prece- + dence. user address - Replace user@site by address when site is equal to - $myorigin, when site is listed in $mydestination, - or when it is listed in $inet_interfaces or - $proxy_interfaces. + Replace user@site by address when site is equal to $myorigin, + when site is listed in $mydestination, or when it is listed in + $inet_interfaces or $proxy_interfaces. @domain address - Replace other addresses in domain by address. This - form has the lowest precedence. + Replace other addresses in domain by address. This form has the + lowest precedence. RESULT ADDRESS REWRITING The lookup result is subject to address rewriting: - o When the result has the form @otherdomain, the - result becomes the same user in otherdomain. + o When the result has the form @otherdomain, the result becomes + the same user in otherdomain. - o When "append_at_myorigin=yes", append "@$myorigin" - to addresses without "@domain". + o When "append_at_myorigin=yes", append "@$myorigin" to addresses + without "@domain". - o When "append_dot_mydomain=yes", append ".$mydomain" - to addresses without ".domain". + o When "append_dot_mydomain=yes", append ".$mydomain" to addresses + without ".domain". ADDRESS EXTENSION - When a mail address localpart contains the optional recip- - ient delimiter (e.g., user+foo@domain), the lookup order - becomes: user+foo@domain, user@domain, user+foo, user, and - @domain. + When a mail address localpart contains the optional recipient delimiter + (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, + user@domain, user+foo, user, and @domain. - The propagate_unmatched_extensions parameter controls - whether an unmatched address extension (+foo) is propa- - gated to the result of table lookup. + The propagate_unmatched_extensions parameter controls whether an + unmatched address extension (+foo) is propagated to the result of table + lookup. REGULAR EXPRESSION TABLES - This section describes how the table lookups change when - the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, - see regexp_table(5) or pcre_table(5). + This section describes how the table lookups change when the table is + given in the form of regular expressions. For a description of regular + expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to - the entire address being looked up. Thus, user@domain mail - addresses are not broken up into their user and @domain - constituent parts, nor is user+foo broken up into user and - foo. + Each pattern is a regular expression that is applied to the entire + address being looked up. Thus, user@domain mail addresses are not bro- + ken up into their user and @domain constituent parts, nor is user+foo + broken up into user and foo. - Patterns are applied in the order as specified in the ta- - ble, until a pattern is found that matches the search - string. + Patterns are applied in the order as specified in the table, until a + pattern is found that matches the search string. - Results are the same as with indexed file lookups, with - the additional feature that parenthesized substrings from - the pattern can be interpolated as $1, $2 and so on. + Results are the same as with indexed file lookups, with the additional + feature that parenthesized substrings from the pattern can be interpo- + lated as $1, $2 and so on. TCP-BASED TABLES - This section describes how the table lookups change when - lookups are directed to a TCP-based server. For a descrip- - tion of the TCP client/server lookup protocol, see tcp_ta- - ble(5). This feature is not available up to and including - Postfix version 2.4. + This section describes how the table lookups change when lookups are + directed to a TCP-based server. For a description of the TCP + client/server lookup protocol, see tcp_table(5). This feature is not + available up to and including Postfix version 2.4. - Each lookup operation uses the entire address once. Thus, - user@domain mail addresses are not broken up into their - user and @domain constituent parts, nor is user+foo broken - up into user and foo. + Each lookup operation uses the entire address once. Thus, user@domain + mail addresses are not broken up into their user and @domain con- + stituent parts, nor is user+foo broken up into user and foo. Results are the same as with indexed file lookups. EXAMPLE - The following shows a generic mapping with an indexed - file. When mail is sent to a remote host via SMTP, this - replaces his@localdomain.local by his ISP mail address, - replaces her@localdomain.local by her ISP mail address, - and replaces other local addresses by his ISP account, - with an address extension of +local (this example assumes - that the ISP supports "+" style address extensions). + The following shows a generic mapping with an indexed file. When mail + is sent to a remote host via SMTP, this replaces his@localdomain.local + by his ISP mail address, replaces her@localdomain.local by her ISP mail + address, and replaces other local addresses by his ISP account, with an + address extension of +local (this example assumes that the ISP supports + "+" style address extensions). /etc/postfix/main.cf: smtp_generic_maps = hash:/etc/postfix/generic @@ -168,53 +152,48 @@ GENERIC(5) GENERIC(5) her@localdomain.local heraccount@herisp.example @localdomain.local hisaccount+local@hisisp.example - Execute the command "postmap /etc/postfix/generic" when- - ever the table is changed. Instead of hash, some systems - use dbm database files. To find out what tables your sys- - tem supports use the command "postconf -m". + Execute the command "postmap /etc/postfix/generic" whenever the table + is changed. Instead of hash, some systems use dbm database files. To + find out what tables your system supports use the command "postconf + -m". BUGS - The table format does not understand quoting conventions. + The table format does not understand quoting conventions. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The following main.cf parameters are especially relevant. The text + below provides only a parameter summary. See postconf(5) for more + details including examples. smtp_generic_maps - Address mapping lookup table for envelope and - header sender and recipient addresses while deliv- - ering mail via SMTP. + Address mapping lookup table for envelope and header sender and + recipient addresses while delivering mail via SMTP. propagate_unmatched_extensions - A list of address rewriting or forwarding mecha- - nisms that propagate an address extension from the - original address to the result. Specify zero or - more of canonical, virtual, alias, forward, - include, or generic. + A list of address rewriting or forwarding mechanisms that propa- + gate an address extension from the original address to the + result. Specify zero or more of canonical, virtual, alias, for- + ward, include, or generic. Other parameters of interest: inet_interfaces - The network interface addresses that this system - receives mail on. You need to stop and start Post- - fix when this parameter changes. + The network interface addresses that this system receives mail + on. You need to stop and start Postfix when this parameter + changes. proxy_interfaces - Other interfaces that this machine receives mail on - by way of a proxy agent or network address transla- - tor. + Other interfaces that this machine receives mail on by way of a + proxy agent or network address translator. mydestination - List of domains that this mail system considers - local. + List of domains that this mail system considers local. myorigin The domain that is appended to locally-posted mail. owner_request_special - Give special treatment to owner-xxx and xxx-request - addresses. + Give special treatment to owner-xxx and xxx-request addresses. SEE ALSO postmap(1), Postfix lookup table manager @@ -227,8 +206,7 @@ GENERIC(5) GENERIC(5) STANDARD_CONFIGURATION_README, configuration examples LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY A genericstable feature appears in the Sendmail MTA. diff --git a/postfix/html/header_checks.5.html b/postfix/html/header_checks.5.html index 85fda866a..6f1e86fc5 100644 --- a/postfix/html/header_checks.5.html +++ b/postfix/html/header_checks.5.html @@ -26,74 +26,67 @@ HEADER_CHECKS(5) HEADER_CHECKS(5) postmap -q - pcre:/etc/postfix/filename <inputfile DESCRIPTION - This document describes access control on the content of - message headers and message body lines; it is implemented - by the Postfix cleanup(8) server before mail is queued. - See access(5) for access control on remote SMTP client - information. - - Each message header or message body line is compared - against a list of patterns. When a match is found the - corresponding action is executed, and the matching process - is repeated for the next message header or message body - line. - - Note: message headers are examined one logical header at a - time, even when a message header spans multiple lines. - Body lines are always examined one line at a time. - - For examples, see the EXAMPLES section at the end of this - manual page. - - Postfix header or body_checks are designed to stop a flood - of mail from worms or viruses; they do not decode attach- - ments, and they do not unzip archives. See the documents - referenced below in the README FILES section if you need - more sophisticated content analysis. + This document describes access control on the content of message head- + ers and message body lines; it is implemented by the Postfix cleanup(8) + server before mail is queued. See access(5) for access control on + remote SMTP client information. + + Each message header or message body line is compared against a list of + patterns. When a match is found the corresponding action is executed, + and the matching process is repeated for the next message header or + message body line. + + Note: message headers are examined one logical header at a time, even + when a message header spans multiple lines. Body lines are always exam- + ined one line at a time. + + For examples, see the EXAMPLES section at the end of this manual page. + + Postfix header or body_checks are designed to stop a flood of mail from + worms or viruses; they do not decode attachments, and they do not unzip + archives. See the documents referenced below in the README FILES sec- + tion if you need more sophisticated content analysis. FILTERS WHILE RECEIVING MAIL - Postfix implements the following four built-in content - inspection classes while receiving mail: + Postfix implements the following four built-in content inspection + classes while receiving mail: header_checks (default: empty) - These are applied to initial message headers - (except for the headers that are processed with - mime_header_checks). + These are applied to initial message headers (except for the + headers that are processed with mime_header_checks). mime_header_checks (default: $header_checks) - These are applied to MIME related message headers - only. + These are applied to MIME related message headers only. This feature is available in Postfix 2.0 and later. nested_header_checks (default: $header_checks) - These are applied to message headers of attached - email messages (except for the headers that are - processed with mime_header_checks). + These are applied to message headers of attached email messages + (except for the headers that are processed with + mime_header_checks). This feature is available in Postfix 2.0 and later. body_checks - These are applied to all other content, including - multi-part message boundaries. + These are applied to all other content, including multi-part + message boundaries. - With Postfix versions before 2.0, all content after - the initial message headers is treated as body con- - tent. + With Postfix versions before 2.0, all content after the initial + message headers is treated as body content. FILTERS AFTER RECEIVING MAIL - Postfix supports a subset of the built-in content inspec- - tion classes after the message is received: + Postfix supports a subset of the built-in content inspection classes + after the message is received: milter_header_checks (default: empty) - These are applied to headers that are added with - Milter applications. + These are applied to headers that are added with Milter applica- + tions. This feature is available in Postfix 2.7 and later. FILTERS WHILE DELIVERING MAIL - Postfix supports all four content inspection classes while - delivering mail via SMTP. + Postfix supports all four content inspection classes while delivering + mail via SMTP. smtp_header_checks (default: empty) @@ -102,350 +95,303 @@ HEADER_CHECKS(5) HEADER_CHECKS(5) smtp_nested_header_checks (default: empty) smtp_body_checks (default: empty) - These features are available in Postfix 2.5 and - later. + These features are available in Postfix 2.5 and later. COMPATIBILITY - With Postfix version 2.2 and earlier specify "postmap -fq" - to query a table that contains case sensitive patterns. By - default, regexp: and pcre: patterns are case insensitive. + With Postfix version 2.2 and earlier specify "postmap -fq" to query a + table that contains case sensitive patterns. By default, regexp: and + pcre: patterns are case insensitive. TABLE FORMAT - This document assumes that header and body_checks rules - are specified in the form of Postfix regular expression - lookup tables. Usually the best performance is obtained - with pcre (Perl Compatible Regular Expression) tables. The - regexp (POSIX regular expressions) tables are usually - slower, but more widely available. Use the command "post- - conf -m" to find out what lookup table types your Postfix - system supports. - - The general format of Postfix regular expression tables is - given below. For a discussion of specific pattern or - flags syntax, see pcre_table(5) or regexp_table(5), - respectively. + This document assumes that header and body_checks rules are specified + in the form of Postfix regular expression lookup tables. Usually the + best performance is obtained with pcre (Perl Compatible Regular Expres- + sion) tables. The regexp (POSIX regular expressions) tables are usually + slower, but more widely available. Use the command "postconf -m" to + find out what lookup table types your Postfix system supports. + + The general format of Postfix regular expression tables is given below. + For a discussion of specific pattern or flags syntax, see pcre_table(5) + or regexp_table(5), respectively. /pattern/flags action - When /pattern/ matches the input string, execute - the corresponding action. See below for a list of - possible actions. + When /pattern/ matches the input string, execute the correspond- + ing action. See below for a list of possible actions. !/pattern/flags action - When /pattern/ does not match the input string, - execute the corresponding action. + When /pattern/ does not match the input string, execute the cor- + responding action. if /pattern/flags - endif Match the input string against the patterns between - if and endif, if and only if the same input string - also matches /pattern/. The if..endif can nest. + endif Match the input string against the patterns between if and + endif, if and only if the same input string also matches /pat- + tern/. The if..endif can nest. - Note: do not prepend whitespace to patterns inside - if..endif. + Note: do not prepend whitespace to patterns inside if..endif. if !/pattern/flags - endif Match the input string against the patterns between - if and endif, if and only if the same input string - does not match /pattern/. The if..endif can nest. + endif Match the input string against the patterns between if and + endif, if and only if the same input string does not match /pat- + tern/. The if..endif can nest. blank lines and comments - Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character - is a `#'. + Empty lines and whitespace-only lines are ignored, as are lines + whose first non-whitespace character is a `#'. multi-line text - A pattern/action line starts with non-whitespace - text. A line that starts with whitespace continues - a logical line. + A pattern/action line starts with non-whitespace text. A line + that starts with whitespace continues a logical line. TABLE SEARCH ORDER - For each line of message input, the patterns are applied - in the order as specified in the table. When a pattern is - found that matches the input line, the corresponding - action is executed and then the next input line is - inspected. + For each line of message input, the patterns are applied in the order + as specified in the table. When a pattern is found that matches the + input line, the corresponding action is executed and then the next + input line is inspected. TEXT SUBSTITUTION - Substitution of substrings from the matched expression - into the action string is possible using the conventional - Perl syntax ($1, $2, etc.). The macros in the result - string may need to be written as ${n} or $(n) if they - aren't followed by whitespace. + Substitution of substrings from the matched expression into the action + string is possible using the conventional Perl syntax ($1, $2, etc.). + The macros in the result string may need to be written as ${n} or $(n) + if they aren't followed by whitespace. - Note: since negated patterns (those preceded by !) return - a result when the expression does not match, substitutions - are not available for negated patterns. + Note: since negated patterns (those preceded by !) return a result when + the expression does not match, substitutions are not available for + negated patterns. ACTIONS - Action names are case insensitive. They are shown in upper - case for consistency with other Postfix documentation. + Action names are case insensitive. They are shown in upper case for + consistency with other Postfix documentation. DISCARD optional text... - Claim successful delivery and silently discard the - message. Log the optional text if specified, oth- - erwise log a generic message. + Claim successful delivery and silently discard the message. Log + the optional text if specified, otherwise log a generic message. - Note: this action disables further header or - body_checks inspection of the current message and - affects all recipients. To discard only one recip- - ient without discarding the entire message, use the - transport(5) table to direct mail to the discard(8) - service. + Note: this action disables further header or body_checks inspec- + tion of the current message and affects all recipients. To dis- + card only one recipient without discarding the entire message, + use the transport(5) table to direct mail to the discard(8) ser- + vice. This feature is available in Postfix 2.0 and later. - This feature is not supported with smtp header/body - checks. + This feature is not supported with smtp header/body checks. - DUNNO Pretend that the input line did not match any pat- - tern, and inspect the next input line. This action - can be used to shorten the table search. + DUNNO Pretend that the input line did not match any pattern, and + inspect the next input line. This action can be used to shorten + the table search. - For backwards compatibility reasons, Postfix also - accepts OK but it is (and always has been) treated - as DUNNO. + For backwards compatibility reasons, Postfix also accepts OK but + it is (and always has been) treated as DUNNO. This feature is available in Postfix 2.1 and later. FILTER transport:destination - After the message is queued, send the entire mes- - sage through the specified external content filter. - The transport name specifies the first field of a - mail delivery agent definition in master.cf; the - syntax of the next-hop destination is described in - the manual page of the corresponding delivery - agent. More information about external content - filters is in the Postfix FILTER_README file. - - Note 1: do not use $number regular expression sub- - stitutions for transport or destination unless you - know that the information has a trusted origin. - - Note 2: this action overrides the main.cf con- - tent_filter setting, and affects all recipients of - the message. In the case that multiple FILTER - actions fire, only the last one is executed. - - Note 3: the purpose of the FILTER command is to - override message routing. To override the recipi- - ent's transport but not the next-hop destination, - specify an empty filter destination (Postfix 2.7 - and later), or specify a transport:destination that - delivers through a different Postfix instance - (Postfix 2.6 and earlier). Other options are using - the recipient-dependent transport_maps or the sen- - der-dependent sender_dependent_default_transport- - _maps features. + After the message is queued, send the entire message through the + specified external content filter. The transport name specifies + the first field of a mail delivery agent definition in mas- + ter.cf; the syntax of the next-hop destination is described in + the manual page of the corresponding delivery agent. More + information about external content filters is in the Postfix + FILTER_README file. + + Note 1: do not use $number regular expression substitutions for + transport or destination unless you know that the information + has a trusted origin. + + Note 2: this action overrides the main.cf content_filter set- + ting, and affects all recipients of the message. In the case + that multiple FILTER actions fire, only the last one is exe- + cuted. + + Note 3: the purpose of the FILTER command is to override message + routing. To override the recipient's transport but not the + next-hop destination, specify an empty filter destination (Post- + fix 2.7 and later), or specify a transport:destination that + delivers through a different Postfix instance (Postfix 2.6 and + earlier). Other options are using the recipient-dependent trans- + port_maps or the sender-dependent sender_dependent_default- + _transport_maps features. This feature is available in Postfix 2.0 and later. - This feature is not supported with smtp header/body - checks. + This feature is not supported with smtp header/body checks. HOLD optional text... - Arrange for the message to be placed on the hold - queue, and inspect the next input line. The mes- - sage remains on hold until someone either deletes - it or releases it for delivery. Log the optional - text if specified, otherwise log a generic message. - - Mail that is placed on hold can be examined with - the postcat(1) command, and can be destroyed or - released with the postsuper(1) command. - - Note: use "postsuper -r" to release mail that was - kept on hold for a significant fraction of $maxi- - mal_queue_lifetime or $bounce_queue_lifetime, or - longer. Use "postsuper -H" only for mail that will - not expire within a few delivery attempts. - - Note: this action affects all recipients of the - message. + Arrange for the message to be placed on the hold queue, and + inspect the next input line. The message remains on hold until + someone either deletes it or releases it for delivery. Log the + optional text if specified, otherwise log a generic message. + + Mail that is placed on hold can be examined with the postcat(1) + command, and can be destroyed or released with the postsuper(1) + command. + + Note: use "postsuper -r" to release mail that was kept on hold + for a significant fraction of $maximal_queue_lifetime or + $bounce_queue_lifetime, or longer. Use "postsuper -H" only for + mail that will not expire within a few delivery attempts. + + Note: this action affects all recipients of the message. This feature is available in Postfix 2.0 and later. - This feature is not supported with smtp header/body - checks. + This feature is not supported with smtp header/body checks. - IGNORE Delete the current line from the input, and inspect - the next input line. + IGNORE Delete the current line from the input, and inspect the next + input line. INFO optional text... - Log an "info:" record with the optional text... (or - log a generic text), and inspect the next input - line. This action is useful for routine logging or - for debugging. + Log an "info:" record with the optional text... (or log a + generic text), and inspect the next input line. This action is + useful for routine logging or for debugging. This feature is available in Postfix 2.8 and later. PREPEND text... - Prepend one line with the specified text, and - inspect the next input line. + Prepend one line with the specified text, and inspect the next + input line. Notes: - o The prepended text is output on a separate - line, immediately before the input that - triggered the PREPEND action. + o The prepended text is output on a separate line, immedi- + ately before the input that triggered the PREPEND action. - o The prepended text is not considered part of - the input stream: it is not subject to - header/body checks or address rewriting, and - it does not affect the way that Postfix adds - missing message headers. + o The prepended text is not considered part of the input + stream: it is not subject to header/body checks or + address rewriting, and it does not affect the way that + Postfix adds missing message headers. - o When prepending text before a message header - line, the prepended text must begin with a - valid message header label. + o When prepending text before a message header line, the + prepended text must begin with a valid message header + label. - o This action cannot be used to prepend multi- - line text. + o This action cannot be used to prepend multi-line text. This feature is available in Postfix 2.1 and later. - This feature is not supported with mil- - ter_header_checks. + This feature is not supported with milter_header_checks. REDIRECT user@domain - Write a message redirection request to the queue - file, and inspect the next input line. After the - message is queued, it will be sent to the specified - address instead of the intended recipient(s). - - Note: this action overrides the FILTER action, and - affects all recipients of the message. If multiple - REDIRECT actions fire, only the last one is exe- - cuted. + Write a message redirection request to the queue file, and + inspect the next input line. After the message is queued, it + will be sent to the specified address instead of the intended + recipient(s). + + Note: this action overrides the FILTER action, and affects all + recipients of the message. If multiple REDIRECT actions fire, + only the last one is executed. This feature is available in Postfix 2.1 and later. - This feature is not supported with smtp header/body - checks. + This feature is not supported with smtp header/body checks. REPLACE text... - Replace the current line with the specified text, - and inspect the next input line. + Replace the current line with the specified text, and inspect + the next input line. - This feature is available in Postfix 2.2 and later. - The description below applies to Postfix 2.2.2 and - later. + This feature is available in Postfix 2.2 and later. The descrip- + tion below applies to Postfix 2.2.2 and later. Notes: - o When replacing a message header line, the - replacement text must begin with a valid - header label. + o When replacing a message header line, the replacement + text must begin with a valid header label. - o The replaced text remains part of the input - stream. Unlike the result from the PREPEND - action, a replaced message header may be - subject to address rewriting and may affect - the way that Postfix adds missing message + o The replaced text remains part of the input stream. + Unlike the result from the PREPEND action, a replaced + message header may be subject to address rewriting and + may affect the way that Postfix adds missing message headers. REJECT optional text... - Reject the entire message. Reply with optional - text... when the optional text is specified, other- - wise reply with a generic error message. + Reject the entire message. Reply with optional text... when the + optional text is specified, otherwise reply with a generic error + message. - Note: this action disables further header or - body_checks inspection of the current message and - affects all recipients. + Note: this action disables further header or body_checks inspec- + tion of the current message and affects all recipients. - Postfix version 2.3 and later support enhanced sta- - tus codes. When no code is specified at the begin- - ning of optional text..., Postfix inserts a default - enhanced status code of "5.7.1". + Postfix version 2.3 and later support enhanced status codes. + When no code is specified at the beginning of optional text..., + Postfix inserts a default enhanced status code of "5.7.1". - This feature is not supported with smtp header/body - checks. + This feature is not supported with smtp header/body checks. WARN optional text... - Log a "warning:" record with the optional text... - (or log a generic text), and inspect the next input - line. This action is useful for debugging and for - testing a pattern before applying more drastic - actions. + Log a "warning:" record with the optional text... (or log a + generic text), and inspect the next input line. This action is + useful for debugging and for testing a pattern before applying + more drastic actions. BUGS - Empty lines never match, because some map types mis-behave - when given a zero-length search string. This limitation - may be removed for regular expression tables in a future - release. + Empty lines never match, because some map types mis-behave when given a + zero-length search string. This limitation may be removed for regular + expression tables in a future release. - Many people overlook the main limitations of header and - body_checks rules. + Many people overlook the main limitations of header and body_checks + rules. - o These rules operate on one logical message header - or one body line at a time. A decision made for one - line is not carried over to the next line. + o These rules operate on one logical message header or one body + line at a time. A decision made for one line is not carried over + to the next line. - o If text in the message body is encoded (RFC 2045) - then the rules need to be specified for the encoded - form. + o If text in the message body is encoded (RFC 2045) then the rules + need to be specified for the encoded form. - o Likewise, when message headers are encoded (RFC - 2047) then the rules need to be specified for the - encoded form. + o Likewise, when message headers are encoded (RFC 2047) then the + rules need to be specified for the encoded form. - Message headers added by the cleanup(8) daemon itself are - excluded from inspection. Examples of such message headers - are From:, To:, Message-ID:, Date:. + Message headers added by the cleanup(8) daemon itself are excluded from + inspection. Examples of such message headers are From:, To:, Message- + ID:, Date:. - Message headers deleted by the cleanup(8) daemon will be - examined before they are deleted. Examples are: Bcc:, Con- - tent-Length:, Return-Path:. + Message headers deleted by the cleanup(8) daemon will be examined + before they are deleted. Examples are: Bcc:, Content-Length:, Return- + Path:. CONFIGURATION PARAMETERS body_checks - Lookup tables with content filter rules for message - body lines. These filters see one physical line at - a time, in chunks of at most $line_length_limit - bytes. + Lookup tables with content filter rules for message body lines. + These filters see one physical line at a time, in chunks of at + most $line_length_limit bytes. body_checks_size_limit - The amount of content per message body segment - (attachment) that is subjected to $body_checks fil- - tering. + The amount of content per message body segment (attachment) that + is subjected to $body_checks filtering. header_checks mime_header_checks (default: $header_checks) nested_header_checks (default: $header_checks) - Lookup tables with content filter rules for message - header lines: respectively, these are applied to - the initial message headers (not including MIME - headers), to the MIME headers anywhere in the mes- - sage, and to the initial headers of attached mes- - sages. - - Note: these filters see one logical message header - at a time, even when a message header spans multi- - ple lines. Message headers that are longer than - $header_size_limit characters are truncated. + Lookup tables with content filter rules for message header + lines: respectively, these are applied to the initial message + headers (not including MIME headers), to the MIME headers any- + where in the message, and to the initial headers of attached + messages. + + Note: these filters see one logical message header at a time, + even when a message header spans multiple lines. Message headers + that are longer than $header_size_limit characters are trun- + cated. disable_mime_input_processing - While receiving mail, give no special treatment to - MIME related message headers; all text after the - initial message headers is considered to be part of - the message body. This means that header_checks is - applied to all the initial message headers, and - that body_checks is applied to the remainder of the - message. + While receiving mail, give no special treatment to MIME related + message headers; all text after the initial message headers is + considered to be part of the message body. This means that + header_checks is applied to all the initial message headers, and + that body_checks is applied to the remainder of the message. - Note: when used in this manner, body_checks will - process a multi-line message header one line at a - time. + Note: when used in this manner, body_checks will process a + multi-line message header one line at a time. EXAMPLES - Header pattern to block attachments with bad file name - extensions. For convenience, the PCRE /x flag is speci- - fied, so that there is no need to collapse the pattern - into a single line of text. The purpose of the - [[:xdigit:]] sub-expressions is to recognize Windows CLSID - strings. + Header pattern to block attachments with bad file name extensions. For + convenience, the PCRE /x flag is specified, so that there is no need to + collapse the pattern into a single line of text. The purpose of the + [[:xdigit:]] sub-expressions is to recognize Windows CLSID strings. /etc/postfix/main.cf: header_checks = pcre:/etc/postfix/header_checks.pcre @@ -460,8 +406,7 @@ HEADER_CHECKS(5) HEADER_CHECKS(5) vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x REJECT Attachment name "$2" may not end with ".$4" - Body pattern to stop a specific HTML browser vulnerability - exploit. + Body pattern to stop a specific HTML browser vulnerability exploit. /etc/postfix/main.cf: body_checks = regexp:/etc/postfix/body_checks @@ -488,8 +433,7 @@ HEADER_CHECKS(5) HEADER_CHECKS(5) BACKSCATTER_README, blocking returned forged mail LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/ldap_table.5.html b/postfix/html/ldap_table.5.html index 90cee5509..1c5e4a3d2 100644 --- a/postfix/html/ldap_table.5.html +++ b/postfix/html/ldap_table.5.html @@ -15,72 +15,60 @@ LDAP_TABLE(5) LDAP_TABLE(5) postmap -q - ldap:/etc/postfix/filename <inputfile DESCRIPTION - The Postfix mail system uses optional tables for address - rewriting or mail routing. These tables are usually in dbm - or db format. + The Postfix mail system uses optional tables for address rewriting or + mail routing. These tables are usually in dbm or db format. - Alternatively, lookup tables can be specified as LDAP - databases. + Alternatively, lookup tables can be specified as LDAP databases. - In order to use LDAP lookups, define an LDAP source as a - lookup table in main.cf, for example: + In order to use LDAP lookups, define an LDAP source as a lookup table + in main.cf, for example: alias_maps = ldap:/etc/postfix/ldap-aliases.cf - The file /etc/postfix/ldap-aliases.cf has the same format - as the Postfix main.cf file, and can specify the parame- - ters described below. An example is given at the end of - this manual. + The file /etc/postfix/ldap-aliases.cf has the same format as the Post- + fix main.cf file, and can specify the parameters described below. An + example is given at the end of this manual. - This configuration method is available with Postfix ver- - sion 2.1 and later. See the section "BACKWARDS COMPATI- - BILITY" below for older Postfix versions. + This configuration method is available with Postfix version 2.1 and + later. See the section "BACKWARDS COMPATIBILITY" below for older Post- + fix versions. - For details about LDAP SSL and STARTTLS, see the section - on SSL and STARTTLS below. + For details about LDAP SSL and STARTTLS, see the section on SSL and + STARTTLS below. BACKWARDS COMPATIBILITY - For backwards compatibility with Postfix version 2.0 and - earlier, LDAP parameters can also be defined in main.cf. - Specify as LDAP source a name that doesn't begin with a - slash or a dot. The LDAP parameters will then be accessi- - ble as the name you've given the source in its definition, - an underscore, and the name of the parameter. For exam- - ple, if the map is specified as "ldap:ldapsource", the - "server_host" parameter below would be defined in main.cf - as "ldapsource_server_host". - - Note: with this form, the passwords for the LDAP sources - are written in main.cf, which is normally world-readable. - Support for this form will be removed in a future Postfix - version. - - For backwards compatibility with the pre 2.2 LDAP clients, - result_filter can for now be used instead of result_for- - mat, when the latter parameter is not also set. The new - name better reflects the function of the parameter. This - compatibility interface may be removed in a future - release. + For backwards compatibility with Postfix version 2.0 and earlier, LDAP + parameters can also be defined in main.cf. Specify as LDAP source a + name that doesn't begin with a slash or a dot. The LDAP parameters + will then be accessible as the name you've given the source in its def- + inition, an underscore, and the name of the parameter. For example, if + the map is specified as "ldap:ldapsource", the "server_host" parameter + below would be defined in main.cf as "ldapsource_server_host". + + Note: with this form, the passwords for the LDAP sources are written in + main.cf, which is normally world-readable. Support for this form will + be removed in a future Postfix version. + + For backwards compatibility with the pre 2.2 LDAP clients, result_fil- + ter can for now be used instead of result_format, when the latter + parameter is not also set. The new name better reflects the function + of the parameter. This compatibility interface may be removed in a + future release. LIST MEMBERSHIP - When using LDAP to store lists such as $mynetworks, - $mydestination, $relay_domains, $local_recipient_maps, - etc., it is important to understand that the table must - store each list member as a separate key. The table lookup - verifies the *existence* of the key. See "Postfix lists - versus tables" in the DATABASE_README document for a dis- - cussion. + When using LDAP to store lists such as $mynetworks, $mydestination, + $relay_domains, $local_recipient_maps, etc., it is important to under- + stand that the table must store each list member as a separate key. The + table lookup verifies the *existence* of the key. See "Postfix lists + versus tables" in the DATABASE_README document for a discussion. - Do NOT create tables that return the full list of domains - in $mydestination or $relay_domains etc., or IP addresses - in $mynetworks. + Do NOT create tables that return the full list of domains in $mydesti- + nation or $relay_domains etc., or IP addresses in $mynetworks. - DO create tables with each matching item as a key and with - an arbitrary value. With LDAP databases it is not uncommon - to return the key itself. + DO create tables with each matching item as a key and with an arbitrary + value. With LDAP databases it is not uncommon to return the key itself. - For example, NEVER do this in a map defining $mydestina- - tion: + For example, NEVER do this in a map defining $mydestination: query_filter = domain=* result_attribute = domain @@ -91,35 +79,33 @@ LDAP_TABLE(5) LDAP_TABLE(5) result_attribute = domain GENERAL LDAP PARAMETERS - In the text below, default values are given in parenthe- - ses. Note: don't use quotes in these variables; at least, - not until the Postfix configuration routines understand - how to deal with quoted strings. + In the text below, default values are given in parentheses. Note: + don't use quotes in these variables; at least, not until the Postfix + configuration routines understand how to deal with quoted strings. server_host (default: localhost) - The name of the host running the LDAP server, e.g. + The name of the host running the LDAP server, e.g. server_host = ldap.example.com - Depending on the LDAP client library you're using, - it should be possible to specify multiple servers - here, with the library trying them in order should - the first one fail. It should also be possible to - give each server in the list a different port - (overriding server_port below), by naming them like + Depending on the LDAP client library you're using, it should be + possible to specify multiple servers here, with the library try- + ing them in order should the first one fail. It should also be + possible to give each server in the list a different port (over- + riding server_port below), by naming them like server_host = ldap.example.com:1444 - With OpenLDAP, a (list of) LDAP URLs can be used to - specify both the hostname(s) and the port(s): + With OpenLDAP, a (list of) LDAP URLs can be used to specify both + the hostname(s) and the port(s): server_host = ldap://ldap.example.com:1444 ldap://ldap2.example.com:1444 - All LDAP URLs accepted by the OpenLDAP library are - supported, including connections over UNIX domain - sockets, and LDAP SSL (the last one provided that - OpenLDAP was compiled with support for SSL): + All LDAP URLs accepted by the OpenLDAP library are supported, + including connections over UNIX domain sockets, and LDAP SSL + (the last one provided that OpenLDAP was compiled with support + for SSL): server_host = ldapi://%2Fsome%2Fpath ldaps://ldap.example.com:636 @@ -130,305 +116,256 @@ LDAP_TABLE(5) LDAP_TABLE(5) server_port = 778 timeout (default: 10 seconds) - The number of seconds a search can take before tim- - ing out, e.g. + The number of seconds a search can take before timing out, e.g. timeout = 5 search_base (No default; you must configure this) - The RFC2253 base DN at which to conduct the search, - e.g. + The RFC2253 base DN at which to conduct the search, e.g. search_base = dc=your, dc=com - With Postfix 2.2 and later this parameter supports - the following '%' expansions: + With Postfix 2.2 and later this parameter supports the following + '%' expansions: %% This is replaced by a literal '%' character. - %s This is replaced by the input key. RFC 2253 - quoting is used to make sure that the input - key does not add unexpected metacharacters. - - %u When the input key is an address of the form - user@domain, %u is replaced by the (RFC - 2253) quoted local part of the address. - Otherwise, %u is replaced by the entire - search string. If the localpart is empty, - the search is suppressed and returns no - results. - - %d When the input key is an address of the form - user@domain, %d is replaced by the (RFC - 2253) quoted domain part of the address. - Otherwise, the search is suppressed and - returns no results. + %s This is replaced by the input key. RFC 2253 quoting is + used to make sure that the input key does not add unex- + pected metacharacters. - %[SUD] For the search_base parameter, the upper- - case equivalents of the above expansions - behave identically to their lower-case - counter-parts. With the result_format param- - eter (previously called result_filter see - the COMPATIBILITY section and below), they - expand to the corresponding components of - input key rather than the result value. - - %[1-9] The patterns %1, %2, ... %9 are replaced by - the corresponding most significant component - of the input key's domain. If the input key - is user@mail.example.com, then %1 is com, %2 - is example and %3 is mail. If the input key - is unqualified or does not have enough - domain components to satisfy all the speci- - fied patterns, the search is suppressed and + %u When the input key is an address of the form user@domain, + %u is replaced by the (RFC 2253) quoted local part of the + address. Otherwise, %u is replaced by the entire search + string. If the localpart is empty, the search is sup- + pressed and returns no results. + + %d When the input key is an address of the form user@domain, + %d is replaced by the (RFC 2253) quoted domain part of + the address. Otherwise, the search is suppressed and returns no results. + %[SUD] For the search_base parameter, the upper-case equivalents + of the above expansions behave identically to their + lower-case counter-parts. With the result_format parame- + ter (previously called result_filter see the COMPATIBIL- + ITY section and below), they expand to the corresponding + components of input key rather than the result value. + + %[1-9] The patterns %1, %2, ... %9 are replaced by the corre- + sponding most significant component of the input key's + domain. If the input key is user@mail.example.com, then + %1 is com, %2 is example and %3 is mail. If the input key + is unqualified or does not have enough domain components + to satisfy all the specified patterns, the search is sup- + pressed and returns no results. + query_filter (default: mailacceptinggeneralid=%s) - The RFC2254 filter used to search the directory, - where %s is a substitute for the address Postfix is - trying to resolve, e.g. + The RFC2254 filter used to search the directory, where %s is a + substitute for the address Postfix is trying to resolve, e.g. query_filter = (&(mail=%s)(paid_up=true)) - This parameter supports the following '%' expan- - sions: + This parameter supports the following '%' expansions: - %% This is replaced by a literal '%' character. - (Postfix 2.2 and later). - - %s This is replaced by the input key. RFC 2254 - quoting is used to make sure that the input - key does not add unexpected metacharacters. - - %u When the input key is an address of the form - user@domain, %u is replaced by the (RFC - 2254) quoted local part of the address. - Otherwise, %u is replaced by the entire - search string. If the localpart is empty, - the search is suppressed and returns no - results. - - %d When the input key is an address of the form - user@domain, %d is replaced by the (RFC - 2254) quoted domain part of the address. - Otherwise, the search is suppressed and - returns no results. + %% This is replaced by a literal '%' character. (Postfix 2.2 + and later). - %[SUD] The upper-case equivalents of the above - expansions behave in the query_filter param- - eter identically to their lower-case - counter-parts. With the result_format param- - eter (previously called result_filter see - the COMPATIBILITY section and below), they - expand to the corresponding components of - input key rather than the result value. + %s This is replaced by the input key. RFC 2254 quoting is + used to make sure that the input key does not add unex- + pected metacharacters. - The above %S, %U and %D expansions are - available with Postfix 2.2 and later. + %u When the input key is an address of the form user@domain, + %u is replaced by the (RFC 2254) quoted local part of the + address. Otherwise, %u is replaced by the entire search + string. If the localpart is empty, the search is sup- + pressed and returns no results. - %[1-9] The patterns %1, %2, ... %9 are replaced by - the corresponding most significant component - of the input key's domain. If the input key - is user@mail.example.com, then %1 is com, %2 - is example and %3 is mail. If the input key - is unqualified or does not have enough - domain components to satisfy all the speci- - fied patterns, the search is suppressed and + %d When the input key is an address of the form user@domain, + %d is replaced by the (RFC 2254) quoted domain part of + the address. Otherwise, the search is suppressed and returns no results. - The above %1, ..., %9 expansions are avail- - able with Postfix 2.2 and later. + %[SUD] The upper-case equivalents of the above expansions behave + in the query_filter parameter identically to their lower- + case counter-parts. With the result_format parameter + (previously called result_filter see the COMPATIBILITY + section and below), they expand to the corresponding com- + ponents of input key rather than the result value. + + The above %S, %U and %D expansions are available with + Postfix 2.2 and later. + + %[1-9] The patterns %1, %2, ... %9 are replaced by the corre- + sponding most significant component of the input key's + domain. If the input key is user@mail.example.com, then + %1 is com, %2 is example and %3 is mail. If the input key + is unqualified or does not have enough domain components + to satisfy all the specified patterns, the search is sup- + pressed and returns no results. + + The above %1, ..., %9 expansions are available with Post- + fix 2.2 and later. - The "domain" parameter described below limits the - input keys to addresses in matching domains. When - the "domain" parameter is non-empty, LDAP queries - for unqualified addresses or addresses in non- - matching domains are suppressed and return no - results. + The "domain" parameter described below limits the input keys to + addresses in matching domains. When the "domain" parameter is + non-empty, LDAP queries for unqualified addresses or addresses + in non-matching domains are suppressed and return no results. - NOTE: DO NOT put quotes around the query_filter - parameter. + NOTE: DO NOT put quotes around the query_filter parameter. result_format (default: %s) - Called result_filter in Postfix releases prior to - 2.2. Format template applied to result attributes. - Most commonly used to append (or prepend) text to - the result. This parameter supports the following - '%' expansions: + Called result_filter in Postfix releases prior to 2.2. Format + template applied to result attributes. Most commonly used to + append (or prepend) text to the result. This parameter supports + the following '%' expansions: - %% This is replaced by a literal '%' character. - (Postfix 2.2 and later). + %% This is replaced by a literal '%' character. (Postfix 2.2 + and later). - %s This is replaced by the value of the result - attribute. When result is empty it is - skipped. + %s This is replaced by the value of the result attribute. + When result is empty it is skipped. - %u When the result attribute value is an - address of the form user@domain, %u is - replaced by the local part of the address. - When the result has an empty localpart it is + %u When the result attribute value is an address of the form + user@domain, %u is replaced by the local part of the + address. When the result has an empty localpart it is skipped. - %d When a result attribute value is an address - of the form user@domain, %d is replaced by - the domain part of the attribute value. When - the result is unqualified it is skipped. + %d When a result attribute value is an address of the form + user@domain, %d is replaced by the domain part of the + attribute value. When the result is unqualified it is + skipped. %[SUD1-9] - The upper-case and decimal digit expansions - interpolate the parts of the input key - rather than the result. Their behavior is - identical to that described with query_fil- - ter, and in fact because the input key is - known in advance, lookups whose key does not - contain all the information specified in the - result template are suppressed and return no - results. - - The above %S, %U, %D and %1, ..., %9 expan- - sions are available with Postfix 2.2 and - later. - - For example, using "result_format = smtp:[%s]" - allows one to use a mailHost attribute as the basis - of a transport(5) table. After applying the result - format, multiple values are concatenated as comma - separated strings. The expansion_limit and - size_limit parameters explained below allow one to - restrict the number of values in the result, which - is especially useful for maps that should return a - single value. - - The default value %s specifies that each attribute - value should be used as is. - - This parameter was called result_filter in Postfix - releases prior to 2.2. If no "result_format" is - specified, the value of "result_filter" will be - used instead before resorting to the default value. - This provides compatibility with old configuration - files. + The upper-case and decimal digit expansions interpolate + the parts of the input key rather than the result. Their + behavior is identical to that described with query_fil- + ter, and in fact because the input key is known in + advance, lookups whose key does not contain all the + information specified in the result template are sup- + pressed and return no results. + + The above %S, %U, %D and %1, ..., %9 expansions are + available with Postfix 2.2 and later. + + For example, using "result_format = smtp:[%s]" allows one to use + a mailHost attribute as the basis of a transport(5) table. After + applying the result format, multiple values are concatenated as + comma separated strings. The expansion_limit and size_limit + parameters explained below allow one to restrict the number of + values in the result, which is especially useful for maps that + should return a single value. + + The default value %s specifies that each attribute value should + be used as is. + + This parameter was called result_filter in Postfix releases + prior to 2.2. If no "result_format" is specified, the value of + "result_filter" will be used instead before resorting to the + default value. This provides compatibility with old configura- + tion files. NOTE: DO NOT put quotes around the result format! domain (default: no domain list) - This is a list of domain names, paths to files, or - dictionaries. When specified, only fully qualified - search keys with a *non-empty* localpart and a - matching domain are eligible for lookup: 'user' - lookups, bare domain lookups and "@domain" lookups - are not performed. This can significantly reduce - the query load on the LDAP server. + This is a list of domain names, paths to files, or dictionaries. + When specified, only fully qualified search keys with a *non- + empty* localpart and a matching domain are eligible for lookup: + 'user' lookups, bare domain lookups and "@domain" lookups are + not performed. This can significantly reduce the query load on + the LDAP server. domain = postfix.org, hash:/etc/postfix/searchdomains - It is best not to use LDAP to store the domains - eligible for LDAP lookups. + It is best not to use LDAP to store the domains eligible for + LDAP lookups. - NOTE: DO NOT define this parameter for local(8) - aliases. + NOTE: DO NOT define this parameter for local(8) aliases. This feature is available in Postfix 1.0 and later. result_attribute (default: maildrop) - The attribute(s) Postfix will read from any direc- - tory entries returned by the lookup, to be resolved - to an email address. + The attribute(s) Postfix will read from any directory entries + returned by the lookup, to be resolved to an email address. result_attribute = mailbox, maildrop - Don't rely on the default value ("maildrop"). Set - the result_attribute explicitly in all ldap table - configuration files. This is particularly relevant - when no result_attribute is applicable, e.g. cases - in which leaf_result_attribute and/or termi- - nal_result_attribute are used instead. The default - value is harmless if "maildrop" is also listed as a - leaf or terminal result attribute, but it is best - to not leave this to chance. + Don't rely on the default value ("maildrop"). Set the + result_attribute explicitly in all ldap table configuration + files. This is particularly relevant when no result_attribute is + applicable, e.g. cases in which leaf_result_attribute and/or + terminal_result_attribute are used instead. The default value is + harmless if "maildrop" is also listed as a leaf or terminal + result attribute, but it is best to not leave this to chance. special_result_attribute (default: empty) - The attribute(s) of directory entries that can con- - tain DNs or RFC 2255 LDAP URLs. If found, a recur- - sive search is performed to retrieve the entry ref- - erenced by the DN, or the entries matched by the - URL query. + The attribute(s) of directory entries that can contain DNs or + RFC 2255 LDAP URLs. If found, a recursive search is performed to + retrieve the entry referenced by the DN, or the entries matched + by the URL query. special_result_attribute = memberdn - DN recursion retrieves the same result_attributes - as the main query, including the special attributes - for further recursion. - - URL processing retrieves only those attributes that - are included in both the URL definition and as - result attributes (ordinary, special, leaf or ter- - minal) in the Postfix table definition. If the URL - lists any of the table's special result attributes, - these are retrieved and used recursively. A URL - that does not specify any attribute selection, is - equivalent (RFC 2255) to a URL that selects all - attributes, in which case the selected attributes - will be the full set of result attributes in the + DN recursion retrieves the same result_attributes as the main + query, including the special attributes for further recursion. + + URL processing retrieves only those attributes that are included + in both the URL definition and as result attributes (ordinary, + special, leaf or terminal) in the Postfix table definition. If + the URL lists any of the table's special result attributes, + these are retrieved and used recursively. A URL that does not + specify any attribute selection, is equivalent (RFC 2255) to a + URL that selects all attributes, in which case the selected + attributes will be the full set of result attributes in the Postfix table. - If an LDAP URL attribute-descriptor or the corre- - sponding Postfix LDAP table result attribute (but - not both) uses RFC 2255 sub-type options - ("attr;option"), the attribute requested from the - LDAP server will include the sub-type option. In - all other cases, the URL attribute and the table - attribute must match exactly. Attributes with - options in both the URL and the Postfix table are - requested only when the options are identical. LDAP - attribute-descriptor options are very rarely used, - most LDAP users will not need to concern themselves - with this level of nuanced detail. + If an LDAP URL attribute-descriptor or the corresponding Postfix + LDAP table result attribute (but not both) uses RFC 2255 sub- + type options ("attr;option"), the attribute requested from the + LDAP server will include the sub-type option. In all other + cases, the URL attribute and the table attribute must match + exactly. Attributes with options in both the URL and the Postfix + table are requested only when the options are identical. LDAP + attribute-descriptor options are very rarely used, most LDAP + users will not need to concern themselves with this level of + nuanced detail. terminal_result_attribute (default: empty) - When one or more terminal result attributes are - found in an LDAP entry, all other result attributes - are ignored and only the terminal result attributes - are returned. This is useful for delegating expan- - sion of group members to a particular host, by - using an optional "maildrop" attribute on selected - groups to route the group to a specific host, where - the group is expanded, possibly via mailing-list - manager or other special processing. + When one or more terminal result attributes are found in an LDAP + entry, all other result attributes are ignored and only the ter- + minal result attributes are returned. This is useful for dele- + gating expansion of group members to a particular host, by using + an optional "maildrop" attribute on selected groups to route the + group to a specific host, where the group is expanded, possibly + via mailing-list manager or other special processing. result_attribute = terminal_result_attribute = maildrop - When using terminal and/or leaf result attributes, - the result_attribute is best set to an empty value - when it is not used, or else explicitly set to the - desired value, even if it is the default value - "maildrop". + When using terminal and/or leaf result attributes, the + result_attribute is best set to an empty value when it is not + used, or else explicitly set to the desired value, even if it is + the default value "maildrop". - This feature is available with Postfix 2.4 or - later. + This feature is available with Postfix 2.4 or later. leaf_result_attribute (default: empty) - When one or more special result attributes are - found in a non-terminal (see above) LDAP entry, - leaf result attributes are excluded from the expan- - sion of that entry. This is useful when expanding - groups and the desired mail address attribute(s) of - the member objects obtained via DN or URI recursion - are also present in the group object. To only - return the attribute values from the leaf objects - and not the containing group, add the attribute to - the leaf_result_attribute list, and not the - result_attribute list, which is always expanded. - Note, the default value of "result_attribute" is - not empty, you may want to set it explicitly empty - when using "leaf_result_attribute" to expand the - group to a list of member DN addresses. If groups - have both member DN references AND attributes that - hold multiple string valued rfc822 addresses, then - the string attributes go in "result_attribute". - The attributes that represent the email addresses - of objects referenced via a DN (or LDAP URI) go in + When one or more special result attributes are found in a non- + terminal (see above) LDAP entry, leaf result attributes are + excluded from the expansion of that entry. This is useful when + expanding groups and the desired mail address attribute(s) of + the member objects obtained via DN or URI recursion are also + present in the group object. To only return the attribute values + from the leaf objects and not the containing group, add the + attribute to the leaf_result_attribute list, and not the + result_attribute list, which is always expanded. Note, the + default value of "result_attribute" is not empty, you may want + to set it explicitly empty when using "leaf_result_attribute" to + expand the group to a list of member DN addresses. If groups + have both member DN references AND attributes that hold multiple + string valued rfc822 addresses, then the string attributes go in + "result_attribute". The attributes that represent the email + addresses of objects referenced via a DN (or LDAP URI) go in "leaf_result_attribute". result_attribute = memberaddr @@ -436,24 +373,21 @@ LDAP_TABLE(5) LDAP_TABLE(5) terminal_result_attribute = maildrop leaf_result_attribute = mail - When using terminal and/or leaf result attributes, - the result_attribute is best set to an empty value - when it is not used, or else explicitly set to the - desired value, even if it is the default value - "maildrop". + When using terminal and/or leaf result attributes, the + result_attribute is best set to an empty value when it is not + used, or else explicitly set to the desired value, even if it is + the default value "maildrop". - This feature is available with Postfix 2.4 or - later. + This feature is available with Postfix 2.4 or later. scope (default: sub) - The LDAP search scope: sub, base, or one. These - translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE, - and LDAP_SCOPE_ONELEVEL. + The LDAP search scope: sub, base, or one. These translate into + LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE, and LDAP_SCOPE_ONELEVEL. bind (default: yes) - Whether or how to bind to the LDAP server. Newer - LDAP implementations don't require clients to bind, - which saves time. Example: + Whether or how to bind to the LDAP server. Newer LDAP implemen- + tations don't require clients to bind, which saves time. Exam- + ple: # Don't bind bind = no @@ -462,92 +396,80 @@ LDAP_TABLE(5) LDAP_TABLE(5) # Use SASL bind bind = sasl - Postfix versions prior to 2.8 only support "bind = - no" which means don't bind, and "bind = yes" which - means do a SIMPLE bind. Postfix 2.8 and later also - supports "bind = SASL" when compiled with LDAP SASL - support as described in LDAP_README, it also adds - the synonyms "bind = none" and "bind = simple" for - "bind = no" and "bind = yes" respectively. See the - SASL section below for additional parameters avail- - able with "bind = sasl". - - If you do need to bind, you might consider config- - uring Postfix to connect to the local machine on a - port that's an SSL tunnel to your LDAP server. If - your LDAP server doesn't natively support SSL, put - a tunnel (wrapper, proxy, whatever you want to call - it) on that system too. This should prevent the - password from traversing the network in the clear. + Postfix versions prior to 2.8 only support "bind = no" which + means don't bind, and "bind = yes" which means do a SIMPLE bind. + Postfix 2.8 and later also supports "bind = SASL" when compiled + with LDAP SASL support as described in LDAP_README, it also adds + the synonyms "bind = none" and "bind = simple" for "bind = no" + and "bind = yes" respectively. See the SASL section below for + additional parameters available with "bind = sasl". + + If you do need to bind, you might consider configuring Postfix + to connect to the local machine on a port that's an SSL tunnel + to your LDAP server. If your LDAP server doesn't natively sup- + port SSL, put a tunnel (wrapper, proxy, whatever you want to + call it) on that system too. This should prevent the password + from traversing the network in the clear. bind_dn (default: empty) - If you do have to bind, do it with this distin- - guished name. Example: + If you do have to bind, do it with this distinguished name. + Example: bind_dn = uid=postfix, dc=your, dc=com - With "bind = sasl" (see above) the DN may be - optional for some SASL mechanisms, don't specify a - DN if not needed. + With "bind = sasl" (see above) the DN may be optional for some + SASL mechanisms, don't specify a DN if not needed. bind_pw (default: empty) - The password for the distinguished name above. If - you have to use this, you probably want to make the - map configuration file readable only by the Postfix - user. When using the obsolete ldap:ldapsource syn- - tax, with map parameters in main.cf, it is not pos- - sible to securely store the bind password. This is - because main.cf needs to be world readable to allow - local accounts to submit mail via the sendmail com- - mand. Example: + The password for the distinguished name above. If you have to + use this, you probably want to make the map configuration file + readable only by the Postfix user. When using the obsolete + ldap:ldapsource syntax, with map parameters in main.cf, it is + not possible to securely store the bind password. This is + because main.cf needs to be world readable to allow local + accounts to submit mail via the sendmail command. Example: bind_pw = postfixpw - With "bind = sasl" (see above) the password may be - optional for some SASL mechanisms, don't specify a - password if not needed. + With "bind = sasl" (see above) the password may be optional for + some SASL mechanisms, don't specify a password if not needed. cache (IGNORED with a warning) cache_expiry (IGNORED with a warning) cache_size (IGNORED with a warning) - The above parameters are NO LONGER SUPPORTED by - Postfix. Cache support has been dropped from - OpenLDAP as of release 2.1.13. + The above parameters are NO LONGER SUPPORTED by Postfix. Cache + support has been dropped from OpenLDAP as of release 2.1.13. recursion_limit (default: 1000) - A limit on the nesting depth of DN and URL special - result attribute evaluation. The limit must be a - non-zero positive number. + A limit on the nesting depth of DN and URL special result + attribute evaluation. The limit must be a non-zero positive num- + ber. expansion_limit (default: 0) - A limit on the total number of result elements - returned (as a comma separated list) by a lookup - against the map. A setting of zero disables the - limit. Lookups fail with a temporary error if the - limit is exceeded. Setting the limit to 1 ensures - that lookups do not return multiple values. + A limit on the total number of result elements returned (as a + comma separated list) by a lookup against the map. A setting of + zero disables the limit. Lookups fail with a temporary error if + the limit is exceeded. Setting the limit to 1 ensures that + lookups do not return multiple values. size_limit (default: $expansion_limit) - A limit on the number of LDAP entries returned by - any single LDAP search performed as part of the - lookup. A setting of 0 disables the limit. Expan- - sion of DN and URL references involves nested LDAP - queries, each of which is separately subjected to + A limit on the number of LDAP entries returned by any single + LDAP search performed as part of the lookup. A setting of 0 dis- + ables the limit. Expansion of DN and URL references involves + nested LDAP queries, each of which is separately subjected to this limit. - Note: even a single LDAP entry can generate multi- - ple lookup results, via multiple result attributes - and/or multi-valued result attributes. This limit - caps the per search resource utilization on the - LDAP server, not the final multiplicity of the - lookup result. It is analogous to the "-z" option - of "ldapsearch". + Note: even a single LDAP entry can generate multiple lookup + results, via multiple result attributes and/or multi-valued + result attributes. This limit caps the per search resource uti- + lization on the LDAP server, not the final multiplicity of the + lookup result. It is analogous to the "-z" option of + "ldapsearch". dereference (default: 0) - When to dereference LDAP aliases. (Note that this - has nothing do with Postfix aliases.) The permitted - values are those legal for the OpenLDAP/UM LDAP - implementations: + When to dereference LDAP aliases. (Note that this has nothing do + with Postfix aliases.) The permitted values are those legal for + the OpenLDAP/UM LDAP implementations: 0 never @@ -557,55 +479,47 @@ LDAP_TABLE(5) LDAP_TABLE(5) 3 always - See ldap.h or the ldap_open(3) or ldapsearch(1) man - pages for more information. And if you're using an - LDAP package that has other possible values, please - bring it to the attention of the postfix- - users@postfix.org mailing list. + See ldap.h or the ldap_open(3) or ldapsearch(1) man pages for + more information. And if you're using an LDAP package that has + other possible values, please bring it to the attention of the + postfix-users@postfix.org mailing list. chase_referrals (default: 0) - Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP - version 3 support). + Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP version 3 + support). version (default: 2) Specifies the LDAP protocol version to use. debuglevel (default: 0) - What level to set for debugging in the OpenLDAP - libraries. + What level to set for debugging in the OpenLDAP libraries. LDAP SASL PARAMETERS - If you're using the OpenLDAP libraries compiled with SASL - support, Postfix 2.8 and later built with LDAP SASL sup- - port as described in LDAP_README can authenticate to LDAP - servers via SASL. - - This enables authentication to the LDAP server via mecha- - nisms other than a simple password. The added flexibility - has a cost: it is no longer practical to set an explicit - timeout on the duration of an LDAP bind operation. Under - adverse conditions, whether a SASL bind times out, or if - it does, the duration of the timeout is determined by the + If you're using the OpenLDAP libraries compiled with SASL support, + Postfix 2.8 and later built with LDAP SASL support as described in + LDAP_README can authenticate to LDAP servers via SASL. + + This enables authentication to the LDAP server via mechanisms other + than a simple password. The added flexibility has a cost: it is no + longer practical to set an explicit timeout on the duration of an LDAP + bind operation. Under adverse conditions, whether a SASL bind times + out, or if it does, the duration of the timeout is determined by the LDAP and SASL libraries. - It is best to use tables that use SASL binds via prox- - ymap(8), this way the requesting process can time-out the - proxymap request. This also lets you tailer the process - environment by overriding the proxymap(8) import_environ- - ment setting in master.cf(5). Special environment settings - may be needed to configure GSSAPI credential caches or - other SASL mechanism specific options. The GSSAPI creden- - tials used for LDAP lookups may need to be different than - say those used for the Postfix SMTP client to authenticate - to remote servers. - - Using SASL mechanisms requires LDAP protocol version 3, - the default protocol version is 2 for backwards compati- - bility. You must set "version = 3" in addition to "bind = - sasl". - - The following parameters are relevant to using LDAP with - SASL + It is best to use tables that use SASL binds via proxymap(8), this way + the requesting process can time-out the proxymap request. This also + lets you tailer the process environment by overriding the proxymap(8) + import_environment setting in master.cf(5). Special environment set- + tings may be needed to configure GSSAPI credential caches or other SASL + mechanism specific options. The GSSAPI credentials used for LDAP + lookups may need to be different than say those used for the Postfix + SMTP client to authenticate to remote servers. + + Using SASL mechanisms requires LDAP protocol version 3, the default + protocol version is 2 for backwards compatibility. You must set "ver- + sion = 3" in addition to "bind = sasl". + + The following parameters are relevant to using LDAP with SASL sasl_mechs (default: empty) Space separated list of SASL mechanism(s) to try. @@ -614,20 +528,18 @@ LDAP_TABLE(5) LDAP_TABLE(5) SASL Realm to use, if applicable. sasl_authz_id (default: empty) - The SASL authorization identity to assert, if - applicable. + The SASL authorization identity to assert, if applicable. sasl_minssf (default: 0) - The minimum required sasl security factor required - to establish a connection. + The minimum required sasl security factor required to establish + a connection. LDAP SSL AND STARTTLS PARAMETERS - If you're using the OpenLDAP libraries compiled with SSL - support, Postfix can connect to LDAP SSL servers and can - issue the STARTTLS command. + If you're using the OpenLDAP libraries compiled with SSL support, Post- + fix can connect to LDAP SSL servers and can issue the STARTTLS command. - LDAP SSL service can be requested by using a LDAP SSL URL - in the server_host parameter: + LDAP SSL service can be requested by using a LDAP SSL URL in the + server_host parameter: server_host = ldaps://ldap.example.com:636 @@ -635,111 +547,93 @@ LDAP_TABLE(5) LDAP_TABLE(5) start_tls = yes - Both forms require LDAP protocol version 3, which has to - be set explicitly with: + Both forms require LDAP protocol version 3, which has to be set explic- + itly with: version = 3 - If any of the Postfix programs querying the map is config- - ured in master.cf to run chrooted, all the certificates - and keys involved have to be copied to the chroot jail. Of - course, the private keys should only be readable by the - user "postfix". + If any of the Postfix programs querying the map is configured in mas- + ter.cf to run chrooted, all the certificates and keys involved have to + be copied to the chroot jail. Of course, the private keys should only + be readable by the user "postfix". - The following parameters are relevant to LDAP SSL and - STARTTLS: + The following parameters are relevant to LDAP SSL and STARTTLS: start_tls (default: no) - Whether or not to issue STARTTLS upon connection to - the server. Don't set this with LDAP SSL (the SSL - session is setup automatically when the TCP connec- - tion is opened). - - tls_ca_cert_dir (No default; set either this or - tls_ca_cert_file) - Directory containing X509 Certificate Authority - certificates in PEM format which are to be recog- - nized by the client in SSL/TLS connections. The - files each contain one CA certificate. The files - are looked up by the CA subject name hash value, - which must hence be available. If more than one CA - certificate with the same name hash value exist, - the extension must be different (e.g. 9d66eef0.0, - 9d66eef0.1 etc). The search is performed in the - ordering of the extension number, regardless of - other properties of the certificates. Use the - c_rehash utility (from the OpenSSL distribution) to - create the necessary links. - - tls_ca_cert_file (No default; set either this or - tls_ca_cert_dir) - File containing the X509 Certificate Authority cer- - tificates in PEM format which are to be recognized - by the client in SSL/TLS connections. This setting - takes precedence over tls_ca_cert_dir. + Whether or not to issue STARTTLS upon connection to the server. + Don't set this with LDAP SSL (the SSL session is setup automati- + cally when the TCP connection is opened). + + tls_ca_cert_dir (No default; set either this or tls_ca_cert_file) + Directory containing X509 Certificate Authority certificates in + PEM format which are to be recognized by the client in SSL/TLS + connections. The files each contain one CA certificate. The + files are looked up by the CA subject name hash value, which + must hence be available. If more than one CA certificate with + the same name hash value exist, the extension must be different + (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in + the ordering of the extension number, regardless of other prop- + erties of the certificates. Use the c_rehash utility (from the + OpenSSL distribution) to create the necessary links. + + tls_ca_cert_file (No default; set either this or tls_ca_cert_dir) + File containing the X509 Certificate Authority certificates in + PEM format which are to be recognized by the client in SSL/TLS + connections. This setting takes precedence over tls_ca_cert_dir. tls_cert (No default; you must set this) - File containing client's X509 certificate to be - used by the client in SSL/ TLS connections. + File containing client's X509 certificate to be used by the + client in SSL/ TLS connections. tls_key (No default; you must set this) - File containing the private key corresponding to - the above tls_cert. + File containing the private key corresponding to the above + tls_cert. tls_require_cert (default: no) - Whether or not to request server's X509 certificate - and check its validity when establishing SSL/TLS - connections. The supported values are no and yes. - - With no, the server certificate trust chain is not - checked, but with OpenLDAP prior to 2.1.13, the - name in the server certificate must still match the - LDAP server name. With OpenLDAP 2.0.0 to 2.0.11 the - server name is not necessarily what you specified, - rather it is determined (by reverse lookup) from - the IP address of the LDAP server connection. With - OpenLDAP prior to 2.0.13, subjectAlternativeName - extensions in the LDAP server certificate are - ignored: the server name must match the subject - CommonName. The no setting corresponds to the never - value of TLS_REQCERT in LDAP client configuration - files. - - Don't use TLS with OpenLDAP 2.0.x (and especially - with x <= 11) if you can avoid it. - - With yes, the server certificate must be issued by - a trusted CA, and not be expired. The LDAP server - name must match one of the name(s) found in the - certificate (see above for OpenLDAP library version - dependent behavior). The yes setting corresponds to - the demand value of TLS_REQCERT in LDAP client con- - figuration files. - - The "try" and "allow" values of TLS_REQCERT have no - equivalents here. They are not available with - OpenLDAP 2.0, and in any case have questionable - security properties. Either you want TLS verified - LDAP connections, or you don't. - - The yes value only works correctly with Postfix 2.5 - and later, or with OpenLDAP 2.0. Earlier Postfix - releases or later OpenLDAP releases don't work - together with this setting. Support for LDAP over - TLS was added to Postfix based on the OpenLDAP 2.0 - API. + Whether or not to request server's X509 certificate and check + its validity when establishing SSL/TLS connections. The sup- + ported values are no and yes. + + With no, the server certificate trust chain is not checked, but + with OpenLDAP prior to 2.1.13, the name in the server certifi- + cate must still match the LDAP server name. With OpenLDAP 2.0.0 + to 2.0.11 the server name is not necessarily what you specified, + rather it is determined (by reverse lookup) from the IP address + of the LDAP server connection. With OpenLDAP prior to 2.0.13, + subjectAlternativeName extensions in the LDAP server certificate + are ignored: the server name must match the subject CommonName. + The no setting corresponds to the never value of TLS_REQCERT in + LDAP client configuration files. + + Don't use TLS with OpenLDAP 2.0.x (and especially with x <= 11) + if you can avoid it. + + With yes, the server certificate must be issued by a trusted CA, + and not be expired. The LDAP server name must match one of the + name(s) found in the certificate (see above for OpenLDAP library + version dependent behavior). The yes setting corresponds to the + demand value of TLS_REQCERT in LDAP client configuration files. + + The "try" and "allow" values of TLS_REQCERT have no equivalents + here. They are not available with OpenLDAP 2.0, and in any case + have questionable security properties. Either you want TLS veri- + fied LDAP connections, or you don't. + + The yes value only works correctly with Postfix 2.5 and later, + or with OpenLDAP 2.0. Earlier Postfix releases or later OpenLDAP + releases don't work together with this setting. Support for LDAP + over TLS was added to Postfix based on the OpenLDAP 2.0 API. tls_random_file (No default) - Path of a file to obtain random bits from when - /dev/[u]random is not available, to be used by the - client in SSL/TLS connections. + Path of a file to obtain random bits from when /dev/[u]random is + not available, to be used by the client in SSL/TLS connections. tls_cipher_suite (No default) Cipher suite to use in SSL/TLS negotiations. EXAMPLE - Here's a basic example for using LDAP to look up local(8) - aliases. Assume that in main.cf, you have: + Here's a basic example for using LDAP to look up local(8) aliases. + Assume that in main.cf, you have: alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf @@ -749,15 +643,13 @@ LDAP_TABLE(5) LDAP_TABLE(5) server_host = ldap.example.com search_base = dc=example, dc=com - Upon receiving mail for a local address "ldapuser" that - isn't found in the /etc/aliases database, Postfix will - search the LDAP server listening at port 389 on ldap.exam- - ple.com. It will bind anonymously, search for any direc- - tory entries whose mailacceptinggeneralid attribute is - "ldapuser", read the "maildrop" attributes of those found, - and build a list of their maildrops, which will be treated - as RFC822 addresses to which the message will be deliv- - ered. + Upon receiving mail for a local address "ldapuser" that isn't found in + the /etc/aliases database, Postfix will search the LDAP server listen- + ing at port 389 on ldap.example.com. It will bind anonymously, search + for any directory entries whose mailacceptinggeneralid attribute is + "ldapuser", read the "maildrop" attributes of those found, and build a + list of their maildrops, which will be treated as RFC822 addresses to + which the message will be delivered. SEE ALSO postmap(1), Postfix lookup table manager @@ -770,14 +662,12 @@ LDAP_TABLE(5) LDAP_TABLE(5) LDAP_README, Postfix LDAP client guide LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) - Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith - Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike - Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu, - Victor Duchovni, and many others. + Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith Stevenson, LaM- + ont Jones, Liviu Daia, Manuel Guesdon, Mike Mattice, Prabhat K Singh, + Sami Haahtinen, Samuel Tardieu, Victor Duchovni, and many others. LDAP_TABLE(5) diff --git a/postfix/html/lmdb_table.5.html b/postfix/html/lmdb_table.5.html index 52075553f..b627ded68 100644 --- a/postfix/html/lmdb_table.5.html +++ b/postfix/html/lmdb_table.5.html @@ -20,57 +20,51 @@ LMDB_TABLE(5) LMDB_TABLE(5) postmap -q - lmdb:/etc/postfix/filename <inputfile DESCRIPTION - The Postfix LMDB adapter provides access to a persistent, - memory-mapped, key-value store. The database size is lim- - ited only by the size of the memory address space and file - system. + The Postfix LMDB adapter provides access to a persistent, memory- + mapped, key-value store. The database size is limited only by the size + of the memory address space and file system. REQUESTS - The LMDB adapter supports all Postfix lookup table opera- - tions. This makes LMDB suitable for Postfix address - rewriting, routing, access policies, caches, or any infor- - mation that can be stored under a fixed lookup key. - - When a transaction fails due to a full database, Postfix - resizes the database and retries the transaction. - - Postfix access, address mapping and routing table lookups - may generate partial search keys such as domain names - without one or more subdomains, network addresses without - one or more least-significant octets, or email addresses - without the localpart, address extension or domain por- - tion. This behavior is also found with btree:, hash:, or - ldap: tables. - - Unlike other flat-file based Postfix databases, changes to - an LMDB database do not trigger automatic daemon program - restart. + The LMDB adapter supports all Postfix lookup table operations. This + makes LMDB suitable for Postfix address rewriting, routing, access + policies, caches, or any information that can be stored under a fixed + lookup key. + + When a transaction fails due to a full database, Postfix resizes the + database and retries the transaction. + + Postfix access, address mapping and routing table lookups may generate + partial search keys such as domain names without one or more subdo- + mains, network addresses without one or more least-significant octets, + or email addresses without the localpart, address extension or domain + portion. This behavior is also found with btree:, hash:, or ldap: + tables. + + Unlike other flat-file based Postfix databases, changes to an LMDB + database do not trigger automatic daemon program restart. RELIABILITY - LMDB's copy-on-write architecture achieves reliable - updates, at the cost of using more space than some other - flat-file databases. Read operations are memory-mapped - for speed. Write operations are not memory-mapped to - avoid silent curruption due stray pointer bugs. - - The Postfix LMDB adapter implements locking with fcntl(2) - locks at whole-file granularity. LMDB's native locking - scheme would require world-writable lockfiles and would - therefore violate the Postfix security model. - - Multiple processes can safely update an LMDB database - without serializing requests through the proxymap(8) ser- - vice. This makes LMDB suitable as a shared cache for ver- - ify(8) or postscreen(8) services. + LMDB's copy-on-write architecture achieves reliable updates, at the + cost of using more space than some other flat-file databases. Read + operations are memory-mapped for speed. Write operations are not mem- + ory-mapped to avoid silent curruption due stray pointer bugs. + + The Postfix LMDB adapter implements locking with fcntl(2) locks at + whole-file granularity. LMDB's native locking scheme would require + world-writable lockfiles and would therefore violate the Postfix secu- + rity model. + + Multiple processes can safely update an LMDB database without serializ- + ing requests through the proxymap(8) service. This makes LMDB suitable + as a shared cache for verify(8) or postscreen(8) services. CONFIGURATION PARAMETERS - Short-lived programs automatically pick up changes to - main.cf. With long-running daemon programs, Use the com- - mand "postfix reload" after a configuration change. + Short-lived programs automatically pick up changes to main.cf. With + long-running daemon programs, Use the command "postfix reload" after a + configuration change. lmdb_map_size (default: 16777216) - The initial OpenLDAP LMDB database size limit in - bytes. + The initial OpenLDAP LMDB database size limit in bytes. SEE ALSO postconf(1), Postfix supported lookup tables @@ -82,8 +76,7 @@ LMDB_TABLE(5) LMDB_TABLE(5) LMDB_README, Postfix LMDB howto LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY LMDB support was introduced with Postfix version 2.11. diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index fce80c8e5..1816f341c 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -13,37 +13,32 @@ SMTP(8) SMTP(8) smtp [generic Postfix daemon options] DESCRIPTION - The Postfix SMTP+LMTP client implements the SMTP and LMTP - mail delivery protocols. It processes message delivery - requests from the queue manager. Each request specifies a - queue file, a sender address, a domain or host to deliver - to, and recipient information. This program expects to be - run from the master(8) process manager. - - The SMTP+LMTP client updates the queue file and marks - recipients as finished, or it informs the queue manager - that delivery should be tried again at a later time. - Delivery status reports are sent to the bounce(8), - defer(8) or trace(8) daemon as appropriate. - - The SMTP+LMTP client looks up a list of mail exchanger - addresses for the destination host, sorts the list by - preference, and connects to each listed address until it - finds a server that responds. - - When a server is not reachable, or when mail delivery - fails due to a recoverable error condition, the SMTP+LMTP - client will try to deliver the mail to an alternate host. - - After a successful mail transaction, a connection may be - saved to the scache(8) connection cache server, so that it - may be used by any SMTP+LMTP client for a subsequent - transaction. - - By default, connection caching is enabled temporarily for - destinations that have a high volume of mail in the active - queue. Connection caching can be enabled permanently for - specific destinations. + The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery + protocols. It processes message delivery requests from the queue man- + ager. Each request specifies a queue file, a sender address, a domain + or host to deliver to, and recipient information. This program expects + to be run from the master(8) process manager. + + The SMTP+LMTP client updates the queue file and marks recipients as + finished, or it informs the queue manager that delivery should be tried + again at a later time. Delivery status reports are sent to the + bounce(8), defer(8) or trace(8) daemon as appropriate. + + The SMTP+LMTP client looks up a list of mail exchanger addresses for + the destination host, sorts the list by preference, and connects to + each listed address until it finds a server that responds. + + When a server is not reachable, or when mail delivery fails due to a + recoverable error condition, the SMTP+LMTP client will try to deliver + the mail to an alternate host. + + After a successful mail transaction, a connection may be saved to the + scache(8) connection cache server, so that it may be used by any + SMTP+LMTP client for a subsequent transaction. + + By default, connection caching is enabled temporarily for destinations + that have a high volume of mail in the active queue. Connection caching + can be enabled permanently for specific destinations. SMTP DESTINATION SYNTAX SMTP destinations have the following form: @@ -51,31 +46,29 @@ SMTP(8) SMTP(8) domainname domainname:port - Look up the mail exchangers for the specified - domain, and connect to the specified port (default: - smtp). + Look up the mail exchangers for the specified domain, and con- + nect to the specified port (default: smtp). [hostname] [hostname]:port - Look up the address(es) of the specified host, and - connect to the specified port (default: smtp). + Look up the address(es) of the specified host, and connect to + the specified port (default: smtp). [address] [address]:port - Connect to the host at the specified address, and - connect to the specified port (default: smtp). An - IPv6 address must be formatted as [ipv6:address]. + Connect to the host at the specified address, and connect to the + specified port (default: smtp). An IPv6 address must be format- + ted as [ipv6:address]. LMTP DESTINATION SYNTAX LMTP destinations have the following form: unix:pathname - Connect to the local UNIX-domain server that is - bound to the specified pathname. If the process - runs chrooted, an absolute pathname is interpreted - relative to the Postfix queue directory. + Connect to the local UNIX-domain server that is bound to the + specified pathname. If the process runs chrooted, an absolute + pathname is interpreted relative to the Postfix queue directory. inet:hostname @@ -84,19 +77,17 @@ SMTP(8) SMTP(8) inet:[address] inet:[address]:port - Connect to the specified TCP port on the specified - local or remote host. If no port is specified, con- - nect to the port defined as lmtp in services(4). - If no such service is found, the lmtp_tcp_port con- - figuration parameter (default value of 24) will be - used. An IPv6 address must be formatted as + Connect to the specified TCP port on the specified local or + remote host. If no port is specified, connect to the port + defined as lmtp in services(4). If no such service is found, + the lmtp_tcp_port configuration parameter (default value of 24) + will be used. An IPv6 address must be formatted as [ipv6:address]. SECURITY - The SMTP+LMTP client is moderately security-sensitive. It - talks to SMTP or LMTP servers and to DNS servers on the - network. The SMTP+LMTP client can be run chrooted at fixed - low privilege. + The SMTP+LMTP client is moderately security-sensitive. It talks to SMTP + or LMTP servers and to DNS servers on the network. The SMTP+LMTP client + can be run chrooted at fixed low privilege. STANDARDS RFC 821 (SMTP protocol) @@ -118,42 +109,38 @@ SMTP(8) SMTP(8) RFC 5321 (SMTP protocol) DIAGNOSTICS - Problems and transactions are logged to syslogd(8). Cor- - rupted message files are marked so that the queue manager - can move them to the corrupt queue for further inspection. + Problems and transactions are logged to syslogd(8). Corrupted message + files are marked so that the queue manager can move them to the corrupt + queue for further inspection. - Depending on the setting of the notify_classes parameter, - the postmaster is notified of bounces, protocol problems, - and of other trouble. + Depending on the setting of the notify_classes parameter, the postmas- + ter is notified of bounces, protocol problems, and of other trouble. BUGS - SMTP and LMTP connection caching does not work with TLS. - The necessary support for TLS object passivation and re- - activation does not exist without closing the session, - which defeats the purpose. + SMTP and LMTP connection caching does not work with TLS. The necessary + support for TLS object passivation and re-activation does not exist + without closing the session, which defeats the purpose. - SMTP and LMTP connection caching assumes that SASL creden- - tials are valid for all destinations that map onto the - same IP address and TCP port. + SMTP and LMTP connection caching assumes that SASL credentials are + valid for all destinations that map onto the same IP address and TCP + port. CONFIGURATION PARAMETERS - Before Postfix version 2.3, the LMTP client is a separate - program that implements only a subset of the functionality - available with SMTP: there is no support for TLS, and con- - nections are cached in-process, making it ineffective when - the client is used for multiple domains. + Before Postfix version 2.3, the LMTP client is a separate program that + implements only a subset of the functionality available with SMTP: + there is no support for TLS, and connections are cached in-process, + making it ineffective when the client is used for multiple domains. - Most smtp_xxx configuration parameters have an lmtp_xxx - "mirror" parameter for the equivalent LMTP feature. This - document describes only those LMTP-related parameters that - aren't simply "mirror" parameters. + Most smtp_xxx configuration parameters have an lmtp_xxx "mirror" param- + eter for the equivalent LMTP feature. This document describes only + those LMTP-related parameters that aren't simply "mirror" parameters. - Changes to main.cf are picked up automatically, as smtp(8) - processes run for only a limited amount of time. Use the - command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically, as smtp(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. COMPATIBILITY CONTROLS ignore_mx_lookup_error (no) @@ -166,130 +153,118 @@ SMTP(8) SMTP(8) Never send EHLO at the start of an SMTP session. smtp_defer_if_no_mx_address_found (no) - Defer mail delivery when no MX record resolves to - an IP address. + Defer mail delivery when no MX record resolves to an IP address. smtp_line_length_limit (998) - The maximal length of message header and body lines - that Postfix will send via SMTP. + The maximal length of message header and body lines that Postfix + will send via SMTP. smtp_pix_workaround_delay_time (10s) - How long the Postfix SMTP client pauses before - sending ".<CR><LF>" in order to work around the PIX - firewall "<CR><LF>.<CR><LF>" bug. + How long the Postfix SMTP client pauses before sending + ".<CR><LF>" in order to work around the PIX firewall + "<CR><LF>.<CR><LF>" bug. smtp_pix_workaround_threshold_time (500s) - How long a message must be queued before the Post- - fix SMTP client turns on the PIX firewall - "<CR><LF>.<CR><LF>" bug workaround for delivery - through firewalls with "smtp fixup" mode turned on. + How long a message must be queued before the Postfix SMTP client + turns on the PIX firewall "<CR><LF>.<CR><LF>" bug workaround for + delivery through firewalls with "smtp fixup" mode turned on. smtp_pix_workarounds (disable_esmtp, delay_dotcrlf) - A list that specifies zero or more workarounds for - CISCO PIX firewall bugs. + A list that specifies zero or more workarounds for CISCO PIX + firewall bugs. smtp_pix_workaround_maps (empty) - Lookup tables, indexed by the remote SMTP server - address, with per-destination workarounds for CISCO - PIX firewall bugs. + Lookup tables, indexed by the remote SMTP server address, with + per-destination workarounds for CISCO PIX firewall bugs. smtp_quote_rfc821_envelope (yes) - Quote addresses in Postfix SMTP client MAIL FROM - and RCPT TO commands as required by RFC 5321. + Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO + commands as required by RFC 5321. smtp_reply_filter (empty) - A mechanism to transform replies from remote SMTP - servers one line at a time. + A mechanism to transform replies from remote SMTP servers one + line at a time. smtp_skip_5xx_greeting (yes) - Skip remote SMTP servers that greet with a 5XX sta- - tus code. + Skip remote SMTP servers that greet with a 5XX status code. smtp_skip_quit_response (yes) - Do not wait for the response to the SMTP QUIT com- - mand. + Do not wait for the response to the SMTP QUIT command. Available in Postfix version 2.0 and earlier: smtp_skip_4xx_greeting (yes) - Skip SMTP servers that greet with a 4XX status code - (go away, try again later). + Skip SMTP servers that greet with a 4XX status code (go away, + try again later). Available in Postfix version 2.2 and later: smtp_discard_ehlo_keyword_address_maps (empty) - Lookup tables, indexed by the remote SMTP server - address, with case insensitive lists of EHLO key- - words (pipelining, starttls, auth, etc.) that the - Postfix SMTP client will ignore in the EHLO + Lookup tables, indexed by the remote SMTP server address, with + case insensitive lists of EHLO keywords (pipelining, starttls, + auth, etc.) that the Postfix SMTP client will ignore in the EHLO response from a remote SMTP server. smtp_discard_ehlo_keywords (empty) - A case insensitive list of EHLO keywords (pipelin- - ing, starttls, auth, etc.) that the Postfix SMTP - client will ignore in the EHLO response from a - remote SMTP server. + A case insensitive list of EHLO keywords (pipelining, starttls, + auth, etc.) that the Postfix SMTP client will ignore in the EHLO + response from a remote SMTP server. smtp_generic_maps (empty) - Optional lookup tables that perform address rewrit- - ing in the Postfix SMTP client, typically to trans- - form a locally valid address into a globally valid - address when sending mail across the Internet. + Optional lookup tables that perform address rewriting in the + Postfix SMTP client, typically to transform a locally valid + address into a globally valid address when sending mail across + the Internet. Available in Postfix version 2.2.9 and later: smtp_cname_overrides_servername (version dependent) - Allow DNS CNAME records to override the servername - that the Postfix SMTP client uses for logging, SASL - password lookup, TLS policy decisions, or TLS cer- - tificate verification. + Allow DNS CNAME records to override the servername that the + Postfix SMTP client uses for logging, SASL password lookup, TLS + policy decisions, or TLS certificate verification. Available in Postfix version 2.3 and later: lmtp_discard_lhlo_keyword_address_maps (empty) - Lookup tables, indexed by the remote LMTP server - address, with case insensitive lists of LHLO key- - words (pipelining, starttls, auth, etc.) that the - Postfix LMTP client will ignore in the LHLO + Lookup tables, indexed by the remote LMTP server address, with + case insensitive lists of LHLO keywords (pipelining, starttls, + auth, etc.) that the Postfix LMTP client will ignore in the LHLO response from a remote LMTP server. lmtp_discard_lhlo_keywords (empty) - A case insensitive list of LHLO keywords (pipelin- - ing, starttls, auth, etc.) that the Postfix LMTP - client will ignore in the LHLO response from a - remote LMTP server. + A case insensitive list of LHLO keywords (pipelining, starttls, + auth, etc.) that the Postfix LMTP client will ignore in the LHLO + response from a remote LMTP server. Available in Postfix version 2.4.4 and later: send_cyrus_sasl_authzid (no) - When authenticating to a remote SMTP or LMTP server - with the default setting "no", send no SASL autho- - riZation ID (authzid); send only the SASL authenti- - Cation ID (authcid) plus the authcid's password. + When authenticating to a remote SMTP or LMTP server with the + default setting "no", send no SASL authoriZation ID (authzid); + send only the SASL authentiCation ID (authcid) plus the auth- + cid's password. Available in Postfix version 2.5 and later: smtp_header_checks (empty) - Restricted header_checks(5) tables for the Postfix - SMTP client. + Restricted header_checks(5) tables for the Postfix SMTP client. smtp_mime_header_checks (empty) - Restricted mime_header_checks(5) tables for the - Postfix SMTP client. + Restricted mime_header_checks(5) tables for the Postfix SMTP + client. smtp_nested_header_checks (empty) - Restricted nested_header_checks(5) tables for the - Postfix SMTP client. + Restricted nested_header_checks(5) tables for the Postfix SMTP + client. smtp_body_checks (empty) - Restricted body_checks(5) tables for the Postfix - SMTP client. + Restricted body_checks(5) tables for the Postfix SMTP client. Available in Postfix version 2.6 and later: tcp_windowsize (0) - An optional workaround for routers that break TCP - window scaling. + An optional workaround for routers that break TCP window scal- + ing. Available in Postfix version 2.8 and later: @@ -299,17 +274,15 @@ SMTP(8) SMTP(8) Available in Postfix version 2.9 and later: smtp_per_record_deadline (no) - Change the behavior of the smtp_*_timeout time lim- - its, from a time limit per read or write system - call, to a time limit to send or receive a complete - record (an SMTP command line, SMTP response line, - SMTP message content line, or TLS protocol mes- + Change the behavior of the smtp_*_timeout time limits, from a + time limit per read or write system call, to a time limit to + send or receive a complete record (an SMTP command line, SMTP + response line, SMTP message content line, or TLS protocol mes- sage). smtp_send_dummy_mail_auth (no) - Whether or not to append the "AUTH=<>" option to - the MAIL FROM command in SASL-authenticated SMTP - sessions. + Whether or not to append the "AUTH=<>" option to the MAIL FROM + command in SASL-authenticated SMTP sessions. Available in Postfix version 2.11 and later: @@ -320,593 +293,521 @@ SMTP(8) SMTP(8) Available in Postfix version 2.0 and later: disable_mime_output_conversion (no) - Disable the conversion of 8BITMIME format to 7BIT - format. + Disable the conversion of 8BITMIME format to 7BIT format. mime_boundary_length_limit (2048) - The maximal length of MIME multipart boundary - strings. + The maximal length of MIME multipart boundary strings. mime_nesting_limit (100) - The maximal recursion level that the MIME processor - will handle. + The maximal recursion level that the MIME processor will handle. EXTERNAL CONTENT INSPECTION CONTROLS Available in Postfix version 2.1 and later: smtp_send_xforward_command (no) - Send the non-standard XFORWARD command when the - Postfix SMTP server EHLO response announces XFOR- - WARD support. + Send the non-standard XFORWARD command when the Postfix SMTP + server EHLO response announces XFORWARD support. SASL AUTHENTICATION CONTROLS smtp_sasl_auth_enable (no) - Enable SASL authentication in the Postfix SMTP - client. + Enable SASL authentication in the Postfix SMTP client. smtp_sasl_password_maps (empty) - Optional Postfix SMTP client lookup tables with one - username:password entry per remote hostname or - domain, or sender address when sender-dependent - authentication is enabled. + Optional Postfix SMTP client lookup tables with one user- + name:password entry per remote hostname or domain, or sender + address when sender-dependent authentication is enabled. smtp_sasl_security_options (noplaintext, noanonymous) - Postfix SMTP client SASL security options; as of - Postfix 2.3 the list of available features depends - on the SASL client implementation that is selected - with smtp_sasl_type. + Postfix SMTP client SASL security options; as of Postfix 2.3 the + list of available features depends on the SASL client implemen- + tation that is selected with smtp_sasl_type. Available in Postfix version 2.2 and later: smtp_sasl_mechanism_filter (empty) - If non-empty, a Postfix SMTP client filter for the - remote SMTP server's list of offered SASL mecha- - nisms. + If non-empty, a Postfix SMTP client filter for the remote SMTP + server's list of offered SASL mechanisms. Available in Postfix version 2.3 and later: smtp_sender_dependent_authentication (no) - Enable sender-dependent authentication in the Post- - fix SMTP client; this is available only with SASL - authentication, and disables SMTP connection - caching to ensure that mail from different senders - will use the appropriate credentials. + Enable sender-dependent authentication in the Postfix SMTP + client; this is available only with SASL authentication, and + disables SMTP connection caching to ensure that mail from dif- + ferent senders will use the appropriate credentials. smtp_sasl_path (empty) - Implementation-specific information that the Post- - fix SMTP client passes through to the SASL plug-in - implementation that is selected with - smtp_sasl_type. + Implementation-specific information that the Postfix SMTP client + passes through to the SASL plug-in implementation that is + selected with smtp_sasl_type. smtp_sasl_type (cyrus) - The SASL plug-in type that the Postfix SMTP client - should use for authentication. + The SASL plug-in type that the Postfix SMTP client should use + for authentication. Available in Postfix version 2.5 and later: smtp_sasl_auth_cache_name (empty) - An optional table to prevent repeated SASL authen- - tication failures with the same remote SMTP server - hostname, username and password. + An optional table to prevent repeated SASL authentication fail- + ures with the same remote SMTP server hostname, username and + password. smtp_sasl_auth_cache_time (90d) - The maximal age of an smtp_sasl_auth_cache_name - entry before it is removed. + The maximal age of an smtp_sasl_auth_cache_name entry before it + is removed. smtp_sasl_auth_soft_bounce (yes) - When a remote SMTP server rejects a SASL authenti- - cation request with a 535 reply code, defer mail - delivery instead of returning mail as undeliver- - able. + When a remote SMTP server rejects a SASL authentication request + with a 535 reply code, defer mail delivery instead of returning + mail as undeliverable. Available in Postfix version 2.9 and later: smtp_send_dummy_mail_auth (no) - Whether or not to append the "AUTH=<>" option to - the MAIL FROM command in SASL-authenticated SMTP - sessions. + Whether or not to append the "AUTH=<>" option to the MAIL FROM + command in SASL-authenticated SMTP sessions. STARTTLS SUPPORT CONTROLS - Detailed information about STARTTLS configuration may be - found in the TLS_README document. + Detailed information about STARTTLS configuration may be found in the + TLS_README document. smtp_tls_security_level (empty) - The default SMTP TLS security level for the Postfix - SMTP client; when a non-empty value is specified, - this overrides the obsolete parameters - smtp_use_tls, smtp_enforce_tls, and + The default SMTP TLS security level for the Postfix SMTP client; + when a non-empty value is specified, this overrides the obsolete + parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. - smtp_sasl_tls_security_options ($smtp_sasl_secu- - rity_options) - The SASL authentication security options that the - Postfix SMTP client uses for TLS encrypted SMTP - sessions. + smtp_sasl_tls_security_options ($smtp_sasl_security_options) + The SASL authentication security options that the Postfix SMTP + client uses for TLS encrypted SMTP sessions. smtp_starttls_timeout (300s) - Time limit for Postfix SMTP client write and read - operations during TLS startup and shutdown hand- - shake procedures. + Time limit for Postfix SMTP client write and read operations + during TLS startup and shutdown handshake procedures. smtp_tls_CAfile (empty) - A file containing CA certificates of root CAs - trusted to sign either remote SMTP server certifi- - cates or intermediate CA certificates. + A file containing CA certificates of root CAs trusted to sign + either remote SMTP server certificates or intermediate CA cer- + tificates. smtp_tls_CApath (empty) - Directory with PEM format certificate authority - certificates that the Postfix SMTP client uses to - verify a remote SMTP server certificate. + Directory with PEM format certificate authority certificates + that the Postfix SMTP client uses to verify a remote SMTP server + certificate. smtp_tls_cert_file (empty) - File with the Postfix SMTP client RSA certificate - in PEM format. + File with the Postfix SMTP client RSA certificate in PEM format. smtp_tls_mandatory_ciphers (medium) - The minimum TLS cipher grade that the Postfix SMTP - client will use with mandatory TLS encryption. + The minimum TLS cipher grade that the Postfix SMTP client will + use with mandatory TLS encryption. smtp_tls_exclude_ciphers (empty) - List of ciphers or cipher types to exclude from the - Postfix SMTP client cipher list at all TLS security - levels. + List of ciphers or cipher types to exclude from the Postfix SMTP + client cipher list at all TLS security levels. smtp_tls_mandatory_exclude_ciphers (empty) - Additional list of ciphers or cipher types to - exclude from the Postfix SMTP client cipher list at - mandatory TLS security levels. + Additional list of ciphers or cipher types to exclude from the + Postfix SMTP client cipher list at mandatory TLS security lev- + els. smtp_tls_dcert_file (empty) - File with the Postfix SMTP client DSA certificate - in PEM format. + File with the Postfix SMTP client DSA certificate in PEM format. smtp_tls_dkey_file ($smtp_tls_dcert_file) - File with the Postfix SMTP client DSA private key - in PEM format. + File with the Postfix SMTP client DSA private key in PEM format. smtp_tls_key_file ($smtp_tls_cert_file) - File with the Postfix SMTP client RSA private key - in PEM format. + File with the Postfix SMTP client RSA private key in PEM format. smtp_tls_loglevel (0) - Enable additional Postfix SMTP client logging of - TLS activity. + Enable additional Postfix SMTP client logging of TLS activity. smtp_tls_note_starttls_offer (no) - Log the hostname of a remote SMTP server that - offers STARTTLS, when TLS is not already enabled - for that server. + Log the hostname of a remote SMTP server that offers STARTTLS, + when TLS is not already enabled for that server. smtp_tls_policy_maps (empty) - Optional lookup tables with the Postfix SMTP client - TLS security policy by next-hop destination; when a - non-empty value is specified, this overrides the - obsolete smtp_tls_per_site parameter. + Optional lookup tables with the Postfix SMTP client TLS security + policy by next-hop destination; when a non-empty value is speci- + fied, this overrides the obsolete smtp_tls_per_site parameter. smtp_tls_mandatory_protocols (!SSLv2) - List of SSL/TLS protocols that the Postfix SMTP - client will use with mandatory TLS encryption. + List of SSL/TLS protocols that the Postfix SMTP client will use + with mandatory TLS encryption. smtp_tls_scert_verifydepth (9) - The verification depth for remote SMTP server cer- - tificates. + The verification depth for remote SMTP server certificates. smtp_tls_secure_cert_match (nexthop, dot-nexthop) - How the Postfix SMTP client verifies the server - certificate peername for the "secure" TLS security - level. + How the Postfix SMTP client verifies the server certificate + peername for the "secure" TLS security level. smtp_tls_session_cache_database (empty) - Name of the file containing the optional Postfix - SMTP client TLS session cache. + Name of the file containing the optional Postfix SMTP client TLS + session cache. smtp_tls_session_cache_timeout (3600s) - The expiration time of Postfix SMTP client TLS ses- - sion cache information. + The expiration time of Postfix SMTP client TLS session cache + information. smtp_tls_verify_cert_match (hostname) - How the Postfix SMTP client verifies the server - certificate peername for the "verify" TLS security - level. + How the Postfix SMTP client verifies the server certificate + peername for the "verify" TLS security level. tls_daemon_random_bytes (32) - The number of pseudo-random bytes that an smtp(8) - or smtpd(8) process requests from the tlsmgr(8) - server in order to seed its internal pseudo random - number generator (PRNG). + The number of pseudo-random bytes that an smtp(8) or smtpd(8) + process requests from the tlsmgr(8) server in order to seed its + internal pseudo random number generator (PRNG). - tls_high_cipherlist - (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) + tls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) The OpenSSL cipherlist for "HIGH" grade ciphers. tls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH) - The OpenSSL cipherlist for "MEDIUM" or higher grade - ciphers. + The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH) - The OpenSSL cipherlist for "LOW" or higher grade - ciphers. + The OpenSSL cipherlist for "LOW" or higher grade ciphers. tls_export_cipherlist (ALL:+RC4:@STRENGTH) - The OpenSSL cipherlist for "EXPORT" or higher grade - ciphers. + The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. tls_null_cipherlist (eNULL:!aNULL) - The OpenSSL cipherlist for "NULL" grade ciphers - that provide authentication without encryption. + The OpenSSL cipherlist for "NULL" grade ciphers that provide + authentication without encryption. Available in Postfix version 2.4 and later: - smtp_sasl_tls_verified_security_options - ($smtp_sasl_tls_security_options) - The SASL authentication security options that the - Postfix SMTP client uses for TLS encrypted SMTP - sessions with a verified server certificate. + smtp_sasl_tls_verified_security_options ($smtp_sasl_tls_secu- + rity_options) + The SASL authentication security options that the Postfix SMTP + client uses for TLS encrypted SMTP sessions with a verified + server certificate. Available in Postfix version 2.5 and later: smtp_tls_fingerprint_cert_match (empty) - List of acceptable remote SMTP server certificate - fingerprints for the "fingerprint" TLS security - level (smtp_tls_security_level = fingerprint). + List of acceptable remote SMTP server certificate fingerprints + for the "fingerprint" TLS security level (smtp_tls_secu- + rity_level = fingerprint). smtp_tls_fingerprint_digest (md5) - The message digest algorithm used to construct - remote SMTP server certificate fingerprints. + The message digest algorithm used to construct remote SMTP + server certificate fingerprints. Available in Postfix version 2.6 and later: smtp_tls_protocols (!SSLv2) - List of TLS protocols that the Postfix SMTP client - will exclude or include with opportunistic TLS - encryption. + List of TLS protocols that the Postfix SMTP client will exclude + or include with opportunistic TLS encryption. smtp_tls_ciphers (export) - The minimum TLS cipher grade that the Postfix SMTP - client will use with opportunistic TLS encryption. + The minimum TLS cipher grade that the Postfix SMTP client will + use with opportunistic TLS encryption. smtp_tls_eccert_file (empty) - File with the Postfix SMTP client ECDSA certificate - in PEM format. + File with the Postfix SMTP client ECDSA certificate in PEM for- + mat. smtp_tls_eckey_file ($smtp_tls_eccert_file) - File with the Postfix SMTP client ECDSA private key - in PEM format. + File with the Postfix SMTP client ECDSA private key in PEM for- + mat. Available in Postfix version 2.7 and later: smtp_tls_block_early_mail_reply (no) - Try to detect a mail hijacking attack based on a - TLS protocol vulnerability (CVE-2009-3555), where - an attacker prepends malicious HELO, MAIL, RCPT, - DATA commands to a Postfix SMTP client TLS session. + Try to detect a mail hijacking attack based on a TLS protocol + vulnerability (CVE-2009-3555), where an attacker prepends mali- + cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client + TLS session. Available in Postfix version 2.8 and later: tls_disable_workarounds (see 'postconf -d' output) - List or bit-mask of OpenSSL bug work-arounds to - disable. + List or bit-mask of OpenSSL bug work-arounds to disable. Available in Postfix version 2.11 and later: smtp_tls_trust_anchor_file (empty) - Zero or more PEM-format files with trust-anchor - certificates and/or public keys. + Zero or more PEM-format files with trust-anchor certificates + and/or public keys. smtp_tls_force_insecure_host_tlsa_lookup (no) - Lookup the associated DANE TLSA RRset even when a - hostname is not an alias and its address records - lie in an unsigned zone. + Lookup the associated DANE TLSA RRset even when a hostname is + not an alias and its address records lie in an unsigned zone. tls_dane_trust_anchor_digest_enable (yes) - RFC 6698 trust-anchor digest support in the Postfix - TLS library. + RFC 6698 trust-anchor digest support in the Postfix TLS library. tlsmgr_service_name (tlsmgr) - The name of the tlsmgr(8) service entry in mas- - ter.cf. + The name of the tlsmgr(8) service entry in master.cf. OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compati- - bility with Postfix versions before 2.3. Support for these - will be removed in a future release. + The following configuration parameters exist for compatibility with + Postfix versions before 2.3. Support for these will be removed in a + future release. smtp_use_tls (no) - Opportunistic mode: use TLS when a remote SMTP - server announces STARTTLS support, otherwise send - the mail in the clear. + Opportunistic mode: use TLS when a remote SMTP server announces + STARTTLS support, otherwise send the mail in the clear. smtp_enforce_tls (no) - Enforcement mode: require that remote SMTP servers - use TLS encryption, and never send mail in the - clear. + Enforcement mode: require that remote SMTP servers use TLS + encryption, and never send mail in the clear. smtp_tls_enforce_peername (yes) - With mandatory TLS encryption, require that the - remote SMTP server hostname matches the information - in the remote SMTP server certificate. + With mandatory TLS encryption, require that the remote SMTP + server hostname matches the information in the remote SMTP + server certificate. smtp_tls_per_site (empty) - Optional lookup tables with the Postfix SMTP client - TLS usage policy by next-hop destination and by - remote SMTP server hostname. + Optional lookup tables with the Postfix SMTP client TLS usage + policy by next-hop destination and by remote SMTP server host- + name. smtp_tls_cipherlist (empty) - Obsolete Postfix < 2.3 control for the Postfix SMTP - client TLS cipher list. + Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS + cipher list. RESOURCE AND RATE CONTROLS - smtp_destination_concurrency_limit ($default_destina- - tion_concurrency_limit) - The maximal number of parallel deliveries to the - same destination via the smtp message delivery - transport. + smtp_destination_concurrency_limit ($default_destination_concur- + rency_limit) + The maximal number of parallel deliveries to the same destina- + tion via the smtp message delivery transport. - smtp_destination_recipient_limit ($default_destina- - tion_recipient_limit) - The maximal number of recipients per message for - the smtp message delivery transport. + smtp_destination_recipient_limit ($default_destination_recipient_limit) + The maximal number of recipients per message for the smtp mes- + sage delivery transport. smtp_connect_timeout (30s) - The Postfix SMTP client time limit for completing a - TCP connection, or zero (use the operating system - built-in time limit). + The Postfix SMTP client time limit for completing a TCP connec- + tion, or zero (use the operating system built-in time limit). smtp_helo_timeout (300s) - The Postfix SMTP client time limit for sending the - HELO or EHLO command, and for receiving the initial - remote SMTP server response. + The Postfix SMTP client time limit for sending the HELO or EHLO + command, and for receiving the initial remote SMTP server + response. lmtp_lhlo_timeout (300s) - The Postfix LMTP client time limit for sending the - LHLO command, and for receiving the initial remote - LMTP server response. + The Postfix LMTP client time limit for sending the LHLO command, + and for receiving the initial remote LMTP server response. smtp_xforward_timeout (300s) - The Postfix SMTP client time limit for sending the - XFORWARD command, and for receiving the remote SMTP - server response. + The Postfix SMTP client time limit for sending the XFORWARD com- + mand, and for receiving the remote SMTP server response. smtp_mail_timeout (300s) - The Postfix SMTP client time limit for sending the - MAIL FROM command, and for receiving the remote - SMTP server response. + The Postfix SMTP client time limit for sending the MAIL FROM + command, and for receiving the remote SMTP server response. smtp_rcpt_timeout (300s) - The Postfix SMTP client time limit for sending the - SMTP RCPT TO command, and for receiving the remote - SMTP server response. + The Postfix SMTP client time limit for sending the SMTP RCPT TO + command, and for receiving the remote SMTP server response. smtp_data_init_timeout (120s) - The Postfix SMTP client time limit for sending the - SMTP DATA command, and for receiving the remote - SMTP server response. + The Postfix SMTP client time limit for sending the SMTP DATA + command, and for receiving the remote SMTP server response. smtp_data_xfer_timeout (180s) - The Postfix SMTP client time limit for sending the - SMTP message content. + The Postfix SMTP client time limit for sending the SMTP message + content. smtp_data_done_timeout (600s) - The Postfix SMTP client time limit for sending the - SMTP ".", and for receiving the remote SMTP server - response. + The Postfix SMTP client time limit for sending the SMTP ".", and + for receiving the remote SMTP server response. smtp_quit_timeout (300s) - The Postfix SMTP client time limit for sending the - QUIT command, and for receiving the remote SMTP - server response. + The Postfix SMTP client time limit for sending the QUIT command, + and for receiving the remote SMTP server response. Available in Postfix version 2.1 and later: smtp_mx_address_limit (5) - The maximal number of MX (mail exchanger) IP - addresses that can result from Postfix SMTP client - mail exchanger lookups, or zero (no limit). + The maximal number of MX (mail exchanger) IP addresses that can + result from Postfix SMTP client mail exchanger lookups, or zero + (no limit). smtp_mx_session_limit (2) - The maximal number of SMTP sessions per delivery - request before the Postfix SMTP client gives up or - delivers to a fall-back relay host, or zero (no - limit). + The maximal number of SMTP sessions per delivery request before + the Postfix SMTP client gives up or delivers to a fall-back + relay host, or zero (no limit). smtp_rset_timeout (20s) - The Postfix SMTP client time limit for sending the - RSET command, and for receiving the remote SMTP - server response. + The Postfix SMTP client time limit for sending the RSET command, + and for receiving the remote SMTP server response. Available in Postfix version 2.2 and earlier: lmtp_cache_connection (yes) - Keep Postfix LMTP client connections open for up to - $max_idle seconds. + Keep Postfix LMTP client connections open for up to $max_idle + seconds. Available in Postfix version 2.2 and later: smtp_connection_cache_destinations (empty) - Permanently enable SMTP connection caching for the - specified destinations. + Permanently enable SMTP connection caching for the specified + destinations. smtp_connection_cache_on_demand (yes) - Temporarily enable SMTP connection caching while a - destination has a high volume of mail in the active - queue. + Temporarily enable SMTP connection caching while a destination + has a high volume of mail in the active queue. smtp_connection_reuse_time_limit (300s) - The amount of time during which Postfix will use an - SMTP connection repeatedly. + The amount of time during which Postfix will use an SMTP connec- + tion repeatedly. smtp_connection_cache_time_limit (2s) - When SMTP connection caching is enabled, the amount - of time that an unused SMTP client socket is kept - open before it is closed. + When SMTP connection caching is enabled, the amount of time that + an unused SMTP client socket is kept open before it is closed. Available in Postfix version 2.3 and later: connection_cache_protocol_timeout (5s) - Time limit for connection cache connect, send or - receive operations. + Time limit for connection cache connect, send or receive opera- + tions. Available in Postfix version 2.9 and later: smtp_per_record_deadline (no) - Change the behavior of the smtp_*_timeout time lim- - its, from a time limit per read or write system - call, to a time limit to send or receive a complete - record (an SMTP command line, SMTP response line, - SMTP message content line, or TLS protocol mes- + Change the behavior of the smtp_*_timeout time limits, from a + time limit per read or write system call, to a time limit to + send or receive a complete record (an SMTP command line, SMTP + response line, SMTP message content line, or TLS protocol mes- sage). Available in Postfix version 2.11 and later: smtp_connection_reuse_count_limit (0) - When SMTP connection caching is enabled, the number - of times that an SMTP session may be reused before - it is closed, or zero (no limit). + When SMTP connection caching is enabled, the number of times + that an SMTP session may be reused before it is closed, or zero + (no limit). TROUBLE SHOOTING CONTROLS debug_peer_level (2) - The increment in verbose logging level when a - remote client or server matches a pattern in the - debug_peer_list parameter. + The increment in verbose logging level when a remote client or + server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname - or network address patterns that cause the verbose - logging level to increase by the amount specified - in $debug_peer_level. + Optional list of remote client or server hostname or network + address patterns that cause the verbose logging level to + increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about - mail delivery problems that are caused by policy, - resource, software or protocol errors. + The recipient of postmaster notifications about mail delivery + problems that are caused by policy, resource, software or proto- + col errors. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are sub- - ject to before-queue content inspection by - non_smtpd_milters, header_checks and body_checks. + What categories of Postfix-generated mail are subject to before- + queue content inspection by non_smtpd_milters, header_checks and + body_checks. notify_classes (resource, software) - The list of error classes that are reported to the - postmaster. + The list of error classes that are reported to the postmaster. MISCELLANEOUS CONTROLS best_mx_transport (empty) - Where the Postfix SMTP client should deliver mail - when it detects a "mail loops back to myself" error - condition. + Where the Postfix SMTP client should deliver mail when it + detects a "mail loops back to myself" error condition. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal - point when logging sub-second delay values. + The maximal number of digits after the decimal point when log- + ging sub-second delay values. disable_dns_lookups (no) - Disable DNS lookups in the Postfix SMTP and LMTP - clients. + Disable DNS lookups in the Postfix SMTP and LMTP clients. inet_interfaces (all) - The network interface addresses that this mail sys- - tem receives mail on. + The network interface addresses that this mail system receives + mail on. inet_protocols (all) - The Internet protocols Postfix will attempt to use - when making or accepting connections. + The Internet protocols Postfix will attempt to use when making + or accepting connections. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. lmtp_assume_final (no) - When a remote LMTP server announces no DSN support, - assume that the server performs final delivery, and - send "delivered" delivery status notifications - instead of "relayed". + When a remote LMTP server announces no DSN support, assume that + the server performs final delivery, and send "delivered" deliv- + ery status notifications instead of "relayed". lmtp_tcp_port (24) - The default TCP port that the Postfix LMTP client - connects to. + The default TCP port that the Postfix LMTP client connects to. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. proxy_interfaces (empty) - The network interface addresses that this mail sys- - tem receives mail on by way of a proxy or network - address translation unit. + The network interface addresses that this mail system receives + mail on by way of a proxy or network address translation unit. smtp_address_preference (any) - The address type ("ipv6", "ipv4" or "any") that the - Postfix SMTP client will try first, when a destina- - tion has IPv6 and IPv4 addresses with equal MX - preference. + The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP + client will try first, when a destination has IPv6 and IPv4 + addresses with equal MX preference. smtp_bind_address (empty) - An optional numerical network address that the - Postfix SMTP client should bind to when making an - IPv4 connection. + An optional numerical network address that the Postfix SMTP + client should bind to when making an IPv4 connection. smtp_bind_address6 (empty) - An optional numerical network address that the - Postfix SMTP client should bind to when making an - IPv6 connection. + An optional numerical network address that the Postfix SMTP + client should bind to when making an IPv6 connection. smtp_helo_name ($myhostname) - The hostname to send in the SMTP EHLO or HELO com- - mand. + The hostname to send in the SMTP EHLO or HELO command. lmtp_lhlo_name ($myhostname) The hostname to send in the LMTP LHLO command. smtp_host_lookup (dns) - What mechanisms the Postfix SMTP client uses to - look up a host's IP address. + What mechanisms the Postfix SMTP client uses to look up a host's + IP address. smtp_randomize_addresses (yes) - Randomize the order of equal-preference MX host - addresses. + Randomize the order of equal-preference MX host addresses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". Available with Postfix 2.2 and earlier: fallback_relay (empty) - Optional list of relay hosts for SMTP destinations - that can't be found or that are unreachable. + Optional list of relay hosts for SMTP destinations that can't be + found or that are unreachable. Available with Postfix 2.3 and later: smtp_fallback_relay ($fallback_relay) - Optional list of relay hosts for SMTP destinations - that can't be found or that are unreachable. + Optional list of relay hosts for SMTP destinations that can't be + found or that are unreachable. SEE ALSO generic(5), output address rewriting @@ -926,8 +827,7 @@ SMTP(8) SMTP(8) TLS_README, Postfix STARTTLS howto LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/local.8.html b/postfix/html/local.8.html index d88e556fc..b36306d4c 100644 --- a/postfix/html/local.8.html +++ b/postfix/html/local.8.html @@ -13,187 +13,161 @@ LOCAL(8) LOCAL(8) local [generic Postfix daemon options] DESCRIPTION - The local(8) daemon processes delivery requests from the - Postfix queue manager to deliver mail to local recipients. - Each delivery request specifies a queue file, a sender - address, a domain or host to deliver to, and one or more - recipients. This program expects to be run from the mas- - ter(8) process manager. - - The local(8) daemon updates queue files and marks recipi- - ents as finished, or it informs the queue manager that - delivery should be tried again at a later time. Delivery - status reports are sent to the bounce(8), defer(8) or - trace(8) daemon as appropriate. + The local(8) daemon processes delivery requests from the Postfix queue + manager to deliver mail to local recipients. Each delivery request + specifies a queue file, a sender address, a domain or host to deliver + to, and one or more recipients. This program expects to be run from + the master(8) process manager. + + The local(8) daemon updates queue files and marks recipients as fin- + ished, or it informs the queue manager that delivery should be tried + again at a later time. Delivery status reports are sent to the + bounce(8), defer(8) or trace(8) daemon as appropriate. CASE FOLDING - All delivery decisions are made using the bare recipient - name (i.e. the address localpart), folded to lower case. - See also under ADDRESS EXTENSION below for a few excep- - tions. + All delivery decisions are made using the bare recipient name (i.e. the + address localpart), folded to lower case. See also under ADDRESS + EXTENSION below for a few exceptions. SYSTEM-WIDE AND USER-LEVEL ALIASING - The system administrator can set up one or more system- - wide sendmail-style alias databases. Users can have send- - mail-style ~/.forward files. Mail for name is delivered - to the alias name, to destinations in ~name/.forward, to - the mailbox owned by the user name, or it is sent back as - undeliverable. - - The system administrator can specify a comma/space sepa- - rated list of ~/.forward like files through the for- - ward_path configuration parameter. Upon delivery, the - local delivery agent tries each pathname in the list until - a file is found. - - Delivery via ~/.forward files is done with the privileges - of the recipient. Thus, ~/.forward like files must be - readable by the recipient, and their parent directory - needs to have "execute" permission for the recipient. - - The forward_path parameter is subject to interpolation of - $user (recipient username), $home (recipient home direc- - tory), $shell (recipient shell), $recipient (complete - recipient address), $extension (recipient address exten- - sion), $domain (recipient domain), $local (entire recipi- - ent address localpart) and $recipient_delimiter. The forms - ${name?value} and ${name:value} expand conditionally to - value when $name is (is not) defined. Characters that may - have special meaning to the shell or file system are - replaced by underscores. The list of acceptable charac- - ters is specified with the forward_expansion_filter con- - figuration parameter. - - An alias or ~/.forward file may list any combination of - external commands, destination file names, :include: - directives, or mail addresses. See aliases(5) for a pre- - cise description. Each line in a user's .forward file has - the same syntax as the right-hand part of an alias. - - When an address is found in its own alias expansion, - delivery is made to the user instead. When a user is - listed in the user's own ~/.forward file, delivery is made - to the user's mailbox instead. An empty ~/.forward file - means do not forward mail. - - In order to prevent the mail system from using up unrea- - sonable amounts of memory, input records read from - :include: or from ~/.forward files are broken up into - chunks of length line_length_limit. - - While expanding aliases, ~/.forward files, and so on, the - program attempts to avoid duplicate deliveries. The dupli- - cate_filter_limit configuration parameter limits the num- - ber of remembered recipients. + The system administrator can set up one or more system-wide sendmail- + style alias databases. Users can have sendmail-style ~/.forward files. + Mail for name is delivered to the alias name, to destinations in + ~name/.forward, to the mailbox owned by the user name, or it is sent + back as undeliverable. + + The system administrator can specify a comma/space separated list of + ~/.forward like files through the forward_path configuration parameter. + Upon delivery, the local delivery agent tries each pathname in the list + until a file is found. + + Delivery via ~/.forward files is done with the privileges of the recip- + ient. Thus, ~/.forward like files must be readable by the recipient, + and their parent directory needs to have "execute" permission for the + recipient. + + The forward_path parameter is subject to interpolation of $user (recip- + ient username), $home (recipient home directory), $shell (recipient + shell), $recipient (complete recipient address), $extension (recipient + address extension), $domain (recipient domain), $local (entire recipi- + ent address localpart) and $recipient_delimiter. The forms + ${name?value} and ${name:value} expand conditionally to value when + $name is (is not) defined. Characters that may have special meaning to + the shell or file system are replaced by underscores. The list of + acceptable characters is specified with the forward_expansion_filter + configuration parameter. + + An alias or ~/.forward file may list any combination of external com- + mands, destination file names, :include: directives, or mail addresses. + See aliases(5) for a precise description. Each line in a user's .for- + ward file has the same syntax as the right-hand part of an alias. + + When an address is found in its own alias expansion, delivery is made + to the user instead. When a user is listed in the user's own ~/.forward + file, delivery is made to the user's mailbox instead. An empty ~/.for- + ward file means do not forward mail. + + In order to prevent the mail system from using up unreasonable amounts + of memory, input records read from :include: or from ~/.forward files + are broken up into chunks of length line_length_limit. + + While expanding aliases, ~/.forward files, and so on, the program + attempts to avoid duplicate deliveries. The duplicate_filter_limit con- + figuration parameter limits the number of remembered recipients. MAIL FORWARDING - For the sake of reliability, forwarded mail is re-submit- - ted as a new message, so that each recipient has a sepa- - rate on-file delivery status record. + For the sake of reliability, forwarded mail is re-submitted as a new + message, so that each recipient has a separate on-file delivery status + record. - In order to stop mail forwarding loops early, the software - adds an optional Delivered-To: header with the final enve- - lope recipient address. If mail arrives for a recipient - that is already listed in a Delivered-To: header, the mes- - sage is bounced. + In order to stop mail forwarding loops early, the software adds an + optional Delivered-To: header with the final envelope recipient + address. If mail arrives for a recipient that is already listed in a + Delivered-To: header, the message is bounced. MAILBOX DELIVERY - The default per-user mailbox is a file in the UNIX mail - spool directory (/var/mail/user or /var/spool/mail/user); - the location can be specified with the mail_spool_direc- - tory configuration parameter. Specify a name ending in / - for qmail-compatible maildir delivery. - - Alternatively, the per-user mailbox can be a file in the - user's home directory with a name specified via the - home_mailbox configuration parameter. Specify a relative - path name. Specify a name ending in / for qmail-compatible - maildir delivery. - - Mailbox delivery can be delegated to an external command - specified with the mailbox_command_maps and mailbox_com- - mand configuration parameters. The command executes with - the privileges of the recipient user (exceptions: sec- - ondary groups are not enabled; in case of delivery as - root, the command executes with the privileges of - default_privs). - - Mailbox delivery can be delegated to alternative message - transports specified in the master.cf file. The mail- - box_transport_maps and mailbox_transport configuration - parameters specify an optional message transport that is - to be used for all local recipients, regardless of whether - they are found in the UNIX passwd database. The fall- - back_transport_maps and fallback_transport parameters - specify an optional message transport for recipients that - are not found in the aliases(5) or UNIX passwd database. - - In the case of UNIX-style mailbox delivery, the local(8) - daemon prepends a "From sender time_stamp" envelope header - to each message, prepends an X-Original-To: header with - the recipient address as given to Postfix, prepends an - optional Delivered-To: header with the final envelope - recipient address, prepends a Return-Path: header with the - envelope sender address, prepends a > character to lines - beginning with "From ", and appends an empty line. The - mailbox is locked for exclusive access while delivery is - in progress. In case of problems, an attempt is made to - truncate the mailbox to its original length. - - In the case of maildir delivery, the local daemon prepends - an optional Delivered-To: header with the final envelope - recipient address, prepends an X-Original-To: header with - the recipient address as given to Postfix, and prepends a - Return-Path: header with the envelope sender address. + The default per-user mailbox is a file in the UNIX mail spool directory + (/var/mail/user or /var/spool/mail/user); the location can be specified + with the mail_spool_directory configuration parameter. Specify a name + ending in / for qmail-compatible maildir delivery. + + Alternatively, the per-user mailbox can be a file in the user's home + directory with a name specified via the home_mailbox configuration + parameter. Specify a relative path name. Specify a name ending in / for + qmail-compatible maildir delivery. + + Mailbox delivery can be delegated to an external command specified with + the mailbox_command_maps and mailbox_command configuration parameters. + The command executes with the privileges of the recipient user (excep- + tions: secondary groups are not enabled; in case of delivery as root, + the command executes with the privileges of default_privs). + + Mailbox delivery can be delegated to alternative message transports + specified in the master.cf file. The mailbox_transport_maps and mail- + box_transport configuration parameters specify an optional message + transport that is to be used for all local recipients, regardless of + whether they are found in the UNIX passwd database. The fall- + back_transport_maps and fallback_transport parameters specify an + optional message transport for recipients that are not found in the + aliases(5) or UNIX passwd database. + + In the case of UNIX-style mailbox delivery, the local(8) daemon + prepends a "From sender time_stamp" envelope header to each message, + prepends an X-Original-To: header with the recipient address as given + to Postfix, prepends an optional Delivered-To: header with the final + envelope recipient address, prepends a Return-Path: header with the + envelope sender address, prepends a > character to lines beginning with + "From ", and appends an empty line. The mailbox is locked for exclu- + sive access while delivery is in progress. In case of problems, an + attempt is made to truncate the mailbox to its original length. + + In the case of maildir delivery, the local daemon prepends an optional + Delivered-To: header with the final envelope recipient address, + prepends an X-Original-To: header with the recipient address as given + to Postfix, and prepends a Return-Path: header with the envelope sender + address. EXTERNAL COMMAND DELIVERY - The allow_mail_to_commands configuration parameter - restricts delivery to external commands. The default set- - ting (alias, forward) forbids command destinations in - :include: files. - - Optionally, the process working directory is changed to - the path specified with command_execution_directory (Post- - fix 2.2 and later). Failure to change directory causes - mail to be deferred. - - The command_execution_directory parameter value is subject - to interpolation of $user (recipient username), $home - (recipient home directory), $shell (recipient shell), - $recipient (complete recipient address), $extension - (recipient address extension), $domain (recipient domain), - $local (entire recipient address localpart) and $recipi- - ent_delimiter. The forms ${name?value} and ${name:value} - expand conditionally to value when $name is (is not) - defined. Characters that may have special meaning to the - shell or file system are replaced by underscores. The - list of acceptable characters is specified with the execu- - tion_directory_expansion_filter configuration parameter. - - The command is executed directly where possible. Assis- - tance by the shell (/bin/sh on UNIX systems) is used only - when the command contains shell magic characters, or when - the command invokes a shell built-in command. - - A limited amount of command output (standard output and - standard error) is captured for inclusion with non-deliv- - ery status reports. A command is forcibly terminated if - it does not complete within command_time_limit seconds. - Command exit status codes are expected to follow the con- - ventions defined in <sysexits.h>. Exit status 0 means + The allow_mail_to_commands configuration parameter restricts delivery + to external commands. The default setting (alias, forward) forbids com- + mand destinations in :include: files. + + Optionally, the process working directory is changed to the path speci- + fied with command_execution_directory (Postfix 2.2 and later). Failure + to change directory causes mail to be deferred. + + The command_execution_directory parameter value is subject to interpo- + lation of $user (recipient username), $home (recipient home directory), + $shell (recipient shell), $recipient (complete recipient address), + $extension (recipient address extension), $domain (recipient domain), + $local (entire recipient address localpart) and $recipient_delimiter. + The forms ${name?value} and ${name:value} expand conditionally to value + when $name is (is not) defined. Characters that may have special mean- + ing to the shell or file system are replaced by underscores. The list + of acceptable characters is specified with the execution_direc- + tory_expansion_filter configuration parameter. + + The command is executed directly where possible. Assistance by the + shell (/bin/sh on UNIX systems) is used only when the command contains + shell magic characters, or when the command invokes a shell built-in + command. + + A limited amount of command output (standard output and standard error) + is captured for inclusion with non-delivery status reports. A command + is forcibly terminated if it does not complete within com- + mand_time_limit seconds. Command exit status codes are expected to + follow the conventions defined in <sysexits.h>. Exit status 0 means normal successful completion. - Postfix version 2.3 and later support RFC 3463-style - enhanced status codes. If a command terminates with a - non-zero exit status, and the command output begins with - an enhanced status code, this status code takes precedence - over the non-zero exit status. + Postfix version 2.3 and later support RFC 3463-style enhanced status + codes. If a command terminates with a non-zero exit status, and the + command output begins with an enhanced status code, this status code + takes precedence over the non-zero exit status. - A limited amount of message context is exported via envi- - ronment variables. Characters that may have special mean- - ing to the shell are replaced by underscores. The list of - acceptable characters is specified with the command_expan- - sion_filter configuration parameter. + A limited amount of message context is exported via environment vari- + ables. Characters that may have special meaning to the shell are + replaced by underscores. The list of acceptable characters is speci- + fied with the command_expansion_filter configuration parameter. SHELL The recipient user's login shell. @@ -209,112 +183,99 @@ LOCAL(8) LOCAL(8) LOGNAME The bare recipient name. - LOCAL The entire recipient address localpart (text to the - left of the rightmost @ character). + LOCAL The entire recipient address localpart (text to the left of the + rightmost @ character). ORIGINAL_RECIPIENT - The entire recipient address, before any address - rewriting or aliasing (Postfix 2.5 and later). + The entire recipient address, before any address rewriting or + aliasing (Postfix 2.5 and later). RECIPIENT The entire recipient address. SENDER The entire sender address. - Additional remote client information is made available via - the following environment variables: + Additional remote client information is made available via the follow- + ing environment variables: CLIENT_ADDRESS - Remote client network address. Available as of - Postfix 2.2. + Remote client network address. Available as of Postfix 2.2. CLIENT_HELO - Remote client EHLO command parameter. Available as - of Postfix 2.2. + Remote client EHLO command parameter. Available as of Postfix + 2.2. CLIENT_HOSTNAME - Remote client hostname. Available as of Postfix - 2.2. + Remote client hostname. Available as of Postfix 2.2. CLIENT_PROTOCOL - Remote client protocol. Available as of Postfix - 2.2. + Remote client protocol. Available as of Postfix 2.2. SASL_METHOD - SASL authentication method specified in the remote - client AUTH command. Available as of Postfix 2.2. + SASL authentication method specified in the remote client AUTH + command. Available as of Postfix 2.2. SASL_SENDER - SASL sender address specified in the remote client - MAIL FROM command. Available as of Postfix 2.2. + SASL sender address specified in the remote client MAIL FROM + command. Available as of Postfix 2.2. SASL_USERNAME - SASL username specified in the remote client AUTH - command. Available as of Postfix 2.2. + SASL username specified in the remote client AUTH command. + Available as of Postfix 2.2. - The PATH environment variable is always reset to a system- - dependent default path, and environment variables whose - names are blessed by the export_environment configuration - parameter are exported unchanged. + The PATH environment variable is always reset to a system-dependent + default path, and environment variables whose names are blessed by the + export_environment configuration parameter are exported unchanged. The current working directory is the mail queue directory. - The local(8) daemon prepends a "From sender time_stamp" - envelope header to each message, prepends an X-Original- - To: header with the recipient address as given to Postfix, - prepends an optional Delivered-To: header with the final - recipient envelope address, prepends a Return-Path: header - with the sender envelope address, and appends no empty - line. + The local(8) daemon prepends a "From sender time_stamp" envelope header + to each message, prepends an X-Original-To: header with the recipient + address as given to Postfix, prepends an optional Delivered-To: header + with the final recipient envelope address, prepends a Return-Path: + header with the sender envelope address, and appends no empty line. EXTERNAL FILE DELIVERY - The delivery format depends on the destination filename - syntax. The default is to use UNIX-style mailbox format. - Specify a name ending in / for qmail-compatible maildir - delivery. - - The allow_mail_to_files configuration parameter restricts - delivery to external files. The default setting (alias, - forward) forbids file destinations in :include: files. - - In the case of UNIX-style mailbox delivery, the local(8) - daemon prepends a "From sender time_stamp" envelope header - to each message, prepends an X-Original-To: header with - the recipient address as given to Postfix, prepends an - optional Delivered-To: header with the final recipient - envelope address, prepends a > character to lines begin- - ning with "From ", and appends an empty line. The enve- - lope sender address is available in the Return-Path: - header. When the destination is a regular file, it is - locked for exclusive access while delivery is in progress. - In case of problems, an attempt is made to truncate a reg- - ular file to its original length. - - In the case of maildir delivery, the local daemon prepends - an optional Delivered-To: header with the final envelope - recipient address, and prepends an X-Original-To: header - with the recipient address as given to Postfix. The enve- - lope sender address is available in the Return-Path: - header. + The delivery format depends on the destination filename syntax. The + default is to use UNIX-style mailbox format. Specify a name ending in + / for qmail-compatible maildir delivery. + + The allow_mail_to_files configuration parameter restricts delivery to + external files. The default setting (alias, forward) forbids file des- + tinations in :include: files. + + In the case of UNIX-style mailbox delivery, the local(8) daemon + prepends a "From sender time_stamp" envelope header to each message, + prepends an X-Original-To: header with the recipient address as given + to Postfix, prepends an optional Delivered-To: header with the final + recipient envelope address, prepends a > character to lines beginning + with "From ", and appends an empty line. The envelope sender address + is available in the Return-Path: header. When the destination is a + regular file, it is locked for exclusive access while delivery is in + progress. In case of problems, an attempt is made to truncate a regular + file to its original length. + + In the case of maildir delivery, the local daemon prepends an optional + Delivered-To: header with the final envelope recipient address, and + prepends an X-Original-To: header with the recipient address as given + to Postfix. The envelope sender address is available in the Return- + Path: header. ADDRESS EXTENSION - The optional recipient_delimiter configuration parameter - specifies how to separate address extensions from local - recipient names. + The optional recipient_delimiter configuration parameter specifies how + to separate address extensions from local recipient names. - For example, with "recipient_delimiter = +", mail for - name+foo is delivered to the alias name+foo or to the - alias name, to the destinations listed in ~name/.for- - ward+foo or in ~name/.forward, to the mailbox owned by the - user name, or it is sent back as undeliverable. + For example, with "recipient_delimiter = +", mail for name+foo is + delivered to the alias name+foo or to the alias name, to the destina- + tions listed in ~name/.forward+foo or in ~name/.forward, to the mailbox + owned by the user name, or it is sent back as undeliverable. DELIVERY RIGHTS - Deliveries to external files and external commands are - made with the rights of the receiving user on whose behalf - the delivery is made. In the absence of a user context, - the local(8) daemon uses the owner rights of the :include: - file or alias database. When those files are owned by the - superuser, delivery is made with the rights specified with + Deliveries to external files and external commands are made with the + rights of the receiving user on whose behalf the delivery is made. In + the absence of a user context, the local(8) daemon uses the owner + rights of the :include: file or alias database. When those files are + owned by the superuser, delivery is made with the rights specified with the default_privs configuration parameter. STANDARDS @@ -322,65 +283,58 @@ LOCAL(8) LOCAL(8) RFC 3463 (Enhanced status codes) DIAGNOSTICS - Problems and transactions are logged to syslogd(8). Cor- - rupted message files are marked so that the queue manager - can move them to the corrupt queue afterwards. + Problems and transactions are logged to syslogd(8). Corrupted message + files are marked so that the queue manager can move them to the corrupt + queue afterwards. - Depending on the setting of the notify_classes parameter, - the postmaster is notified of bounces and of other trou- - ble. + Depending on the setting of the notify_classes parameter, the postmas- + ter is notified of bounces and of other trouble. SECURITY - The local(8) delivery agent needs a dual personality 1) to - access the private Postfix queue and IPC mechanisms, 2) to - impersonate the recipient and deliver to recipient-speci- - fied files or commands. It is therefore security sensi- - tive. - - The local(8) delivery agent disallows regular expression - substitution of $1 etc. in alias_maps, because that would - open a security hole. - - The local(8) delivery agent will silently ignore requests - to use the proxymap(8) server within alias_maps. Instead - it will open the table directly. Before Postfix version - 2.2, the local(8) delivery agent will terminate with a - fatal error. + The local(8) delivery agent needs a dual personality 1) to access the + private Postfix queue and IPC mechanisms, 2) to impersonate the recipi- + ent and deliver to recipient-specified files or commands. It is there- + fore security sensitive. + + The local(8) delivery agent disallows regular expression substitution + of $1 etc. in alias_maps, because that would open a security hole. + + The local(8) delivery agent will silently ignore requests to use the + proxymap(8) server within alias_maps. Instead it will open the table + directly. Before Postfix version 2.2, the local(8) delivery agent will + terminate with a fatal error. BUGS - For security reasons, the message delivery status of - external commands or of external files is never check- - pointed to file. As a result, the program may occasionally - deliver more than once to a command or external file. Bet- - ter safe than sorry. + For security reasons, the message delivery status of external commands + or of external files is never checkpointed to file. As a result, the + program may occasionally deliver more than once to a command or exter- + nal file. Better safe than sorry. - Mutually-recursive aliases or ~/.forward files are not - detected early. The resulting mail forwarding loop is - broken by the use of the Delivered-To: message header. + Mutually-recursive aliases or ~/.forward files are not detected early. + The resulting mail forwarding loop is broken by the use of the Deliv- + ered-To: message header. CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically, as - local(8) processes run for only a limited amount of time. - Use the command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically, as local(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. COMPATIBILITY CONTROLS biff (yes) Whether or not to use the local biff service. expand_owner_alias (no) - When delivering to an alias "aliasname" that has an - "owner-aliasname" companion alias, set the envelope - sender address to the expansion of the "owner- - aliasname" alias. + When delivering to an alias "aliasname" that has an "owner- + aliasname" companion alias, set the envelope sender address to + the expansion of the "owner-aliasname" alias. owner_request_special (yes) - Give special treatment to owner-listname and list- - name-request address localparts: don't split such - addresses when the recipient_delimiter is set to - "-". + Give special treatment to owner-listname and listname-request + address localparts: don't split such addresses when the recipi- + ent_delimiter is set to "-". sun_mailtool_compatibility (no) Obsolete SUN mailtool compatibility feature. @@ -388,242 +342,219 @@ LOCAL(8) LOCAL(8) Available in Postfix version 2.3 and later: frozen_delivered_to (yes) - Update the local(8) delivery agent's idea of the - Delivered-To: address (see prepend_deliv- - ered_header) only once, at the start of a delivery - attempt; do not update the Delivered-To: address + Update the local(8) delivery agent's idea of the Delivered-To: + address (see prepend_delivered_header) only once, at the start + of a delivery attempt; do not update the Delivered-To: address while expanding aliases or .forward files. Available in Postfix version 2.5.3 and later: strict_mailbox_ownership (yes) - Defer delivery when a mailbox file is not owned by - its recipient. + Defer delivery when a mailbox file is not owned by its recipi- + ent. reset_owner_alias (no) - Reset the local(8) delivery agent's idea of the - owner-alias attribute, when delivering mail to a - child alias that does not have its own owner alias. + Reset the local(8) delivery agent's idea of the owner-alias + attribute, when delivering mail to a child alias that does not + have its own owner alias. DELIVERY METHOD CONTROLS - The precedence of local(8) delivery methods from high to - low is: aliases, .forward files, mailbox_transport_maps, - mailbox_transport, mailbox_command_maps, mailbox_command, - home_mailbox, mail_spool_directory, fallback_trans- - port_maps, fallback_transport, and luser_relay. + The precedence of local(8) delivery methods from high to low is: + aliases, .forward files, mailbox_transport_maps, mailbox_transport, + mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_direc- + tory, fallback_transport_maps, fallback_transport, and luser_relay. alias_maps (see 'postconf -d' output) - The alias databases that are used for local(8) - delivery. + The alias databases that are used for local(8) delivery. forward_path (see 'postconf -d' output) - The local(8) delivery agent search list for finding - a .forward file with user-specified delivery meth- - ods. + The local(8) delivery agent search list for finding a .forward + file with user-specified delivery methods. mailbox_transport_maps (empty) - Optional lookup tables with per-recipient message - delivery transports to use for local(8) mailbox - delivery, whether or not the recipients are found - in the UNIX passwd database. + Optional lookup tables with per-recipient message delivery + transports to use for local(8) mailbox delivery, whether or not + the recipients are found in the UNIX passwd database. mailbox_transport (empty) - Optional message delivery transport that the - local(8) delivery agent should use for mailbox - delivery to all local recipients, whether or not - they are found in the UNIX passwd database. + Optional message delivery transport that the local(8) delivery + agent should use for mailbox delivery to all local recipients, + whether or not they are found in the UNIX passwd database. mailbox_command_maps (empty) - Optional lookup tables with per-recipient external - commands to use for local(8) mailbox delivery. + Optional lookup tables with per-recipient external commands to + use for local(8) mailbox delivery. mailbox_command (empty) - Optional external command that the local(8) deliv- - ery agent should use for mailbox delivery. + Optional external command that the local(8) delivery agent + should use for mailbox delivery. home_mailbox (empty) - Optional pathname of a mailbox file relative to a - local(8) user's home directory. + Optional pathname of a mailbox file relative to a local(8) + user's home directory. mail_spool_directory (see 'postconf -d' output) - The directory where local(8) UNIX-style mailboxes - are kept. + The directory where local(8) UNIX-style mailboxes are kept. fallback_transport_maps (empty) - Optional lookup tables with per-recipient message - delivery transports for recipients that the - local(8) delivery agent could not find in the - aliases(5) or UNIX password database. + Optional lookup tables with per-recipient message delivery + transports for recipients that the local(8) delivery agent could + not find in the aliases(5) or UNIX password database. fallback_transport (empty) - Optional message delivery transport that the - local(8) delivery agent should use for names that - are not found in the aliases(5) or UNIX password - database. + Optional message delivery transport that the local(8) delivery + agent should use for names that are not found in the aliases(5) + or UNIX password database. luser_relay (empty) - Optional catch-all destination for unknown local(8) - recipients. + Optional catch-all destination for unknown local(8) recipients. Available in Postfix version 2.2 and later: command_execution_directory (empty) - The local(8) delivery agent working directory for - delivery to external command. + The local(8) delivery agent working directory for delivery to + external command. MAILBOX LOCKING CONTROLS deliver_lock_attempts (20) - The maximal number of attempts to acquire an exclu- - sive lock on a mailbox file or bounce(8) logfile. + The maximal number of attempts to acquire an exclusive lock on a + mailbox file or bounce(8) logfile. deliver_lock_delay (1s) - The time between attempts to acquire an exclusive - lock on a mailbox file or bounce(8) logfile. + The time between attempts to acquire an exclusive lock on a + mailbox file or bounce(8) logfile. stale_lock_time (500s) - The time after which a stale exclusive mailbox - lockfile is removed. + The time after which a stale exclusive mailbox lockfile is + removed. mailbox_delivery_lock (see 'postconf -d' output) - How to lock a UNIX-style local(8) mailbox before - attempting delivery. + How to lock a UNIX-style local(8) mailbox before attempting + delivery. RESOURCE AND RATE CONTROLS command_time_limit (1000s) Time limit for delivery to external commands. duplicate_filter_limit (1000) - The maximal number of addresses remembered by the - address duplicate filter for aliases(5) or vir- - tual(5) alias expansion, or for showq(8) queue dis- - plays. + The maximal number of addresses remembered by the address dupli- + cate filter for aliases(5) or virtual(5) alias expansion, or for + showq(8) queue displays. local_destination_concurrency_limit (2) - The maximal number of parallel deliveries via the - local mail delivery transport to the same recipient - (when "local_destination_recipient_limit = 1") or - the maximal number of parallel deliveries to the - same local domain (when "local_destination_recipi- - ent_limit > 1"). + The maximal number of parallel deliveries via the local mail + delivery transport to the same recipient (when "local_destina- + tion_recipient_limit = 1") or the maximal number of parallel + deliveries to the same local domain (when "local_destina- + tion_recipient_limit > 1"). local_destination_recipient_limit (1) - The maximal number of recipients per message deliv- - ery via the local mail delivery transport. + The maximal number of recipients per message delivery via the + local mail delivery transport. mailbox_size_limit (51200000) - The maximal size of any local(8) individual mailbox - or maildir file, or zero (no limit). + The maximal size of any local(8) individual mailbox or maildir + file, or zero (no limit). SECURITY CONTROLS allow_mail_to_commands (alias, forward) - Restrict local(8) mail delivery to external com- - mands. + Restrict local(8) mail delivery to external commands. allow_mail_to_files (alias, forward) - Restrict local(8) mail delivery to external files. + Restrict local(8) mail delivery to external files. command_expansion_filter (see 'postconf -d' output) - Restrict the characters that the local(8) delivery - agent allows in $name expansions of $mailbox_com- - mand and $command_execution_directory. + Restrict the characters that the local(8) delivery agent allows + in $name expansions of $mailbox_command and $command_execu- + tion_directory. default_privs (nobody) - The default rights used by the local(8) delivery - agent for delivery to external file or command. + The default rights used by the local(8) delivery agent for + delivery to external file or command. forward_expansion_filter (see 'postconf -d' output) - Restrict the characters that the local(8) delivery - agent allows in $name expansions of $forward_path. + Restrict the characters that the local(8) delivery agent allows + in $name expansions of $forward_path. Available in Postfix version 2.2 and later: - execution_directory_expansion_filter (see 'postconf -d' - output) - Restrict the characters that the local(8) delivery - agent allows in $name expansions of $command_execu- - tion_directory. + execution_directory_expansion_filter (see 'postconf -d' output) + Restrict the characters that the local(8) delivery agent allows + in $name expansions of $command_execution_directory. Available in Postfix version 2.5.3 and later: strict_mailbox_ownership (yes) - Defer delivery when a mailbox file is not owned by - its recipient. + Defer delivery when a mailbox file is not owned by its recipi- + ent. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal - point when logging sub-second delay values. + The maximal number of digits after the decimal point when log- + ging sub-second delay values. export_environment (see 'postconf -d' output) - The list of environment variables that a Postfix - process will export to non-Postfix processes. + The list of environment variables that a Postfix process will + export to non-Postfix processes. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. local_command_shell (empty) - Optional shell program for local(8) delivery to - non-Postfix command. + Optional shell program for local(8) delivery to non-Postfix com- + mand. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. prepend_delivered_header (command, file, forward) - The message delivery contexts where the Postfix - local(8) delivery agent prepends a Delivered-To: - message header with the address that the mail was - delivered to. + The message delivery contexts where the Postfix local(8) deliv- + ery agent prepends a Delivered-To: message header with the + address that the mail was delivered to. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. propagate_unmatched_extensions (canonical, virtual) - What address lookup tables copy an address exten- - sion from the lookup key to the lookup result. + What address lookup tables copy an address extension from the + lookup key to the lookup result. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. recipient_delimiter (empty) - The set of characters that can separate a user name - from its extension (example: user+foo), or a .for- - ward file name from its extension (example: .for- - ward+foo). + The set of characters that can separate a user name from its + extension (example: user+foo), or a .forward file name from its + extension (example: .forward+foo). require_home_directory (no) - Require that a local(8) recipient's home directory - exists before mail delivery is attempted. + Require that a local(8) recipient's home directory exists before + mail delivery is attempted. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". FILES The following are examples; details differ between systems. @@ -642,15 +573,13 @@ LOCAL(8) LOCAL(8) syslogd(8), system logging LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY - The Delivered-To: message header appears in the qmail sys- - tem by Daniel Bernstein. + The Delivered-To: message header appears in the qmail system by Daniel + Bernstein. - The maildir structure appears in the qmail system by - Daniel Bernstein. + The maildir structure appears in the qmail system by Daniel Bernstein. AUTHOR(S) Wietse Venema diff --git a/postfix/html/mailq.1.html b/postfix/html/mailq.1.html index d463d2a64..5a535363d 100644 --- a/postfix/html/mailq.1.html +++ b/postfix/html/mailq.1.html @@ -19,165 +19,149 @@ SENDMAIL(1) SENDMAIL(1) sendmail -I DESCRIPTION - The Postfix sendmail(1) command implements the Postfix to - Sendmail compatibility interface. For the sake of compat- - ibility with existing applications, some Sendmail command- - line options are recognized but silently ignored. + The Postfix sendmail(1) command implements the Postfix to Sendmail com- + patibility interface. For the sake of compatibility with existing + applications, some Sendmail command-line options are recognized but + silently ignored. - By default, Postfix sendmail(1) reads a message from stan- - dard input until EOF or until it reads a line with only a - . character, and arranges for delivery. Postfix send- - mail(1) relies on the postdrop(1) command to create a - queue file in the maildrop directory. + By default, Postfix sendmail(1) reads a message from standard input + until EOF or until it reads a line with only a . character, and + arranges for delivery. Postfix sendmail(1) relies on the postdrop(1) + command to create a queue file in the maildrop directory. - Specific command aliases are provided for other common - modes of operation: + Specific command aliases are provided for other common modes of opera- + tion: - mailq List the mail queue. Each entry shows the queue - file ID, message size, arrival time, sender, and - the recipients that still need to be delivered. If - mail could not be delivered upon the last attempt, - the reason for failure is shown. The queue ID - string is followed by an optional status character: + mailq List the mail queue. Each entry shows the queue file ID, message + size, arrival time, sender, and the recipients that still need + to be delivered. If mail could not be delivered upon the last + attempt, the reason for failure is shown. The queue ID string is + followed by an optional status character: - * The message is in the active queue, i.e. the - message is selected for delivery. + * The message is in the active queue, i.e. the message is + selected for delivery. - ! The message is in the hold queue, i.e. no - further delivery attempt will be made until - the mail is taken off hold. + ! The message is in the hold queue, i.e. no further deliv- + ery attempt will be made until the mail is taken off + hold. - This mode of operation is implemented by executing - the postqueue(1) command. + This mode of operation is implemented by executing the + postqueue(1) command. newaliases - Initialize the alias database. If no input file is - specified (with the -oA option, see below), the - program processes the file(s) specified with the - alias_database configuration parameter. If no - alias database type is specified, the program uses - the type specified with the default_database_type - configuration parameter. This mode of operation is - implemented by running the postalias(1) command. - - Note: it may take a minute or so before an alias - database update becomes visible. Use the "postfix - reload" command to eliminate this delay. - - These and other features can be selected by specifying the - appropriate combination of command-line options. Some fea- - tures are controlled by parameters in the main.cf configu- - ration file. + Initialize the alias database. If no input file is specified + (with the -oA option, see below), the program processes the + file(s) specified with the alias_database configuration parame- + ter. If no alias database type is specified, the program uses + the type specified with the default_database_type configuration + parameter. This mode of operation is implemented by running the + postalias(1) command. + + Note: it may take a minute or so before an alias database update + becomes visible. Use the "postfix reload" command to eliminate + this delay. + + These and other features can be selected by specifying the appropriate + combination of command-line options. Some features are controlled by + parameters in the main.cf configuration file. The following options are recognized: -Am (ignored) -Ac (ignored) - Postfix sendmail uses the same configuration file - regardless of whether or not a message is an ini- - tial submission. + Postfix sendmail uses the same configuration file regardless of + whether or not a message is an initial submission. -B body_type The message body MIME type: 7BIT or 8BITMIME. - -bd Go into daemon mode. This mode of operation is - implemented by executing the "postfix start" com- - mand. + -bd Go into daemon mode. This mode of operation is implemented by + executing the "postfix start" command. -bh (ignored) -bH (ignored) Postfix has no persistent host status database. - -bi Initialize alias database. See the newaliases com- - mand above. + -bi Initialize alias database. See the newaliases command above. - -bl Go into daemon mode. To accept only local connec- - tions as with Sendmail's -bl option, specify - "inet_interfaces = loopback" in the Postfix main.cf - configuration file. + -bl Go into daemon mode. To accept only local connections as with + Sendmail's -bl option, specify "inet_interfaces = loopback" in + the Postfix main.cf configuration file. - -bm Read mail from standard input and arrange for - delivery. This is the default mode of operation. + -bm Read mail from standard input and arrange for delivery. This is + the default mode of operation. -bp List the mail queue. See the mailq command above. - -bs Stand-alone SMTP server mode. Read SMTP commands - from standard input, and write responses to stan- - dard output. In stand-alone SMTP server mode, mail - relaying and other access controls are disabled by - default. To enable them, run the process as the + -bs Stand-alone SMTP server mode. Read SMTP commands from standard + input, and write responses to standard output. In stand-alone + SMTP server mode, mail relaying and other access controls are + disabled by default. To enable them, run the process as the mail_owner user. - This mode of operation is implemented by running - the smtpd(8) daemon. + This mode of operation is implemented by running the smtpd(8) + daemon. - -bv Do not collect or deliver a message. Instead, send - an email report after verifying each recipient - address. This is useful for testing address - rewriting and routing configurations. + -bv Do not collect or deliver a message. Instead, send an email + report after verifying each recipient address. This is useful + for testing address rewriting and routing configurations. - This feature is available in Postfix version 2.1 - and later. + This feature is available in Postfix version 2.1 and later. -C config_file -C config_dir - The path name of the Postfix main.cf file, or of - its parent directory. This information is ignored - with Postfix versions before 2.3. + The path name of the Postfix main.cf file, or of its parent + directory. This information is ignored with Postfix versions + before 2.3. - With all Postfix versions, you can specify a direc- - tory pathname with the MAIL_CONFIG environment - variable to override the location of configuration - files. + With all Postfix versions, you can specify a directory pathname + with the MAIL_CONFIG environment variable to override the loca- + tion of configuration files. -F full_name - Set the sender full name. This overrides the NAME - environment variable, and is used only with mes- - sages that have no From: message header. + Set the sender full name. This overrides the NAME environment + variable, and is used only with messages that have no From: mes- + sage header. -f sender - Set the envelope sender address. This is the - address where delivery problems are sent to. With - Postfix versions before 2.1, the Errors-To: message - header overrides the error return address. + Set the envelope sender address. This is the address where + delivery problems are sent to. With Postfix versions before 2.1, + the Errors-To: message header overrides the error return + address. - -G Gateway (relay) submission, as opposed to initial - user submission. Either do not rewrite addresses - at all, or update incomplete addresses with the - domain information specified with remote_header_re- - write_domain. + -G Gateway (relay) submission, as opposed to initial user submis- + sion. Either do not rewrite addresses at all, or update incom- + plete addresses with the domain information specified with + remote_header_rewrite_domain. - This option is ignored before Postfix version 2.3. + This option is ignored before Postfix version 2.3. -h hop_count (ignored) - Hop count limit. Use the hopcount_limit configura- - tion parameter instead. + Hop count limit. Use the hopcount_limit configuration parameter + instead. - -I Initialize alias database. See the newaliases com- - mand above. + -I Initialize alias database. See the newaliases command above. - -i When reading a message from standard input, don't - treat a line with only a . character as the end of - input. + -i When reading a message from standard input, don't treat a line + with only a . character as the end of input. -L label (ignored) - The logging label. Use the syslog_name configura- - tion parameter instead. + The logging label. Use the syslog_name configuration parameter + instead. -m (ignored) Backwards compatibility. -N dsn (default: 'delay, failure') - Delivery status notification control. Specify - either a comma-separated list with one or more of - failure (send notification when delivery fails), - delay (send notification when delivery is delayed), - or success (send notification when the message is - delivered); or specify never (don't send any noti- - fications at all). + Delivery status notification control. Specify either a comma- + separated list with one or more of failure (send notification + when delivery fails), delay (send notification when delivery is + delayed), or success (send notification when the message is + delivered); or specify never (don't send any notifications at + all). This feature is available in Postfix 2.3 and later. @@ -185,133 +169,118 @@ SENDMAIL(1) SENDMAIL(1) Backwards compatibility. -oAalias_database - Non-default alias database. Specify pathname or - type:pathname. See postalias(1) for details. + Non-default alias database. Specify pathname or type:pathname. + See postalias(1) for details. -O option=value (ignored) - Set the named option to value. Use the equivalent - configuration parameter in main.cf instead. + Set the named option to value. Use the equivalent configuration + parameter in main.cf instead. -o7 (ignored) -o8 (ignored) - To send 8-bit or binary content, use an appropriate - MIME encapsulation and specify the appropriate -B - command-line option. + To send 8-bit or binary content, use an appropriate MIME encap- + sulation and specify the appropriate -B command-line option. - -oi When reading a message from standard input, don't - treat a line with only a . character as the end of - input. + -oi When reading a message from standard input, don't treat a line + with only a . character as the end of input. -om (ignored) - The sender is never eliminated from alias etc. - expansions. + The sender is never eliminated from alias etc. expansions. -o x value (ignored) - Set option x to value. Use the equivalent configu- - ration parameter in main.cf instead. + Set option x to value. Use the equivalent configuration parame- + ter in main.cf instead. -r sender - Set the envelope sender address. This is the - address where delivery problems are sent to. With - Postfix versions before 2.1, the Errors-To: message - header overrides the error return address. + Set the envelope sender address. This is the address where + delivery problems are sent to. With Postfix versions before 2.1, + the Errors-To: message header overrides the error return + address. -R return - Delivery status notification control. Specify - "hdrs" to return only the header when a message - bounces, "full" to return a full copy (the default - behavior). + Delivery status notification control. Specify "hdrs" to return + only the header when a message bounces, "full" to return a full + copy (the default behavior). - The -R option specifies an upper bound; Postfix - will return only the header, when a full copy would - exceed the bounce_size_limit setting. + The -R option specifies an upper bound; Postfix will return only + the header, when a full copy would exceed the bounce_size_limit + setting. This option is ignored before Postfix version 2.10. - -q Attempt to deliver all queued mail. This is imple- - mented by executing the postqueue(1) command. + -q Attempt to deliver all queued mail. This is implemented by exe- + cuting the postqueue(1) command. - Warning: flushing undeliverable mail frequently - will result in poor delivery performance of all - other mail. + Warning: flushing undeliverable mail frequently will result in + poor delivery performance of all other mail. -qinterval (ignored) - The interval between queue runs. Use the - queue_run_delay configuration parameter instead. + The interval between queue runs. Use the queue_run_delay config- + uration parameter instead. -qIqueueid - Schedule immediate delivery of mail with the speci- - fied queue ID. This option is implemented by exe- - cuting the postqueue(1) command, and is available - with Postfix version 2.4 and later. + Schedule immediate delivery of mail with the specified queue ID. + This option is implemented by executing the postqueue(1) com- + mand, and is available with Postfix version 2.4 and later. -qRsite - Schedule immediate delivery of all mail that is - queued for the named site. This option accepts only - site names that are eligible for the "fast flush" - service, and is implemented by executing the - postqueue(1) command. See flush(8) for more infor- - mation about the "fast flush" service. + Schedule immediate delivery of all mail that is queued for the + named site. This option accepts only site names that are eligi- + ble for the "fast flush" service, and is implemented by execut- + ing the postqueue(1) command. See flush(8) for more information + about the "fast flush" service. -qSsite - This command is not implemented. Use the slower - "sendmail -q" command instead. + This command is not implemented. Use the slower "sendmail -q" + command instead. - -t Extract recipients from message headers. These are - added to any recipients specified on the command - line. + -t Extract recipients from message headers. These are added to any + recipients specified on the command line. - With Postfix versions prior to 2.1, this option - requires that no recipient addresses are specified - on the command line. + With Postfix versions prior to 2.1, this option requires that no + recipient addresses are specified on the command line. -U (ignored) Initial user submission. -V envid - Specify the envelope ID for notification by servers - that support DSN. + Specify the envelope ID for notification by servers that support + DSN. This feature is available in Postfix 2.3 and later. -XV (Postfix 2.2 and earlier: -V) - Variable Envelope Return Path. Given an envelope - sender address of the form owner-listname@origin, - each recipient user@domain receives mail with a - personalized envelope sender address. + Variable Envelope Return Path. Given an envelope sender address + of the form owner-listname@origin, each recipient user@domain + receives mail with a personalized envelope sender address. - By default, the personalized envelope sender - address is owner-listname+user=domain@origin. The - default + and = characters are configurable with - the default_verp_delimiters configuration parame- - ter. + By default, the personalized envelope sender address is owner- + listname+user=domain@origin. The default + and = characters are + configurable with the default_verp_delimiters configuration + parameter. -XVxy (Postfix 2.2 and earlier: -Vxy) - As -XV, but uses x and y as the VERP delimiter - characters, instead of the characters specified - with the default_verp_delimiters configuration - parameter. + As -XV, but uses x and y as the VERP delimiter characters, + instead of the characters specified with the default_verp_delim- + iters configuration parameter. - -v Send an email report of the first delivery attempt - (Postfix versions 2.1 and later). Mail delivery - always happens in the background. When multiple -v - options are given, enable verbose logging for - debugging purposes. + -v Send an email report of the first delivery attempt (Postfix ver- + sions 2.1 and later). Mail delivery always happens in the back- + ground. When multiple -v options are given, enable verbose log- + ging for debugging purposes. -X log_file (ignored) - Log mailer traffic. Use the debug_peer_list and - debug_peer_level configuration parameters instead. + Log mailer traffic. Use the debug_peer_list and debug_peer_level + configuration parameters instead. SECURITY - By design, this program is not set-user (or group) id. - However, it must handle data from untrusted, possibly - remote, users. Thus, the usual precautions need to be - taken against malicious inputs. + By design, this program is not set-user (or group) id. However, it must + handle data from untrusted, possibly remote, users. Thus, the usual + precautions need to be taken against malicious inputs. DIAGNOSTICS - Problems are logged to syslogd(8) and to the standard - error stream. + Problems are logged to syslogd(8) and to the standard error stream. ENVIRONMENT MAIL_CONFIG @@ -321,161 +290,142 @@ SENDMAIL(1) SENDMAIL(1) Enable verbose logging for debugging purposes. MAIL_DEBUG (value does not matter) - Enable debugging with an external command, as spec- - ified with the debugger_command configuration - parameter. + Enable debugging with an external command, as specified with the + debugger_command configuration parameter. - NAME The sender full name. This is used only with mes- - sages that have no From: message header. See also - the -F option above. + NAME The sender full name. This is used only with messages that have + no From: message header. See also the -F option above. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. The text below provides only a parameter - summary. See postconf(5) for more details including exam- - ples. + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- + conf(5) for more details including examples. COMPATIBILITY CONTROLS Available with Postfix 2.9 and later: sendmail_fix_line_endings (always) - Controls how the Postfix sendmail command converts - email message line endings from <CR><LF> into UNIX - format (<LF>). + Controls how the Postfix sendmail command converts email message + line endings from <CR><LF> into UNIX format (<LF>). TROUBLE SHOOTING CONTROLS - The DEBUG_README file gives examples of how to trouble - shoot a Postfix system. + The DEBUG_README file gives examples of how to trouble shoot a Postfix + system. debugger_command (empty) - The external command to execute when a Postfix dae- - mon program is invoked with the -D option. + The external command to execute when a Postfix daemon program is + invoked with the -D option. debug_peer_level (2) - The increment in verbose logging level when a - remote client or server matches a pattern in the - debug_peer_list parameter. + The increment in verbose logging level when a remote client or + server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname - or network address patterns that cause the verbose - logging level to increase by the amount specified - in $debug_peer_level. + Optional list of remote client or server hostname or network + address patterns that cause the verbose logging level to + increase by the amount specified in $debug_peer_level. ACCESS CONTROLS Available in Postfix version 2.2 and later: authorized_flush_users (static:anyone) - List of users who are authorized to flush the - queue. + List of users who are authorized to flush the queue. authorized_mailq_users (static:anyone) List of users who are authorized to view the queue. authorized_submit_users (static:anyone) - List of users who are authorized to submit mail - with the sendmail(1) command (and with the privi- - leged postdrop(1) helper command). + List of users who are authorized to submit mail with the send- + mail(1) command (and with the privileged postdrop(1) helper com- + mand). RESOURCE AND RATE CONTROLS bounce_size_limit (50000) - The maximal amount of original message text that is - sent in a non-delivery notification. + The maximal amount of original message text that is sent in a + non-delivery notification. fork_attempts (5) - The maximal number of attempts to fork() a child - process. + The maximal number of attempts to fork() a child process. fork_delay (1s) - The delay between attempts to fork() a child - process. + The delay between attempts to fork() a child process. hopcount_limit (50) - The maximal number of Received: message headers - that is allowed in the primary message headers. + The maximal number of Received: message headers that is allowed + in the primary message headers. queue_run_delay (300s) - The time between deferred queue scans by the queue - manager; prior to Postfix 2.4 the default value was - 1000s. + The time between deferred queue scans by the queue manager; + prior to Postfix 2.4 the default value was 1000s. FAST FLUSH CONTROLS - The ETRN_README file describes configuration and operation - details for the Postfix "fast flush" service. + The ETRN_README file describes configuration and operation details for + the Postfix "fast flush" service. fast_flush_domains ($relay_domains) - Optional list of destinations that are eligible for - per-destination logfiles with mail that is queued - to those destinations. + Optional list of destinations that are eligible for per-destina- + tion logfiles with mail that is queued to those destinations. VERP CONTROLS - The VERP_README file describes configuration and operation - details of Postfix support for variable envelope return - path addresses. + The VERP_README file describes configuration and operation details of + Postfix support for variable envelope return path addresses. default_verp_delimiters (+=) The two default VERP delimiter characters. verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter - characters on the Postfix sendmail(1) command line - and in SMTP commands. + The characters Postfix accepts as VERP delimiter characters on + the Postfix sendmail(1) command line and in SMTP commands. MISCELLANEOUS CONTROLS alias_database (see 'postconf -d' output) - The alias databases for local(8) delivery that are - updated with "newaliases" or with "sendmail -bi". + The alias databases for local(8) delivery that are updated with + "newaliases" or with "sendmail -bi". command_directory (see 'postconf -d' output) - The location of all postfix administrative com- - mands. + The location of all postfix administrative commands. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_directory (see 'postconf -d' output) - The directory with Postfix support programs and - daemon programs. + The directory with Postfix support programs and daemon programs. default_database_type (see 'postconf -d' output) - The default database type for use in newaliases(1), - postalias(1) and postmap(1) commands. + The default database type for use in newaliases(1), postalias(1) + and postmap(1) commands. delay_warning_time (0h) - The time after which the sender receives a copy of - the message headers of mail that is still queued. + The time after which the sender receives a copy of the message + headers of mail that is still queued. enable_errors_to (no) - Report mail delivery errors to the address speci- - fied with the non-standard Errors-To: message - header, instead of the envelope sender address - (this feature is removed with Postfix version 2.2, - is turned off by default with Postfix version 2.1, - and is always turned on with older Postfix ver- - sions). + Report mail delivery errors to the address specified with the + non-standard Errors-To: message header, instead of the envelope + sender address (this feature is removed with Postfix version + 2.2, is turned off by default with Postfix version 2.1, and is + always turned on with older Postfix versions). mail_owner (postfix) - The UNIX system account that owns the Postfix queue - and most Postfix daemon processes. + The UNIX system account that owns the Postfix queue and most + Postfix daemon processes. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. remote_header_rewrite_domain (empty) - Don't rewrite message headers from remote clients - at all when this parameter is empty; otherwise, re- - write message headers and append the specified - domain name to incomplete addresses. + Don't rewrite message headers from remote clients at all when + this parameter is empty; otherwise, rewrite message headers and + append the specified domain name to incomplete addresses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". FILES /var/spool/postfix, mail queue @@ -494,13 +444,14 @@ SENDMAIL(1) SENDMAIL(1) syslogd(8), system logging README_FILES + Use "postconf readme_directory" or "postconf html_directory" to locate + this information. DEBUG_README, Postfix debugging howto ETRN_README, Postfix ETRN howto VERP_README, Postfix VERP howto LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/master.5.html b/postfix/html/master.5.html index 749de3a87..0125a8e98 100644 --- a/postfix/html/master.5.html +++ b/postfix/html/master.5.html @@ -10,208 +10,184 @@ MASTER(5) MASTER(5) master - Postfix master process configuration file format DESCRIPTION - The Postfix mail system is implemented by small number of - (mostly) client commands that are invoked by users, and by - a larger number of services that run in the background. - - Postfix services are implemented by daemon processes. - These run in the background under control of the master(8) - process. The master.cf configuration file defines how a - client program connects to a service, and what daemon pro- - gram runs when a service is requested. Most daemon pro- - cesses are short-lived and terminate voluntarily after - serving max_use clients, or after inactivity for max_idle - or more units of time. - - All daemons specified here must speak a Postfix-internal - protocol. In order to execute non-Postfix software use the - local(8), pipe(8) or spawn(8) services, or run the server - under control by inetd(8) or equivalent. - - After changing master.cf you must execute "postfix reload" - to reload the configuration. + The Postfix mail system is implemented by small number of (mostly) + client commands that are invoked by users, and by a larger number of + services that run in the background. + + Postfix services are implemented by daemon processes. These run in the + background under control of the master(8) process. The master.cf con- + figuration file defines how a client program connects to a service, and + what daemon program runs when a service is requested. Most daemon pro- + cesses are short-lived and terminate voluntarily after serving max_use + clients, or after inactivity for max_idle or more units of time. + + All daemons specified here must speak a Postfix-internal protocol. In + order to execute non-Postfix software use the local(8), pipe(8) or + spawn(8) services, or run the server under control by inetd(8) or + equivalent. + + After changing master.cf you must execute "postfix reload" to reload + the configuration. SYNTAX The general format of the master.cf file is as follows: - o Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character - is a `#'. + o Empty lines and whitespace-only lines are ignored, as are lines + whose first non-whitespace character is a `#'. - o A logical line starts with non-whitespace text. A - line that starts with whitespace continues a logi- - cal line. + o A logical line starts with non-whitespace text. A line that + starts with whitespace continues a logical line. - o Each logical line defines a single Postfix service. - Each service is identified by its name and type as - described below. When multiple lines specify the - same service name and type, only the last one is - remembered. Otherwise, the order of master.cf ser- - vice definitions does not matter. + o Each logical line defines a single Postfix service. Each ser- + vice is identified by its name and type as described below. + When multiple lines specify the same service name and type, only + the last one is remembered. Otherwise, the order of master.cf + service definitions does not matter. - Each logical line consists of eight fields separated by - whitespace. These are described below in the order as - they appear in the master.cf file. + Each logical line consists of eight fields separated by whitespace. + These are described below in the order as they appear in the master.cf + file. - Where applicable a field of "-" requests that the built-in - default value be used. For boolean fields specify "y" or - "n" to override the default value. + Where applicable a field of "-" requests that the built-in default + value be used. For boolean fields specify "y" or "n" to override the + default value. Service name - The service name syntax depends on the service type - as described next. + The service name syntax depends on the service type as described + next. Service type Specify one of the following service types: - inet The service listens on a TCP/IP socket and - is accessible via the network. - - The service name is specified as host:port, - denoting the host and port on which new con- - nections should be accepted. The host part - (and colon) may be omitted. Either host or - port may be given in symbolic form (host or - service name) or in numeric form (IP address - or port number). Host information may be - enclosed inside "[]"; this form is necessary - only with IPv6 addresses. - - Examples: a service named 127.0.0.1:smtp or - ::1:smtp receives mail via the loopback - interface only; and a service named 10025 - accepts connections on TCP port 10025 via - all interfaces configured with the - inet_interfaces parameter. - - Note: with Postfix version 2.2 and later - specify "inet_interfaces = loopback-only" in - main.cf, instead of hard-coding loopback IP - address information in master.cf or in - main.cf. - - unix The service listens on a UNIX-domain socket - and is accessible for local clients only. - - The service name is a pathname relative to - the Postfix queue directory (pathname con- - trolled with the queue_directory configura- - tion parameter in main.cf). - - On Solaris 8 and earlier systems the unix - type is implemented with streams sockets. - - fifo The service listens on a FIFO (named pipe) - and is accessible for local clients only. - - The service name is a pathname relative to - the Postfix queue directory (pathname con- - trolled with the queue_directory configura- - tion parameter in main.cf). - - pass The service listens on a UNIX-domain socket, - and is accessible to local clients only. It - receives one open connection (file descrip- - tor passing) per connection request. - - The service name is a pathname relative to - the Postfix queue directory (pathname con- - trolled with the queue_directory configura- - tion parameter in main.cf). - - On Solaris 8 and earlier systems the pass - type is implemented with streams sockets. - - This feature is available as of Postfix ver- - sion 2.5. + inet The service listens on a TCP/IP socket and is accessible + via the network. + + The service name is specified as host:port, denoting the + host and port on which new connections should be + accepted. The host part (and colon) may be omitted. + Either host or port may be given in symbolic form (host + or service name) or in numeric form (IP address or port + number). Host information may be enclosed inside "[]"; + this form is necessary only with IPv6 addresses. + + Examples: a service named 127.0.0.1:smtp or ::1:smtp + receives mail via the loopback interface only; and a ser- + vice named 10025 accepts connections on TCP port 10025 + via all interfaces configured with the inet_interfaces + parameter. + + Note: with Postfix version 2.2 and later specify + "inet_interfaces = loopback-only" in main.cf, instead of + hard-coding loopback IP address information in master.cf + or in main.cf. + + unix The service listens on a UNIX-domain socket and is acces- + sible for local clients only. + + The service name is a pathname relative to the Postfix + queue directory (pathname controlled with the + queue_directory configuration parameter in main.cf). + + On Solaris 8 and earlier systems the unix type is imple- + mented with streams sockets. + + fifo The service listens on a FIFO (named pipe) and is acces- + sible for local clients only. + + The service name is a pathname relative to the Postfix + queue directory (pathname controlled with the + queue_directory configuration parameter in main.cf). + + pass The service listens on a UNIX-domain socket, and is + accessible to local clients only. It receives one open + connection (file descriptor passing) per connection + request. + + The service name is a pathname relative to the Postfix + queue directory (pathname controlled with the + queue_directory configuration parameter in main.cf). + + On Solaris 8 and earlier systems the pass type is imple- + mented with streams sockets. + + This feature is available as of Postfix version 2.5. Private (default: y) - Whether or not access is restricted to the mail - system. Internet (type inet) services can't be - private. + Whether or not access is restricted to the mail system. Inter- + net (type inet) services can't be private. Unprivileged (default: y) - Whether the service runs with root privileges or as - the owner of the Postfix system (the owner name is - controlled by the mail_owner configuration variable - in the main.cf file). + Whether the service runs with root privileges or as the owner of + the Postfix system (the owner name is controlled by the + mail_owner configuration variable in the main.cf file). - The local(8), pipe(8), spawn(8), and virtual(8) - daemons require privileges. + The local(8), pipe(8), spawn(8), and virtual(8) daemons require + privileges. Chroot (default: y) - Whether or not the service runs chrooted to the - mail queue directory (pathname is controlled by the - queue_directory configuration variable in the - main.cf file). - - Chroot should not be used with the local(8), - pipe(8), spawn(8), and virtual(8) daemons. - Although the proxymap(8) server can run chrooted, - doing so defeats most of the purpose of having that + Whether or not the service runs chrooted to the mail queue + directory (pathname is controlled by the queue_directory config- + uration variable in the main.cf file). + + Chroot should not be used with the local(8), pipe(8), spawn(8), + and virtual(8) daemons. Although the proxymap(8) server can run + chrooted, doing so defeats most of the purpose of having that service in the first place. - The files in the examples/chroot-setup subdirectory - of the Postfix source archive show set up a Postfix - chroot environment on a variety of systems. See - also BASIC_CONFIGURATION_README for issues related - to running daemons chrooted. + The files in the examples/chroot-setup subdirectory of the Post- + fix source archive show set up a Postfix chroot environment on a + variety of systems. See also BASIC_CONFIGURATION_README for + issues related to running daemons chrooted. Wake up time (default: 0) - Automatically wake up the named service after the - specified number of seconds. The wake up is imple- - mented by connecting to the service and sending a - wake up request. A ? at the end of the wake-up - time field requests that no wake up events be sent - before the first time a service is used. Specify 0 - for no automatic wake up. + Automatically wake up the named service after the specified num- + ber of seconds. The wake up is implemented by connecting to the + service and sending a wake up request. A ? at the end of the + wake-up time field requests that no wake up events be sent + before the first time a service is used. Specify 0 for no auto- + matic wake up. - The pickup(8), qmgr(8) and flush(8) daemons require - a wake up timer. + The pickup(8), qmgr(8) and flush(8) daemons require a wake up + timer. Process limit (default: $default_process_limit) - The maximum number of processes that may execute - this service simultaneously. Specify 0 for no - process count limit. + The maximum number of processes that may execute this service + simultaneously. Specify 0 for no process count limit. - NOTE: Some Postfix services must be configured as a - single-process service (for example, qmgr(8)) and - some services must be configured with no process - limit (for example, cleanup(8)). These limits must - not be changed. + NOTE: Some Postfix services must be configured as a single- + process service (for example, qmgr(8)) and some services must be + configured with no process limit (for example, cleanup(8)). + These limits must not be changed. Command name + arguments - The command to be executed. Characters that are - special to the shell such as ">" or "|" have no - special meaning here, and quotes cannot be used to - protect arguments containing whitespace. - - The command name is relative to the Postfix daemon - directory (pathname is controlled by the dae- - mon_directory configuration variable). - - The command argument syntax for specific commands - is specified in the respective daemon manual page. - - The following command-line options have the same - effect for all daemon programs: - - -D Run the daemon under control by the command - specified with the debugger_command variable - in the main.cf configuration file. See - DEBUG_README for hints and tips. - - -o name=value - Override the named main.cf configuration - parameter. The parameter value can refer to - other parameters as $name etc., just like in - main.cf. See postconf(5) for syntax. - - NOTE 1: do not specify whitespace around the - "=" or in parameter values. To specify a - parameter value that contains whitespace, - use commas instead of spaces, or specify the - value in main.cf. Example: + The command to be executed. Characters that are special to the + shell such as ">" or "|" have no special meaning here, and + quotes cannot be used to protect arguments containing white- + space. + + The command name is relative to the Postfix daemon directory + (pathname is controlled by the daemon_directory configuration + variable). + + The command argument syntax for specific commands is specified + in the respective daemon manual page. + + The following command-line options have the same effect for all + daemon programs: + + -D Run the daemon under control by the command specified + with the debugger_command variable in the main.cf config- + uration file. See DEBUG_README for hints and tips. + + -o name=value + Override the named main.cf configuration parameter. The + parameter value can refer to other parameters as $name + etc., just like in main.cf. See postconf(5) for syntax. + + NOTE 1: do not specify whitespace around the "=" or in + parameter values. To specify a parameter value that con- + tains whitespace, use commas instead of spaces, or spec- + ify the value in main.cf. Example: /etc/postfix/master.cf: submission inet .... smtpd @@ -220,17 +196,15 @@ MASTER(5) MASTER(5) /etc/postfix/main.cf submission_mumble = text with whitespace... - NOTE 2: Over-zealous use of parameter over- - rides makes the Postfix configuration hard - to understand and maintain. At a certain - point, it might be easier to configure mul- - tiple instances of Postfix, instead of con- - figuring multiple personalities via mas- - ter.cf. + NOTE 2: Over-zealous use of parameter overrides makes the + Postfix configuration hard to understand and maintain. + At a certain point, it might be easier to configure mul- + tiple instances of Postfix, instead of configuring multi- + ple personalities via master.cf. - -v Increase the verbose logging level. Specify - multiple -v options to make a Postfix daemon - process increasingly verbose. + -v Increase the verbose logging level. Specify multiple -v + options to make a Postfix daemon process increasingly + verbose. SEE ALSO master(8), process manager @@ -241,8 +215,7 @@ MASTER(5) MASTER(5) DEBUG_README, Postfix debugging LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Initial version by diff --git a/postfix/html/master.8.html b/postfix/html/master.8.html index 87e764451..f3f0dc747 100644 --- a/postfix/html/master.8.html +++ b/postfix/html/master.8.html @@ -13,181 +13,163 @@ MASTER(8) MASTER(8) master [-Ddtvw] [-c config_dir] [-e exit_time] DESCRIPTION - The master(8) daemon is the resident process that runs - Postfix daemons on demand: daemons to send or receive mes- - sages via the network, daemons to deliver mail locally, - etc. These daemons are created on demand up to a config- - urable maximum number per service. - - Postfix daemons terminate voluntarily, either after being - idle for a configurable amount of time, or after having - serviced a configurable number of requests. Exceptions to - this rule are the resident queue manager, address verifi- - cation server, and the TLS session cache and pseudo-random - number server. - - The behavior of the master(8) daemon is controlled by the - master.cf configuration file, as described in master(5). + The master(8) daemon is the resident process that runs Postfix daemons + on demand: daemons to send or receive messages via the network, daemons + to deliver mail locally, etc. These daemons are created on demand up + to a configurable maximum number per service. + + Postfix daemons terminate voluntarily, either after being idle for a + configurable amount of time, or after having serviced a configurable + number of requests. Exceptions to this rule are the resident queue man- + ager, address verification server, and the TLS session cache and + pseudo-random number server. + + The behavior of the master(8) daemon is controlled by the master.cf + configuration file, as described in master(5). Options: -c config_dir - Read the main.cf and master.cf configuration files - in the named directory instead of the default con- - figuration directory. This also overrides the con- - figuration files for other Postfix daemon pro- - cesses. - - -D After initialization, run a debugger on the master - process. The debugging command is specified with - the debugger_command in the main.cf global configu- - ration file. + Read the main.cf and master.cf configuration files in the named + directory instead of the default configuration directory. This + also overrides the configuration files for other Postfix daemon + processes. - -d Do not redirect stdin, stdout or stderr to - /dev/null, and do not discard the controlling ter- - minal. This must be used for debugging only. + -D After initialization, run a debugger on the master process. The + debugging command is specified with the debugger_command in the + main.cf global configuration file. + + -d Do not redirect stdin, stdout or stderr to /dev/null, and do not + discard the controlling terminal. This must be used for debug- + ging only. -e exit_time - Terminate the master process after exit_time sec- - onds. Child processes terminate at their conve- - nience. + Terminate the master process after exit_time seconds. Child pro- + cesses terminate at their convenience. - -t Test mode. Return a zero exit status when the mas- - ter.pid lock file does not exist or when that file - is not locked. This is evidence that the master(8) - daemon is not running. + -t Test mode. Return a zero exit status when the master.pid lock + file does not exist or when that file is not locked. This is + evidence that the master(8) daemon is not running. - -v Enable verbose logging for debugging purposes. This - option is passed on to child processes. Multiple -v - options make the software increasingly verbose. + -v Enable verbose logging for debugging purposes. This option is + passed on to child processes. Multiple -v options make the soft- + ware increasingly verbose. - -w Wait in a dummy foreground process, while the real - master daemon initializes in a background process. - The dummy foreground process returns a zero exit - status only if the master daemon initialization is - successful, and if it completes in a reasonable - amount of time. + -w Wait in a dummy foreground process, while the real master daemon + initializes in a background process. The dummy foreground + process returns a zero exit status only if the master daemon + initialization is successful, and if it completes in a reason- + able amount of time. - This feature is available in Postfix 2.10 and - later. + This feature is available in Postfix 2.10 and later. Signals: - SIGHUP Upon receipt of a HUP signal (e.g., after "postfix - reload"), the master process re-reads its configu- - ration files. If a service has been removed from - the master.cf file, its running processes are ter- - minated immediately. Otherwise, running processes - are allowed to terminate as soon as is convenient, - so that changes in configuration settings affect - only new service requests. + SIGHUP Upon receipt of a HUP signal (e.g., after "postfix reload"), the + master process re-reads its configuration files. If a service + has been removed from the master.cf file, its running processes + are terminated immediately. Otherwise, running processes are + allowed to terminate as soon as is convenient, so that changes + in configuration settings affect only new service requests. SIGTERM - Upon receipt of a TERM signal (e.g., after "postfix - abort"), the master process passes the signal on to - its child processes and terminates. This is useful - for an emergency shutdown. Normally one would ter- - minate only the master ("postfix stop") and allow + Upon receipt of a TERM signal (e.g., after "postfix abort"), the + master process passes the signal on to its child processes and + terminates. This is useful for an emergency shutdown. Normally + one would terminate only the master ("postfix stop") and allow running processes to finish what they are doing. DIAGNOSTICS - Problems are reported to syslogd(8). The exit status is - non-zero in case of problems, including problems while - initializing as a master daemon process in the background. + Problems are reported to syslogd(8). The exit status is non-zero in + case of problems, including problems while initializing as a master + daemon process in the background. ENVIRONMENT MAIL_DEBUG - After initialization, start a debugger as specified - with the debugger_command configuration parameter - in the main.cf configuration file. + After initialization, start a debugger as specified with the + debugger_command configuration parameter in the main.cf configu- + ration file. MAIL_CONFIG Directory with Postfix configuration files. CONFIGURATION PARAMETERS - Unlike most Postfix daemon processes, the master(8) server - does not automatically pick up changes to main.cf. Changes - to master.cf are never picked up automatically. Use the - "postfix reload" command after a configuration change. + Unlike most Postfix daemon processes, the master(8) server does not + automatically pick up changes to main.cf. Changes to master.cf are + never picked up automatically. Use the "postfix reload" command after + a configuration change. RESOURCE AND RATE CONTROLS default_process_limit (100) - The default maximal number of Postfix child pro- - cesses that provide a given service. + The default maximal number of Postfix child processes that pro- + vide a given service. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. service_throttle_time (60s) - How long the Postfix master(8) waits before forking - a server that appears to be malfunctioning. + How long the Postfix master(8) waits before forking a server + that appears to be malfunctioning. Available in Postfix version 2.6 and later: master_service_disable (empty) - Selectively disable master(8) listener ports by - service type or by service name and type. + Selectively disable master(8) listener ports by service type or + by service name and type. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_directory (see 'postconf -d' output) - The directory with Postfix support programs and - daemon programs. + The directory with Postfix support programs and daemon programs. debugger_command (empty) - The external command to execute when a Postfix dae- - mon program is invoked with the -D option. + The external command to execute when a Postfix daemon program is + invoked with the -D option. inet_interfaces (all) - The network interface addresses that this mail sys- - tem receives mail on. + The network interface addresses that this mail system receives + mail on. inet_protocols (all) - The Internet protocols Postfix will attempt to use - when making or accepting connections. + The Internet protocols Postfix will attempt to use when making + or accepting connections. import_environment (see 'postconf -d' output) - The list of environment parameters that a Postfix - process will import from a non-Postfix parent - process. + The list of environment parameters that a Postfix process will + import from a non-Postfix parent process. mail_owner (postfix) - The UNIX system account that owns the Postfix queue - and most Postfix daemon processes. + The UNIX system account that owns the Postfix queue and most + Postfix daemon processes. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". FILES - To expand the directory names below into their actual val- - ues, use the command "postconf config_directory" etc. + To expand the directory names below into their actual values, use the + command "postconf config_directory" etc. $config_directory/main.cf, global configuration file. $config_directory/master.cf, master server configuration file. @@ -202,8 +184,7 @@ MASTER(8) MASTER(8) syslogd(8), system logging LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/memcache_table.5.html b/postfix/html/memcache_table.5.html index 238509bc6..99fcae8ca 100644 --- a/postfix/html/memcache_table.5.html +++ b/postfix/html/memcache_table.5.html @@ -15,32 +15,28 @@ MEMCACHE_TABLE(5) MEMCACHE_TABLE(5) postmap -q - memcache:/etc/postfix/filename <inputfile DESCRIPTION - The Postfix mail system uses optional tables for address - rewriting or mail routing. These tables are usually in dbm - or db format. + The Postfix mail system uses optional tables for address rewriting or + mail routing. These tables are usually in dbm or db format. - Alternatively, lookup tables can be specified as memcache - instances. To use memcache lookups, define a memcache - source as a lookup table in main.cf, for example: + Alternatively, lookup tables can be specified as memcache instances. + To use memcache lookups, define a memcache source as a lookup table in + main.cf, for example: virtual_alias_maps = memcache:/etc/postfix/memcache-aliases.cf - The file /etc/postfix/memcache-aliases.cf has the same - format as the Postfix main.cf file, and specifies the - parameters described below. + The file /etc/postfix/memcache-aliases.cf has the same format as the + Postfix main.cf file, and specifies the parameters described below. - The Postfix memcache client supports the lookup, update, - delete and sequence (first/next) operations. The sequence - operation requires a backup database that supports the - operation. + The Postfix memcache client supports the lookup, update, delete and + sequence (first/next) operations. The sequence operation requires a + backup database that supports the operation. MEMCACHE MAIN PARAMETERS memcache (default: inet:localhost:11211) - The memcache server (note: singular) that Postfix - will try to connect to. For a TCP server specify - "inet:" followed by a hostname or address, ":", and - a port name or number. Specify an IPv6 address - inside "[]". For a UNIX-domain server specify + The memcache server (note: singular) that Postfix will try to + connect to. For a TCP server specify "inet:" followed by a + hostname or address, ":", and a port name or number. Specify an + IPv6 address inside "[]". For a UNIX-domain server specify "unix:" followed by the socket pathname. Examples: memcache = inet:memcache.example.com:11211 @@ -48,16 +44,15 @@ MEMCACHE_TABLE(5) MEMCACHE_TABLE(5) memcache = inet:[fc00:8d00:189::3]:11211 memcache = unix:/path/to/socket - NOTE: to access a UNIX-domain socket with the prox- - ymap(8) server, the socket must be accessible by - the unprivileged postfix user. + NOTE: to access a UNIX-domain socket with the proxymap(8) + server, the socket must be accessible by the unprivileged post- + fix user. backup (default: undefined) - An optional Postfix database that provides persis- - tent backup for the memcache database. The Postfix - memcache client will update the memcache database - whenever it looks up or changes information in the - persistent database. Specify a Postfix "type:table" + An optional Postfix database that provides persistent backup for + the memcache database. The Postfix memcache client will update + the memcache database whenever it looks up or changes informa- + tion in the persistent database. Specify a Postfix "type:table" database. Examples: # Non-shared postscreen cache. @@ -66,66 +61,56 @@ MEMCACHE_TABLE(5) MEMCACHE_TABLE(5) # Shared postscreen cache for processes on the same host. backup = proxy:btree:/var/lib/postfix/postscreen_cache_map - Access to remote proxymap servers is under develop- - ment. - - NOTE 1: When sharing a persistent postscreen(8) or - verify(8) cache, disable automatic cache cleanup - (set *_cache_cleanup_interval = 0) except with one - Postfix instance that will be responsible for cache - cleanup. - - NOTE 2: When multiple tables share the same mem- - cache database, each table should use the key_for- - mat feature (see below) to prepend its own unique - string to the lookup key. Otherwise, automatic - postscreen(8) or verify(8) cache cleanup may not - work. - - NOTE 3: When the backup database is accessed with - "proxy:" lookups, the full backup database name - (including the "proxy:" prefix) must be specified - in the proxymap server's proxy_read_maps or - proxy_write_maps setting (depending on whether the - access is read-only or read-write). + Access to remote proxymap servers is under development. + + NOTE 1: When sharing a persistent postscreen(8) or verify(8) + cache, disable automatic cache cleanup (set + *_cache_cleanup_interval = 0) except with one Postfix instance + that will be responsible for cache cleanup. + + NOTE 2: When multiple tables share the same memcache database, + each table should use the key_format feature (see below) to + prepend its own unique string to the lookup key. Otherwise, + automatic postscreen(8) or verify(8) cache cleanup may not work. + + NOTE 3: When the backup database is accessed with "proxy:" + lookups, the full backup database name (including the "proxy:" + prefix) must be specified in the proxymap server's + proxy_read_maps or proxy_write_maps setting (depending on + whether the access is read-only or read-write). flags (default: 0) - Optional flags that should be stored along with a - memcache update. The flags are ignored when looking - up information. + Optional flags that should be stored along with a memcache + update. The flags are ignored when looking up information. ttl (default: 3600) The expiration time in seconds of memcache updates. - NOTE 1: When using a memcache table as - postscreen(8) or verify(8) cache without persistent - backup, specify a zero *_cache_cleanup_interval - value with all Postfix instances that use the mem- - cache, and specify the largest postscreen(8) *_ttl - value or verify(8) *_expire_time value as the mem- - cache table's ttl value. + NOTE 1: When using a memcache table as postscreen(8) or ver- + ify(8) cache without persistent backup, specify a zero + *_cache_cleanup_interval value with all Postfix instances that + use the memcache, and specify the largest postscreen(8) *_ttl + value or verify(8) *_expire_time value as the memcache table's + ttl value. - NOTE 2: According to memcache protocol documenta- - tion, a value greater than 30 days (2592000 sec- - onds) specifies absolute UNIX time. Smaller values - are relative to the time of the update. + NOTE 2: According to memcache protocol documentation, a value + greater than 30 days (2592000 seconds) specifies absolute UNIX + time. Smaller values are relative to the time of the update. MEMCACHE KEY PARAMETERS key_format (default: %s) - Format of the lookup and update keys that the Post- - fix memcache client sends to the memcache server. - By default, these are the same as the lookup and - update keys that the memcache client receives from - Postfix applications. + Format of the lookup and update keys that the Postfix memcache + client sends to the memcache server. By default, these are the + same as the lookup and update keys that the memcache client + receives from Postfix applications. - NOTE 1: The key_format feature is not used for - backup database requests. + NOTE 1: The key_format feature is not used for backup database + requests. - NOTE 2: When multiple tables share the same mem- - cache database, each table should prepend its own - unique string to the lookup key. Otherwise, auto- - matic postscreen(8) or verify(8) cache cleanup may - not work. + NOTE 2: When multiple tables share the same memcache database, + each table should prepend its own unique string to the lookup + key. Otherwise, automatic postscreen(8) or verify(8) cache + cleanup may not work. Examples: @@ -133,55 +118,45 @@ MEMCACHE_TABLE(5) MEMCACHE_TABLE(5) key_format = verify:%s key_format = postscreen:%s - The key_format parameter supports the following '%' - expansions: + The key_format parameter supports the following '%' expansions: %% This is replaced by a literal '%' character. - %s This is replaced by the memcache client - input key. - - %u When the input key is an address of the form - user@domain, %u is replaced by the SQL - quoted local part of the address. Other- - wise, %u is replaced by the entire search - string. If the localpart is empty, a lookup - is silently suppressed and returns no - results (an update is skipped with a warn- - ing). - - %d When the input key is an address of the form - user@domain, %d is replaced by the domain - part of the address. Otherwise, a lookup is - silently suppressed and returns no results - (an update is skipped with a warning). - - %[SUD] The upper-case equivalents of the above - expansions behave in the key_format parame- - ter identically to their lower-case counter- - parts. - - %[1-9] The patterns %1, %2, ... %9 are replaced by - the corresponding most significant component - of the input key's domain. If the input key - is user@mail.example.com, then %1 is com, %2 - is example and %3 is mail. If the input key - is unqualified or does not have enough - domain components to satisfy all the speci- - fied patterns, a lookup is silently sup- - pressed and returns no results (an update is + %s This is replaced by the memcache client input key. + + %u When the input key is an address of the form user@domain, + %u is replaced by the SQL quoted local part of the + address. Otherwise, %u is replaced by the entire search + string. If the localpart is empty, a lookup is silently + suppressed and returns no results (an update is skipped + with a warning). + + %d When the input key is an address of the form user@domain, + %d is replaced by the domain part of the address. Other- + wise, a lookup is silently suppressed and returns no + results (an update is skipped with a warning). + + %[SUD] The upper-case equivalents of the above expansions behave + in the key_format parameter identically to their lower- + case counter-parts. + + %[1-9] The patterns %1, %2, ... %9 are replaced by the corre- + sponding most significant component of the input key's + domain. If the input key is user@mail.example.com, then + %1 is com, %2 is example and %3 is mail. If the input key + is unqualified or does not have enough domain components + to satisfy all the specified patterns, a lookup is + silently suppressed and returns no results (an update is skipped with a warning). domain (default: no domain list) - This feature can significantly reduce database - server load. Specify a list of domain names, paths - to files, or "type:table" databases. When speci- - fied, only fully qualified search keys with a *non- - empty* localpart and a matching domain are eligible - for lookup or update: bare 'user' lookups, bare - domain lookups and "@domain" lookups are silently - skipped (updates are skipped with a warning). - Example: + This feature can significantly reduce database server load. + Specify a list of domain names, paths to files, or "type:table" + databases. When specified, only fully qualified search keys + with a *non-empty* localpart and a matching domain are eligible + for lookup or update: bare 'user' lookups, bare domain lookups + and "@domain" lookups are silently skipped (updates are skipped + with a warning). Example: domain = example.com, hash:/etc/postfix/searchdomains @@ -193,34 +168,31 @@ MEMCACHE_TABLE(5) MEMCACHE_TABLE(5) The maximal memcache reply line length in bytes. max_try (default: 2) - The number of times to try a memcache command - before giving up. The memcache client does not - retry a command when the memcache server accepts no - connection. + The number of times to try a memcache command before giving up. + The memcache client does not retry a command when the memcache + server accepts no connection. retry_pause (default: 1) - The time in seconds before retrying a failed mem- - cache command. + The time in seconds before retrying a failed memcache command. timeout (default: 2) - The time limit for sending a memcache command and - for receiving a memcache reply. + The time limit for sending a memcache command and for receiving + a memcache reply. BUGS - The Postfix memcache client cannot be used for security- - sensitive tables such as alias_maps (these may contain - "|command and "/file/name" destinations), or vir- - tual_uid_maps, virtual_gid_maps and virtual_mailbox_maps - (these specify UNIX process privileges or "/file/name" - destinations). In a typical deployment a memcache data- - base is writable by any process that can talk to the mem- - cache server; in contrast, security-sensitive tables must - never be writable by the unprivileged Postfix user. - - The Postfix memcache client requires additional configura- - tion when used as postscreen(8) or verify(8) cache. For - details see the backup and ttl parameter discussions in - the MEMCACHE MAIN PARAMETERS section above. + The Postfix memcache client cannot be used for security-sensitive + tables such as alias_maps (these may contain "|command and "/file/name" + destinations), or virtual_uid_maps, virtual_gid_maps and virtual_mail- + box_maps (these specify UNIX process privileges or "/file/name" desti- + nations). In a typical deployment a memcache database is writable by + any process that can talk to the memcache server; in contrast, secu- + rity-sensitive tables must never be writable by the unprivileged Post- + fix user. + + The Postfix memcache client requires additional configuration when used + as postscreen(8) or verify(8) cache. For details see the backup and + ttl parameter discussions in the MEMCACHE MAIN PARAMETERS section + above. SEE ALSO postmap(1), Postfix lookup table manager @@ -231,11 +203,10 @@ MEMCACHE_TABLE(5) MEMCACHE_TABLE(5) MEMCACHE_README, Postfix memcache client guide LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY - Memcache support was introduced with Postfix version 2.9. + Memcache support was introduced with Postfix version 2.9. AUTHOR(S) Wietse Venema diff --git a/postfix/html/mysql_table.5.html b/postfix/html/mysql_table.5.html index f8264f609..5cf01ba7a 100644 --- a/postfix/html/mysql_table.5.html +++ b/postfix/html/mysql_table.5.html @@ -15,315 +15,272 @@ MYSQL_TABLE(5) MYSQL_TABLE(5) postmap -q - mysql:/etc/postfix/filename <inputfile DESCRIPTION - The Postfix mail system uses optional tables for address - rewriting or mail routing. These tables are usually in dbm - or db format. + The Postfix mail system uses optional tables for address rewriting or + mail routing. These tables are usually in dbm or db format. - Alternatively, lookup tables can be specified as MySQL - databases. In order to use MySQL lookups, define a MySQL - source as a lookup table in main.cf, for example: + Alternatively, lookup tables can be specified as MySQL databases. In + order to use MySQL lookups, define a MySQL source as a lookup table in + main.cf, for example: alias_maps = mysql:/etc/mysql-aliases.cf - The file /etc/postfix/mysql-aliases.cf has the same format - as the Postfix main.cf file, and can specify the parame- - ters described below. + The file /etc/postfix/mysql-aliases.cf has the same format as the Post- + fix main.cf file, and can specify the parameters described below. BACKWARDS COMPATIBILITY - For compatibility with other Postfix lookup tables, MySQL - parameters can also be defined in main.cf. In order to do - that, specify as MySQL source a name that doesn't begin - with a slash or a dot. The MySQL parameters will then be - accessible as the name you've given the source in its def- - inition, an underscore, and the name of the parameter. - For example, if the map is specified as "mysql:mysqlname", - the parameter "hosts" below would be defined in main.cf as - "mysqlname_hosts". - - Note: with this form, the passwords for the MySQL sources - are written in main.cf, which is normally world-readable. - Support for this form will be removed in a future Postfix - version. - - Normally, the SQL query is specified via a single query - parameter (described in more detail below). When this - parameter is not specified in the map definition, Postfix - reverts to an older interface, with the SQL query con- - structed from the select_field, table, where_field and - additional_conditions parameters. The old interface will - be gradually phased out. To migrate to the new interface - set: + For compatibility with other Postfix lookup tables, MySQL parameters + can also be defined in main.cf. In order to do that, specify as MySQL + source a name that doesn't begin with a slash or a dot. The MySQL + parameters will then be accessible as the name you've given the source + in its definition, an underscore, and the name of the parameter. For + example, if the map is specified as "mysql:mysqlname", the parameter + "hosts" below would be defined in main.cf as "mysqlname_hosts". + + Note: with this form, the passwords for the MySQL sources are written + in main.cf, which is normally world-readable. Support for this form + will be removed in a future Postfix version. + + Normally, the SQL query is specified via a single query parameter + (described in more detail below). When this parameter is not specified + in the map definition, Postfix reverts to an older interface, with the + SQL query constructed from the select_field, table, where_field and + additional_conditions parameters. The old interface will be gradually + phased out. To migrate to the new interface set: query = SELECT [select_field] FROM [table] WHERE [where_field] = '%s' [additional_conditions] - Insert the value, not the name, of each legacy parameter. - Note that the additional_conditions parameter is optional - and if not empty, will always start with AND. + Insert the value, not the name, of each legacy parameter. Note that the + additional_conditions parameter is optional and if not empty, will + always start with AND. LIST MEMBERSHIP - When using SQL to store lists such as $mynetworks, $mydes- - tination, $relay_domains, $local_recipient_maps, etc., it - is important to understand that the table must store each - list member as a separate key. The table lookup verifies - the *existence* of the key. See "Postfix lists versus - tables" in the DATABASE_README document for a discussion. + When using SQL to store lists such as $mynetworks, $mydestination, + $relay_domains, $local_recipient_maps, etc., it is important to under- + stand that the table must store each list member as a separate key. The + table lookup verifies the *existence* of the key. See "Postfix lists + versus tables" in the DATABASE_README document for a discussion. - Do NOT create tables that return the full list of domains - in $mydestination or $relay_domains etc., or IP addresses - in $mynetworks. + Do NOT create tables that return the full list of domains in $mydesti- + nation or $relay_domains etc., or IP addresses in $mynetworks. - DO create tables with each matching item as a key and with - an arbitrary value. With SQL databases it is not uncommon - to return the key itself or a constant value. + DO create tables with each matching item as a key and with an arbitrary + value. With SQL databases it is not uncommon to return the key itself + or a constant value. MYSQL PARAMETERS - hosts The hosts that Postfix will try to connect to and - query from. Specify unix: for UNIX domain sockets, - inet: for TCP connections (default). Example: + hosts The hosts that Postfix will try to connect to and query from. + Specify unix: for UNIX domain sockets, inet: for TCP connections + (default). Example: hosts = host1.some.domain host2.some.domain:port hosts = unix:/file/name - The hosts are tried in random order, with all con- - nections over UNIX domain sockets being tried - before those over TCP. The connections are auto- - matically closed after being idle for about 1 - minute, and are re-opened as necessary. Postfix - versions 2.0 and earlier do not randomize the host - order. - - NOTE: if you specify localhost as a hostname (even - if you prefix it with inet:), MySQL will connect to - the default UNIX domain socket. In order to - instruct MySQL to connect to localhost over TCP you - have to specify + The hosts are tried in random order, with all connections over + UNIX domain sockets being tried before those over TCP. The con- + nections are automatically closed after being idle for about 1 + minute, and are re-opened as necessary. Postfix versions 2.0 and + earlier do not randomize the host order. + + NOTE: if you specify localhost as a hostname (even if you prefix + it with inet:), MySQL will connect to the default UNIX domain + socket. In order to instruct MySQL to connect to localhost over + TCP you have to specify hosts = 127.0.0.1 user, password - The user name and password to log into the mysql - server. Example: + The user name and password to log into the mysql server. Exam- + ple: user = someone password = some_password dbname The database name on the servers. Example: dbname = customer_database - query The SQL query template used to search the database, - where %s is a substitute for the address Postfix is - trying to resolve, e.g. + query The SQL query template used to search the database, where %s is + a substitute for the address Postfix is trying to resolve, e.g. query = SELECT replacement FROM aliases WHERE mailbox = '%s' - This parameter supports the following '%' expan- - sions: + This parameter supports the following '%' expansions: %% This is replaced by a literal '%' character. - %s This is replaced by the input key. SQL - quoting is used to make sure that the input - key does not add unexpected metacharacters. - - %u When the input key is an address of the form - user@domain, %u is replaced by the SQL - quoted local part of the address. Other- - wise, %u is replaced by the entire search - string. If the localpart is empty, the - query is suppressed and returns no results. - - %d When the input key is an address of the form - user@domain, %d is replaced by the SQL - quoted domain part of the address. Other- - wise, the query is suppressed and returns no - results. - - %[SUD] The upper-case equivalents of the above - expansions behave in the query parameter - identically to their lower-case counter- - parts. With the result_format parameter - (see below), they expand the input key - rather than the result value. - - %[1-9] The patterns %1, %2, ... %9 are replaced by - the corresponding most significant component - of the input key's domain. If the input key - is user@mail.example.com, then %1 is com, %2 - is example and %3 is mail. If the input key - is unqualified or does not have enough - domain components to satisfy all the speci- - fied patterns, the query is suppressed and - returns no results. - - The domain parameter described below limits the - input keys to addresses in matching domains. When - the domain parameter is non-empty, SQL queries for - unqualified addresses or addresses in non-matching - domains are suppressed and return no results. - - This parameter is available with Postfix 2.2. In - prior releases the SQL query was built from the - separate parameters: select_field, table, - where_field and additional_conditions. The mapping - from the old parameters to the equivalent query is: + %s This is replaced by the input key. SQL quoting is used + to make sure that the input key does not add unexpected + metacharacters. + + %u When the input key is an address of the form user@domain, + %u is replaced by the SQL quoted local part of the + address. Otherwise, %u is replaced by the entire search + string. If the localpart is empty, the query is sup- + pressed and returns no results. + + %d When the input key is an address of the form user@domain, + %d is replaced by the SQL quoted domain part of the + address. Otherwise, the query is suppressed and returns + no results. + + %[SUD] The upper-case equivalents of the above expansions behave + in the query parameter identically to their lower-case + counter-parts. With the result_format parameter (see + below), they expand the input key rather than the result + value. + + %[1-9] The patterns %1, %2, ... %9 are replaced by the corre- + sponding most significant component of the input key's + domain. If the input key is user@mail.example.com, then + %1 is com, %2 is example and %3 is mail. If the input key + is unqualified or does not have enough domain components + to satisfy all the specified patterns, the query is sup- + pressed and returns no results. + + The domain parameter described below limits the input keys to + addresses in matching domains. When the domain parameter is non- + empty, SQL queries for unqualified addresses or addresses in + non-matching domains are suppressed and return no results. + + This parameter is available with Postfix 2.2. In prior releases + the SQL query was built from the separate parameters: + select_field, table, where_field and additional_conditions. The + mapping from the old parameters to the equivalent query is: SELECT [select_field] FROM [table] WHERE [where_field] = '%s' [additional_conditions] - The '%s' in the WHERE clause expands to the escaped - search string. With Postfix 2.2 these legacy - parameters are used if the query parameter is not - specified. + The '%s' in the WHERE clause expands to the escaped search + string. With Postfix 2.2 these legacy parameters are used if + the query parameter is not specified. NOTE: DO NOT put quotes around the query parameter. result_format (default: %s) - Format template applied to result attributes. Most - commonly used to append (or prepend) text to the - result. This parameter supports the following '%' - expansions: + Format template applied to result attributes. Most commonly used + to append (or prepend) text to the result. This parameter sup- + ports the following '%' expansions: %% This is replaced by a literal '%' character. - %s This is replaced by the value of the result - attribute. When result is empty it is - skipped. + %s This is replaced by the value of the result attribute. + When result is empty it is skipped. - %u When the result attribute value is an - address of the form user@domain, %u is - replaced by the local part of the address. - When the result has an empty localpart it is + %u When the result attribute value is an address of the form + user@domain, %u is replaced by the local part of the + address. When the result has an empty localpart it is skipped. - %d When a result attribute value is an address - of the form user@domain, %d is replaced by - the domain part of the attribute value. When - the result is unqualified it is skipped. + %d When a result attribute value is an address of the form + user@domain, %d is replaced by the domain part of the + attribute value. When the result is unqualified it is + skipped. %[SUD1-9] - The upper-case and decimal digit expansions - interpolate the parts of the input key - rather than the result. Their behavior is - identical to that described with query, and - in fact because the input key is known in - advance, queries whose key does not contain - all the information specified in the result - template are suppressed and return no - results. - - For example, using "result_format = smtp:[%s]" - allows one to use a mailHost attribute as the basis - of a transport(5) table. After applying the result - format, multiple values are concatenated as comma - separated strings. The expansion_limit and parame- - ter explained below allows one to restrict the num- - ber of values in the result, which is especially - useful for maps that must return at most one value. - - The default value %s specifies that each result - value should be used as is. - - This parameter is available with Postfix 2.2 and - later. + The upper-case and decimal digit expansions interpolate + the parts of the input key rather than the result. Their + behavior is identical to that described with query, and + in fact because the input key is known in advance, + queries whose key does not contain all the information + specified in the result template are suppressed and + return no results. + + For example, using "result_format = smtp:[%s]" allows one to use + a mailHost attribute as the basis of a transport(5) table. After + applying the result format, multiple values are concatenated as + comma separated strings. The expansion_limit and parameter + explained below allows one to restrict the number of values in + the result, which is especially useful for maps that must return + at most one value. + + The default value %s specifies that each result value should be + used as is. + + This parameter is available with Postfix 2.2 and later. NOTE: DO NOT put quotes around the result format! domain (default: no domain list) - This is a list of domain names, paths to files, or - dictionaries. When specified, only fully qualified - search keys with a *non-empty* localpart and a - matching domain are eligible for lookup: 'user' - lookups, bare domain lookups and "@domain" lookups - are not performed. This can significantly reduce - the query load on the MySQL server. + This is a list of domain names, paths to files, or dictionaries. + When specified, only fully qualified search keys with a *non- + empty* localpart and a matching domain are eligible for lookup: + 'user' lookups, bare domain lookups and "@domain" lookups are + not performed. This can significantly reduce the query load on + the MySQL server. domain = postfix.org, hash:/etc/postfix/searchdomains - It is best not to use SQL to store the domains eli- - gible for SQL lookups. + It is best not to use SQL to store the domains eligible for SQL + lookups. - This parameter is available with Postfix 2.2 and - later. + This parameter is available with Postfix 2.2 and later. - NOTE: DO NOT define this parameter for local(8) - aliases, because the input keys are always unquali- - fied. + NOTE: DO NOT define this parameter for local(8) aliases, because + the input keys are always unqualified. expansion_limit (default: 0) - A limit on the total number of result elements - returned (as a comma separated list) by a lookup - against the map. A setting of zero disables the - limit. Lookups fail with a temporary error if the - limit is exceeded. Setting the limit to 1 ensures - that lookups do not return multiple values. + A limit on the total number of result elements returned (as a + comma separated list) by a lookup against the map. A setting of + zero disables the limit. Lookups fail with a temporary error if + the limit is exceeded. Setting the limit to 1 ensures that + lookups do not return multiple values. option_file - Read options from the given file instead of the - default my.cnf location. + Read options from the given file instead of the default my.cnf + location. - This parameter is available with Postfix 2.11 and - later. + This parameter is available with Postfix 2.11 and later. option_group Read options from the given group. - This parameter is available with Postfix 2.11 and - later. + This parameter is available with Postfix 2.11 and later. tls_cert_file File containing client's X509 certificate. - This parameter is available with Postfix 2.11 and - later. + This parameter is available with Postfix 2.11 and later. tls_key_file - File containing the private key corresponding to - tls_cert_file. + File containing the private key corresponding to tls_cert_file. - This parameter is available with Postfix 2.11 and - later. + This parameter is available with Postfix 2.11 and later. tls_CAfile - File containing certificates for all of the X509 - Certificate Authorities the client will recognize. - Takes precedence over tls_CApath. + File containing certificates for all of the X509 Certificate + Authorities the client will recognize. Takes precedence over + tls_CApath. - This parameter is available with Postfix 2.11 and - later. + This parameter is available with Postfix 2.11 and later. tls_CApath - Directory containing X509 Certificate Authority - certificates in separate individual files. + Directory containing X509 Certificate Authority certificates in + separate individual files. - This parameter is available with Postfix 2.11 and - later. + This parameter is available with Postfix 2.11 and later. tls_verify_cert (default: no) - Verify that the server's name matches the common - name in the certficate. + Verify that the server's name matches the common name in the + certficate. - This parameter is available with Postfix 2.11 and - later. + This parameter is available with Postfix 2.11 and later. OBSOLETE QUERY INTERFACE - This section describes an interface that is deprecated as - of Postfix 2.2. It is replaced by the more general query - interface described above. If the query parameter is - defined, the legacy parameters described here ignored. - Please migrate to the new interface as the legacy inter- - face may be removed in a future release. + This section describes an interface that is deprecated as of Postfix + 2.2. It is replaced by the more general query interface described + above. If the query parameter is defined, the legacy parameters + described here ignored. Please migrate to the new interface as the + legacy interface may be removed in a future release. - The following parameters can be used to fill in a SELECT - template statement of the form: + The following parameters can be used to fill in a SELECT template + statement of the form: SELECT [select_field] FROM [table] WHERE [where_field] = '%s' [additional_conditions] - The specifier %s is replaced by the search string, and is - escaped so if it contains single quotes or other odd char- - acters, it will not cause a parse error, or worse, a secu- - rity problem. + The specifier %s is replaced by the search string, and is escaped so if + it contains single quotes or other odd characters, it will not cause a + parse error, or worse, a security problem. select_field The SQL "select" parameter. Example: @@ -352,8 +309,7 @@ MYSQL_TABLE(5) MYSQL_TABLE(5) MYSQL_README, Postfix MYSQL client guide LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY MySQL support was introduced with Postfix version 1.0. diff --git a/postfix/html/newaliases.1.html b/postfix/html/newaliases.1.html index d463d2a64..5a535363d 100644 --- a/postfix/html/newaliases.1.html +++ b/postfix/html/newaliases.1.html @@ -19,165 +19,149 @@ SENDMAIL(1) SENDMAIL(1) sendmail -I DESCRIPTION - The Postfix sendmail(1) command implements the Postfix to - Sendmail compatibility interface. For the sake of compat- - ibility with existing applications, some Sendmail command- - line options are recognized but silently ignored. + The Postfix sendmail(1) command implements the Postfix to Sendmail com- + patibility interface. For the sake of compatibility with existing + applications, some Sendmail command-line options are recognized but + silently ignored. - By default, Postfix sendmail(1) reads a message from stan- - dard input until EOF or until it reads a line with only a - . character, and arranges for delivery. Postfix send- - mail(1) relies on the postdrop(1) command to create a - queue file in the maildrop directory. + By default, Postfix sendmail(1) reads a message from standard input + until EOF or until it reads a line with only a . character, and + arranges for delivery. Postfix sendmail(1) relies on the postdrop(1) + command to create a queue file in the maildrop directory. - Specific command aliases are provided for other common - modes of operation: + Specific command aliases are provided for other common modes of opera- + tion: - mailq List the mail queue. Each entry shows the queue - file ID, message size, arrival time, sender, and - the recipients that still need to be delivered. If - mail could not be delivered upon the last attempt, - the reason for failure is shown. The queue ID - string is followed by an optional status character: + mailq List the mail queue. Each entry shows the queue file ID, message + size, arrival time, sender, and the recipients that still need + to be delivered. If mail could not be delivered upon the last + attempt, the reason for failure is shown. The queue ID string is + followed by an optional status character: - * The message is in the active queue, i.e. the - message is selected for delivery. + * The message is in the active queue, i.e. the message is + selected for delivery. - ! The message is in the hold queue, i.e. no - further delivery attempt will be made until - the mail is taken off hold. + ! The message is in the hold queue, i.e. no further deliv- + ery attempt will be made until the mail is taken off + hold. - This mode of operation is implemented by executing - the postqueue(1) command. + This mode of operation is implemented by executing the + postqueue(1) command. newaliases - Initialize the alias database. If no input file is - specified (with the -oA option, see below), the - program processes the file(s) specified with the - alias_database configuration parameter. If no - alias database type is specified, the program uses - the type specified with the default_database_type - configuration parameter. This mode of operation is - implemented by running the postalias(1) command. - - Note: it may take a minute or so before an alias - database update becomes visible. Use the "postfix - reload" command to eliminate this delay. - - These and other features can be selected by specifying the - appropriate combination of command-line options. Some fea- - tures are controlled by parameters in the main.cf configu- - ration file. + Initialize the alias database. If no input file is specified + (with the -oA option, see below), the program processes the + file(s) specified with the alias_database configuration parame- + ter. If no alias database type is specified, the program uses + the type specified with the default_database_type configuration + parameter. This mode of operation is implemented by running the + postalias(1) command. + + Note: it may take a minute or so before an alias database update + becomes visible. Use the "postfix reload" command to eliminate + this delay. + + These and other features can be selected by specifying the appropriate + combination of command-line options. Some features are controlled by + parameters in the main.cf configuration file. The following options are recognized: -Am (ignored) -Ac (ignored) - Postfix sendmail uses the same configuration file - regardless of whether or not a message is an ini- - tial submission. + Postfix sendmail uses the same configuration file regardless of + whether or not a message is an initial submission. -B body_type The message body MIME type: 7BIT or 8BITMIME. - -bd Go into daemon mode. This mode of operation is - implemented by executing the "postfix start" com- - mand. + -bd Go into daemon mode. This mode of operation is implemented by + executing the "postfix start" command. -bh (ignored) -bH (ignored) Postfix has no persistent host status database. - -bi Initialize alias database. See the newaliases com- - mand above. + -bi Initialize alias database. See the newaliases command above. - -bl Go into daemon mode. To accept only local connec- - tions as with Sendmail's -bl option, specify - "inet_interfaces = loopback" in the Postfix main.cf - configuration file. + -bl Go into daemon mode. To accept only local connections as with + Sendmail's -bl option, specify "inet_interfaces = loopback" in + the Postfix main.cf configuration file. - -bm Read mail from standard input and arrange for - delivery. This is the default mode of operation. + -bm Read mail from standard input and arrange for delivery. This is + the default mode of operation. -bp List the mail queue. See the mailq command above. - -bs Stand-alone SMTP server mode. Read SMTP commands - from standard input, and write responses to stan- - dard output. In stand-alone SMTP server mode, mail - relaying and other access controls are disabled by - default. To enable them, run the process as the + -bs Stand-alone SMTP server mode. Read SMTP commands from standard + input, and write responses to standard output. In stand-alone + SMTP server mode, mail relaying and other access controls are + disabled by default. To enable them, run the process as the mail_owner user. - This mode of operation is implemented by running - the smtpd(8) daemon. + This mode of operation is implemented by running the smtpd(8) + daemon. - -bv Do not collect or deliver a message. Instead, send - an email report after verifying each recipient - address. This is useful for testing address - rewriting and routing configurations. + -bv Do not collect or deliver a message. Instead, send an email + report after verifying each recipient address. This is useful + for testing address rewriting and routing configurations. - This feature is available in Postfix version 2.1 - and later. + This feature is available in Postfix version 2.1 and later. -C config_file -C config_dir - The path name of the Postfix main.cf file, or of - its parent directory. This information is ignored - with Postfix versions before 2.3. + The path name of the Postfix main.cf file, or of its parent + directory. This information is ignored with Postfix versions + before 2.3. - With all Postfix versions, you can specify a direc- - tory pathname with the MAIL_CONFIG environment - variable to override the location of configuration - files. + With all Postfix versions, you can specify a directory pathname + with the MAIL_CONFIG environment variable to override the loca- + tion of configuration files. -F full_name - Set the sender full name. This overrides the NAME - environment variable, and is used only with mes- - sages that have no From: message header. + Set the sender full name. This overrides the NAME environment + variable, and is used only with messages that have no From: mes- + sage header. -f sender - Set the envelope sender address. This is the - address where delivery problems are sent to. With - Postfix versions before 2.1, the Errors-To: message - header overrides the error return address. + Set the envelope sender address. This is the address where + delivery problems are sent to. With Postfix versions before 2.1, + the Errors-To: message header overrides the error return + address. - -G Gateway (relay) submission, as opposed to initial - user submission. Either do not rewrite addresses - at all, or update incomplete addresses with the - domain information specified with remote_header_re- - write_domain. + -G Gateway (relay) submission, as opposed to initial user submis- + sion. Either do not rewrite addresses at all, or update incom- + plete addresses with the domain information specified with + remote_header_rewrite_domain. - This option is ignored before Postfix version 2.3. + This option is ignored before Postfix version 2.3. -h hop_count (ignored) - Hop count limit. Use the hopcount_limit configura- - tion parameter instead. + Hop count limit. Use the hopcount_limit configuration parameter + instead. - -I Initialize alias database. See the newaliases com- - mand above. + -I Initialize alias database. See the newaliases command above. - -i When reading a message from standard input, don't - treat a line with only a . character as the end of - input. + -i When reading a message from standard input, don't treat a line + with only a . character as the end of input. -L label (ignored) - The logging label. Use the syslog_name configura- - tion parameter instead. + The logging label. Use the syslog_name configuration parameter + instead. -m (ignored) Backwards compatibility. -N dsn (default: 'delay, failure') - Delivery status notification control. Specify - either a comma-separated list with one or more of - failure (send notification when delivery fails), - delay (send notification when delivery is delayed), - or success (send notification when the message is - delivered); or specify never (don't send any noti- - fications at all). + Delivery status notification control. Specify either a comma- + separated list with one or more of failure (send notification + when delivery fails), delay (send notification when delivery is + delayed), or success (send notification when the message is + delivered); or specify never (don't send any notifications at + all). This feature is available in Postfix 2.3 and later. @@ -185,133 +169,118 @@ SENDMAIL(1) SENDMAIL(1) Backwards compatibility. -oAalias_database - Non-default alias database. Specify pathname or - type:pathname. See postalias(1) for details. + Non-default alias database. Specify pathname or type:pathname. + See postalias(1) for details. -O option=value (ignored) - Set the named option to value. Use the equivalent - configuration parameter in main.cf instead. + Set the named option to value. Use the equivalent configuration + parameter in main.cf instead. -o7 (ignored) -o8 (ignored) - To send 8-bit or binary content, use an appropriate - MIME encapsulation and specify the appropriate -B - command-line option. + To send 8-bit or binary content, use an appropriate MIME encap- + sulation and specify the appropriate -B command-line option. - -oi When reading a message from standard input, don't - treat a line with only a . character as the end of - input. + -oi When reading a message from standard input, don't treat a line + with only a . character as the end of input. -om (ignored) - The sender is never eliminated from alias etc. - expansions. + The sender is never eliminated from alias etc. expansions. -o x value (ignored) - Set option x to value. Use the equivalent configu- - ration parameter in main.cf instead. + Set option x to value. Use the equivalent configuration parame- + ter in main.cf instead. -r sender - Set the envelope sender address. This is the - address where delivery problems are sent to. With - Postfix versions before 2.1, the Errors-To: message - header overrides the error return address. + Set the envelope sender address. This is the address where + delivery problems are sent to. With Postfix versions before 2.1, + the Errors-To: message header overrides the error return + address. -R return - Delivery status notification control. Specify - "hdrs" to return only the header when a message - bounces, "full" to return a full copy (the default - behavior). + Delivery status notification control. Specify "hdrs" to return + only the header when a message bounces, "full" to return a full + copy (the default behavior). - The -R option specifies an upper bound; Postfix - will return only the header, when a full copy would - exceed the bounce_size_limit setting. + The -R option specifies an upper bound; Postfix will return only + the header, when a full copy would exceed the bounce_size_limit + setting. This option is ignored before Postfix version 2.10. - -q Attempt to deliver all queued mail. This is imple- - mented by executing the postqueue(1) command. + -q Attempt to deliver all queued mail. This is implemented by exe- + cuting the postqueue(1) command. - Warning: flushing undeliverable mail frequently - will result in poor delivery performance of all - other mail. + Warning: flushing undeliverable mail frequently will result in + poor delivery performance of all other mail. -qinterval (ignored) - The interval between queue runs. Use the - queue_run_delay configuration parameter instead. + The interval between queue runs. Use the queue_run_delay config- + uration parameter instead. -qIqueueid - Schedule immediate delivery of mail with the speci- - fied queue ID. This option is implemented by exe- - cuting the postqueue(1) command, and is available - with Postfix version 2.4 and later. + Schedule immediate delivery of mail with the specified queue ID. + This option is implemented by executing the postqueue(1) com- + mand, and is available with Postfix version 2.4 and later. -qRsite - Schedule immediate delivery of all mail that is - queued for the named site. This option accepts only - site names that are eligible for the "fast flush" - service, and is implemented by executing the - postqueue(1) command. See flush(8) for more infor- - mation about the "fast flush" service. + Schedule immediate delivery of all mail that is queued for the + named site. This option accepts only site names that are eligi- + ble for the "fast flush" service, and is implemented by execut- + ing the postqueue(1) command. See flush(8) for more information + about the "fast flush" service. -qSsite - This command is not implemented. Use the slower - "sendmail -q" command instead. + This command is not implemented. Use the slower "sendmail -q" + command instead. - -t Extract recipients from message headers. These are - added to any recipients specified on the command - line. + -t Extract recipients from message headers. These are added to any + recipients specified on the command line. - With Postfix versions prior to 2.1, this option - requires that no recipient addresses are specified - on the command line. + With Postfix versions prior to 2.1, this option requires that no + recipient addresses are specified on the command line. -U (ignored) Initial user submission. -V envid - Specify the envelope ID for notification by servers - that support DSN. + Specify the envelope ID for notification by servers that support + DSN. This feature is available in Postfix 2.3 and later. -XV (Postfix 2.2 and earlier: -V) - Variable Envelope Return Path. Given an envelope - sender address of the form owner-listname@origin, - each recipient user@domain receives mail with a - personalized envelope sender address. + Variable Envelope Return Path. Given an envelope sender address + of the form owner-listname@origin, each recipient user@domain + receives mail with a personalized envelope sender address. - By default, the personalized envelope sender - address is owner-listname+user=domain@origin. The - default + and = characters are configurable with - the default_verp_delimiters configuration parame- - ter. + By default, the personalized envelope sender address is owner- + listname+user=domain@origin. The default + and = characters are + configurable with the default_verp_delimiters configuration + parameter. -XVxy (Postfix 2.2 and earlier: -Vxy) - As -XV, but uses x and y as the VERP delimiter - characters, instead of the characters specified - with the default_verp_delimiters configuration - parameter. + As -XV, but uses x and y as the VERP delimiter characters, + instead of the characters specified with the default_verp_delim- + iters configuration parameter. - -v Send an email report of the first delivery attempt - (Postfix versions 2.1 and later). Mail delivery - always happens in the background. When multiple -v - options are given, enable verbose logging for - debugging purposes. + -v Send an email report of the first delivery attempt (Postfix ver- + sions 2.1 and later). Mail delivery always happens in the back- + ground. When multiple -v options are given, enable verbose log- + ging for debugging purposes. -X log_file (ignored) - Log mailer traffic. Use the debug_peer_list and - debug_peer_level configuration parameters instead. + Log mailer traffic. Use the debug_peer_list and debug_peer_level + configuration parameters instead. SECURITY - By design, this program is not set-user (or group) id. - However, it must handle data from untrusted, possibly - remote, users. Thus, the usual precautions need to be - taken against malicious inputs. + By design, this program is not set-user (or group) id. However, it must + handle data from untrusted, possibly remote, users. Thus, the usual + precautions need to be taken against malicious inputs. DIAGNOSTICS - Problems are logged to syslogd(8) and to the standard - error stream. + Problems are logged to syslogd(8) and to the standard error stream. ENVIRONMENT MAIL_CONFIG @@ -321,161 +290,142 @@ SENDMAIL(1) SENDMAIL(1) Enable verbose logging for debugging purposes. MAIL_DEBUG (value does not matter) - Enable debugging with an external command, as spec- - ified with the debugger_command configuration - parameter. + Enable debugging with an external command, as specified with the + debugger_command configuration parameter. - NAME The sender full name. This is used only with mes- - sages that have no From: message header. See also - the -F option above. + NAME The sender full name. This is used only with messages that have + no From: message header. See also the -F option above. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. The text below provides only a parameter - summary. See postconf(5) for more details including exam- - ples. + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- + conf(5) for more details including examples. COMPATIBILITY CONTROLS Available with Postfix 2.9 and later: sendmail_fix_line_endings (always) - Controls how the Postfix sendmail command converts - email message line endings from <CR><LF> into UNIX - format (<LF>). + Controls how the Postfix sendmail command converts email message + line endings from <CR><LF> into UNIX format (<LF>). TROUBLE SHOOTING CONTROLS - The DEBUG_README file gives examples of how to trouble - shoot a Postfix system. + The DEBUG_README file gives examples of how to trouble shoot a Postfix + system. debugger_command (empty) - The external command to execute when a Postfix dae- - mon program is invoked with the -D option. + The external command to execute when a Postfix daemon program is + invoked with the -D option. debug_peer_level (2) - The increment in verbose logging level when a - remote client or server matches a pattern in the - debug_peer_list parameter. + The increment in verbose logging level when a remote client or + server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname - or network address patterns that cause the verbose - logging level to increase by the amount specified - in $debug_peer_level. + Optional list of remote client or server hostname or network + address patterns that cause the verbose logging level to + increase by the amount specified in $debug_peer_level. ACCESS CONTROLS Available in Postfix version 2.2 and later: authorized_flush_users (static:anyone) - List of users who are authorized to flush the - queue. + List of users who are authorized to flush the queue. authorized_mailq_users (static:anyone) List of users who are authorized to view the queue. authorized_submit_users (static:anyone) - List of users who are authorized to submit mail - with the sendmail(1) command (and with the privi- - leged postdrop(1) helper command). + List of users who are authorized to submit mail with the send- + mail(1) command (and with the privileged postdrop(1) helper com- + mand). RESOURCE AND RATE CONTROLS bounce_size_limit (50000) - The maximal amount of original message text that is - sent in a non-delivery notification. + The maximal amount of original message text that is sent in a + non-delivery notification. fork_attempts (5) - The maximal number of attempts to fork() a child - process. + The maximal number of attempts to fork() a child process. fork_delay (1s) - The delay between attempts to fork() a child - process. + The delay between attempts to fork() a child process. hopcount_limit (50) - The maximal number of Received: message headers - that is allowed in the primary message headers. + The maximal number of Received: message headers that is allowed + in the primary message headers. queue_run_delay (300s) - The time between deferred queue scans by the queue - manager; prior to Postfix 2.4 the default value was - 1000s. + The time between deferred queue scans by the queue manager; + prior to Postfix 2.4 the default value was 1000s. FAST FLUSH CONTROLS - The ETRN_README file describes configuration and operation - details for the Postfix "fast flush" service. + The ETRN_README file describes configuration and operation details for + the Postfix "fast flush" service. fast_flush_domains ($relay_domains) - Optional list of destinations that are eligible for - per-destination logfiles with mail that is queued - to those destinations. + Optional list of destinations that are eligible for per-destina- + tion logfiles with mail that is queued to those destinations. VERP CONTROLS - The VERP_README file describes configuration and operation - details of Postfix support for variable envelope return - path addresses. + The VERP_README file describes configuration and operation details of + Postfix support for variable envelope return path addresses. default_verp_delimiters (+=) The two default VERP delimiter characters. verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter - characters on the Postfix sendmail(1) command line - and in SMTP commands. + The characters Postfix accepts as VERP delimiter characters on + the Postfix sendmail(1) command line and in SMTP commands. MISCELLANEOUS CONTROLS alias_database (see 'postconf -d' output) - The alias databases for local(8) delivery that are - updated with "newaliases" or with "sendmail -bi". + The alias databases for local(8) delivery that are updated with + "newaliases" or with "sendmail -bi". command_directory (see 'postconf -d' output) - The location of all postfix administrative com- - mands. + The location of all postfix administrative commands. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_directory (see 'postconf -d' output) - The directory with Postfix support programs and - daemon programs. + The directory with Postfix support programs and daemon programs. default_database_type (see 'postconf -d' output) - The default database type for use in newaliases(1), - postalias(1) and postmap(1) commands. + The default database type for use in newaliases(1), postalias(1) + and postmap(1) commands. delay_warning_time (0h) - The time after which the sender receives a copy of - the message headers of mail that is still queued. + The time after which the sender receives a copy of the message + headers of mail that is still queued. enable_errors_to (no) - Report mail delivery errors to the address speci- - fied with the non-standard Errors-To: message - header, instead of the envelope sender address - (this feature is removed with Postfix version 2.2, - is turned off by default with Postfix version 2.1, - and is always turned on with older Postfix ver- - sions). + Report mail delivery errors to the address specified with the + non-standard Errors-To: message header, instead of the envelope + sender address (this feature is removed with Postfix version + 2.2, is turned off by default with Postfix version 2.1, and is + always turned on with older Postfix versions). mail_owner (postfix) - The UNIX system account that owns the Postfix queue - and most Postfix daemon processes. + The UNIX system account that owns the Postfix queue and most + Postfix daemon processes. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. remote_header_rewrite_domain (empty) - Don't rewrite message headers from remote clients - at all when this parameter is empty; otherwise, re- - write message headers and append the specified - domain name to incomplete addresses. + Don't rewrite message headers from remote clients at all when + this parameter is empty; otherwise, rewrite message headers and + append the specified domain name to incomplete addresses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". FILES /var/spool/postfix, mail queue @@ -494,13 +444,14 @@ SENDMAIL(1) SENDMAIL(1) syslogd(8), system logging README_FILES + Use "postconf readme_directory" or "postconf html_directory" to locate + this information. DEBUG_README, Postfix debugging howto ETRN_README, Postfix ETRN howto VERP_README, Postfix VERP howto LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/nisplus_table.5.html b/postfix/html/nisplus_table.5.html index 8bb3e406a..3d71f2fb2 100644 --- a/postfix/html/nisplus_table.5.html +++ b/postfix/html/nisplus_table.5.html @@ -15,49 +15,46 @@ NISPLUS_TABLE(5) NISPLUS_TABLE(5) postmap -q - "nisplus:[name=%s];name.name." <inputfile DESCRIPTION - The Postfix mail system uses optional lookup tables. - These tables are usually in dbm or db format. Alterna- - tively, lookup tables can be specified as NIS+ databases. + The Postfix mail system uses optional lookup tables. These tables are + usually in dbm or db format. Alternatively, lookup tables can be spec- + ified as NIS+ databases. - To find out what types of lookup tables your Postfix sys- - tem supports use the "postconf -m" command. + To find out what types of lookup tables your Postfix system supports + use the "postconf -m" command. - To test Postfix NIS+ lookup tables, use the "postmap -q" - command as described in the SYNOPSIS above. + To test Postfix NIS+ lookup tables, use the "postmap -q" command as + described in the SYNOPSIS above. QUERY SYNTAX - Most of the NIS+ query is specified via the NIS+ map name. - The general format of a Postfix NIS+ map name is as fol- - lows: + Most of the NIS+ query is specified via the NIS+ map name. The general + format of a Postfix NIS+ map name is as follows: nisplus:[name=%s];name.name.name.:column - Postfix NIS+ map names differ from what one normally would - use with commands such as niscat: + Postfix NIS+ map names differ from what one normally would use with + commands such as niscat: - o With each NIS+ table lookup, "%s" is replaced by a - version of the lookup string. There can be only - one "%s" instance in a Postfix NIS+ map name. + o With each NIS+ table lookup, "%s" is replaced by a version of + the lookup string. There can be only one "%s" instance in a + Postfix NIS+ map name. - o Postfix NIS+ map names use ";" instead of ",", - because the latter character is special in the - Postfix main.cf file. Postfix replaces ";" charac- - ters in the map name by "," before making NIS+ - queries. + o Postfix NIS+ map names use ";" instead of ",", because the lat- + ter character is special in the Postfix main.cf file. Postfix + replaces ";" characters in the map name by "," before making + NIS+ queries. - o The ":column" part in the NIS+ map name is not part - of the actual NIS+ query. Instead, it specifies the - number of the table column that provides the lookup - result. When no ":column" is specified the first - column (1) is used. + o The ":column" part in the NIS+ map name is not part of the + actual NIS+ query. Instead, it specifies the number of the table + column that provides the lookup result. When no ":column" is + specified the first column (1) is used. EXAMPLE A NIS+ aliases map might be queried as follows: - alias_maps = dbm:/etc/mail/aliases, + alias_maps = dbm:/etc/mail/aliases, nisplus:[alias=%s];mail_aliases.org_dir.$mydomain.:1 - This queries the local aliases file before the NIS+ file. + This queries the local aliases file before the NIS+ file. SEE ALSO postmap(1), Postfix lookup table manager @@ -66,8 +63,7 @@ NISPLUS_TABLE(5) NISPLUS_TABLE(5) DATABASE_README, Postfix lookup table overview LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Geoff Gibbs diff --git a/postfix/html/oqmgr.8.html b/postfix/html/oqmgr.8.html index eabccc0ea..42f5a80fd 100644 --- a/postfix/html/oqmgr.8.html +++ b/postfix/html/oqmgr.8.html @@ -13,368 +13,330 @@ OQMGR(8) OQMGR(8) oqmgr [generic Postfix daemon options] DESCRIPTION - The oqmgr(8) daemon awaits the arrival of incoming mail - and arranges for its delivery via Postfix delivery pro- - cesses. The actual mail routing strategy is delegated to - the trivial-rewrite(8) daemon. This program expects to be - run from the master(8) process manager. + The oqmgr(8) daemon awaits the arrival of incoming mail and arranges + for its delivery via Postfix delivery processes. The actual mail rout- + ing strategy is delegated to the trivial-rewrite(8) daemon. This pro- + gram expects to be run from the master(8) process manager. - Mail addressed to the local double-bounce address is - logged and discarded. This stops potential loops caused - by undeliverable bounce notifications. + Mail addressed to the local double-bounce address is logged and dis- + carded. This stops potential loops caused by undeliverable bounce + notifications. MAIL QUEUES The oqmgr(8) daemon maintains the following queues: incoming - Inbound mail from the network, or mail picked up by - the local pickup(8) agent from the maildrop direc- - tory. + Inbound mail from the network, or mail picked up by the local + pickup(8) agent from the maildrop directory. - active Messages that the queue manager has opened for - delivery. Only a limited number of messages is - allowed to enter the active queue (leaky bucket - strategy, for a fixed delivery rate). + active Messages that the queue manager has opened for delivery. Only a + limited number of messages is allowed to enter the active queue + (leaky bucket strategy, for a fixed delivery rate). deferred - Mail that could not be delivered upon the first - attempt. The queue manager implements exponential - backoff by doubling the time between delivery - attempts. + Mail that could not be delivered upon the first attempt. The + queue manager implements exponential backoff by doubling the + time between delivery attempts. corrupt - Unreadable or damaged queue files are moved here - for inspection. + Unreadable or damaged queue files are moved here for inspection. - hold Messages that are kept "on hold" are kept here - until someone sets them free. + hold Messages that are kept "on hold" are kept here until someone + sets them free. DELIVERY STATUS REPORTS - The oqmgr(8) daemon keeps an eye on per-message delivery - status reports in the following directories. Each status - report file has the same name as the corresponding message - file: + The oqmgr(8) daemon keeps an eye on per-message delivery status reports + in the following directories. Each status report file has the same name + as the corresponding message file: - bounce Per-recipient status information about why mail is - bounced. These files are maintained by the - bounce(8) daemon. + bounce Per-recipient status information about why mail is bounced. + These files are maintained by the bounce(8) daemon. - defer Per-recipient status information about why mail is - delayed. These files are maintained by the - defer(8) daemon. + defer Per-recipient status information about why mail is delayed. + These files are maintained by the defer(8) daemon. - trace Per-recipient status information as requested with - the Postfix "sendmail -v" or "sendmail -bv" com- - mand. These files are maintained by the trace(8) - daemon. + trace Per-recipient status information as requested with the Postfix + "sendmail -v" or "sendmail -bv" command. These files are main- + tained by the trace(8) daemon. - The oqmgr(8) daemon is responsible for asking the - bounce(8), defer(8) or trace(8) daemons to send delivery - reports. + The oqmgr(8) daemon is responsible for asking the bounce(8), defer(8) + or trace(8) daemons to send delivery reports. STRATEGIES - The queue manager implements a variety of strategies for - either opening queue files (input) or for message delivery - (output). + The queue manager implements a variety of strategies for either opening + queue files (input) or for message delivery (output). leaky bucket - This strategy limits the number of messages in the - active queue and prevents the queue manager from - running out of memory under heavy load. + This strategy limits the number of messages in the active queue + and prevents the queue manager from running out of memory under + heavy load. fairness - When the active queue has room, the queue manager - takes one message from the incoming queue and one - from the deferred queue. This prevents a large mail - backlog from blocking the delivery of new mail. + When the active queue has room, the queue manager takes one mes- + sage from the incoming queue and one from the deferred queue. + This prevents a large mail backlog from blocking the delivery of + new mail. slow start - This strategy eliminates "thundering herd" problems - by slowly adjusting the number of parallel deliver- - ies to the same destination. + This strategy eliminates "thundering herd" problems by slowly + adjusting the number of parallel deliveries to the same destina- + tion. round robin - The queue manager sorts delivery requests by desti- - nation. Round-robin selection prevents one desti- - nation from dominating deliveries to other destina- - tions. + The queue manager sorts delivery requests by destination. + Round-robin selection prevents one destination from dominating + deliveries to other destinations. exponential backoff - Mail that cannot be delivered upon the first - attempt is deferred. The time interval between - delivery attempts is doubled after each attempt. + Mail that cannot be delivered upon the first attempt is + deferred. The time interval between delivery attempts is dou- + bled after each attempt. destination status cache - The queue manager avoids unnecessary delivery - attempts by maintaining a short-term, in-memory - list of unreachable destinations. + The queue manager avoids unnecessary delivery attempts by main- + taining a short-term, in-memory list of unreachable destina- + tions. TRIGGERS - On an idle system, the queue manager waits for the arrival - of trigger events, or it waits for a timer to go off. A - trigger is a one-byte message. Depending on the message - received, the queue manager performs one of the following - actions (the message is followed by the symbolic constant - used internally by the software): + On an idle system, the queue manager waits for the arrival of trigger + events, or it waits for a timer to go off. A trigger is a one-byte mes- + sage. Depending on the message received, the queue manager performs + one of the following actions (the message is followed by the symbolic + constant used internally by the software): D (QMGR_REQ_SCAN_DEFERRED) - Start a deferred queue scan. If a deferred queue - scan is already in progress, that scan will be - restarted as soon as it finishes. + Start a deferred queue scan. If a deferred queue scan is + already in progress, that scan will be restarted as soon as it + finishes. I (QMGR_REQ_SCAN_INCOMING) - Start an incoming queue scan. If an incoming queue - scan is already in progress, that scan will be - restarted as soon as it finishes. + Start an incoming queue scan. If an incoming queue scan is + already in progress, that scan will be restarted as soon as it + finishes. A (QMGR_REQ_SCAN_ALL) - Ignore deferred queue file time stamps. The request - affects the next deferred queue scan. + Ignore deferred queue file time stamps. The request affects the + next deferred queue scan. F (QMGR_REQ_FLUSH_DEAD) - Purge all information about dead transports and - destinations. + Purge all information about dead transports and destinations. W (TRIGGER_REQ_WAKEUP) - Wakeup call, This is used by the master server to - instantiate servers that should not go away for- - ever. The action is to start an incoming queue - scan. - - The oqmgr(8) daemon reads an entire buffer worth of trig- - gers. Multiple identical trigger requests are collapsed - into one, and trigger requests are sorted so that A and F - precede D and I. Thus, in order to force a deferred queue - run, one would request A F D; in order to notify the queue - manager of the arrival of new mail one would request I. + Wakeup call, This is used by the master server to instantiate + servers that should not go away forever. The action is to start + an incoming queue scan. + + The oqmgr(8) daemon reads an entire buffer worth of triggers. Multiple + identical trigger requests are collapsed into one, and trigger requests + are sorted so that A and F precede D and I. Thus, in order to force a + deferred queue run, one would request A F D; in order to notify the + queue manager of the arrival of new mail one would request I. STANDARDS RFC 3463 (Enhanced status codes) RFC 3464 (Delivery status notifications) SECURITY - The oqmgr(8) daemon is not security sensitive. It reads - single-character messages from untrusted local users, and - thus may be susceptible to denial of service attacks. The - oqmgr(8) daemon does not talk to the outside world, and it - can be run at fixed low privilege in a chrooted environ- - ment. + The oqmgr(8) daemon is not security sensitive. It reads single-charac- + ter messages from untrusted local users, and thus may be susceptible to + denial of service attacks. The oqmgr(8) daemon does not talk to the + outside world, and it can be run at fixed low privilege in a chrooted + environment. DIAGNOSTICS - Problems and transactions are logged to the syslog(8) dae- - mon. Corrupted message files are saved to the corrupt - queue for further inspection. + Problems and transactions are logged to the syslog(8) daemon. Cor- + rupted message files are saved to the corrupt queue for further inspec- + tion. - Depending on the setting of the notify_classes parameter, - the postmaster is notified of bounces and of other trou- - ble. + Depending on the setting of the notify_classes parameter, the postmas- + ter is notified of bounces and of other trouble. BUGS - A single queue manager process has to compete for disk - access with multiple front-end processes such as - cleanup(8). A sudden burst of inbound mail can negatively - impact outbound delivery rates. + A single queue manager process has to compete for disk access with mul- + tiple front-end processes such as cleanup(8). A sudden burst of inbound + mail can negatively impact outbound delivery rates. CONFIGURATION PARAMETERS - Changes to main.cf are not picked up automatically, as - oqmgr(8) is a persistent process. Use the command "postfix - reload" after a configuration change. + Changes to main.cf are not picked up automatically, as oqmgr(8) is a + persistent process. Use the command "postfix reload" after a configura- + tion change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. - In the text below, transport is the first field in a mas- - ter.cf entry. + In the text below, transport is the first field in a master.cf entry. COMPATIBILITY CONTROLS Available before Postfix version 2.5: allow_min_user (no) - Allow a sender or recipient address to have `-' as - the first character. + Allow a sender or recipient address to have `-' as the first + character. Available with Postfix version 2.7 and later: default_filter_nexthop (empty) - When a content_filter or FILTER request specifies - no explicit next-hop destination, use $default_fil- - ter_nexthop instead; when that value is empty, use - the domain in the recipient address. + When a content_filter or FILTER request specifies no explicit + next-hop destination, use $default_filter_nexthop instead; when + that value is empty, use the domain in the recipient address. ACTIVE QUEUE CONTROLS qmgr_clog_warn_time (300s) - The minimal delay between warnings that a specific - destination is clogging up the Postfix active - queue. + The minimal delay between warnings that a specific destination + is clogging up the Postfix active queue. qmgr_message_active_limit (20000) The maximal number of messages in the active queue. qmgr_message_recipient_limit (20000) - The maximal number of recipients held in memory by - the Postfix queue manager, and the maximal size of - the short-term, in-memory "dead" destination status - cache. + The maximal number of recipients held in memory by the Postfix + queue manager, and the maximal size of the short-term, in-memory + "dead" destination status cache. DELIVERY CONCURRENCY CONTROLS qmgr_fudge_factor (100) - Obsolete feature: the percentage of delivery - resources that a busy mail system will use up for - delivery of a large mailing list message. + Obsolete feature: the percentage of delivery resources that a + busy mail system will use up for delivery of a large mailing + list message. initial_destination_concurrency (5) - The initial per-destination concurrency level for - parallel delivery to the same destination. + The initial per-destination concurrency level for parallel + delivery to the same destination. default_destination_concurrency_limit (20) - The default maximal number of parallel deliveries - to the same destination. + The default maximal number of parallel deliveries to the same + destination. - transport_destination_concurrency_limit ($default_destina- - tion_concurrency_limit) + transport_destination_concurrency_limit ($default_destination_concur- + rency_limit) Idem, for delivery via the named message transport. Available in Postfix version 2.5 and later: - transport_initial_destination_concurrency ($initial_desti- - nation_concurrency) - Initial concurrency for delivery via the named mes- - sage transport. + transport_initial_destination_concurrency ($initial_destination_concur- + rency) + Initial concurrency for delivery via the named message trans- + port. default_destination_concurrency_failed_cohort_limit (1) - How many pseudo-cohorts must suffer connection or - handshake failure before a specific destination is - considered unavailable (and further delivery is - suspended). + How many pseudo-cohorts must suffer connection or handshake + failure before a specific destination is considered unavailable + (and further delivery is suspended). - transport_destination_concurrency_failed_cohort_limit - ($default_destination_concurrency_failed_cohort_limit) + transport_destination_concurrency_failed_cohort_limit ($default_desti- + nation_concurrency_failed_cohort_limit) Idem, for delivery via the named message transport. default_destination_concurrency_negative_feedback (1) - The per-destination amount of delivery concurrency - negative feedback, after a delivery completes with - a connection or handshake failure. + The per-destination amount of delivery concurrency negative + feedback, after a delivery completes with a connection or hand- + shake failure. - transport_destination_concurrency_negative_feedback - ($default_destination_concurrency_negative_feedback) + transport_destination_concurrency_negative_feedback ($default_destina- + tion_concurrency_negative_feedback) Idem, for delivery via the named message transport. default_destination_concurrency_positive_feedback (1) - The per-destination amount of delivery concurrency - positive feedback, after a delivery completes with- - out connection or handshake failure. + The per-destination amount of delivery concurrency positive + feedback, after a delivery completes without connection or hand- + shake failure. - transport_destination_concurrency_positive_feedback - ($default_destination_concurrency_positive_feedback) + transport_destination_concurrency_positive_feedback ($default_destina- + tion_concurrency_positive_feedback) Idem, for delivery via the named message transport. destination_concurrency_feedback_debug (no) - Make the queue manager's feedback algorithm verbose - for performance analysis purposes. + Make the queue manager's feedback algorithm verbose for perfor- + mance analysis purposes. RECIPIENT SCHEDULING CONTROLS default_destination_recipient_limit (50) - The default maximal number of recipients per mes- - sage delivery. + The default maximal number of recipients per message delivery. transport_destination_recipient_limit Idem, for delivery via the named message transport. OTHER RESOURCE AND RATE CONTROLS minimal_backoff_time (300s) - The minimal time between attempts to deliver a - deferred message; prior to Postfix 2.4 the default - value was 1000s. + The minimal time between attempts to deliver a deferred message; + prior to Postfix 2.4 the default value was 1000s. maximal_backoff_time (4000s) - The maximal time between attempts to deliver a - deferred message. + The maximal time between attempts to deliver a deferred message. maximal_queue_lifetime (5d) - Consider a message as undeliverable, when delivery - fails with a temporary error, and the time in the - queue has reached the maximal_queue_lifetime limit. + Consider a message as undeliverable, when delivery fails with a + temporary error, and the time in the queue has reached the maxi- + mal_queue_lifetime limit. queue_run_delay (300s) - The time between deferred queue scans by the queue - manager; prior to Postfix 2.4 the default value was - 1000s. + The time between deferred queue scans by the queue manager; + prior to Postfix 2.4 the default value was 1000s. transport_retry_time (60s) - The time between attempts by the Postfix queue man- - ager to contact a malfunctioning message delivery - transport. + The time between attempts by the Postfix queue manager to con- + tact a malfunctioning message delivery transport. Available in Postfix version 2.1 and later: bounce_queue_lifetime (5d) - Consider a bounce message as undeliverable, when - delivery fails with a temporary error, and the time - in the queue has reached the bounce_queue_lifetime - limit. + Consider a bounce message as undeliverable, when delivery fails + with a temporary error, and the time in the queue has reached + the bounce_queue_lifetime limit. Available in Postfix version 2.5 and later: default_destination_rate_delay (0s) - The default amount of delay that is inserted - between individual deliveries to the same destina- - tion; the resulting behavior depends on the value - of the corresponding per-destination recipient - limit. - - transport_destination_rate_delay $default_destina- - tion_rate_delay + The default amount of delay that is inserted between individual + deliveries to the same destination; the resulting behavior + depends on the value of the corresponding per-destination recip- + ient limit. + + transport_destination_rate_delay $default_destination_rate_delay Idem, for delivery via the named message transport. SAFETY CONTROLS qmgr_daemon_timeout (1000s) - How much time a Postfix queue manager process may - take to handle a request before it is terminated by - a built-in watchdog timer. + How much time a Postfix queue manager process may take to handle + a request before it is terminated by a built-in watchdog timer. qmgr_ipc_timeout (60s) - The time limit for the queue manager to send or - receive information over an internal communication - channel. + The time limit for the queue manager to send or receive informa- + tion over an internal communication channel. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. defer_transports (empty) - The names of message delivery transports that - should not deliver mail unless someone issues - "sendmail -q" or equivalent. + The names of message delivery transports that should not deliver + mail unless someone issues "sendmail -q" or equivalent. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal - point when logging sub-second delay values. + The maximal number of digits after the decimal point when log- + ging sub-second delay values. helpful_warnings (yes) - Log warnings about problematic configuration set- - tings, and provide helpful suggestions. + Log warnings about problematic configuration settings, and pro- + vide helpful suggestions. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". FILES /var/spool/postfix/incoming, incoming queue @@ -396,8 +358,7 @@ OQMGR(8) OQMGR(8) QSHAPE_README, Postfix queue analysis LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/pcre_table.5.html b/postfix/html/pcre_table.5.html index 7a51ce1fa..e686a7324 100644 --- a/postfix/html/pcre_table.5.html +++ b/postfix/html/pcre_table.5.html @@ -15,165 +15,148 @@ PCRE_TABLE(5) PCRE_TABLE(5) postmap -q - pcre:/etc/postfix/filename <inputfile DESCRIPTION - The Postfix mail system uses optional tables for address - rewriting, mail routing, or access control. These tables - are usually in dbm or db format. + The Postfix mail system uses optional tables for address rewriting, + mail routing, or access control. These tables are usually in dbm or db + format. - Alternatively, lookup tables can be specified in Perl Com- - patible Regular Expression form. In this case, each input - is compared against a list of patterns. When a match is - found, the corresponding result is returned and the search - is terminated. + Alternatively, lookup tables can be specified in Perl Compatible Regu- + lar Expression form. In this case, each input is compared against a + list of patterns. When a match is found, the corresponding result is + returned and the search is terminated. - To find out what types of lookup tables your Postfix sys- - tem supports use the "postconf -m" command. + To find out what types of lookup tables your Postfix system supports + use the "postconf -m" command. - To test lookup tables, use the "postmap -q" command as - described in the SYNOPSIS above. + To test lookup tables, use the "postmap -q" command as described in the + SYNOPSIS above. COMPATIBILITY - With Postfix version 2.2 and earlier specify "postmap -fq" - to query a table that contains case sensitive patterns. - Patterns are case insensitive by default. + With Postfix version 2.2 and earlier specify "postmap -fq" to query a + table that contains case sensitive patterns. Patterns are case insensi- + tive by default. TABLE FORMAT The general form of a PCRE table is: /pattern/flags result - When pattern matches the input string, use the cor- - responding result value. + When pattern matches the input string, use the corresponding + result value. !/pattern/flags result - When pattern does not match the input string, use - the corresponding result value. + When pattern does not match the input string, use the corre- + sponding result value. if /pattern/flags - endif Match the input string against the patterns between - if and endif, if and only if that same input string - also matches pattern. The if..endif can nest. + endif Match the input string against the patterns between if and + endif, if and only if that same input string also matches pat- + tern. The if..endif can nest. - Note: do not prepend whitespace to patterns inside - if..endif. + Note: do not prepend whitespace to patterns inside if..endif. This feature is available in Postfix 2.1 and later. if !/pattern/flags - endif Match the input string against the patterns between - if and endif, if and only if that same input string - does not match pattern. The if..endif can nest. + endif Match the input string against the patterns between if and + endif, if and only if that same input string does not match pat- + tern. The if..endif can nest. - Note: do not prepend whitespace to patterns inside - if..endif. + Note: do not prepend whitespace to patterns inside if..endif. This feature is available in Postfix 2.1 and later. blank lines and comments - Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character - is a `#'. + Empty lines and whitespace-only lines are ignored, as are lines + whose first non-whitespace character is a `#'. multi-line text - A logical line starts with non-whitespace text. A - line that starts with whitespace continues a logi- - cal line. + A logical line starts with non-whitespace text. A line that + starts with whitespace continues a logical line. - Each pattern is a perl-like regular expression. The - expression delimiter can be any non-alphanumerical charac- - ter, except whitespace or characters that have special - meaning (traditionally the forward slash is used). The - regular expression can contain whitespace. + Each pattern is a perl-like regular expression. The expression delim- + iter can be any non-alphanumerical character, except whitespace or + characters that have special meaning (traditionally the forward slash + is used). The regular expression can contain whitespace. - By default, matching is case-insensitive, and newlines are - not treated as special characters. The behavior is con- - trolled by flags, which are toggled by appending one or - more of the following characters after the pattern: + By default, matching is case-insensitive, and newlines are not treated + as special characters. The behavior is controlled by flags, which are + toggled by appending one or more of the following characters after the + pattern: i (default: on) - Toggles the case sensitivity flag. By default, - matching is case insensitive. + Toggles the case sensitivity flag. By default, matching is case + insensitive. m (default: off) - Toggles the PCRE_MULTILINE flag. When this flag is - on, the ^ and $ metacharacters match immediately - after and immediately before a newline character, - respectively, in addition to matching at the start - and end of the subject string. + Toggles the PCRE_MULTILINE flag. When this flag is on, the ^ and + $ metacharacters match immediately after and immediately before + a newline character, respectively, in addition to matching at + the start and end of the subject string. s (default: on) - Toggles the PCRE_DOTALL flag. When this flag is on, - the . metacharacter matches the newline character. - With Postfix versions prior to 2.0, the flag is off - by default, which is inconvenient for multi-line - message header matching. + Toggles the PCRE_DOTALL flag. When this flag is on, the . + metacharacter matches the newline character. With Postfix ver- + sions prior to 2.0, the flag is off by default, which is incon- + venient for multi-line message header matching. x (default: off) - Toggles the pcre extended flag. When this flag is - on, whitespace characters in the pattern (other - than in a character class) are ignored. To include - a whitespace character as part of the pattern, - escape it with backslash. + Toggles the pcre extended flag. When this flag is on, whitespace + characters in the pattern (other than in a character class) are + ignored. To include a whitespace character as part of the pat- + tern, escape it with backslash. Note: do not use #comment after patterns. A (default: off) - Toggles the PCRE_ANCHORED flag. When this flag is - on, the pattern is forced to be "anchored", that - is, it is constrained to match only at the start of - the string which is being searched (the "subject - string"). This effect can also be achieved by + Toggles the PCRE_ANCHORED flag. When this flag is on, the pat- + tern is forced to be "anchored", that is, it is constrained to + match only at the start of the string which is being searched + (the "subject string"). This effect can also be achieved by appropriate constructs in the pattern itself. E (default: off) - Toggles the PCRE_DOLLAR_ENDONLY flag. When this - flag is on, a $ metacharacter in the pattern - matches only at the end of the subject string. - Without this flag, a dollar also matches immedi- - ately before the final character if it is a newline - character (but not before any other newline charac- - ters). This flag is ignored if PCRE_MULTILINE flag - is set. + Toggles the PCRE_DOLLAR_ENDONLY flag. When this flag is on, a $ + metacharacter in the pattern matches only at the end of the sub- + ject string. Without this flag, a dollar also matches immedi- + ately before the final character if it is a newline character + (but not before any other newline characters). This flag is + ignored if PCRE_MULTILINE flag is set. U (default: off) - Toggles the ungreedy matching flag. When this flag - is on, the pattern matching engine inverts the - "greediness" of the quantifiers so that they are - not greedy by default, but become greedy if fol- - lowed by "?". This flag can also set by a (?U) - modifier within the pattern. + Toggles the ungreedy matching flag. When this flag is on, the + pattern matching engine inverts the "greediness" of the quanti- + fiers so that they are not greedy by default, but become greedy + if followed by "?". This flag can also set by a (?U) modifier + within the pattern. X (default: off) - Toggles the PCRE_EXTRA flag. When this flag is on, - any backslash in a pattern that is followed by a - letter that has no special meaning causes an error, - thus reserving these combinations for future expan- - sion. + Toggles the PCRE_EXTRA flag. When this flag is on, any back- + slash in a pattern that is followed by a letter that has no spe- + cial meaning causes an error, thus reserving these combinations + for future expansion. SEARCH ORDER - Patterns are applied in the order as specified in the ta- - ble, until a pattern is found that matches the input - string. - - Each pattern is applied to the entire input string. - Depending on the application, that string is an entire - client hostname, an entire client IP address, or an entire - mail address. Thus, no parent domain or parent network - search is done, and user@domain mail addresses are not - broken up into their user and domain constituent parts, - nor is user+foo broken up into user and foo. + Patterns are applied in the order as specified in the table, until a + pattern is found that matches the input string. + + Each pattern is applied to the entire input string. Depending on the + application, that string is an entire client hostname, an entire client + IP address, or an entire mail address. Thus, no parent domain or par- + ent network search is done, and user@domain mail addresses are not bro- + ken up into their user and domain constituent parts, nor is user+foo + broken up into user and foo. TEXT SUBSTITUTION - Substitution of substrings (text that matches patterns - inside "()") from the matched expression into the result - string is requested with $1, $2, etc.; specify $$ to pro- - duce a $ character as output. The macros in the result - string may need to be written as ${n} or $(n) if they - aren't followed by whitespace. - - Note: since negated patterns (those preceded by !) return - a result when the expression does not match, substitutions - are not available for negated patterns. + Substitution of substrings (text that matches patterns inside "()") + from the matched expression into the result string is requested with + $1, $2, etc.; specify $$ to produce a $ character as output. The + macros in the result string may need to be written as ${n} or $(n) if + they aren't followed by whitespace. + + Note: since negated patterns (those preceded by !) return a result when + the expression does not match, substitutions are not available for + negated patterns. EXAMPLE SMTPD ACCESS MAP # Protect your outgoing majordomo exploders diff --git a/postfix/html/pgsql_table.5.html b/postfix/html/pgsql_table.5.html index 427629e09..d970400d8 100644 --- a/postfix/html/pgsql_table.5.html +++ b/postfix/html/pgsql_table.5.html @@ -15,290 +15,253 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) postmap -q - pgsql:/etc/postfix/filename <inputfile DESCRIPTION - The Postfix mail system uses optional tables for address - rewriting or mail routing. These tables are usually in dbm - or db format. - - Alternatively, lookup tables can be specified as Post- - greSQL databases. In order to use PostgreSQL lookups, - define a PostgreSQL source as a lookup table in main.cf, - for example: + The Postfix mail system uses optional tables for address rewriting or + mail routing. These tables are usually in dbm or db format. + + Alternatively, lookup tables can be specified as PostgreSQL databases. + In order to use PostgreSQL lookups, define a PostgreSQL source as a + lookup table in main.cf, for example: alias_maps = pgsql:/etc/pgsql-aliases.cf - The file /etc/postfix/pgsql-aliases.cf has the same format - as the Postfix main.cf file, and can specify the parame- - ters described below. + The file /etc/postfix/pgsql-aliases.cf has the same format as the Post- + fix main.cf file, and can specify the parameters described below. BACKWARDS COMPATIBILITY - For compatibility with other Postfix lookup tables, Post- - greSQL parameters can also be defined in main.cf. In - order to do that, specify as PostgreSQL source a name that - doesn't begin with a slash or a dot. The PostgreSQL - parameters will then be accessible as the name you've - given the source in its definition, an underscore, and the - name of the parameter. For example, if the map is speci- - fied as "pgsql:pgsqlname", the parameter "hosts" below - would be defined in main.cf as "pgsqlname_hosts". - - Note: with this form, the passwords for the PostgreSQL - sources are written in main.cf, which is normally world- - readable. Support for this form will be removed in a - future Postfix version. - - Normally, the SQL query is specified via a single query - parameter (described in more detail below). When this - parameter is not specified in the map definition, Postfix - reverts to an older interface, with the SQL query con- - structed from the select_function, select_field, table, - where_field and additional_conditions parameters. The old - interface will be gradually phased out. To migrate to the - new interface set: + For compatibility with other Postfix lookup tables, PostgreSQL parame- + ters can also be defined in main.cf. In order to do that, specify as + PostgreSQL source a name that doesn't begin with a slash or a dot. The + PostgreSQL parameters will then be accessible as the name you've given + the source in its definition, an underscore, and the name of the param- + eter. For example, if the map is specified as "pgsql:pgsqlname", the + parameter "hosts" below would be defined in main.cf as "pgsql- + name_hosts". + + Note: with this form, the passwords for the PostgreSQL sources are + written in main.cf, which is normally world-readable. Support for this + form will be removed in a future Postfix version. + + Normally, the SQL query is specified via a single query parameter + (described in more detail below). When this parameter is not specified + in the map definition, Postfix reverts to an older interface, with the + SQL query constructed from the select_function, select_field, table, + where_field and additional_conditions parameters. The old interface + will be gradually phased out. To migrate to the new interface set: query = SELECT select_function('%s') - or in the absence of select_function, the lower prece- - dence: + or in the absence of select_function, the lower precedence: query = SELECT select_field FROM table WHERE where_field = '%s' additional_conditions - Use the value, not the name, of each legacy parameter. - Note that the additional_conditions parameter is optional - and if not empty, will always start with AND. + Use the value, not the name, of each legacy parameter. Note that the + additional_conditions parameter is optional and if not empty, will + always start with AND. LIST MEMBERSHIP - When using SQL to store lists such as $mynetworks, $mydes- - tination, $relay_domains, $local_recipient_maps, etc., it - is important to understand that the table must store each - list member as a separate key. The table lookup verifies - the *existence* of the key. See "Postfix lists versus - tables" in the DATABASE_README document for a discussion. + When using SQL to store lists such as $mynetworks, $mydestination, + $relay_domains, $local_recipient_maps, etc., it is important to under- + stand that the table must store each list member as a separate key. The + table lookup verifies the *existence* of the key. See "Postfix lists + versus tables" in the DATABASE_README document for a discussion. - Do NOT create tables that return the full list of domains - in $mydestination or $relay_domains etc., or IP addresses - in $mynetworks. + Do NOT create tables that return the full list of domains in $mydesti- + nation or $relay_domains etc., or IP addresses in $mynetworks. - DO create tables with each matching item as a key and with - an arbitrary value. With SQL databases it is not uncommon - to return the key itself or a constant value. + DO create tables with each matching item as a key and with an arbitrary + value. With SQL databases it is not uncommon to return the key itself + or a constant value. PGSQL PARAMETERS - hosts The hosts that Postfix will try to connect to and - query from. Specify unix: for UNIX-domain sockets, - inet: for TCP connections (default). Example: + hosts The hosts that Postfix will try to connect to and query from. + Specify unix: for UNIX-domain sockets, inet: for TCP connections + (default). Example: hosts = host1.some.domain host2.some.domain:port hosts = unix:/file/name - The hosts are tried in random order, with all con- - nections over UNIX domain sockets being tried - before those over TCP. The connections are auto- - matically closed after being idle for about 1 + The hosts are tried in random order, with all connections over + UNIX domain sockets being tried before those over TCP. The con- + nections are automatically closed after being idle for about 1 minute, and are re-opened as necessary. - NOTE: the unix: and inet: prefixes are accepted for - backwards compatibility reasons, but are actually - ignored. The PostgreSQL client library will always - try to connect to an UNIX socket if the name starts - with a slash, and will try a TCP connection other- - wise. + NOTE: the unix: and inet: prefixes are accepted for backwards + compatibility reasons, but are actually ignored. The PostgreSQL + client library will always try to connect to an UNIX socket if + the name starts with a slash, and will try a TCP connection oth- + erwise. user, password - The user name and password to log into the pgsql - server. Example: + The user name and password to log into the pgsql server. Exam- + ple: user = someone password = some_password dbname The database name on the servers. Example: dbname = customer_database - query The SQL query template used to search the database, - where %s is a substitute for the address Postfix is - trying to resolve, e.g. + query The SQL query template used to search the database, where %s is + a substitute for the address Postfix is trying to resolve, e.g. query = SELECT replacement FROM aliases WHERE mailbox = '%s' - This parameter supports the following '%' expan- - sions: + This parameter supports the following '%' expansions: - %% This is replaced by a literal '%' character. - (Postfix 2.2 and later) - - %s This is replaced by the input key. SQL - quoting is used to make sure that the input - key does not add unexpected metacharacters. - - %u When the input key is an address of the form - user@domain, %u is replaced by the SQL - quoted local part of the address. Other- - wise, %u is replaced by the entire search - string. If the localpart is empty, the - query is suppressed and returns no results. - - %d When the input key is an address of the form - user@domain, %d is replaced by the SQL - quoted domain part of the address. Other- - wise, the query is suppressed and returns no - results. - - %[SUD] The upper-case equivalents of the above - expansions behave in the query parameter - identically to their lower-case counter- - parts. With the result_format parameter - (see below), they expand the input key - rather than the result value. - - The above %S, %U and %D expansions are - available with Postfix 2.2 and later - - %[1-9] The patterns %1, %2, ... %9 are replaced by - the corresponding most significant component - of the input key's domain. If the input key - is user@mail.example.com, then %1 is com, %2 - is example and %3 is mail. If the input key - is unqualified or does not have enough - domain components to satisfy all the speci- - fied patterns, the query is suppressed and - returns no results. - - The above %1, ... %9 expansions are avail- - able with Postfix 2.2 and later - - The domain parameter described below limits the - input keys to addresses in matching domains. When - the domain parameter is non-empty, SQL queries for - unqualified addresses or addresses in non-matching - domains are suppressed and return no results. - - The precedence of this parameter has changed with - Postfix 2.2, in prior releases the precedence was, - from highest to lowest, select_function, query, - select_field, ... - - With Postfix 2.2 the query parameter has highest - precedence, see COMPATIBILITY above. + %% This is replaced by a literal '%' character. (Postfix 2.2 + and later) + + %s This is replaced by the input key. SQL quoting is used + to make sure that the input key does not add unexpected + metacharacters. + + %u When the input key is an address of the form user@domain, + %u is replaced by the SQL quoted local part of the + address. Otherwise, %u is replaced by the entire search + string. If the localpart is empty, the query is sup- + pressed and returns no results. + + %d When the input key is an address of the form user@domain, + %d is replaced by the SQL quoted domain part of the + address. Otherwise, the query is suppressed and returns + no results. + + %[SUD] The upper-case equivalents of the above expansions behave + in the query parameter identically to their lower-case + counter-parts. With the result_format parameter (see + below), they expand the input key rather than the result + value. + + The above %S, %U and %D expansions are available with + Postfix 2.2 and later + + %[1-9] The patterns %1, %2, ... %9 are replaced by the corre- + sponding most significant component of the input key's + domain. If the input key is user@mail.example.com, then + %1 is com, %2 is example and %3 is mail. If the input key + is unqualified or does not have enough domain components + to satisfy all the specified patterns, the query is sup- + pressed and returns no results. + + The above %1, ... %9 expansions are available with Post- + fix 2.2 and later + + The domain parameter described below limits the input keys to + addresses in matching domains. When the domain parameter is non- + empty, SQL queries for unqualified addresses or addresses in + non-matching domains are suppressed and return no results. + + The precedence of this parameter has changed with Postfix 2.2, + in prior releases the precedence was, from highest to lowest, + select_function, query, select_field, ... + + With Postfix 2.2 the query parameter has highest precedence, see + COMPATIBILITY above. NOTE: DO NOT put quotes around the query parameter. result_format (default: %s) - Format template applied to result attributes. Most - commonly used to append (or prepend) text to the - result. This parameter supports the following '%' - expansions: + Format template applied to result attributes. Most commonly used + to append (or prepend) text to the result. This parameter sup- + ports the following '%' expansions: %% This is replaced by a literal '%' character. - %s This is replaced by the value of the result - attribute. When result is empty it is - skipped. + %s This is replaced by the value of the result attribute. + When result is empty it is skipped. - %u When the result attribute value is an - address of the form user@domain, %u is - replaced by the local part of the address. - When the result has an empty localpart it is + %u When the result attribute value is an address of the form + user@domain, %u is replaced by the local part of the + address. When the result has an empty localpart it is skipped. - %d When a result attribute value is an address - of the form user@domain, %d is replaced by - the domain part of the attribute value. When - the result is unqualified it is skipped. + %d When a result attribute value is an address of the form + user@domain, %d is replaced by the domain part of the + attribute value. When the result is unqualified it is + skipped. %[SUD1-9] - The upper-case and decimal digit expansions - interpolate the parts of the input key - rather than the result. Their behavior is - identical to that described with query, and - in fact because the input key is known in - advance, queries whose key does not contain - all the information specified in the result - template are suppressed and return no - results. - - For example, using "result_format = smtp:[%s]" - allows one to use a mailHost attribute as the basis - of a transport(5) table. After applying the result - format, multiple values are concatenated as comma - separated strings. The expansion_limit and parame- - ter explained below allows one to restrict the num- - ber of values in the result, which is especially - useful for maps that must return at most one value. - - The default value %s specifies that each result - value should be used as is. - - This parameter is available with Postfix 2.2 and - later. + The upper-case and decimal digit expansions interpolate + the parts of the input key rather than the result. Their + behavior is identical to that described with query, and + in fact because the input key is known in advance, + queries whose key does not contain all the information + specified in the result template are suppressed and + return no results. + + For example, using "result_format = smtp:[%s]" allows one to use + a mailHost attribute as the basis of a transport(5) table. After + applying the result format, multiple values are concatenated as + comma separated strings. The expansion_limit and parameter + explained below allows one to restrict the number of values in + the result, which is especially useful for maps that must return + at most one value. + + The default value %s specifies that each result value should be + used as is. + + This parameter is available with Postfix 2.2 and later. NOTE: DO NOT put quotes around the result format! domain (default: no domain list) - This is a list of domain names, paths to files, or - dictionaries. When specified, only fully qualified - search keys with a *non-empty* localpart and a - matching domain are eligible for lookup: 'user' - lookups, bare domain lookups and "@domain" lookups - are not performed. This can significantly reduce - the query load on the PostgreSQL server. + This is a list of domain names, paths to files, or dictionaries. + When specified, only fully qualified search keys with a *non- + empty* localpart and a matching domain are eligible for lookup: + 'user' lookups, bare domain lookups and "@domain" lookups are + not performed. This can significantly reduce the query load on + the PostgreSQL server. domain = postfix.org, hash:/etc/postfix/searchdomains - It is best not to use SQL to store the domains eli- - gible for SQL lookups. + It is best not to use SQL to store the domains eligible for SQL + lookups. - This parameter is available with Postfix 2.2 and - later. + This parameter is available with Postfix 2.2 and later. - NOTE: DO NOT define this parameter for local(8) - aliases, because the input keys are always unquali- - fied. + NOTE: DO NOT define this parameter for local(8) aliases, because + the input keys are always unqualified. expansion_limit (default: 0) - A limit on the total number of result elements - returned (as a comma separated list) by a lookup - against the map. A setting of zero disables the - limit. Lookups fail with a temporary error if the - limit is exceeded. Setting the limit to 1 ensures - that lookups do not return multiple values. + A limit on the total number of result elements returned (as a + comma separated list) by a lookup against the map. A setting of + zero disables the limit. Lookups fail with a temporary error if + the limit is exceeded. Setting the limit to 1 ensures that + lookups do not return multiple values. OBSOLETE QUERY INTERFACES - This section describes query interfaces that are depre- - cated as of Postfix 2.2. Please migrate to the new query - interface as the old interfaces are slated to be phased - out. + This section describes query interfaces that are deprecated as of Post- + fix 2.2. Please migrate to the new query interface as the old inter- + faces are slated to be phased out. select_function - This parameter specifies a database function name. - Example: + This parameter specifies a database function name. Example: select_function = my_lookup_user_alias This is equivalent to: query = SELECT my_lookup_user_alias('%s') - This parameter overrides the legacy table-related - fields (described below). With Postfix versions - prior to 2.2, it also overrides the query parame- - ter. Starting with Postfix 2.2, the query parameter - has highest precedence, and the select_function + This parameter overrides the legacy table-related fields + (described below). With Postfix versions prior to 2.2, it also + overrides the query parameter. Starting with Postfix 2.2, the + query parameter has highest precedence, and the select_function parameter is deprecated. - The following parameters (with lower precedence than the - select_function interface described above) can be used to - build the SQL select statement as follows: + The following parameters (with lower precedence than the select_func- + tion interface described above) can be used to build the SQL select + statement as follows: SELECT [select_field] FROM [table] WHERE [where_field] = '%s' [additional_conditions] - The specifier %s is replaced with each lookup by the - lookup key and is escaped so if it contains single quotes - or other odd characters, it will not cause a parse error, - or worse, a security problem. + The specifier %s is replaced with each lookup by the lookup key and is + escaped so if it contains single quotes or other odd characters, it + will not cause a parse error, or worse, a security problem. - Starting with Postfix 2.2, this interface is obsoleted by - the more general query interface described above. If - higher precedence the query or select_function parameters - described above are defined, the parameters described here - are ignored. + Starting with Postfix 2.2, this interface is obsoleted by the more gen- + eral query interface described above. If higher precedence the query or + select_function parameters described above are defined, the parameters + described here are ignored. select_field The SQL "select" parameter. Example: @@ -327,8 +290,7 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) PGSQL_README, Postfix PostgreSQL client guide LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY PgSQL support was introduced with Postfix version 2.1. diff --git a/postfix/html/pickup.8.html b/postfix/html/pickup.8.html index ac1e147d2..343fcc3b9 100644 --- a/postfix/html/pickup.8.html +++ b/postfix/html/pickup.8.html @@ -13,96 +13,85 @@ PICKUP(8) PICKUP(8) pickup [generic Postfix daemon options] DESCRIPTION - The pickup(8) daemon waits for hints that new mail has - been dropped into the maildrop directory, and feeds it - into the cleanup(8) daemon. Ill-formatted files are - deleted without notifying the originator. This program - expects to be run from the master(8) process manager. + The pickup(8) daemon waits for hints that new mail has been dropped + into the maildrop directory, and feeds it into the cleanup(8) daemon. + Ill-formatted files are deleted without notifying the originator. This + program expects to be run from the master(8) process manager. STANDARDS - None. The pickup(8) daemon does not interact with the out- - side world. + None. The pickup(8) daemon does not interact with the outside world. SECURITY - The pickup(8) daemon is moderately security sensitive. It - runs with fixed low privilege and can run in a chrooted - environment. However, the program reads files from poten- - tially hostile users. The pickup(8) daemon opens no files - for writing, is careful about what files it opens for - reading, and does not actually touch any data that is sent - to its public service endpoint. + The pickup(8) daemon is moderately security sensitive. It runs with + fixed low privilege and can run in a chrooted environment. However, + the program reads files from potentially hostile users. The pickup(8) + daemon opens no files for writing, is careful about what files it opens + for reading, and does not actually touch any data that is sent to its + public service endpoint. DIAGNOSTICS Problems and transactions are logged to syslogd(8). BUGS - The pickup(8) daemon copies mail from file to the - cleanup(8) daemon. It could avoid message copying over- - head by sending a file descriptor instead of file data, - but then the already complex cleanup(8) daemon would have - to deal with unfiltered user data. + The pickup(8) daemon copies mail from file to the cleanup(8) daemon. + It could avoid message copying overhead by sending a file descriptor + instead of file data, but then the already complex cleanup(8) daemon + would have to deal with unfiltered user data. CONFIGURATION PARAMETERS - As the pickup(8) daemon is a relatively long-running - process, up to an hour may pass before a main.cf change - takes effect. Use the command "postfix reload" command to - speed up a change. + As the pickup(8) daemon is a relatively long-running process, up to an + hour may pass before a main.cf change takes effect. Use the command + "postfix reload" command to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. CONTENT INSPECTION CONTROLS content_filter (empty) - After the message is queued, send the entire mes- - sage to the specified transport:destination. + After the message is queued, send the entire message to the + specified transport:destination. receive_override_options (empty) - Enable or disable recipient validation, built-in - content filtering, or address mapping. + Enable or disable recipient validation, built-in content filter- + ing, or address mapping. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. line_length_limit (2048) - Upon input, long lines are chopped up into pieces - of at most this length; upon delivery, long lines - are reconstructed. + Upon input, long lines are chopped up into pieces of at most + this length; upon delivery, long lines are reconstructed. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". SEE ALSO cleanup(8), message canonicalization @@ -114,8 +103,7 @@ PICKUP(8) PICKUP(8) syslogd(8), system logging LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/pipe.8.html b/postfix/html/pipe.8.html index 90e831fe2..d37e870dd 100644 --- a/postfix/html/pipe.8.html +++ b/postfix/html/pipe.8.html @@ -13,492 +13,439 @@ PIPE(8) PIPE(8) pipe [generic Postfix daemon options] command_attributes... DESCRIPTION - The pipe(8) daemon processes requests from the Postfix - queue manager to deliver messages to external commands. - This program expects to be run from the master(8) process - manager. - - Message attributes such as sender address, recipient - address and next-hop host name can be specified as com- - mand-line macros that are expanded before the external - command is executed. - - The pipe(8) daemon updates queue files and marks recipi- - ents as finished, or it informs the queue manager that - delivery should be tried again at a later time. Delivery - status reports are sent to the bounce(8), defer(8) or - trace(8) daemon as appropriate. + The pipe(8) daemon processes requests from the Postfix queue manager to + deliver messages to external commands. This program expects to be run + from the master(8) process manager. + + Message attributes such as sender address, recipient address and next- + hop host name can be specified as command-line macros that are expanded + before the external command is executed. + + The pipe(8) daemon updates queue files and marks recipients as fin- + ished, or it informs the queue manager that delivery should be tried + again at a later time. Delivery status reports are sent to the + bounce(8), defer(8) or trace(8) daemon as appropriate. SINGLE-RECIPIENT DELIVERY - Some destinations cannot handle more than one recipient - per delivery request. Examples are pagers or fax machines. - In addition, multi-recipient delivery is undesirable when - prepending a Delivered-to: or X-Original-To: message - header. + Some destinations cannot handle more than one recipient per delivery + request. Examples are pagers or fax machines. In addition, multi- + recipient delivery is undesirable when prepending a Delivered-to: or X- + Original-To: message header. - To prevent Postfix from sending multiple recipients per - delivery request, specify + To prevent Postfix from sending multiple recipients per delivery + request, specify transport_destination_recipient_limit = 1 - in the Postfix main.cf file, where transport is the name - in the first column of the Postfix master.cf entry for the - pipe-based delivery transport. + in the Postfix main.cf file, where transport is the name in the first + column of the Postfix master.cf entry for the pipe-based delivery + transport. COMMAND ATTRIBUTE SYNTAX - The external command attributes are given in the master.cf - file at the end of a service definition. The syntax is as - follows: + The external command attributes are given in the master.cf file at the + end of a service definition. The syntax is as follows: chroot=pathname (optional) - Change the process root directory and working - directory to the named directory. This happens - before switching to the privileges specified with - the user attribute, and before executing the - optional directory=pathname directive. Delivery is - deferred in case of failure. + Change the process root directory and working directory to the + named directory. This happens before switching to the privileges + specified with the user attribute, and before executing the + optional directory=pathname directive. Delivery is deferred in + case of failure. This feature is available as of Postfix 2.3. directory=pathname (optional) - Change to the named directory before executing the - external command. The directory must be accessible - for the user specified with the user attribute (see - below). The default working directory is - $queue_directory. Delivery is deferred in case of - failure. + Change to the named directory before executing the external com- + mand. The directory must be accessible for the user specified + with the user attribute (see below). The default working direc- + tory is $queue_directory. Delivery is deferred in case of fail- + ure. This feature is available as of Postfix 2.2. eol=string (optional, default: \n) - The output record delimiter. Typically one would - use either \r\n or \n. The usual C-style backslash - escape sequences are recognized: \a \b \f \n \r \t - \v \ddd (up to three octal digits) and \\. + The output record delimiter. Typically one would use either \r\n + or \n. The usual C-style backslash escape sequences are recog- + nized: \a \b \f \n \r \t \v \ddd (up to three octal digits) and + \\. flags=BDFORXhqu.> (optional) - Optional message processing flags. By default, a - message is copied unchanged. - - B Append a blank line at the end of each mes- - sage. This is required by some mail user - agents that recognize "From " lines only - when preceded by a blank line. - - D Prepend a "Delivered-To: recipient" message - header with the envelope recipient address. - Note: for this to work, the transport_desti- - nation_recipient_limit must be 1 (see SIN- - GLE-RECIPIENT DELIVERY above for details). - - The D flag also enforces loop detection - (Postfix 2.5 and later): if a message - already contains a Delivered-To: header with - the same recipient address, then the message - is returned as undeliverable. The address - comparison is case insensitive. + Optional message processing flags. By default, a message is + copied unchanged. + + B Append a blank line at the end of each message. This is + required by some mail user agents that recognize "From " + lines only when preceded by a blank line. + + D Prepend a "Delivered-To: recipient" message header with + the envelope recipient address. Note: for this to work, + the transport_destination_recipient_limit must be 1 (see + SINGLE-RECIPIENT DELIVERY above for details). + + The D flag also enforces loop detection (Postfix 2.5 and + later): if a message already contains a Delivered-To: + header with the same recipient address, then the message + is returned as undeliverable. The address comparison is + case insensitive. This feature is available as of Postfix 2.0. - F Prepend a "From sender time_stamp" envelope - header to the message content. This is - expected by, for example, UUCP software. + F Prepend a "From sender time_stamp" envelope header to the + message content. This is expected by, for example, UUCP + software. - O Prepend an "X-Original-To: recipient" mes- - sage header with the recipient address as - given to Postfix. Note: for this to work, - the transport_destination_recipient_limit - must be 1 (see SINGLE-RECIPIENT DELIVERY - above for details). + O Prepend an "X-Original-To: recipient" message header with + the recipient address as given to Postfix. Note: for this + to work, the transport_destination_recipient_limit must + be 1 (see SINGLE-RECIPIENT DELIVERY above for details). This feature is available as of Postfix 2.0. - R Prepend a Return-Path: message header with - the envelope sender address. + R Prepend a Return-Path: message header with the envelope + sender address. - X Indicate that the external command performs - final delivery. This flag affects the sta- - tus reported in "success" DSN (delivery sta- - tus notification) messages, and changes it - from "relayed" into "delivered". + X Indicate that the external command performs final deliv- + ery. This flag affects the status reported in "success" + DSN (delivery status notification) messages, and changes + it from "relayed" into "delivered". This feature is available as of Postfix 2.5. - h Fold the command-line $original_recipient - and $recipient address domain part (text to - the right of the right-most @ character) to - lower case; fold the entire command-line - $domain and $nexthop host or domain informa- - tion to lower case. This is recommended for - delivery via UUCP. - - q Quote white space and other special charac- - ters in the command-line $sender, $origi- - nal_recipient and $recipient address local- - parts (text to the left of the right-most @ - character), according to an 8-bit transpar- - ent version of RFC 822. This is recommended - for delivery via UUCP or BSMTP. - - The result is compatible with the address - parsing of command-line recipients by the - Postfix sendmail(1) mail submission command. - - The q flag affects only entire addresses, - not the partial address information from the - $user, $extension or $mailbox command-line - macros. - - u Fold the command-line $original_recipient - and $recipient address localpart (text to - the left of the right-most @ character) to - lower case. This is recommended for deliv- + h Fold the command-line $original_recipient and $recipient + address domain part (text to the right of the right-most + @ character) to lower case; fold the entire command-line + $domain and $nexthop host or domain information to lower + case. This is recommended for delivery via UUCP. + + q Quote white space and other special characters in the + command-line $sender, $original_recipient and $recipient + address localparts (text to the left of the right-most @ + character), according to an 8-bit transparent version of + RFC 822. This is recommended for delivery via UUCP or + BSMTP. + + The result is compatible with the address parsing of com- + mand-line recipients by the Postfix sendmail(1) mail sub- + mission command. + + The q flag affects only entire addresses, not the partial + address information from the $user, $extension or $mail- + box command-line macros. + + u Fold the command-line $original_recipient and $recipient + address localpart (text to the left of the right-most @ + character) to lower case. This is recommended for deliv- ery via UUCP. - . Prepend "." to lines starting with ".". This - is needed by, for example, BSMTP software. + . Prepend "." to lines starting with ".". This is needed + by, for example, BSMTP software. - > Prepend ">" to lines starting with "From ". - This is expected by, for example, UUCP soft- - ware. + > Prepend ">" to lines starting with "From ". This is + expected by, for example, UUCP software. null_sender=replacement (default: MAILER-DAEMON) - Replace the null sender address (typically used for - delivery status notifications) with the specified - text when expanding the $sender command-line macro, - and when generating a From_ or Return-Path: message - header. - - If the null sender replacement text is a non-empty - string then it is affected by the q flag for + Replace the null sender address (typically used for delivery + status notifications) with the specified text when expanding the + $sender command-line macro, and when generating a From_ or + Return-Path: message header. + + If the null sender replacement text is a non-empty string then + it is affected by the q flag for address quoting in command-line + arguments. + + The null sender replacement text may be empty; this form is rec- + ommended for content filters that feed mail back into Postfix. + The empty sender address is not affected by the q flag for address quoting in command-line arguments. - The null sender replacement text may be empty; this - form is recommended for content filters that feed - mail back into Postfix. The empty sender address is - not affected by the q flag for address quoting in - command-line arguments. - - Caution: a null sender address is easily mis-parsed - by naive software. For example, when the pipe(8) - daemon executes a command such as: + Caution: a null sender address is easily mis-parsed by naive + software. For example, when the pipe(8) daemon executes a com- + mand such as: Wrong: command -f$sender -- $recipient - the command will mis-parse the -f option value when - the sender address is a null string. For correct - parsing, specify $sender as an argument by itself: + the command will mis-parse the -f option value when the sender + address is a null string. For correct parsing, specify $sender + as an argument by itself: Right: command -f $sender -- $recipient This feature is available as of Postfix 2.3. size=size_limit (optional) - Don't deliver messages that exceed this size limit - (in bytes); return them to the sender instead. + Don't deliver messages that exceed this size limit (in bytes); + return them to the sender instead. user=username (required) user=username:groupname - Execute the external command with the user ID and - group ID of the specified username. The software - refuses to execute commands with root privileges, - or with the privileges of the mail system owner. If - groupname is specified, the corresponding group ID - is used instead of the group ID of username. + Execute the external command with the user ID and group ID of + the specified username. The software refuses to execute com- + mands with root privileges, or with the privileges of the mail + system owner. If groupname is specified, the corresponding group + ID is used instead of the group ID of username. argv=command... (required) - The command to be executed. This must be specified - as the last command attribute. The command is exe- - cuted directly, i.e. without interpretation of - shell meta characters by a shell command inter- - preter. + The command to be executed. This must be specified as the last + command attribute. The command is executed directly, i.e. with- + out interpretation of shell meta characters by a shell command + interpreter. - In the command argument vector, the following - macros are recognized and replaced with correspond- - ing information from the Postfix queue manager - delivery request. + In the command argument vector, the following macros are recog- + nized and replaced with corresponding information from the Post- + fix queue manager delivery request. - In addition to the form ${name}, the forms $name - and $(name) are also recognized. Specify $$ where - a single $ is wanted. + In addition to the form ${name}, the forms $name and $(name) are + also recognized. Specify $$ where a single $ is wanted. ${client_address} - This macro expands to the remote client net- - work address. + This macro expands to the remote client network address. This feature is available as of Postfix 2.2. ${client_helo} - This macro expands to the remote client HELO - command parameter. + This macro expands to the remote client HELO command + parameter. This feature is available as of Postfix 2.2. ${client_hostname} - This macro expands to the remote client - hostname. + This macro expands to the remote client hostname. This feature is available as of Postfix 2.2. ${client_port} - This macro expands to the remote client TCP - port number. + This macro expands to the remote client TCP port number. This feature is available as of Postfix 2.5. ${client_protocol} - This macro expands to the remote client pro- - tocol. + This macro expands to the remote client protocol. This feature is available as of Postfix 2.2. ${domain} - This macro expands to the domain portion of - the recipient address. For example, with an - address user+foo@domain the domain is - domain. + This macro expands to the domain portion of the recipient + address. For example, with an address user+foo@domain + the domain is domain. - This information is modified by the h flag - for case folding. + This information is modified by the h flag for case fold- + ing. This feature is available as of Postfix 2.5. ${extension} - This macro expands to the extension part of - a recipient address. For example, with an - address user+foo@domain the extension is - foo. + This macro expands to the extension part of a recipient + address. For example, with an address user+foo@domain + the extension is foo. - A command-line argument that contains - ${extension} expands into as many command- - line arguments as there are recipients. + A command-line argument that contains ${extension} + expands into as many command-line arguments as there are + recipients. - This information is modified by the u flag - for case folding. + This information is modified by the u flag for case fold- + ing. ${mailbox} - This macro expands to the complete local - part of a recipient address. For example, - with an address user+foo@domain the mailbox - is user+foo. + This macro expands to the complete local part of a recip- + ient address. For example, with an address + user+foo@domain the mailbox is user+foo. - A command-line argument that contains - ${mailbox} expands to as many command-line - arguments as there are recipients. + A command-line argument that contains ${mailbox} expands + to as many command-line arguments as there are recipi- + ents. - This information is modified by the u flag - for case folding. + This information is modified by the u flag for case fold- + ing. ${nexthop} This macro expands to the next-hop hostname. - This information is modified by the h flag - for case folding. + This information is modified by the h flag for case fold- + ing. ${original_recipient} - This macro expands to the complete recipient - address before any address rewriting or - aliasing. + This macro expands to the complete recipient address + before any address rewriting or aliasing. - A command-line argument that contains - ${original_recipient} expands to as many - command-line arguments as there are recipi- - ents. + A command-line argument that contains ${original_recipi- + ent} expands to as many command-line arguments as there + are recipients. - This information is modified by the hqu - flags for quoting and case folding. + This information is modified by the hqu flags for quoting + and case folding. This feature is available as of Postfix 2.5. ${queue_id} This macro expands to the queue id. - This feature is available as of Postfix - 2.11. + This feature is available as of Postfix 2.11. ${recipient} - This macro expands to the complete recipient - address. + This macro expands to the complete recipient address. - A command-line argument that contains - ${recipient} expands to as many command-line - arguments as there are recipients. + A command-line argument that contains ${recipient} + expands to as many command-line arguments as there are + recipients. - This information is modified by the hqu - flags for quoting and case folding. + This information is modified by the hqu flags for quoting + and case folding. ${sasl_method} - This macro expands to the name of the SASL - authentication mechanism in the AUTH command - when the Postfix SMTP server received the - message. + This macro expands to the name of the SASL authentication + mechanism in the AUTH command when the Postfix SMTP + server received the message. This feature is available as of Postfix 2.2. ${sasl_sender} - This macro expands to the SASL sender name - (i.e. the original submitter as per RFC - 4954) in the MAIL FROM command when the - Postfix SMTP server received the message. + This macro expands to the SASL sender name (i.e. the + original submitter as per RFC 4954) in the MAIL FROM com- + mand when the Postfix SMTP server received the message. This feature is available as of Postfix 2.2. ${sasl_username} - This macro expands to the SASL user name in - the AUTH command when the Postfix SMTP - server received the message. + This macro expands to the SASL user name in the AUTH com- + mand when the Postfix SMTP server received the message. This feature is available as of Postfix 2.2. ${sender} - This macro expands to the envelope sender - address. By default, the null sender address - expands to MAILER-DAEMON; this can be - changed with the null_sender attribute, as - described above. + This macro expands to the envelope sender address. By + default, the null sender address expands to MAILER-DAE- + MON; this can be changed with the null_sender attribute, + as described above. - This information is modified by the q flag - for quoting. + This information is modified by the q flag for quoting. ${size} - This macro expands to Postfix's idea of the - message size, which is an approximation of - the size of the message as delivered. + This macro expands to Postfix's idea of the message size, + which is an approximation of the size of the message as + delivered. ${user} - This macro expands to the username part of a - recipient address. For example, with an - address user+foo@domain the username part is - user. + This macro expands to the username part of a recipient + address. For example, with an address user+foo@domain + the username part is user. - A command-line argument that contains - ${user} expands into as many command-line - arguments as there are recipients. + A command-line argument that contains ${user} expands + into as many command-line arguments as there are recipi- + ents. - This information is modified by the u flag - for case folding. + This information is modified by the u flag for case fold- + ing. STANDARDS RFC 3463 (Enhanced status codes) DIAGNOSTICS - Command exit status codes are expected to follow the con- - ventions defined in <sysexits.h>. Exit status 0 means - normal successful completion. - - In the case of a non-zero exit status, a limited amount of - command output is reported in an delivery status notifica- - tion. When the output begins with a 4.X.X or 5.X.X - enhanced status code, the status code takes precedence - over the non-zero exit status (Postfix version 2.3 and + Command exit status codes are expected to follow the conventions + defined in <sysexits.h>. Exit status 0 means normal successful comple- + tion. + + In the case of a non-zero exit status, a limited amount of command out- + put is reported in an delivery status notification. When the output + begins with a 4.X.X or 5.X.X enhanced status code, the status code + takes precedence over the non-zero exit status (Postfix version 2.3 and later). - Problems and transactions are logged to syslogd(8). Cor- - rupted message files are marked so that the queue manager - can move them to the corrupt queue for further inspection. + Problems and transactions are logged to syslogd(8). Corrupted message + files are marked so that the queue manager can move them to the corrupt + queue for further inspection. SECURITY - This program needs a dual personality 1) to access the - private Postfix queue and IPC mechanisms, and 2) to exe- - cute external commands as the specified user. It is there- - fore security sensitive. + This program needs a dual personality 1) to access the private Postfix + queue and IPC mechanisms, and 2) to execute external commands as the + specified user. It is therefore security sensitive. CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically as pipe(8) - processes run for only a limited amount of time. Use the - command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically as pipe(8) processes run + for only a limited amount of time. Use the command "postfix reload" to + speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. RESOURCE AND RATE CONTROLS - In the text below, transport is the first field in a mas- - ter.cf entry. + In the text below, transport is the first field in a master.cf entry. - transport_destination_concurrency_limit ($default_destina- - tion_concurrency_limit) - Limit the number of parallel deliveries to the same - destination, for delivery via the named transport. - The limit is enforced by the Postfix queue manager. + transport_destination_concurrency_limit ($default_destination_concur- + rency_limit) + Limit the number of parallel deliveries to the same destination, + for delivery via the named transport. The limit is enforced by + the Postfix queue manager. - transport_destination_recipient_limit ($default_destina- - tion_recipient_limit) - Limit the number of recipients per message deliv- - ery, for delivery via the named transport. The - limit is enforced by the Postfix queue manager. + transport_destination_recipient_limit ($default_destination_recipi- + ent_limit) + Limit the number of recipients per message delivery, for deliv- + ery via the named transport. The limit is enforced by the Post- + fix queue manager. transport_time_limit ($command_time_limit) - Limit the time for delivery to external command, - for delivery via the named transport. The limit is - enforced by the pipe delivery agent. + Limit the time for delivery to external command, for delivery + via the named transport. The limit is enforced by the pipe + delivery agent. - Postfix 2.4 and later support a suffix that speci- - fies the time unit: s (seconds), m (minutes), h - (hours), d (days), w (weeks). The default time unit - is seconds. + Postfix 2.4 and later support a suffix that specifies the time + unit: s (seconds), m (minutes), h (hours), d (days), w (weeks). + The default time unit is seconds. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal - point when logging sub-second delay values. + The maximal number of digits after the decimal point when log- + ging sub-second delay values. export_environment (see 'postconf -d' output) - The list of environment variables that a Postfix - process will export to non-Postfix processes. + The list of environment variables that a Postfix process will + export to non-Postfix processes. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. mail_owner (postfix) - The UNIX system account that owns the Postfix queue - and most Postfix daemon processes. + The UNIX system account that owns the Postfix queue and most + Postfix daemon processes. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. recipient_delimiter (empty) - The set of characters that can separate a user name - from its extension (example: user+foo), or a .for- - ward file name from its extension (example: .for- - ward+foo). + The set of characters that can separate a user name from its + extension (example: user+foo), or a .forward file name from its + extension (example: .forward+foo). syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". SEE ALSO qmgr(8), queue manager @@ -509,8 +456,7 @@ PIPE(8) PIPE(8) syslogd(8), system logging LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/postalias.1.html b/postfix/html/postalias.1.html index 9b49b1df5..124781b05 100644 --- a/postfix/html/postalias.1.html +++ b/postfix/html/postalias.1.html @@ -14,168 +14,140 @@ POSTALIAS(1) POSTALIAS(1) [file_type:]file_name ... DESCRIPTION - The postalias(1) command creates or queries one or more - Postfix alias databases, or updates an existing one. The - input and output file formats are expected to be compati- - ble with Sendmail version 8, and are expected to be suit- - able for the use as NIS alias maps. - - If the result files do not exist they will be created with - the same group and other read permissions as their source - file. - - While a database update is in progress, signal delivery is - postponed, and an exclusive, advisory, lock is placed on - the entire database, in order to avoid surprises in spec- - tator processes. - - The format of Postfix alias input files is described in - aliases(5). - - By default the lookup key is mapped to lowercase to make - the lookups case insensitive; as of Postfix 2.3 this case - folding happens only with tables whose lookup keys are - fixed-case strings such as btree:, dbm: or hash:. With - earlier versions, the lookup key is folded even with - tables where a lookup field can match both upper and lower - case text, such as regexp: and pcre:. This resulted in - loss of information with $number substitutions. + The postalias(1) command creates or queries one or more Postfix alias + databases, or updates an existing one. The input and output file for- + mats are expected to be compatible with Sendmail version 8, and are + expected to be suitable for the use as NIS alias maps. + + If the result files do not exist they will be created with the same + group and other read permissions as their source file. + + While a database update is in progress, signal delivery is postponed, + and an exclusive, advisory, lock is placed on the entire database, in + order to avoid surprises in spectator processes. + + The format of Postfix alias input files is described in aliases(5). + + By default the lookup key is mapped to lowercase to make the lookups + case insensitive; as of Postfix 2.3 this case folding happens only with + tables whose lookup keys are fixed-case strings such as btree:, dbm: or + hash:. With earlier versions, the lookup key is folded even with tables + where a lookup field can match both upper and lower case text, such as + regexp: and pcre:. This resulted in loss of information with $number + substitutions. Options: -c config_dir - Read the main.cf configuration file in the named - directory instead of the default configuration - directory. - - -d key Search the specified maps for key and remove one - entry per map. The exit status is zero when the - requested information was found. - - If a key value of - is specified, the program reads - key values from the standard input stream. The exit - status is zero when at least one of the requested - keys was found. - - -f Do not fold the lookup key to lower case while cre- - ating or querying a table. - - With Postfix version 2.3 and later, this option has - no effect for regular expression tables. There, - case folding is controlled by appending a flag to a - pattern. - - -i Incremental mode. Read entries from standard input - and do not truncate an existing database. By - default, postalias(1) creates a new database from - the entries in file_name. - - -N Include the terminating null character that termi- - nates lookup keys and values. By default, postal- - ias(1) does whatever is the default for the host - operating system. - - -n Don't include the terminating null character that - terminates lookup keys and values. By default, - postalias(1) does whatever is the default for the - host operating system. - - -o Do not release root privileges when processing a - non-root input file. By default, postalias(1) drops - root privileges and runs as the source file owner - instead. - - -p Do not inherit the file access permissions from the - input file when creating a new file. Instead, cre- - ate a new file with default access permissions - (mode 0644). - - -q key Search the specified maps for key and write the - first value found to the standard output stream. - The exit status is zero when the requested informa- - tion was found. - - If a key value of - is specified, the program reads - key values from the standard input stream and - writes one line of key: value output for each key - that was found. The exit status is zero when at + Read the main.cf configuration file in the named directory + instead of the default configuration directory. + + -d key Search the specified maps for key and remove one entry per map. + The exit status is zero when the requested information was + found. + + If a key value of - is specified, the program reads key values + from the standard input stream. The exit status is zero when at least one of the requested keys was found. - -r When updating a table, do not complain about - attempts to update existing entries, and make those - updates anyway. + -f Do not fold the lookup key to lower case while creating or + querying a table. + + With Postfix version 2.3 and later, this option has no effect + for regular expression tables. There, case folding is controlled + by appending a flag to a pattern. + + -i Incremental mode. Read entries from standard input and do not + truncate an existing database. By default, postalias(1) creates + a new database from the entries in file_name. + + -N Include the terminating null character that terminates lookup + keys and values. By default, postalias(1) does whatever is the + default for the host operating system. + + -n Don't include the terminating null character that terminates + lookup keys and values. By default, postalias(1) does whatever + is the default for the host operating system. + + -o Do not release root privileges when processing a non-root input + file. By default, postalias(1) drops root privileges and runs as + the source file owner instead. + + -p Do not inherit the file access permissions from the input file + when creating a new file. Instead, create a new file with + default access permissions (mode 0644). - -s Retrieve all database elements, and write one line - of key: value output for each element. The elements - are printed in database order, which is not neces- - sarily the same as the original input order. This - feature is available in Postfix version 2.2 and + -q key Search the specified maps for key and write the first value + found to the standard output stream. The exit status is zero + when the requested information was found. + + If a key value of - is specified, the program reads key values + from the standard input stream and writes one line of key: value + output for each key that was found. The exit status is zero when + at least one of the requested keys was found. + + -r When updating a table, do not complain about attempts to update + existing entries, and make those updates anyway. + + -s Retrieve all database elements, and write one line of key: value + output for each element. The elements are printed in database + order, which is not necessarily the same as the original input + order. This feature is available in Postfix version 2.2 and later, and is not available for all database types. - -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly - verbose. + -v Enable verbose logging for debugging purposes. Multiple -v + options make the software increasingly verbose. - -w When updating a table, do not complain about - attempts to update existing entries, and ignore - those attempts. + -w When updating a table, do not complain about attempts to update + existing entries, and ignore those attempts. Arguments: file_type - The database type. To find out what types are sup- - ported, use the "postconf -m" command. - - The postalias(1) command can query any supported - file type, but it can create only the following - file types: - - btree The output is a btree file, named - file_name.db. This is available on systems - with support for db databases. - - cdb The output is one file named file_name.cdb. - This is available on systems with support - for cdb databases. - - dbm The output consists of two files, named - file_name.pag and file_name.dir. This is - available on systems with support for dbm - databases. - - hash The output is a hashed file, named - file_name.db. This is available on systems - with support for db databases. - - fail A table that reliably fails all requests. - The lookup table name is used for logging - only. This table exists to simplify Postfix - error tests. - - sdbm The output consists of two files, named - file_name.pag and file_name.dir. This is - available on systems with support for sdbm - databases. - - When no file_type is specified, the software uses - the database type specified via the default_data- - base_type configuration parameter. The default - value for this parameter depends on the host envi- - ronment. + The database type. To find out what types are supported, use the + "postconf -m" command. + + The postalias(1) command can query any supported file type, but + it can create only the following file types: + + btree The output is a btree file, named file_name.db. This is + available on systems with support for db databases. + + cdb The output is one file named file_name.cdb. This is + available on systems with support for cdb databases. + + dbm The output consists of two files, named file_name.pag and + file_name.dir. This is available on systems with support + for dbm databases. + + hash The output is a hashed file, named file_name.db. This is + available on systems with support for db databases. + + fail A table that reliably fails all requests. The lookup ta- + ble name is used for logging only. This table exists to + simplify Postfix error tests. + + sdbm The output consists of two files, named file_name.pag and + file_name.dir. This is available on systems with support + for sdbm databases. + + When no file_type is specified, the software uses the database + type specified via the default_database_type configuration + parameter. The default value for this parameter depends on the + host environment. file_name - The name of the alias database source file when - creating a database. + The name of the alias database source file when creating a data- + base. DIAGNOSTICS - Problems are logged to the standard error stream and to - syslogd(8). No output means that no problems were - detected. Duplicate entries are skipped and are flagged - with a warning. + Problems are logged to the standard error stream and to syslogd(8). No + output means that no problems were detected. Duplicate entries are + skipped and are flagged with a warning. - postalias(1) terminates with zero exit status in case of - success (including successful "postalias -q" lookup) and - terminates with non-zero exit status in case of failure. + postalias(1) terminates with zero exit status in case of success + (including successful "postalias -q" lookup) and terminates with non- + zero exit status in case of failure. ENVIRONMENT MAIL_CONFIG @@ -185,39 +157,39 @@ POSTALIAS(1) POSTALIAS(1) Enable verbose logging for debugging purposes. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. + The following main.cf parameters are especially relevant to this pro- + gram. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. alias_database (see 'postconf -d' output) - The alias databases for local(8) delivery that are - updated with "newaliases" or with "sendmail -bi". + The alias databases for local(8) delivery that are updated with + "newaliases" or with "sendmail -bi". config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. berkeley_db_create_buffer_size (16777216) - The per-table I/O buffer size for programs that - create Berkeley DB hash or btree tables. + The per-table I/O buffer size for programs that create Berkeley + DB hash or btree tables. berkeley_db_read_buffer_size (131072) - The per-table I/O buffer size for programs that - read Berkeley DB hash or btree tables. + The per-table I/O buffer size for programs that read Berkeley DB + hash or btree tables. default_database_type (see 'postconf -d' output) - The default database type for use in newaliases(1), - postalias(1) and postmap(1) commands. + The default database type for use in newaliases(1), postalias(1) + and postmap(1) commands. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". STANDARDS RFC 822 (ARPA Internet Text Messages) @@ -235,8 +207,7 @@ POSTALIAS(1) POSTALIAS(1) DATABASE_README, Postfix lookup table overview LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/postcat.1.html b/postfix/html/postcat.1.html index 52a2eb7da..12ca00d46 100644 --- a/postfix/html/postcat.1.html +++ b/postfix/html/postcat.1.html @@ -13,27 +13,26 @@ POSTCAT(1) POSTCAT(1) postcat [-bdehnoqv] [-c config_dir] [files...] DESCRIPTION - The postcat(1) command prints the contents of the named - files in human-readable form. The files are expected to be - in Postfix queue file format. If no files are specified on - the command line, the program reads from standard input. + The postcat(1) command prints the contents of the named files in human- + readable form. The files are expected to be in Postfix queue file for- + mat. If no files are specified on the command line, the program reads + from standard input. - By default, postcat(1) shows the envelope and message con- - tent, as if the options -beh were specified. To view mes- - sage content only, specify -bh (Postfix 2.7 and later). + By default, postcat(1) shows the envelope and message content, as if + the options -beh were specified. To view message content only, specify + -bh (Postfix 2.7 and later). Options: - -b Show body content. The -b option starts producing - output at the first non-header line, and stops when - the end of the message is reached. + -b Show body content. The -b option starts producing output at the + first non-header line, and stops when the end of the message is + reached. This feature is available in Postfix 2.7 and later. -c config_dir - The main.cf configuration file is in the named - directory instead of the default configuration - directory. + The main.cf configuration file is in the named directory instead + of the default configuration directory. -d Print the decimal type of each record. @@ -41,22 +40,21 @@ POSTCAT(1) POSTCAT(1) This feature is available in Postfix 2.7 and later. - -h Show message header content. The -h option pro- - duces output from the beginning of the message up - to, but not including, the first non-header line. + -h Show message header content. The -h option produces output from + the beginning of the message up to, but not including, the first + non-header line. This feature is available in Postfix 2.7 and later. -o Print the queue file offset of each record. - -q Search the Postfix queue for the named files - instead of taking the names literally. + -q Search the Postfix queue for the named files instead of taking + the names literally. This feature is available in Postfix 2.0 and later. - -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly - verbose. + -v Enable verbose logging for debugging purposes. Multiple -v + options make the software increasingly verbose. DIAGNOSTICS Problems are reported to the standard error stream. @@ -66,19 +64,18 @@ POSTCAT(1) POSTCAT(1) Directory with Postfix configuration files. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. + The following main.cf parameters are especially relevant to this pro- + gram. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. FILES /var/spool/postfix, Postfix queue directory @@ -87,8 +84,7 @@ POSTCAT(1) POSTCAT(1) postconf(5), Postfix configuration LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/postconf.1.html b/postfix/html/postconf.1.html index 4a2b237bd..ecaed1a25 100644 --- a/postfix/html/postconf.1.html +++ b/postfix/html/postconf.1.html @@ -12,125 +12,110 @@ POSTCONF(1) POSTCONF(1) SYNOPSIS Managing main.cf: - postconf [-dfhnopvx] [-c conf_dir] [-C class,...] [parame- - ter ...] + postconf [-dfhnopvx] [-c config_dir] [-C class,...] [parameter ...] - postconf [-epv] [-c conf_dir] parameter=value ... + postconf [-epv] [-c config_dir] parameter=value ... - postconf -# [-pv] [-c conf_dir] parameter ... + postconf -# [-pv] [-c config_dir] parameter ... - postconf -X [-pv] [-c conf_dir] parameter ... + postconf -X [-pv] [-c config_dir] parameter ... Managing master.cf service entries: - postconf -M [-fovx] [-c conf_dir] [service[/type] ...] + postconf -M [-fovx] [-c config_dir] [service[/type] ...] - postconf -M [-ev] [-c conf_dir] service/type=value ... + postconf -M [-ev] [-c config_dir] service/type=value ... - postconf -M# [-v] [-c conf_dir] service/type ... + postconf -M# [-v] [-c config_dir] service/type ... - postconf -MX [-v] [-c conf_dir] service/type ... + postconf -MX [-v] [-c config_dir] service/type ... Managing master.cf service fields: - postconf -F [-fovx] [-c conf_dir] [service[/type[/field]] - ...] + postconf -F [-fovx] [-c config_dir] [service[/type[/field]] ...] - postconf -F [-ev] [-c conf_dir] service/type/field=value - ... + postconf -F [-ev] [-c config_dir] service/type/field=value ... Managing master.cf service parameters: - postconf -P [-fovx] [-c conf_dir] [service[/type[/parame- - ter]] ...] + postconf -P [-fovx] [-c config_dir] [service[/type[/parameter]] ...] - postconf -P [-ev] [-c conf_dir] service/type/parame- - ter=value ... + postconf -P [-ev] [-c config_dir] service/type/parameter=value ... - postconf -PX [-v] [-c conf_dir] service/type/parameter ... + postconf -PX [-v] [-c config_dir] service/type/parameter ... Managing bounce message templates: - postconf -b [-v] [-c conf_dir] [template_file] + postconf -b [-v] [-c config_dir] [template_file] - postconf -t [-v] [-c conf_dir] [template_file] + postconf -t [-v] [-c config_dir] [template_file] Managing other configuration: - postconf -a|-A|-l|-m [-v] [-c conf_dir] + postconf -a|-A|-l|-m [-v] [-c config_dir] DESCRIPTION - By default, the postconf(1) command displays the values of - main.cf configuration parameters, and warns about possible - mis-typed parameter names (Postfix 2.9 and later). It can - also change main.cf configuration parameter values, or - display other configuration information about the Postfix - mail system. + By default, the postconf(1) command displays the values of main.cf con- + figuration parameters, and warns about possible mis-typed parameter + names (Postfix 2.9 and later). It can also change main.cf configura- + tion parameter values, or display other configuration information about + the Postfix mail system. Options: - -a List the available SASL server plug-in types. The - SASL plug-in type is selected with the - smtpd_sasl_type configuration parameter by specify- - ing one of the names listed below. + -a List the available SASL server plug-in types. The SASL plug-in + type is selected with the smtpd_sasl_type configuration parame- + ter by specifying one of the names listed below. - cyrus This server plug-in is available when Post- - fix is built with Cyrus SASL support. + cyrus This server plug-in is available when Postfix is built + with Cyrus SASL support. dovecot - This server plug-in uses the Dovecot authen- - tication server, and is available when Post- - fix is built with any form of SASL support. + This server plug-in uses the Dovecot authentication + server, and is available when Postfix is built with any + form of SASL support. - This feature is available with Postfix 2.3 and - later. + This feature is available with Postfix 2.3 and later. - -A List the available SASL client plug-in types. The - SASL plug-in type is selected with the - smtp_sasl_type or lmtp_sasl_type configuration - parameters by specifying one of the names listed + -A List the available SASL client plug-in types. The SASL plug-in + type is selected with the smtp_sasl_type or lmtp_sasl_type con- + figuration parameters by specifying one of the names listed below. - cyrus This client plug-in is available when Post- - fix is built with Cyrus SASL support. + cyrus This client plug-in is available when Postfix is built + with Cyrus SASL support. - This feature is available with Postfix 2.3 and - later. + This feature is available with Postfix 2.3 and later. -b [template_file] - Display the message text that appears at the begin- - ning of delivery status notification (DSN) mes- - sages, replacing $name expressions with actual val- - ues as described in bounce(5). + Display the message text that appears at the beginning of deliv- + ery status notification (DSN) messages, replacing $name expres- + sions with actual values as described in bounce(5). - To override the built-in templates, specify a tem- - plate file name at the end of the postconf(1) com- - mand line, or specify a file name in main.cf with - the bounce_template_file parameter. + To override the built-in templates, specify a template file name + at the end of the postconf(1) command line, or specify a file + name in main.cf with the bounce_template_file parameter. - To force selection of the built-in templates, spec- - ify an empty template file name on the postconf(1) - command line (in shell language: ""). + To force selection of the built-in templates, specify an empty + template file name on the postconf(1) command line (in shell + language: ""). - This feature is available with Postfix 2.3 and - later. + This feature is available with Postfix 2.3 and later. - -c conf_dir - The main.cf configuration file is in the named - directory instead of the default configuration - directory. + -c config_dir + The main.cf configuration file is in the named directory instead + of the default configuration directory. -C class,... - When displaying main.cf parameters, select only - parameters from the specified class(es): + When displaying main.cf parameters, select only parameters from + the specified class(es): builtin Parameters with built-in names. service - Parameters with service-defined names (the - first field of a master.cf entry plus a - Postfix-defined suffix). + Parameters with service-defined names (the first field of + a master.cf entry plus a Postfix-defined suffix). user Parameters with user-defined names. @@ -138,342 +123,289 @@ POSTCONF(1) POSTCONF(1) The default is as if "-C all" is specified. - -d Print main.cf default parameter settings instead of - actual settings. Specify -df to fold long lines - for human readability (Postfix 2.9 and later). + -d Print main.cf default parameter settings instead of actual set- + tings. Specify -df to fold long lines for human readability + (Postfix 2.9 and later). - -e Edit the main.cf configuration file, and update - parameter settings with the "name=value" pairs on - the postconf(1) command line. + -e Edit the main.cf configuration file, and update parameter set- + tings with the "name=value" pairs on the postconf(1) command + line. - With -M, edit the master.cf configuration file, and - replace one or more service entries with new values - as specified with "service/type=value" on the post- - conf(1) command line. - - With -F, edit the master.cf configuration file, and - replace one or more service fields with new values - as specied with "service/type/field=value" on the - postconf(1) command line. Currently, the "command" - field contains the command name and command argu- - ments. this may change in the near future, so that - the "command" field contains only the command name, - and a new "arguments" pseudofield contains the com- - mand arguments. - - With -P, edit the master.cf configuration file, and - add or update one or more service parameter set- - tings (-o parameter=value settings) with new values - as specied with "service/type/parameter=value" on - the postconf(1) command line. + With -M, edit the master.cf configuration file, and replace one + or more service entries with new values as specified with "ser- + vice/type=value" on the postconf(1) command line. - In all cases the file is copied to a temporary file - then renamed into place. Specify quotes to protect - special characters and whitespace on the post- - conf(1) command line. + With -F, edit the master.cf configuration file, and replace one + or more service fields with new values as specied with "ser- + vice/type/field=value" on the postconf(1) command line. Cur- + rently, the "command" field contains the command name and com- + mand arguments. this may change in the near future, so that the + "command" field contains only the command name, and a new "argu- + ments" pseudofield contains the command arguments. - The -e option is no longer needed with Postfix ver- - sion 2.8 and later. + With -P, edit the master.cf configuration file, and add or + update one or more service parameter settings (-o parame- + ter=value settings) with new values as specied with "ser- + vice/type/parameter=value" on the postconf(1) command line. - -f Fold long lines when printing main.cf or master.cf - configuration file entries, for human readability. + In all cases the file is copied to a temporary file then renamed + into place. Specify quotes to protect special characters and + whitespace on the postconf(1) command line. - This feature is available with Postfix 2.9 and + The -e option is no longer needed with Postfix version 2.8 and later. - -F Show master.cf per-entry field settings (by default - all services and all fields), formatted as one - "service/type/field=value" per line. Specify -Ff to - fold long lines. + -f Fold long lines when printing main.cf or master.cf configuration + file entries, for human readability. - Specify one or more "service/type/field" instances - on the postconf(1) command line to limit the output - to fields of interest. Trailing parameter name or - service type fields that are omitted will be han- - dled as "*" wildcard fields. + This feature is available with Postfix 2.9 and later. - This feature is available with Postfix 2.11 and - later. + -F Show master.cf per-entry field settings (by default all services + and all fields), formatted as one "service/type/field=value" per + line. Specify -Ff to fold long lines. + + Specify one or more "service/type/field" instances on the post- + conf(1) command line to limit the output to fields of interest. + Trailing parameter name or service type fields that are omitted + will be handled as "*" wildcard fields. - -h Show parameter or attribute values without the - "name = " label that normally precedes the value. + This feature is available with Postfix 2.11 and later. - -l List the names of all supported mailbox locking - methods. Postfix supports the following methods: + -h Show parameter or attribute values without the "name = " label + that normally precedes the value. - flock A kernel-based advisory locking method for - local files only. This locking method is - available on systems with a BSD compatible - library. + -l List the names of all supported mailbox locking methods. Post- + fix supports the following methods: - fcntl A kernel-based advisory locking method for - local and remote files. + flock A kernel-based advisory locking method for local files + only. This locking method is available on systems with a + BSD compatible library. + + fcntl A kernel-based advisory locking method for local and + remote files. dotlock - An application-level locking method. An - application locks a file named filename by - creating a file named filename.lock. The - application is expected to remove its own - lock file, as well as stale lock files that - were left behind after abnormal program ter- - mination. - - -m List the names of all supported lookup table types. - In Postfix configuration files, lookup tables are - specified as type:name, where type is one of the - types listed below. The table name syntax depends - on the lookup table type as described in the DATA- + An application-level locking method. An application locks + a file named filename by creating a file named file- + name.lock. The application is expected to remove its own + lock file, as well as stale lock files that were left + behind after abnormal program termination. + + -m List the names of all supported lookup table types. In Postfix + configuration files, lookup tables are specified as type:name, + where type is one of the types listed below. The table name syn- + tax depends on the lookup table type as described in the DATA- BASE_README document. - btree A sorted, balanced tree structure. Avail- - able on systems with support for Berkeley DB - databases. + btree A sorted, balanced tree structure. Available on systems + with support for Berkeley DB databases. - cdb A read-optimized structure with no support - for incremental updates. Available on sys- - tems with support for CDB databases. + cdb A read-optimized structure with no support for incremen- + tal updates. Available on systems with support for CDB + databases. - cidr A table that associates values with Class- - less Inter-Domain Routing (CIDR) patterns. - This is described in cidr_table(5). + cidr A table that associates values with Classless Inter- + Domain Routing (CIDR) patterns. This is described in + cidr_table(5). - dbm An indexed file type based on hashing. - Available on systems with support for DBM - databases. + dbm An indexed file type based on hashing. Available on sys- + tems with support for DBM databases. environ - The UNIX process environment array. The - lookup key is the variable name. Originally - implemented for testing, someone may find - this useful someday. + The UNIX process environment array. The lookup key is the + variable name. Originally implemented for testing, some- + one may find this useful someday. - fail A table that reliably fails all requests. - The lookup table name is used for logging. - This table exists to simplify Postfix error - tests. + fail A table that reliably fails all requests. The lookup ta- + ble name is used for logging. This table exists to sim- + plify Postfix error tests. - hash An indexed file type based on hashing. - Available on systems with support for Berke- - ley DB databases. + hash An indexed file type based on hashing. Available on sys- + tems with support for Berkeley DB databases. internal - A non-shared, in-memory hash table. Its con- - tent are lost when a process terminates. + A non-shared, in-memory hash table. Its content are lost + when a process terminates. - lmdb OpenLDAP LMDB database (a memory-mapped, - persistent file). Available on systems with - support for LMDB databases. This is - described in lmdb_table(5). + lmdb OpenLDAP LMDB database (a memory-mapped, persistent + file). Available on systems with support for LMDB data- + bases. This is described in lmdb_table(5). ldap (read-only) - LDAP database client. This is described in - ldap_table(5). + LDAP database client. This is described in ldap_table(5). memcache - Memcache database client. This is described - in memcache_table(5). + Memcache database client. This is described in mem- + cache_table(5). mysql (read-only) - MySQL database client. Available on systems - with support for MySQL databases. This is - described in mysql_table(5). + MySQL database client. Available on systems with support + for MySQL databases. This is described in mysql_ta- + ble(5). pcre (read-only) - A lookup table based on Perl Compatible Reg- - ular Expressions. The file format is - described in pcre_table(5). + A lookup table based on Perl Compatible Regular Expres- + sions. The file format is described in pcre_table(5). pgsql (read-only) - PostgreSQL database client. This is - described in pgsql_table(5). + PostgreSQL database client. This is described in + pgsql_table(5). - proxy Postfix proxymap(8) client for shared access - to Postfix databases. The table name syntax - is type:name. + proxy Postfix proxymap(8) client for shared access to Postfix + databases. The table name syntax is type:name. regexp (read-only) - A lookup table based on regular expressions. - The file format is described in regexp_ta- - ble(5). + A lookup table based on regular expressions. The file + format is described in regexp_table(5). - sdbm An indexed file type based on hashing. - Available on systems with support for SDBM - databases. + sdbm An indexed file type based on hashing. Available on sys- + tems with support for SDBM databases. socketmap (read-only) - Sendmail-style socketmap client. The table - name is inet:host:port:name for a TCP/IP - server, or unix:pathname:name for a UNIX- - domain server. This is described in sock- - etmap_table(5). + Sendmail-style socketmap client. The table name is + inet:host:port:name for a TCP/IP server, or unix:path- + name:name for a UNIX-domain server. This is described in + socketmap_table(5). sqlite (read-only) - SQLite database. This is described in - sqlite_table(5). + SQLite database. This is described in sqlite_table(5). static (read-only) - A table that always returns its name as - lookup result. For example, static:foobar - always returns the string foobar as lookup - result. + A table that always returns its name as lookup result. + For example, static:foobar always returns the string foo- + bar as lookup result. tcp (read-only) - TCP/IP client. The protocol is described in - tcp_table(5). + TCP/IP client. The protocol is described in tcp_table(5). texthash (read-only) - Produces similar results as hash: files, - except that you don't need to run the - postmap(1) command before you can use the - file, and that it does not detect changes - after the file is read. + Produces similar results as hash: files, except that you + don't need to run the postmap(1) command before you can + use the file, and that it does not detect changes after + the file is read. unix (read-only) - A limited view of the UNIX authentication - database. The following tables are imple- - mented: + A limited view of the UNIX authentication database. The + following tables are implemented: unix:passwd.byname - The table is the UNIX password data- - base. The key is a login name. The - result is a password file entry in - passwd(5) format. + The table is the UNIX password database. The key + is a login name. The result is a password file + entry in passwd(5) format. unix:group.byname - The table is the UNIX group database. - The key is a group name. The result - is a group file entry in group(5) - format. - - Other table types may exist depending on how Post- - fix was built. - - -M Show master.cf file contents instead of main.cf - file contents. Specify -Mf to fold long lines for - human readability. - - Specify zero or more arguments, each with a ser- - vice-name or service-name/service-type pair, where - service-name is the first field of a master.cf - entry and service-type is one of (inet, unix, fifo, - or pass). - - If service-name or service-name/service-type is - specified, only the matching master.cf entries will - be output. For example, "postconf -Mf smtp" will - output all services named "smtp", and "postconf -Mf - smtp/inet" will output only the smtp service that - listens on the network. Trailing service type - fields that are omitted will be handled as "*" - wildcard fields. - - This feature is available with Postfix 2.9 and - later. The syntax was changed from "name.type" to - "name/type", and "*" wildcard support was added - with Postfix 2.11. - - -n Show only configuration parameters that have - explicit name=value settings in main.cf. Specify - -nf to fold long lines for human readability (Post- - fix 2.9 and later). + The table is the UNIX group database. The key is a + group name. The result is a group file entry in + group(5) format. + + Other table types may exist depending on how Postfix was built. + + -M Show master.cf file contents instead of main.cf file contents. + Specify -Mf to fold long lines for human readability. + + Specify zero or more arguments, each with a service-name or ser- + vice-name/service-type pair, where service-name is the first + field of a master.cf entry and service-type is one of (inet, + unix, fifo, or pass). + + If service-name or service-name/service-type is specified, only + the matching master.cf entries will be output. For example, + "postconf -Mf smtp" will output all services named "smtp", and + "postconf -Mf smtp/inet" will output only the smtp service that + listens on the network. Trailing service type fields that are + omitted will be handled as "*" wildcard fields. + + This feature is available with Postfix 2.9 and later. The syntax + was changed from "name.type" to "name/type", and "*" wildcard + support was added with Postfix 2.11. + + -n Show only configuration parameters that have explicit name=value + settings in main.cf. Specify -nf to fold long lines for human + readability (Postfix 2.9 and later). -o name=value Override main.cf parameter settings. - This feature is available with Postfix 2.10 and - later. + This feature is available with Postfix 2.10 and later. - -p Show main.cf parameter settings. This is the - default. + -p Show main.cf parameter settings. This is the default. - -P Show master.cf service parameter settings (by - default all services and all parameters). format- - ted as one "service/type/parameter=value" per line. - Specify -Pf to fold long lines. + -P Show master.cf service parameter settings (by default all ser- + vices and all parameters). formatted as one "ser- + vice/type/parameter=value" per line. Specify -Pf to fold long + lines. - Specify one or more "service/type/parameter" - instances on the postconf(1) command line to limit - the output to parameters of interest. Trailing - parameter name or service type fields that are - omitted will be handled as "*" wildcard fields. + Specify one or more "service/type/parameter" instances on the + postconf(1) command line to limit the output to parameters of + interest. Trailing parameter name or service type fields that + are omitted will be handled as "*" wildcard fields. - This feature is available with Postfix 2.11 and - later. + This feature is available with Postfix 2.11 and later. -t [template_file] - Display the templates for text that appears at the - beginning of delivery status notification (DSN) - messages, without expanding $name expressions. + Display the templates for text that appears at the beginning of + delivery status notification (DSN) messages, without expanding + $name expressions. - To override the built-in templates, specify a tem- - plate file name at the end of the postconf(1) com- - mand line, or specify a file name in main.cf with - the bounce_template_file parameter. + To override the built-in templates, specify a template file name + at the end of the postconf(1) command line, or specify a file + name in main.cf with the bounce_template_file parameter. - To force selection of the built-in templates, spec- - ify an empty template file name on the postconf(1) - command line (in shell language: ""). + To force selection of the built-in templates, specify an empty + template file name on the postconf(1) command line (in shell + language: ""). - This feature is available with Postfix 2.3 and - later. + This feature is available with Postfix 2.3 and later. - -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly - verbose. + -v Enable verbose logging for debugging purposes. Multiple -v + options make the software increasingly verbose. - -x Expand $name in main.cf or master.cf parameter val- - ues. The expansion is recursive. + -x Expand $name in main.cf or master.cf parameter values. The + expansion is recursive. - This feature is available with Postfix 2.10 and - later. + This feature is available with Postfix 2.10 and later. - -X Edit the main.cf configuration file, and remove the - parameters named on the postconf(1) command line. - Specify a list of parameter names, not "name=value" - pairs. + -X Edit the main.cf configuration file, and remove the parameters + named on the postconf(1) command line. Specify a list of param- + eter names, not "name=value" pairs. - With -M, edit the master.cf configuration file, and - remove one or more service entries as specified - with "service/type" on the postconf(1) command - line. + With -M, edit the master.cf configuration file, and remove one + or more service entries as specified with "service/type" on the + postconf(1) command line. - With -P, edit the master.cf configuration file, and - remove one or more service parameter settings (-o - parameter=value settings) as specied with "ser- - vice/type/parameter" on the postconf(1) command - line. + With -P, edit the master.cf configuration file, and remove one + or more service parameter settings (-o parameter=value settings) + as specied with "service/type/parameter" on the postconf(1) com- + mand line. - In all cases the file is copied to a temporary file - then renamed into place. Specify quotes to protect - special characters on the postconf(1) command line. + In all cases the file is copied to a temporary file then renamed + into place. Specify quotes to protect special characters on the + postconf(1) command line. - There is no postconf(1) command to perform the - reverse operation. + There is no postconf(1) command to perform the reverse opera- + tion. - This feature is available with Postfix 2.10 and - later. Support for -M and -P was added with Post- - fix 2.11. + This feature is available with Postfix 2.10 and later. Support + for -M and -P was added with Postfix 2.11. - -# Edit the main.cf configuration file, and comment - out the parameters named on the postconf(1) command - line, so that those parameters revert to their - default values. Specify a list of parameter names, - not "name=value" pairs. + -# Edit the main.cf configuration file, and comment out the parame- + ters named on the postconf(1) command line, so that those param- + eters revert to their default values. Specify a list of parame- + ter names, not "name=value" pairs. - With -M, edit the master.cf configuration file, and - comment out one or more service entries as speci- - fied with "service/type" on the postconf(1) command - line. + With -M, edit the master.cf configuration file, and comment out + one or more service entries as specified with "service/type" on + the postconf(1) command line. - In all cases the file is copied to a temporary file - then renamed into place. Specify quotes to protect - special characters on the postconf(1) command line. + In all cases the file is copied to a temporary file then renamed + into place. Specify quotes to protect special characters on the + postconf(1) command line. - There is no postconf(1) command to perform the - reverse operation. + There is no postconf(1) command to perform the reverse opera- + tion. - This feature is available with Postfix 2.6 and - later. Support for -M was added with Postfix 2.11. + This feature is available with Postfix 2.6 and later. Support + for -M was added with Postfix 2.11. DIAGNOSTICS Problems are reported to the standard error stream. @@ -483,19 +415,18 @@ POSTCONF(1) POSTCONF(1) Directory with Postfix configuration files. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. + The following main.cf parameters are especially relevant to this pro- + gram. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. bounce_template_file (empty) - Pathname of a configuration file with bounce mes- - sage templates. + Pathname of a configuration file with bounce message templates. FILES /etc/postfix/main.cf, Postfix configuration parameters @@ -510,8 +441,7 @@ POSTCONF(1) POSTCONF(1) DATABASE_README, Postfix lookup table overview LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown diff --git a/postfix/html/postdrop.1.html b/postfix/html/postdrop.1.html index f06fa329f..489cf22e9 100644 --- a/postfix/html/postdrop.1.html +++ b/postfix/html/postdrop.1.html @@ -13,96 +13,85 @@ POSTDROP(1) POSTDROP(1) postdrop [-rv] [-c config_dir] DESCRIPTION - The postdrop(1) command creates a file in the maildrop - directory and copies its standard input to the file. + The postdrop(1) command creates a file in the maildrop directory and + copies its standard input to the file. Options: -c config_dir - The main.cf configuration file is in the named - directory instead of the default configuration - directory. See also the MAIL_CONFIG environment - setting below. + The main.cf configuration file is in the named directory instead + of the default configuration directory. See also the MAIL_CONFIG + environment setting below. - -r Use a Postfix-internal protocol for reading the - message from standard input, and for reporting sta- - tus information on standard output. This is cur- - rently the only supported method. + -r Use a Postfix-internal protocol for reading the message from + standard input, and for reporting status information on standard + output. This is currently the only supported method. - -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly - verbose. As of Postfix 2.3, this option is avail- - able for the super-user only. + -v Enable verbose logging for debugging purposes. Multiple -v + options make the software increasingly verbose. As of Postfix + 2.3, this option is available for the super-user only. SECURITY - The command is designed to run with set-group ID privi- - leges, so that it can write to the maildrop queue direc- - tory and so that it can connect to Postfix daemon pro- - cesses. + The command is designed to run with set-group ID privileges, so that it + can write to the maildrop queue directory and so that it can connect to + Postfix daemon processes. DIAGNOSTICS - Fatal errors: malformed input, I/O error, out of memory. - Problems are logged to syslogd(8) and to the standard - error stream. When the input is incomplete, or when the - process receives a HUP, INT, QUIT or TERM signal, the - queue file is deleted. + Fatal errors: malformed input, I/O error, out of memory. Problems are + logged to syslogd(8) and to the standard error stream. When the input + is incomplete, or when the process receives a HUP, INT, QUIT or TERM + signal, the queue file is deleted. ENVIRONMENT MAIL_CONFIG - Directory with the main.cf file. In order to avoid - exploitation of set-group ID privileges, a non- - standard directory is allowed only if: + Directory with the main.cf file. In order to avoid exploitation + of set-group ID privileges, a non-standard directory is allowed + only if: - o The name is listed in the standard main.cf - file with the alternate_config_directories - configuration parameter. + o The name is listed in the standard main.cf file with the + alternate_config_directories configuration parameter. o The command is invoked by the super-user. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. The text below provides only a parameter - summary. See postconf(5) for more details including exam- - ples. + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- + conf(5) for more details including examples. alternate_config_directories (empty) - A list of non-default Postfix configuration direc- - tories that may be specified with "-c config_direc- - tory" on the command line, or via the MAIL_CONFIG - environment parameter. + A list of non-default Postfix configuration directories that may + be specified with "-c config_directory" on the command line, or + via the MAIL_CONFIG environment parameter. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. import_environment (see 'postconf -d' output) - The list of environment parameters that a Postfix - process will import from a non-Postfix parent - process. + The list of environment parameters that a Postfix process will + import from a non-Postfix parent process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". trigger_timeout (10s) - The time limit for sending a trigger to a Postfix - daemon (for example, the pickup(8) or qmgr(8) dae- - mon). + The time limit for sending a trigger to a Postfix daemon (for + example, the pickup(8) or qmgr(8) daemon). Available in Postfix version 2.2 and later: authorized_submit_users (static:anyone) - List of users who are authorized to submit mail - with the sendmail(1) command (and with the privi- - leged postdrop(1) helper command). + List of users who are authorized to submit mail with the send- + mail(1) command (and with the privileged postdrop(1) helper com- + mand). FILES /var/spool/postfix/maildrop, maildrop queue @@ -113,8 +102,7 @@ POSTDROP(1) POSTDROP(1) syslogd(8), system logging LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/postfix-wrapper.5.html b/postfix/html/postfix-wrapper.5.html index d84edda88..4b53b974d 100644 --- a/postfix/html/postfix-wrapper.5.html +++ b/postfix/html/postfix-wrapper.5.html @@ -10,103 +10,93 @@ POSTFIX-WRAPPER(5) POSTFIX-WRAPPER(5) postfix-wrapper - Postfix multi-instance API DESCRIPTION - Support for managing multiple Postfix instances is avail- - able as of version 2.6. Instances share executable files - and documentation, but have their own directories for con- - figuration, queue and data files. + Support for managing multiple Postfix instances is available as of ver- + sion 2.6. Instances share executable files and documentation, but have + their own directories for configuration, queue and data files. - This document describes how the familiar "postfix start" - etc. user interface can be used to manage one or multiple - Postfix instances, and gives details of an API to coordi- - nate activities between the postfix(1) command and a - multi-instance manager program. + This document describes how the familiar "postfix start" etc. user + interface can be used to manage one or multiple Postfix instances, and + gives details of an API to coordinate activities between the postfix(1) + command and a multi-instance manager program. - With multi-instance support, the default Postfix instance - is always required. This instance is identified by the - config_directory parameter's default value. + With multi-instance support, the default Postfix instance is always + required. This instance is identified by the config_directory parame- + ter's default value. GENERAL OPERATION - Multi-instance support is backwards compatible: when you - run only one Postfix instance, commands such as "postfix - start" will not change behavior at all. + Multi-instance support is backwards compatible: when you run only one + Postfix instance, commands such as "postfix start" will not change + behavior at all. - Even with multiple Postfix instances, you can keep using - the same postfix commands in boot scripts, upgrade proce- - dures, and other places. The commands do more work, but - humans are not forced to learn new tricks. + Even with multiple Postfix instances, you can keep using the same post- + fix commands in boot scripts, upgrade procedures, and other places. The + commands do more work, but humans are not forced to learn new tricks. For example, to start all Postfix instances, use: # postfix start - Other postfix(1) commands also work as expected. For exam- - ple, to find out what Postfix instances exist in a multi- - instance configuration, use: + Other postfix(1) commands also work as expected. For example, to find + out what Postfix instances exist in a multi-instance configuration, + use: # postfix status - This enumerates the status of all Postfix instances within - a multi-instance configuration. + This enumerates the status of all Postfix instances within a multi- + instance configuration. MANAGING AN INDIVIDUAL POSTFIX INSTANCE - To manage a specific Postfix instance, specify its config- - uration directory on the postfix(1) command line: + To manage a specific Postfix instance, specify its configuration direc- + tory on the postfix(1) command line: # postfix -c /path/to/config_directory command - Alternatively, the postfix(1) command accepts the - instance's configuration directory via the MAIL_CONFIG - environment variable (the -c command-line option has - higher precedence). + Alternatively, the postfix(1) command accepts the instance's configura- + tion directory via the MAIL_CONFIG environment variable (the -c com- + mand-line option has higher precedence). - Otherwise, the postfix(1) command will operate on all - Postfix instances. + Otherwise, the postfix(1) command will operate on all Postfix + instances. ENABLING POSTFIX(1) MULTI-INSTANCE MODE - By default, the postfix(1) command operates in single- - instance mode. In this mode the command invokes the post- - fix-script file directly (currently installed in the dae- - mon directory). This file contains the commands that - start or stop one Postfix instance, that upgrade the con- - figuration of one Postfix instance, and so on. - - When the postfix(1) command operates in multi-instance - mode as discussed below, the command needs to execute - start, stop, etc. commands for each Postfix instance. - This multiplication of commands is handled by a multi- - instance manager program. - - Turning on postfix(1) multi-instance mode goes as follows: - in the default Postfix instance's main.cf file, 1) specify - the pathname of a multi-instance manager program with the - multi_instance_wrapper parameter; 2) populate the - multi_instance_directories parameter with the configura- - tion directory pathnames of additional Postfix instances. - For example: + By default, the postfix(1) command operates in single-instance mode. In + this mode the command invokes the postfix-script file directly (cur- + rently installed in the daemon directory). This file contains the com- + mands that start or stop one Postfix instance, that upgrade the config- + uration of one Postfix instance, and so on. + + When the postfix(1) command operates in multi-instance mode as dis- + cussed below, the command needs to execute start, stop, etc. commands + for each Postfix instance. This multiplication of commands is handled + by a multi-instance manager program. + + Turning on postfix(1) multi-instance mode goes as follows: in the + default Postfix instance's main.cf file, 1) specify the pathname of a + multi-instance manager program with the multi_instance_wrapper parame- + ter; 2) populate the multi_instance_directories parameter with the con- + figuration directory pathnames of additional Postfix instances. For + example: /etc/postfix/main.cf: multi_instance_wrapper = $daemon_directory/postfix-wrapper multi_instance_directories = /etc/postfix-test - The $daemon_directory/postfix-wrapper file implements a - simple manager and contains instructions for creating - Postfix instances by hand. The postmulti(1) command pro- - vides a more extensive implementation including support - for life-cycle management. + The $daemon_directory/postfix-wrapper file implements a simple manager + and contains instructions for creating Postfix instances by hand. The + postmulti(1) command provides a more extensive implementation including + support for life-cycle management. - The multi_instance_directories and other main.cf parame- - ters are listed below in the CONFIGURATION PARAMETERS sec- - tion. + The multi_instance_directories and other main.cf parameters are listed + below in the CONFIGURATION PARAMETERS section. - In multi-instance mode, the postfix(1) command invokes the - $multi_instance_wrapper command instead of the postfix- - script file. This multi-instance manager in turn executes - the postfix(1) command in single-instance mode for each - Postfix instance. + In multi-instance mode, the postfix(1) command invokes the + $multi_instance_wrapper command instead of the postfix-script file. + This multi-instance manager in turn executes the postfix(1) command in + single-instance mode for each Postfix instance. - To illustrate the main ideas behind multi-instance opera- - tion, below is an example of a simple but useful multi- - instance manager implementation: + To illustrate the main ideas behind multi-instance operation, below is + an example of a simple but useful multi-instance manager implementa- + tion: #!/bin/sh @@ -137,144 +127,127 @@ POSTFIX-WRAPPER(5) POSTFIX-WRAPPER(5) exit $err PER-INSTANCE MULTI-INSTANCE MANAGER CONTROLS - Each Postfix instance has its own main.cf file with param- - eters that control how the multi-instance manager operates - on that instance. This section discusses the most impor- - tant settings. - - The setting "multi_instance_enable = yes" allows the - multi-instance manager to start (stop, etc.) the corre- - sponding Postfix instance. For safety reasons, this set- - ting is not the default. - - The default setting "multi_instance_enable = no" is useful - for manual testing with "postfix -c /path/name start" etc. - The multi-instance manager will not start such an - instance, and it will skip commands such as "stop" or - "flush" that require a running Postfix instance. The - multi-instance manager will execute commands such as - "check", "set-permissions" or "upgrade-configuration", and - it will replace "start" by "check" so that problems will - be reported even when the instance is disabled. + Each Postfix instance has its own main.cf file with parameters that + control how the multi-instance manager operates on that instance. This + section discusses the most important settings. + + The setting "multi_instance_enable = yes" allows the multi-instance + manager to start (stop, etc.) the corresponding Postfix instance. For + safety reasons, this setting is not the default. + + The default setting "multi_instance_enable = no" is useful for manual + testing with "postfix -c /path/name start" etc. The multi-instance + manager will not start such an instance, and it will skip commands such + as "stop" or "flush" that require a running Postfix instance. The + multi-instance manager will execute commands such as "check", "set-per- + missions" or "upgrade-configuration", and it will replace "start" by + "check" so that problems will be reported even when the instance is + disabled. MAINTAINING SHARED AND NON-SHARED FILES - Some files are shared between Postfix instances, such as - executables and manpages, and some files are per-instance, - such as configuration files, mail queue files, and data - files. See the NON-SHARED FILES section below for a list - of per-instance files. - - Before Postfix multi-instance support was implemented, the - executables, manpages, etc., have always been maintained - as part of the default Postfix instance. - - With multi-instance support, we simply continue to do - this. Specifically, a Postfix instance will not check or - update shared files when that instance's config_directory - value is listed with the default main.cf file's - multi_instance_directories parameter. - - The consequence of this approach is that the default Post- - fix instance should be checked and updated before any - other instances. + Some files are shared between Postfix instances, such as executables + and manpages, and some files are per-instance, such as configuration + files, mail queue files, and data files. See the NON-SHARED FILES sec- + tion below for a list of per-instance files. + + Before Postfix multi-instance support was implemented, the executables, + manpages, etc., have always been maintained as part of the default + Postfix instance. + + With multi-instance support, we simply continue to do this. Specifi- + cally, a Postfix instance will not check or update shared files when + that instance's config_directory value is listed with the default + main.cf file's multi_instance_directories parameter. + + The consequence of this approach is that the default Postfix instance + should be checked and updated before any other instances. MULTI-INSTANCE API SUMMARY - Only the multi-instance manager implements support for the - multi_instance_enable configuration parameter. The multi- - instance manager will start only Postfix instances whose - main.cf file has "multi_instance_enable = yes". A setting - of "no" allows a Postfix instance to be tested by hand. - - The postfix(1) command operates on only one Postfix - instance when the -c option is specified, or when - MAIL_CONFIG is present in the process environment. This is - necessary to terminate recursion. - - Otherwise, when the multi_instance_directories parameter - value is non-empty, the postfix(1) command executes the - command specified with the multi_instance_wrapper parame- - ter, instead of executing the commands in postfix-script. - - The multi-instance manager skips commands such as "stop" - or "reload" that require a running Postfix instance, when - an instance does not have "multi_instance_enable = yes". - This avoids false error messages. - - The multi-instance manager replaces a "start" command by - "check" when a Postfix instance's main.cf file does not - have "multi_instance_enable = yes". This substitution - ensures that problems will be reported even when the - instance is disabled. - - No Postfix command or script will update or check shared - files when its config_directory value is listed in the - default main.cf's multi_instance_directories parameter - value. Therefore, the default instance should be checked - and updated before any Postfix instances that depend on - it. - - Set-gid commands such as postdrop(1) and postqueue(1) - effectively append the multi_instance_directories parame- - ter value to the legacy alternate_config_directories - parameter value. The commands use this information to - determine whether a -c option or MAIL_CONFIG environment + Only the multi-instance manager implements support for the + multi_instance_enable configuration parameter. The multi-instance man- + ager will start only Postfix instances whose main.cf file has + "multi_instance_enable = yes". A setting of "no" allows a Postfix + instance to be tested by hand. + + The postfix(1) command operates on only one Postfix instance when the + -c option is specified, or when MAIL_CONFIG is present in the process + environment. This is necessary to terminate recursion. + + Otherwise, when the multi_instance_directories parameter value is non- + empty, the postfix(1) command executes the command specified with the + multi_instance_wrapper parameter, instead of executing the commands in + postfix-script. + + The multi-instance manager skips commands such as "stop" or "reload" + that require a running Postfix instance, when an instance does not have + "multi_instance_enable = yes". This avoids false error messages. + + The multi-instance manager replaces a "start" command by "check" when a + Postfix instance's main.cf file does not have "multi_instance_enable = + yes". This substitution ensures that problems will be reported even + when the instance is disabled. + + No Postfix command or script will update or check shared files when its + config_directory value is listed in the default main.cf's + multi_instance_directories parameter value. Therefore, the default + instance should be checked and updated before any Postfix instances + that depend on it. + + Set-gid commands such as postdrop(1) and postqueue(1) effectively + append the multi_instance_directories parameter value to the legacy + alternate_config_directories parameter value. The commands use this + information to determine whether a -c option or MAIL_CONFIG environment setting specifies a legitimate value. - The legacy alternate_config_directories parameter remains - necessary for non-default Postfix instances that are run- - ning different versions of Postfix, or that are not man- - aged together with the default Postfix instance. + The legacy alternate_config_directories parameter remains necessary for + non-default Postfix instances that are running different versions of + Postfix, or that are not managed together with the default Postfix + instance. ENVIRONMENT VARIABLES MAIL_CONFIG - When present, this forces the postfix(1) command to - operate only on the specified Postfix instance. - This environment variable is exported by the post- - fix(1) -c option, so that postfix(1) commands in - descendant processes will work correctly. + When present, this forces the postfix(1) command to operate only + on the specified Postfix instance. This environment variable is + exported by the postfix(1) -c option, so that postfix(1) com- + mands in descendant processes will work correctly. CONFIGURATION PARAMETERS - The text below provides only a parameter summary. See - postconf(5) for more details. + The text below provides only a parameter summary. See postconf(5) for + more details. multi_instance_directories (empty) - An optional list of non-default Postfix configura- - tion directories; these directories belong to addi- - tional Postfix instances that share the Postfix - executable files and documentation with the default - Postfix instance, and that are started, stopped, + An optional list of non-default Postfix configuration directo- + ries; these directories belong to additional Postfix instances + that share the Postfix executable files and documentation with + the default Postfix instance, and that are started, stopped, etc., together with the default Postfix instance. multi_instance_wrapper (empty) - The pathname of a multi-instance manager command - that the postfix(1) command invokes when the - multi_instance_directories parameter value is non- - empty. + The pathname of a multi-instance manager command that the post- + fix(1) command invokes when the multi_instance_directories + parameter value is non-empty. multi_instance_name (empty) - The optional instance name of this Postfix - instance. + The optional instance name of this Postfix instance. multi_instance_group (empty) - The optional instance group name of this Postfix - instance. + The optional instance group name of this Postfix instance. multi_instance_enable (no) - Allow this Postfix instance to be started, stopped, - etc., by a multi-instance manager. + Allow this Postfix instance to be started, stopped, etc., by a + multi-instance manager. NON-SHARED FILES config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. data_directory (see 'postconf -d' output) - The directory with Postfix-writable data files (for - example: caches, pseudo-random numbers). + The directory with Postfix-writable data files (for example: + caches, pseudo-random numbers). queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. SEE ALSO postfix(1) Postfix control program @@ -282,8 +255,7 @@ POSTFIX-WRAPPER(5) POSTFIX-WRAPPER(5) $daemon_directory/postfix-wrapper simple multi-instance manager LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/postfix.1.html b/postfix/html/postfix.1.html index a15d86474..b002433d1 100644 --- a/postfix/html/postfix.1.html +++ b/postfix/html/postfix.1.html @@ -13,246 +13,219 @@ POSTFIX(1) POSTFIX(1) postfix [-Dv] [-c config_dir] command DESCRIPTION - This command is reserved for the superuser. To submit - mail, use the Postfix sendmail(1) command. + This command is reserved for the superuser. To submit mail, use the + Postfix sendmail(1) command. - The postfix(1) command controls the operation of the Post- - fix mail system: start or stop the master(8) daemon, do a - health check, and other maintenance. + The postfix(1) command controls the operation of the Postfix mail sys- + tem: start or stop the master(8) daemon, do a health check, and other + maintenance. - By default, the postfix(1) command sets up a standardized - environment and runs the postfix-script shell script to do - the actual work. + By default, the postfix(1) command sets up a standardized environment + and runs the postfix-script shell script to do the actual work. - However, when support for multiple Postfix instances is - configured, postfix(1) executes the command specified with - the multi_instance_wrapper configuration parameter. This - command will execute the command for each applicable Post- - fix instance. + However, when support for multiple Postfix instances is configured, + postfix(1) executes the command specified with the multi_instance_wrap- + per configuration parameter. This command will execute the command for + each applicable Postfix instance. The following commands are implemented: - check Warn about bad directory/file ownership or permis- - sions, and create missing directories. + check Warn about bad directory/file ownership or permissions, and cre- + ate missing directories. - start Start the Postfix mail system. This also runs the - configuration check described above. + start Start the Postfix mail system. This also runs the configuration + check described above. - stop Stop the Postfix mail system in an orderly fashion. - If possible, running processes are allowed to ter- - minate at their earliest convenience. + stop Stop the Postfix mail system in an orderly fashion. If possible, + running processes are allowed to terminate at their earliest + convenience. - Note: in order to refresh the Postfix mail system - after a configuration change, do not use the start - and stop commands in succession. Use the reload - command instead. + Note: in order to refresh the Postfix mail system after a con- + figuration change, do not use the start and stop commands in + succession. Use the reload command instead. - abort Stop the Postfix mail system abruptly. Running pro- - cesses are signaled to stop immediately. + abort Stop the Postfix mail system abruptly. Running processes are + signaled to stop immediately. - flush Force delivery: attempt to deliver every message in - the deferred mail queue. Normally, attempts to - deliver delayed mail happen at regular intervals, - the interval doubling after each failed attempt. + flush Force delivery: attempt to deliver every message in the deferred + mail queue. Normally, attempts to deliver delayed mail happen at + regular intervals, the interval doubling after each failed + attempt. - Warning: flushing undeliverable mail frequently - will result in poor delivery performance of all - other mail. + Warning: flushing undeliverable mail frequently will result in + poor delivery performance of all other mail. - reload Re-read configuration files. Running processes ter- - minate at their earliest convenience. + reload Re-read configuration files. Running processes terminate at + their earliest convenience. - status Indicate if the Postfix mail system is currently - running. + status Indicate if the Postfix mail system is currently running. set-permissions [name=value ...] - Set the ownership and permissions of Postfix - related files and directories, as specified in the - postfix-files file. + Set the ownership and permissions of Postfix related files and + directories, as specified in the postfix-files file. - Specify name=value to override and update specific - main.cf configuration parameters. Use this, for - example, to change the mail_owner or setgid_group - setting for an already installed Postfix system. + Specify name=value to override and update specific main.cf con- + figuration parameters. Use this, for example, to change the + mail_owner or setgid_group setting for an already installed + Postfix system. - This feature is available in Postfix 2.1 and later. - With Postfix 2.0 and earlier, use "$config_direc- - tory/post-install set-permissions". + This feature is available in Postfix 2.1 and later. With Post- + fix 2.0 and earlier, use "$config_directory/post-install set- + permissions". upgrade-configuration [name=value ...] - Update the main.cf and master.cf files with infor- - mation that Postfix needs in order to run: add or - update services, and add or update configuration - parameter settings. + Update the main.cf and master.cf files with information that + Postfix needs in order to run: add or update services, and add + or update configuration parameter settings. - Specify name=value to override and update specific - main.cf configuration parameters. + Specify name=value to override and update specific main.cf con- + figuration parameters. - This feature is available in Postfix 2.1 and later. - With Postfix 2.0 and earlier, use "$config_direc- - tory/post-install upgrade-configuration". + This feature is available in Postfix 2.1 and later. With Post- + fix 2.0 and earlier, use "$config_directory/post-install + upgrade-configuration". The following options are implemented: -c config_dir - Read the main.cf and master.cf configuration files - in the named directory instead of the default con- - figuration directory. Use this to distinguish - between multiple Postfix instances on the same - host. - - With Postfix 2.6 and later, this option forces the - postfix(1) command to operate on the specified - Postfix instance only. This behavior is inherited - by postfix(1) commands that run as a descendant of - the current process. + Read the main.cf and master.cf configuration files in the named + directory instead of the default configuration directory. Use + this to distinguish between multiple Postfix instances on the + same host. + + With Postfix 2.6 and later, this option forces the postfix(1) + command to operate on the specified Postfix instance only. This + behavior is inherited by postfix(1) commands that run as a + descendant of the current process. -D (with postfix start only) - Run each Postfix daemon under control of a debugger - as specified via the debugger_command configuration - parameter. + Run each Postfix daemon under control of a debugger as specified + via the debugger_command configuration parameter. - -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly - verbose. + -v Enable verbose logging for debugging purposes. Multiple -v + options make the software increasingly verbose. ENVIRONMENT - The postfix(1) command exports the following environment - variables before executing the postfix-script file: + The postfix(1) command exports the following environment variables + before executing the postfix-script file: MAIL_CONFIG - This is set when the -c command-line option is - present. + This is set when the -c command-line option is present. - With Postfix 2.6 and later, this environment vari- - able forces the postfix(1) command to operate on - the specified Postfix instance only. This behavior - is inherited by postfix(1) commands that run as a - descendant of the current process. + With Postfix 2.6 and later, this environment variable forces the + postfix(1) command to operate on the specified Postfix instance + only. This behavior is inherited by postfix(1) commands that + run as a descendant of the current process. MAIL_VERBOSE - This is set when the -v command-line option is - present. + This is set when the -v command-line option is present. MAIL_DEBUG - This is set when the -D command-line option is - present. + This is set when the -D command-line option is present. CONFIGURATION PARAMETERS - The following main.cf configuration parameters are - exported as environment variables with the same names: + The following main.cf configuration parameters are exported as environ- + ment variables with the same names: command_directory (see 'postconf -d' output) - The location of all postfix administrative com- - mands. + The location of all postfix administrative commands. daemon_directory (see 'postconf -d' output) - The directory with Postfix support programs and - daemon programs. + The directory with Postfix support programs and daemon programs. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. mail_owner (postfix) - The UNIX system account that owns the Postfix queue - and most Postfix daemon processes. + The UNIX system account that owns the Postfix queue and most + Postfix daemon processes. setgid_group (postdrop) - The group ownership of set-gid Postfix commands and - of group-writable Postfix directories. + The group ownership of set-gid Postfix commands and of group- + writable Postfix directories. sendmail_path (see 'postconf -d' output) - A Sendmail compatibility feature that specifies the - location of the Postfix sendmail(1) command. + A Sendmail compatibility feature that specifies the location of + the Postfix sendmail(1) command. newaliases_path (see 'postconf -d' output) - Sendmail compatibility feature that specifies the - location of the newaliases(1) command. + Sendmail compatibility feature that specifies the location of + the newaliases(1) command. mailq_path (see 'postconf -d' output) - Sendmail compatibility feature that specifies where - the Postfix mailq(1) command is installed. + Sendmail compatibility feature that specifies where the Postfix + mailq(1) command is installed. html_directory (see 'postconf -d' output) - The location of Postfix HTML files that describe - how to build, configure or operate a specific Post- - fix subsystem or feature. + The location of Postfix HTML files that describe how to build, + configure or operate a specific Postfix subsystem or feature. manpage_directory (see 'postconf -d' output) Where the Postfix manual pages are installed. readme_directory (see 'postconf -d' output) - The location of Postfix README files that describe - how to build, configure or operate a specific Post- - fix subsystem or feature. + The location of Postfix README files that describe how to build, + configure or operate a specific Postfix subsystem or feature. Available in Postfix version 2.5 and later: data_directory (see 'postconf -d' output) - The directory with Postfix-writable data files (for - example: caches, pseudo-random numbers). + The directory with Postfix-writable data files (for example: + caches, pseudo-random numbers). Other configuration parameters: config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. import_environment (see 'postconf -d' output) - The list of environment parameters that a Postfix - process will import from a non-Postfix parent - process. + The list of environment parameters that a Postfix process will + import from a non-Postfix parent process. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". Available in Postfix version 2.6 and later: multi_instance_directories (empty) - An optional list of non-default Postfix configura- - tion directories; these directories belong to addi- - tional Postfix instances that share the Postfix - executable files and documentation with the default - Postfix instance, and that are started, stopped, + An optional list of non-default Postfix configuration directo- + ries; these directories belong to additional Postfix instances + that share the Postfix executable files and documentation with + the default Postfix instance, and that are started, stopped, etc., together with the default Postfix instance. multi_instance_wrapper (empty) - The pathname of a multi-instance manager command - that the postfix(1) command invokes when the - multi_instance_directories parameter value is non- - empty. + The pathname of a multi-instance manager command that the post- + fix(1) command invokes when the multi_instance_directories + parameter value is non-empty. multi_instance_group (empty) - The optional instance group name of this Postfix - instance. + The optional instance group name of this Postfix instance. multi_instance_name (empty) - The optional instance name of this Postfix - instance. + The optional instance name of this Postfix instance. multi_instance_enable (no) - Allow this Postfix instance to be started, stopped, - etc., by a multi-instance manager. + Allow this Postfix instance to be started, stopped, etc., by a + multi-instance manager. FILES - Prior to Postfix version 2.6, all of the following files - were in $config_directory. Some files are now in $dae- - mon_directory so that they can be shared among multiple - instances that run the same Postfix version. + Prior to Postfix version 2.6, all of the following files were in $con- + fig_directory. Some files are now in $daemon_directory so that they can + be shared among multiple instances that run the same Postfix version. - Use the command "postconf config_directory" or "postconf - daemon_directory" to expand the names into their actual - values. + Use the command "postconf config_directory" or "postconf daemon_direc- + tory" to expand the names into their actual values. $config_directory/main.cf, Postfix configuration parameters $config_directory/master.cf, Postfix daemon processes @@ -347,8 +320,7 @@ POSTFIX(1) POSTFIX(1) QSHAPE_README, Postfix queue analysis LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/postkick.1.html b/postfix/html/postkick.1.html index dd673b0e5..df11f9170 100644 --- a/postfix/html/postkick.1.html +++ b/postfix/html/postkick.1.html @@ -13,39 +13,33 @@ POSTKICK(1) POSTKICK(1) postkick [-c config_dir] [-v] class service request DESCRIPTION - The postkick(1) command sends request to the specified - service over a local transport channel. This command - makes Postfix private IPC accessible for use in, for exam- - ple, shell scripts. + The postkick(1) command sends request to the specified service over a + local transport channel. This command makes Postfix private IPC acces- + sible for use in, for example, shell scripts. Options: -c config_dir - Read the main.cf configuration file in the named - directory instead of the default configuration - directory. + Read the main.cf configuration file in the named directory + instead of the default configuration directory. - -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly - verbose. + -v Enable verbose logging for debugging purposes. Multiple -v + options make the software increasingly verbose. Arguments: - class Name of a class of local transport channel end- - points, either public (accessible by any local - user) or private (administrative access only). + class Name of a class of local transport channel endpoints, either + public (accessible by any local user) or private (administrative + access only). service - The name of a local transport endpoint within the - named class. + The name of a local transport endpoint within the named class. request - A string. The list of valid requests is service- - specific. + A string. The list of valid requests is service-specific. DIAGNOSTICS - Problems and transactions are logged to the standard error - stream. + Problems and transactions are logged to the standard error stream. ENVIRONMENT MAIL_CONFIG @@ -55,23 +49,20 @@ POSTKICK(1) POSTKICK(1) Enable verbose logging for debugging purposes. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. The text below provides only a parameter - summary. See postconf(5) for more details including exam- - ples. + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- + conf(5) for more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. application_event_drain_time (100s) - How long the postkick(1) command waits for a - request to enter the Postfix daemon process input - buffer before giving up. + How long the postkick(1) command waits for a request to enter + the Postfix daemon process input buffer before giving up. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. FILES /var/spool/postfix/private, private class endpoints @@ -83,8 +74,7 @@ POSTKICK(1) POSTKICK(1) postconf(5), configuration parameters LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/postlock.1.html b/postfix/html/postlock.1.html index dd39dc865..78795086b 100644 --- a/postfix/html/postlock.1.html +++ b/postfix/html/postlock.1.html @@ -14,46 +14,41 @@ POSTLOCK(1) POSTLOCK(1) [-v] file command... DESCRIPTION - The postlock(1) command locks file for exclusive access, - and executes command. The locking method is compatible - with the Postfix UNIX-style local delivery agent. + The postlock(1) command locks file for exclusive access, and executes + command. The locking method is compatible with the Postfix UNIX-style + local delivery agent. Options: -c config_dir - Read the main.cf configuration file in the named - directory instead of the default configuration - directory. + Read the main.cf configuration file in the named directory + instead of the default configuration directory. -l lock_style - Override the locking method specified via the mail- - box_delivery_lock configuration parameter (see - below). + Override the locking method specified via the mailbox_deliv- + ery_lock configuration parameter (see below). - -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly - verbose. + -v Enable verbose logging for debugging purposes. Multiple -v + options make the software increasingly verbose. Arguments: - file A mailbox file. The user should have read/write - permission. + file A mailbox file. The user should have read/write permission. command... - The command to execute while file is locked for - exclusive access. The command is executed - directly, i.e. without interpretation by a shell - command interpreter. + The command to execute while file is locked for exclusive + access. The command is executed directly, i.e. without inter- + pretation by a shell command interpreter. DIAGNOSTICS - The result status is 75 (EX_TEMPFAIL) when postlock(1) - could not perform the requested operation. Otherwise, the - exit status is the exit status from the command. + The result status is 75 (EX_TEMPFAIL) when postlock(1) could not per- + form the requested operation. Otherwise, the exit status is the exit + status from the command. BUGS - With remote file systems, the ability to acquire a lock - does not necessarily eliminate access conflicts. Avoid - file access by processes running on different machines. + With remote file systems, the ability to acquire a lock does not neces- + sarily eliminate access conflicts. Avoid file access by processes run- + ning on different machines. ENVIRONMENT MAIL_CONFIG @@ -63,48 +58,44 @@ POSTLOCK(1) POSTLOCK(1) Enable verbose logging for debugging purposes. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. The text below provides only a parameter - summary. See postconf(5) for more details including exam- - ples. + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- + conf(5) for more details including examples. LOCKING CONTROLS deliver_lock_attempts (20) - The maximal number of attempts to acquire an exclu- - sive lock on a mailbox file or bounce(8) logfile. + The maximal number of attempts to acquire an exclusive lock on a + mailbox file or bounce(8) logfile. deliver_lock_delay (1s) - The time between attempts to acquire an exclusive - lock on a mailbox file or bounce(8) logfile. + The time between attempts to acquire an exclusive lock on a + mailbox file or bounce(8) logfile. stale_lock_time (500s) - The time after which a stale exclusive mailbox - lockfile is removed. + The time after which a stale exclusive mailbox lockfile is + removed. mailbox_delivery_lock (see 'postconf -d' output) - How to lock a UNIX-style local(8) mailbox before - attempting delivery. + How to lock a UNIX-style local(8) mailbox before attempting + delivery. RESOURCE AND RATE CONTROLS fork_attempts (5) - The maximal number of attempts to fork() a child - process. + The maximal number of attempts to fork() a child process. fork_delay (1s) - The delay between attempts to fork() a child - process. + The delay between attempts to fork() a child process. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. SEE ALSO postconf(5), configuration parameters LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/postlog.1.html b/postfix/html/postlog.1.html index 1f428d0c1..3ecbcbc08 100644 --- a/postfix/html/postlog.1.html +++ b/postfix/html/postlog.1.html @@ -10,74 +10,67 @@ POSTLOG(1) POSTLOG(1) postlog - Postfix-compatible logging utility SYNOPSIS - postlog [-iv] [-c config_dir] [-p priority] [-t tag] - [text...] + postlog [-iv] [-c config_dir] [-p priority] [-t tag] [text...] DESCRIPTION - The postlog(1) command implements a Postfix-compatible - logging interface for use in, for example, shell scripts. + The postlog(1) command implements a Postfix-compatible logging inter- + face for use in, for example, shell scripts. - By default, postlog(1) logs the text given on the command - line as one record. If no text is specified on the command - line, postlog(1) reads from standard input and logs each - input line as one record. + By default, postlog(1) logs the text given on the command line as one + record. If no text is specified on the command line, postlog(1) reads + from standard input and logs each input line as one record. - Logging is sent to syslogd(8); when the standard error - stream is connected to a terminal, logging is sent there - as well. + Logging is sent to syslogd(8); when the standard error stream is con- + nected to a terminal, logging is sent there as well. The following options are implemented: -c config_dir - Read the main.cf configuration file in the named - directory instead of the default configuration - directory. + Read the main.cf configuration file in the named directory + instead of the default configuration directory. -i Include the process ID in the logging tag. -p priority - Specifies the logging severity: info (default), - warn, error, fatal, or panic. + Specifies the logging severity: info (default), warn, error, + fatal, or panic. - -t tag Specifies the logging tag, that is, the identifying - name that appears at the beginning of each logging - record. A default tag is used when none is speci- - fied. + -t tag Specifies the logging tag, that is, the identifying name that + appears at the beginning of each logging record. A default tag + is used when none is specified. - -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly - verbose. + -v Enable verbose logging for debugging purposes. Multiple -v + options make the software increasingly verbose. ENVIRONMENT MAIL_CONFIG Directory with the main.cf file. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. + The following main.cf parameters are especially relevant to this pro- + gram. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". SEE ALSO postconf(5), configuration parameters syslogd(8), syslog daemon LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/postmap.1.html b/postfix/html/postmap.1.html index df327c442..55d1e9b2b 100644 --- a/postfix/html/postmap.1.html +++ b/postfix/html/postmap.1.html @@ -14,21 +14,18 @@ POSTMAP(1) POSTMAP(1) [file_type:]file_name ... DESCRIPTION - The postmap(1) command creates or queries one or more - Postfix lookup tables, or updates an existing one. The - input and output file formats are expected to be compati- - ble with: + The postmap(1) command creates or queries one or more Postfix lookup + tables, or updates an existing one. The input and output file formats + are expected to be compatible with: makemap file_type file_name < file_name - If the result files do not exist they will be created with - the same group and other read permissions as their source - file. + If the result files do not exist they will be created with the same + group and other read permissions as their source file. - While the table update is in progress, signal delivery is - postponed, and an exclusive, advisory, lock is placed on - the entire table, in order to avoid surprises in spectator - processes. + While the table update is in progress, signal delivery is postponed, + and an exclusive, advisory, lock is placed on the entire table, in + order to avoid surprises in spectator processes. INPUT FILE FORMAT The format of a lookup table input file is as follows: @@ -37,203 +34,172 @@ POSTMAP(1) POSTMAP(1) key whitespace value - o Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character - is a `#'. - - o A logical line starts with non-whitespace text. A - line that starts with whitespace continues a logi- - cal line. - - The key and value are processed as is, except that sur- - rounding white space is stripped off. Unlike with Postfix - alias databases, quotes cannot be used to protect lookup - keys that contain special characters such as `#' or white- - space. - - By default the lookup key is mapped to lowercase to make - the lookups case insensitive; as of Postfix 2.3 this case - folding happens only with tables whose lookup keys are - fixed-case strings such as btree:, dbm: or hash:. With - earlier versions, the lookup key is folded even with - tables where a lookup field can match both upper and lower - case text, such as regexp: and pcre:. This resulted in - loss of information with $number substitutions. + o Empty lines and whitespace-only lines are ignored, as are lines + whose first non-whitespace character is a `#'. + + o A logical line starts with non-whitespace text. A line that + starts with whitespace continues a logical line. + + The key and value are processed as is, except that surrounding white + space is stripped off. Unlike with Postfix alias databases, quotes can- + not be used to protect lookup keys that contain special characters such + as `#' or whitespace. + + By default the lookup key is mapped to lowercase to make the lookups + case insensitive; as of Postfix 2.3 this case folding happens only with + tables whose lookup keys are fixed-case strings such as btree:, dbm: or + hash:. With earlier versions, the lookup key is folded even with tables + where a lookup field can match both upper and lower case text, such as + regexp: and pcre:. This resulted in loss of information with $number + substitutions. COMMAND-LINE ARGUMENTS - -b Enable message body query mode. When reading lookup - keys from standard input with "-q -", process the - input as if it is an email message in RFC 2822 for- - mat. Each line of body content becomes one lookup - key. - - By default, the -b option starts generating lookup - keys at the first non-header line, and stops when - the end of the message is reached. To simulate - body_checks(5) processing, enable MIME parsing with - -m. With this, the -b option generates no body- - style lookup keys for attachment MIME headers and - for attached message/* headers. - - This feature is available in Postfix version 2.6 - and later. + -b Enable message body query mode. When reading lookup keys from + standard input with "-q -", process the input as if it is an + email message in RFC 2822 format. Each line of body content + becomes one lookup key. + + By default, the -b option starts generating lookup keys at the + first non-header line, and stops when the end of the message is + reached. To simulate body_checks(5) processing, enable MIME + parsing with -m. With this, the -b option generates no body- + style lookup keys for attachment MIME headers and for attached + message/* headers. + + This feature is available in Postfix version 2.6 and later. -c config_dir - Read the main.cf configuration file in the named - directory instead of the default configuration - directory. - - -d key Search the specified maps for key and remove one - entry per map. The exit status is zero when the - requested information was found. - - If a key value of - is specified, the program reads - key values from the standard input stream. The exit - status is zero when at least one of the requested - keys was found. - - -f Do not fold the lookup key to lower case while cre- - ating or querying a table. - - With Postfix version 2.3 and later, this option has - no effect for regular expression tables. There, - case folding is controlled by appending a flag to a - pattern. - - -h Enable message header query mode. When reading - lookup keys from standard input with "-q -", - process the input as if it is an email message in - RFC 2822 format. Each logical header line becomes - one lookup key. A multi-line header becomes one - lookup key with one or more embedded newline char- - acters. - - By default, the -h option generates lookup keys - until the first non-header line is reached. To - simulate header_checks(5) processing, enable MIME - parsing with -m. With this, the -h option also gen- - erates header-style lookup keys for attachment MIME + Read the main.cf configuration file in the named directory + instead of the default configuration directory. + + -d key Search the specified maps for key and remove one entry per map. + The exit status is zero when the requested information was + found. + + If a key value of - is specified, the program reads key values + from the standard input stream. The exit status is zero when at + least one of the requested keys was found. + + -f Do not fold the lookup key to lower case while creating or + querying a table. + + With Postfix version 2.3 and later, this option has no effect + for regular expression tables. There, case folding is controlled + by appending a flag to a pattern. + + -h Enable message header query mode. When reading lookup keys from + standard input with "-q -", process the input as if it is an + email message in RFC 2822 format. Each logical header line + becomes one lookup key. A multi-line header becomes one lookup + key with one or more embedded newline characters. + + By default, the -h option generates lookup keys until the first + non-header line is reached. To simulate header_checks(5) pro- + cessing, enable MIME parsing with -m. With this, the -h option + also generates header-style lookup keys for attachment MIME headers and for attached message/* headers. - This feature is available in Postfix version 2.6 - and later. + This feature is available in Postfix version 2.6 and later. - -i Incremental mode. Read entries from standard input - and do not truncate an existing database. By - default, postmap(1) creates a new database from the - entries in file_name. + -i Incremental mode. Read entries from standard input and do not + truncate an existing database. By default, postmap(1) creates a + new database from the entries in file_name. -m Enable MIME parsing with "-b" and "-h". - This feature is available in Postfix version 2.6 - and later. - - -N Include the terminating null character that termi- - nates lookup keys and values. By default, - postmap(1) does whatever is the default for the - host operating system. - - -n Don't include the terminating null character that - terminates lookup keys and values. By default, - postmap(1) does whatever is the default for the - host operating system. - - -o Do not release root privileges when processing a - non-root input file. By default, postmap(1) drops - root privileges and runs as the source file owner - instead. - - -p Do not inherit the file access permissions from the - input file when creating a new file. Instead, cre- - ate a new file with default access permissions - (mode 0644). - - -q key Search the specified maps for key and write the - first value found to the standard output stream. - The exit status is zero when the requested informa- - tion was found. - - If a key value of - is specified, the program reads - key values from the standard input stream and - writes one line of key value output for each key - that was found. The exit status is zero when at - least one of the requested keys was found. + This feature is available in Postfix version 2.6 and later. + + -N Include the terminating null character that terminates lookup + keys and values. By default, postmap(1) does whatever is the + default for the host operating system. + + -n Don't include the terminating null character that terminates + lookup keys and values. By default, postmap(1) does whatever is + the default for the host operating system. + + -o Do not release root privileges when processing a non-root input + file. By default, postmap(1) drops root privileges and runs as + the source file owner instead. + + -p Do not inherit the file access permissions from the input file + when creating a new file. Instead, create a new file with + default access permissions (mode 0644). + + -q key Search the specified maps for key and write the first value + found to the standard output stream. The exit status is zero + when the requested information was found. + + If a key value of - is specified, the program reads key values + from the standard input stream and writes one line of key value + output for each key that was found. The exit status is zero when + at least one of the requested keys was found. - -r When updating a table, do not complain about - attempts to update existing entries, and make those - updates anyway. + -r When updating a table, do not complain about attempts to update + existing entries, and make those updates anyway. - -s Retrieve all database elements, and write one line - of key value output for each element. The elements - are printed in database order, which is not neces- - sarily the same as the original input order. + -s Retrieve all database elements, and write one line of key value + output for each element. The elements are printed in database + order, which is not necessarily the same as the original input + order. - This feature is available in Postfix version 2.2 - and later, and is not available for all database - types. + This feature is available in Postfix version 2.2 and later, and + is not available for all database types. - -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly - verbose. + -v Enable verbose logging for debugging purposes. Multiple -v + options make the software increasingly verbose. - -w When updating a table, do not complain about - attempts to update existing entries, and ignore - those attempts. + -w When updating a table, do not complain about attempts to update + existing entries, and ignore those attempts. Arguments: file_type - The database type. To find out what types are sup- - ported, use the "postconf -m" command. + The database type. To find out what types are supported, use the + "postconf -m" command. - The postmap(1) command can query any supported file - type, but it can create only the following file - types: + The postmap(1) command can query any supported file type, but it + can create only the following file types: - btree The output file is a btree file, named - file_name.db. This is available on systems - with support for db databases. + btree The output file is a btree file, named file_name.db. + This is available on systems with support for db data- + bases. - cdb The output consists of one file, named - file_name.cdb. This is available on systems - with support for cdb databases. + cdb The output consists of one file, named file_name.cdb. + This is available on systems with support for cdb data- + bases. - dbm The output consists of two files, named - file_name.pag and file_name.dir. This is - available on systems with support for dbm - databases. + dbm The output consists of two files, named file_name.pag and + file_name.dir. This is available on systems with support + for dbm databases. - hash The output file is a hashed file, named - file_name.db. This is available on systems - with support for db databases. + hash The output file is a hashed file, named file_name.db. + This is available on systems with support for db data- + bases. - fail A table that reliably fails all requests. - The lookup table name is used for logging - only. This table exists to simplify Postfix - error tests. + fail A table that reliably fails all requests. The lookup ta- + ble name is used for logging only. This table exists to + simplify Postfix error tests. - sdbm The output consists of two files, named - file_name.pag and file_name.dir. This is - available on systems with support for sdbm - databases. + sdbm The output consists of two files, named file_name.pag and + file_name.dir. This is available on systems with support + for sdbm databases. - When no file_type is specified, the software uses - the database type specified via the default_data- - base_type configuration parameter. + When no file_type is specified, the software uses the database + type specified via the default_database_type configuration + parameter. file_name - The name of the lookup table source file when - rebuilding a database. + The name of the lookup table source file when rebuilding a data- + base. DIAGNOSTICS - Problems are logged to the standard error stream and to - syslogd(8). No output means that no problems were - detected. Duplicate entries are skipped and are flagged - with a warning. + Problems are logged to the standard error stream and to syslogd(8). No + output means that no problems were detected. Duplicate entries are + skipped and are flagged with a warning. - postmap(1) terminates with zero exit status in case of - success (including successful "postmap -q" lookup) and - terminates with non-zero exit status in case of failure. + postmap(1) terminates with zero exit status in case of success (includ- + ing successful "postmap -q" lookup) and terminates with non-zero exit + status in case of failure. ENVIRONMENT MAIL_CONFIG @@ -243,34 +209,33 @@ POSTMAP(1) POSTMAP(1) Enable verbose logging for debugging purposes. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. The text below provides only a parameter - summary. See postconf(5) for more details including exam- - ples. + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- + conf(5) for more details including examples. berkeley_db_create_buffer_size (16777216) - The per-table I/O buffer size for programs that - create Berkeley DB hash or btree tables. + The per-table I/O buffer size for programs that create Berkeley + DB hash or btree tables. berkeley_db_read_buffer_size (131072) - The per-table I/O buffer size for programs that - read Berkeley DB hash or btree tables. + The per-table I/O buffer size for programs that read Berkeley DB + hash or btree tables. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. default_database_type (see 'postconf -d' output) - The default database type for use in newaliases(1), - postalias(1) and postmap(1) commands. + The default database type for use in newaliases(1), postalias(1) + and postmap(1) commands. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". SEE ALSO postalias(1), create/update/query alias database @@ -282,8 +247,7 @@ POSTMAP(1) POSTMAP(1) DATABASE_README, Postfix lookup table overview LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/postmulti.1.html b/postfix/html/postmulti.1.html index 465ec1fab..a177f8f5a 100644 --- a/postfix/html/postmulti.1.html +++ b/postfix/html/postmulti.1.html @@ -24,11 +24,11 @@ POSTMULTI(1) POSTMULTI(1) LIFE-CYCLE MANAGEMENT: - postmulti -e create [-av] [-g group] [-i name] [-G group] - [-I name] [param=value ...] + postmulti -e create [-av] [-g group] [-i name] [-G group] [-I name] + [param=value ...] - postmulti -e import [-av] [-g group] [-i name] [-G group] - [-I name] [config_directory=/path] + postmulti -e import [-av] [-g group] [-i name] [-G group] [-I name] + [config_directory=/path] postmulti -e destroy [-v] -i name @@ -41,203 +41,177 @@ POSTMULTI(1) POSTMULTI(1) postmulti -e assign [-v] -i name [-I name] [-G group] DESCRIPTION - The postmulti(1) command allows a Postfix administrator to - manage multiple Postfix instances on a single host. + The postmulti(1) command allows a Postfix administrator to manage mul- + tiple Postfix instances on a single host. - postmulti(1) implements two fundamental modes of opera- - tion. In iterator mode, it executes the same command for - multiple Postfix instances. In life-cycle management - mode, it adds or deletes one instance, or changes the - multi-instance status of one instance. + postmulti(1) implements two fundamental modes of operation. In itera- + tor mode, it executes the same command for multiple Postfix instances. + In life-cycle management mode, it adds or deletes one instance, or + changes the multi-instance status of one instance. - Each mode of operation has its own command syntax. For - this reason, each mode is documented in separate sections - below. + Each mode of operation has its own command syntax. For this reason, + each mode is documented in separate sections below. BACKGROUND - A multi-instance configuration consists of one primary - Postfix instance, and one or more secondary instances - whose configuration directory pathnames are recorded in - the primary instance's main.cf file. Postfix instances - share program files and documentation, but have their own - configuration, queue and data directories. - - Currently, only the default Postfix instance can be used - as primary instance in a multi-instance configuration. The - postmulti(1) command does not currently support a -c - option to select an alternative primary instance, and - exits with a fatal error if the MAIL_CONFIG environment - variable is set to a non-default configuration directory. - - See the MULTI_INSTANCE_README tutorial for a more detailed - discussion of multi-instance management with postmulti(1). + A multi-instance configuration consists of one primary Postfix + instance, and one or more secondary instances whose configuration + directory pathnames are recorded in the primary instance's main.cf + file. Postfix instances share program files and documentation, but have + their own configuration, queue and data directories. + + Currently, only the default Postfix instance can be used as primary + instance in a multi-instance configuration. The postmulti(1) command + does not currently support a -c option to select an alternative primary + instance, and exits with a fatal error if the MAIL_CONFIG environment + variable is set to a non-default configuration directory. + + See the MULTI_INSTANCE_README tutorial for a more detailed discussion + of multi-instance management with postmulti(1). ITERATOR MODE - In iterator mode, postmulti performs the same operation on - all Postfix instances in turn. + In iterator mode, postmulti performs the same operation on all Postfix + instances in turn. - If multi-instance support is not enabled, the requested - command is performed just for the primary instance. + If multi-instance support is not enabled, the requested command is per- + formed just for the primary instance. Iterator mode implements the following command options: Instance selection - -a Perform the operation on all instances. This is the - default. + -a Perform the operation on all instances. This is the default. -g group - Perform the operation only for members of the named - group. + Perform the operation only for members of the named group. -i name - Perform the operation only for the instance with - the specified name. You can specify either the - instance name or the absolute pathname of the - instance's configuration directory. Specify "-" to - select the primary Postfix instance. + Perform the operation only for the instance with the specified + name. You can specify either the instance name or the absolute + pathname of the instance's configuration directory. Specify "-" + to select the primary Postfix instance. - -R Reverse the iteration order. This may be appropri- - ate when updating a multi-instance system, where - "sink" instances are started before "source" - instances. + -R Reverse the iteration order. This may be appropriate when updat- + ing a multi-instance system, where "sink" instances are started + before "source" instances. This option cannot be used with -p. List mode - -l List Postfix instances with their instance name, - instance group name, enable/disable status and con- - figuration directory. + -l List Postfix instances with their instance name, instance group + name, enable/disable status and configuration directory. Postfix-wrapper mode - -p Invoke postfix(1) to execute the specified command. - This option implements the postfix-wrapper(5) - interface. - - o With "start"-like commands, "postfix check" - is executed for instances that are not - enabled. The full list of commands is speci- - fied with the postmulti_start_commands - parameter. + -p Invoke postfix(1) to execute the specified command. This option + implements the postfix-wrapper(5) interface. - o With "stop"-like commands, the iteration - order is reversed, and disabled instances - are skipped. The full list of commands is - specified with the postmulti_stop_commands + o With "start"-like commands, "postfix check" is executed + for instances that are not enabled. The full list of com- + mands is specified with the postmulti_start_commands parameter. - o With "reload" and other commands that - require a started instance, disabled - instances are skipped. The full list of com- - mands is specified with the postmulti_con- - trol_commands parameter. + o With "stop"-like commands, the iteration order is + reversed, and disabled instances are skipped. The full + list of commands is specified with the post- + multi_stop_commands parameter. + + o With "reload" and other commands that require a started + instance, disabled instances are skipped. The full list + of commands is specified with the postmulti_control_com- + mands parameter. - o With "status" and other commands that don't - require a started instance, the command is - executed for all instances. + o With "status" and other commands that don't require a + started instance, the command is executed for all + instances. - The -p option can also be used interactively to - start/stop/etc. a named instance or instance - group. For example, to start just the instances in - the group "msa", invoke postmulti(1) as follows: + The -p option can also be used interactively to start/stop/etc. + a named instance or instance group. For example, to start just + the instances in the group "msa", invoke postmulti(1) as fol- + lows: # postmulti -g msa -p start Command mode - -x Execute the specified command for all Postfix - instances. The command runs with appropriate envi- - ronment settings for MAIL_CONFIG, command_direc- - tory, daemon_directory, config_directory, - queue_directory, data_directory, - multi_instance_name, multi_instance_group and - multi_instance_enable. + -x Execute the specified command for all Postfix instances. The + command runs with appropriate environment settings for MAIL_CON- + FIG, command_directory, daemon_directory, config_directory, + queue_directory, data_directory, multi_instance_name, + multi_instance_group and multi_instance_enable. Other options - -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly - verbose. + -v Enable verbose logging for debugging purposes. Multiple -v + options make the software increasingly verbose. LIFE-CYCLE MANAGEMENT MODE - With the -e option postmulti(1) can be used to add or - delete a Postfix instance, and to manage the multi- - instance status of an existing instance. + With the -e option postmulti(1) can be used to add or delete a Postfix + instance, and to manage the multi-instance status of an existing + instance. The following options are implemented: Existing instance selection - -a When creating or importing an instance, place the - new instance at the front of the secondary instance - list. + -a When creating or importing an instance, place the new instance + at the front of the secondary instance list. -g group - When creating or importing an instance, place the - new instance before the first secondary instance - that is a member of the specified group. + When creating or importing an instance, place the new instance + before the first secondary instance that is a member of the + specified group. -i name - When creating or importing an instance, place the - new instance before the matching secondary - instance. + When creating or importing an instance, place the new instance + before the matching secondary instance. - With other life-cycle operations, apply the opera- - tion to the named existing instance. Specify "-" - to select the primary Postfix instance. + With other life-cycle operations, apply the operation to the + named existing instance. Specify "-" to select the primary + Postfix instance. New or existing instance name assignment -I name - Assign the specified instance name to an existing - instance, newly-created instance, or imported - instance. Instance names other than "-" (which - makes the instance "nameless") must start with - "postfix-". This restriction reduces the likeli- - hood of name collisions with system files. + Assign the specified instance name to an existing instance, + newly-created instance, or imported instance. Instance names + other than "-" (which makes the instance "nameless") must start + with "postfix-". This restriction reduces the likelihood of + name collisions with system files. -G group - Assign the specified group name to an existing - instance or to a newly created or imported - instance. + Assign the specified group name to an existing instance or to a + newly created or imported instance. Instance creation/deletion/status change -e action - "Edit" managed instances. The following actions are - supported: + "Edit" managed instances. The following actions are supported: - init This command is required before postmulti(1) - can be used to manage Postfix instances. - The "postmulti -e init" command updates the - primary instance's main.cf file by setting: + init This command is required before postmulti(1) can be used + to manage Postfix instances. The "postmulti -e init" + command updates the primary instance's main.cf file by + setting: multi_instance_wrapper = ${command_directory}/postmulti -p -- multi_instance_enable = yes - You can set these by other means if you pre- - fer. - - create Create a new Postfix instance and add it to - the multi_instance_directories parameter of - the primary instance. The "-I name" option - is recommended to give the instance a short - name that is used to construct default val- - ues for the private directories of the new - instance. The "-G group" option may be spec- - ified to assign the instance to a group, - otherwise, the new instance is not a member - of any groups. - - The new instance main.cf is the stock - main.cf with the parameters that specify the - locations of shared files cloned from the - primary instance. For "nameless" instances, - you should manually adjust "syslog_name" to - yield a unique "logtag" starting with "post- - fix-" that will uniquely identify the - instance in the mail logs. It is simpler to - assign the instance a short name with the + You can set these by other means if you prefer. + + create Create a new Postfix instance and add it to the + multi_instance_directories parameter of the primary + instance. The "-I name" option is recommended to give + the instance a short name that is used to construct + default values for the private directories of the new + instance. The "-G group" option may be specified to + assign the instance to a group, otherwise, the new + instance is not a member of any groups. + + The new instance main.cf is the stock main.cf with the + parameters that specify the locations of shared files + cloned from the primary instance. For "nameless" + instances, you should manually adjust "syslog_name" to + yield a unique "logtag" starting with "postfix-" that + will uniquely identify the instance in the mail logs. It + is simpler to assign the instance a short name with the "-I name" option. - Optional "name=value" arguments specify the - instance config_directory, queue_directory - and data_directory. For example: + Optional "name=value" arguments specify the instance con- + fig_directory, queue_directory and data_directory. For + example: # postmulti -I postfix-mumble \ -G mygroup -e create \ @@ -245,170 +219,142 @@ POSTMULTI(1) POSTMULTI(1) queue_directory=/my/queue/dir \ data_directory=/my/data/dir - If any of these pathnames is not supplied, - the program attempts to generate the path- - name by taking the corresponding primary - instance pathname, and by replacing the last - pathname component by the value of the -I - option. - - If the instance configuration directory - already exists, and contains both a main.cf - and master.cf file, create will "import" the - instance as-is. For existing instances, cre- - ate and import are identical. - - import Import an existing instance into the list of - instances managed by the postmulti(1) multi- - instance manager. This adds the instance to - the multi_instance_directories list of the - primary instance. If the "-I name" option - is provided it specifies the new name for - the instance and is used to define a default - location for the instance configuration - directory (as with create above). The "-G - group" option may be used to assign the - instance to a group. Add a "config_direc- - tory=/path" argument to override a default - pathname based on "-I name". + If any of these pathnames is not supplied, the program + attempts to generate the pathname by taking the corre- + sponding primary instance pathname, and by replacing the + last pathname component by the value of the -I option. + + If the instance configuration directory already exists, + and contains both a main.cf and master.cf file, create + will "import" the instance as-is. For existing instances, + create and import are identical. + + import Import an existing instance into the list of instances + managed by the postmulti(1) multi-instance manager. This + adds the instance to the multi_instance_directories list + of the primary instance. If the "-I name" option is pro- + vided it specifies the new name for the instance and is + used to define a default location for the instance con- + figuration directory (as with create above). The "-G + group" option may be used to assign the instance to a + group. Add a "config_directory=/path" argument to over- + ride a default pathname based on "-I name". destroy - Destroy a secondary Postfix instance. To be - a candidate for destruction an instance must - be disabled, stopped and its queue must not - contain any messages. Attempts to destroy - the primary Postfix instance trigger a fatal + Destroy a secondary Postfix instance. To be a candidate + for destruction an instance must be disabled, stopped and + its queue must not contain any messages. Attempts to + destroy the primary Postfix instance trigger a fatal error, without destroying the instance. - The instance is removed from the primary - instance main.cf file's alternate_con- - fig_directories parameter and its data, - queue and configuration directories are - cleaned of files and directories created by - the Postfix system. The main.cf and mas- - ter.cf files are removed from the configura- - tion directory even if they have been modi- - fied since initial creation. Finally, the - instance is "deported" from the list of man- - aged instances. - - If other files are present in instance pri- - vate directories, the directories may not be - fully removed, a warning is logged to alert - the administrator. It is expected that an - instance built using "fresh" directories via - the create action will be fully removed by - the destroy action (if first disabled). If - the instance configuration and queue direc- - tories are populated with additional files - (access and rewriting tables, chroot jail - content, etc.) the instance directories will - not be fully removed. - - The destroy action triggers potentially dan- - gerous file removal operations. Make sure - the instance's data, queue and configuration - directories are set correctly and do not - contain any valuable files. - - deport Deport a secondary instance from the list of - managed instances. This deletes the instance - configuration directory from the primary - instance's multi_instance_directories list, - but does not remove any files or directo- - ries. - - assign Assign a new instance name or a new group - name to the selected instance. Use "-G -" - to specify "no group" and "-I -" to specify - "no name". If you choose to make an - instance "nameless", set a suitable sys- - log_name in the corresponding main.cf file. - - enable Mark the selected instance as enabled. This - just sets the multi_instance_enable parame- - ter to "yes" in the instance's main.cf file. + The instance is removed from the primary instance main.cf + file's alternate_config_directories parameter and its + data, queue and configuration directories are cleaned of + files and directories created by the Postfix system. The + main.cf and master.cf files are removed from the configu- + ration directory even if they have been modified since + initial creation. Finally, the instance is "deported" + from the list of managed instances. + + If other files are present in instance private directo- + ries, the directories may not be fully removed, a warning + is logged to alert the administrator. It is expected that + an instance built using "fresh" directories via the cre- + ate action will be fully removed by the destroy action + (if first disabled). If the instance configuration and + queue directories are populated with additional files + (access and rewriting tables, chroot jail content, etc.) + the instance directories will not be fully removed. + + The destroy action triggers potentially dangerous file + removal operations. Make sure the instance's data, queue + and configuration directories are set correctly and do + not contain any valuable files. + + deport Deport a secondary instance from the list of managed + instances. This deletes the instance configuration direc- + tory from the primary instance's multi_instance_directo- + ries list, but does not remove any files or directories. + + assign Assign a new instance name or a new group name to the + selected instance. Use "-G -" to specify "no group" and + "-I -" to specify "no name". If you choose to make an + instance "nameless", set a suitable syslog_name in the + corresponding main.cf file. + + enable Mark the selected instance as enabled. This just sets the + multi_instance_enable parameter to "yes" in the + instance's main.cf file. disable - Mark the selected instance as disabled. This - means that the instance will not be started - etc. with "postfix start", "postmulti -p - start" and so on. The instance can still be - started etc. with "postfix -c config-direc- - tory start". + Mark the selected instance as disabled. This means that + the instance will not be started etc. with "postfix + start", "postmulti -p start" and so on. The instance can + still be started etc. with "postfix -c config-directory + start". Other options - -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly - verbose. + -v Enable verbose logging for debugging purposes. Multiple -v + options make the software increasingly verbose. ENVIRONMENT - The postmulti(1) command exports the following environment - variables before executing the requested command for a - given instance: + The postmulti(1) command exports the following environment variables + before executing the requested command for a given instance: MAIL_VERBOSE - This is set when the -v command-line option is - present. + This is set when the -v command-line option is present. MAIL_CONFIG - The location of the configuration directory of the - instance. + The location of the configuration directory of the instance. CONFIGURATION PARAMETERS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_directory (see 'postconf -d' output) - The directory with Postfix support programs and - daemon programs. + The directory with Postfix support programs and daemon programs. import_environment (see 'postconf -d' output) - The list of environment parameters that a Postfix - process will import from a non-Postfix parent - process. + The list of environment parameters that a Postfix process will + import from a non-Postfix parent process. multi_instance_directories (empty) - An optional list of non-default Postfix configura- - tion directories; these directories belong to addi- - tional Postfix instances that share the Postfix - executable files and documentation with the default - Postfix instance, and that are started, stopped, + An optional list of non-default Postfix configuration directo- + ries; these directories belong to additional Postfix instances + that share the Postfix executable files and documentation with + the default Postfix instance, and that are started, stopped, etc., together with the default Postfix instance. multi_instance_group (empty) - The optional instance group name of this Postfix - instance. + The optional instance group name of this Postfix instance. multi_instance_name (empty) - The optional instance name of this Postfix - instance. + The optional instance name of this Postfix instance. multi_instance_enable (no) - Allow this Postfix instance to be started, stopped, - etc., by a multi-instance manager. + Allow this Postfix instance to be started, stopped, etc., by a + multi-instance manager. postmulti_start_commands (start) - The postfix(1) commands that the postmulti(1) - instance manager treats as "start" commands. + The postfix(1) commands that the postmulti(1) instance manager + treats as "start" commands. postmulti_stop_commands (see 'postconf -d' output) - The postfix(1) commands that the postmulti(1) - instance manager treats as "stop" commands. + The postfix(1) commands that the postmulti(1) instance manager + treats as "stop" commands. postmulti_control_commands (reload flush) - The postfix(1) commands that the postmulti(1) - instance manager treats as "control" commands, that - operate on running instances. + The postfix(1) commands that the postmulti(1) instance manager + treats as "control" commands, that operate on running instances. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". FILES $daemon_directory/main.cf, stock configuration file @@ -423,12 +369,10 @@ POSTMULTI(1) POSTMULTI(1) MULTI_INSTANCE_README, Postfix multi-instance management HISTORY - The postmulti(1) command was introduced with Postfix ver- - sion 2.6. + The postmulti(1) command was introduced with Postfix version 2.6. LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Victor Duchovni diff --git a/postfix/html/postqueue.1.html b/postfix/html/postqueue.1.html index 50edb8372..d22c06945 100644 --- a/postfix/html/postqueue.1.html +++ b/postfix/html/postqueue.1.html @@ -16,150 +16,130 @@ POSTQUEUE(1) POSTQUEUE(1) postqueue [-v] [-c config_dir] -s site DESCRIPTION - The postqueue(1) command implements the Postfix user - interface for queue management. It implements operations - that are traditionally available via the sendmail(1) com- - mand. See the postsuper(1) command for queue operations - that require super-user privileges such as deleting a mes- - sage from the queue or changing the status of a message. + The postqueue(1) command implements the Postfix user interface for + queue management. It implements operations that are traditionally + available via the sendmail(1) command. See the postsuper(1) command + for queue operations that require super-user privileges such as delet- + ing a message from the queue or changing the status of a message. The following options are recognized: -c config_dir - The main.cf configuration file is in the named - directory instead of the default configuration - directory. See also the MAIL_CONFIG environment - setting below. + The main.cf configuration file is in the named directory instead + of the default configuration directory. See also the MAIL_CONFIG + environment setting below. - -f Flush the queue: attempt to deliver all queued - mail. + -f Flush the queue: attempt to deliver all queued mail. - This option implements the traditional "sendmail - -q" command, by contacting the Postfix qmgr(8) dae- - mon. + This option implements the traditional "sendmail -q" command, by + contacting the Postfix qmgr(8) daemon. - Warning: flushing undeliverable mail frequently - will result in poor delivery performance of all - other mail. + Warning: flushing undeliverable mail frequently will result in + poor delivery performance of all other mail. -i queue_id - Schedule immediate delivery of deferred mail with - the specified queue ID. + Schedule immediate delivery of deferred mail with the specified + queue ID. - This option implements the traditional sendmail -qI - command, by contacting the flush(8) server. + This option implements the traditional sendmail -qI command, by + contacting the flush(8) server. - This feature is available with Postfix version 2.4 - and later. + This feature is available with Postfix version 2.4 and later. - -p Produce a traditional sendmail-style queue listing. - This option implements the traditional mailq com- - mand, by contacting the Postfix showq(8) daemon. + -p Produce a traditional sendmail-style queue listing. This option + implements the traditional mailq command, by contacting the + Postfix showq(8) daemon. - Each queue entry shows the queue file ID, message - size, arrival time, sender, and the recipients that - still need to be delivered. If mail could not be - delivered upon the last attempt, the reason for - failure is shown. The queue ID string is followed - by an optional status character: + Each queue entry shows the queue file ID, message size, arrival + time, sender, and the recipients that still need to be deliv- + ered. If mail could not be delivered upon the last attempt, the + reason for failure is shown. The queue ID string is followed by + an optional status character: - * The message is in the active queue, i.e. the - message is selected for delivery. + * The message is in the active queue, i.e. the message is + selected for delivery. - ! The message is in the hold queue, i.e. no - further delivery attempt will be made until - the mail is taken off hold. + ! The message is in the hold queue, i.e. no further deliv- + ery attempt will be made until the mail is taken off + hold. -s site - Schedule immediate delivery of all mail that is - queued for the named site. A numerical site must be - specified as a valid RFC 5321 address literal - enclosed in [], just like in email addresses. The - site must be eligible for the "fast flush" service. - See flush(8) for more information about the "fast - flush" service. - - This option implements the traditional "sendmail - -qRsite" command, by contacting the Postfix - flush(8) daemon. - - -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly - verbose. As of Postfix 2.3, this option is avail- - able for the super-user only. + Schedule immediate delivery of all mail that is queued for the + named site. A numerical site must be specified as a valid RFC + 5321 address literal enclosed in [], just like in email + addresses. The site must be eligible for the "fast flush" ser- + vice. See flush(8) for more information about the "fast flush" + service. + + This option implements the traditional "sendmail -qRsite" com- + mand, by contacting the Postfix flush(8) daemon. + + -v Enable verbose logging for debugging purposes. Multiple -v + options make the software increasingly verbose. As of Postfix + 2.3, this option is available for the super-user only. SECURITY - This program is designed to run with set-group ID privi- - leges, so that it can connect to Postfix daemon processes. + This program is designed to run with set-group ID privileges, so that + it can connect to Postfix daemon processes. DIAGNOSTICS - Problems are logged to syslogd(8) and to the standard - error stream. + Problems are logged to syslogd(8) and to the standard error stream. ENVIRONMENT MAIL_CONFIG - Directory with the main.cf file. In order to avoid - exploitation of set-group ID privileges, a non- - standard directory is allowed only if: + Directory with the main.cf file. In order to avoid exploitation + of set-group ID privileges, a non-standard directory is allowed + only if: - o The name is listed in the standard main.cf - file with the alternate_config_directories - configuration parameter. + o The name is listed in the standard main.cf file with the + alternate_config_directories configuration parameter. o The command is invoked by the super-user. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. The text below provides only a parameter - summary. See postconf(5) for more details including exam- - ples. + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- + conf(5) for more details including examples. alternate_config_directories (empty) - A list of non-default Postfix configuration direc- - tories that may be specified with "-c config_direc- - tory" on the command line, or via the MAIL_CONFIG - environment parameter. + A list of non-default Postfix configuration directories that may + be specified with "-c config_directory" on the command line, or + via the MAIL_CONFIG environment parameter. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. command_directory (see 'postconf -d' output) - The location of all postfix administrative com- - mands. + The location of all postfix administrative commands. fast_flush_domains ($relay_domains) - Optional list of destinations that are eligible for - per-destination logfiles with mail that is queued - to those destinations. + Optional list of destinations that are eligible for per-destina- + tion logfiles with mail that is queued to those destinations. import_environment (see 'postconf -d' output) - The list of environment parameters that a Postfix - process will import from a non-Postfix parent - process. + The list of environment parameters that a Postfix process will + import from a non-Postfix parent process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". trigger_timeout (10s) - The time limit for sending a trigger to a Postfix - daemon (for example, the pickup(8) or qmgr(8) dae- - mon). + The time limit for sending a trigger to a Postfix daemon (for + example, the pickup(8) or qmgr(8) daemon). Available in Postfix version 2.2 and later: authorized_flush_users (static:anyone) - List of users who are authorized to flush the - queue. + List of users who are authorized to flush the queue. authorized_mailq_users (static:anyone) List of users who are authorized to view the queue. @@ -178,12 +158,10 @@ POSTQUEUE(1) POSTQUEUE(1) ETRN_README, Postfix ETRN howto LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY - The postqueue command was introduced with Postfix version - 1.1. + The postqueue command was introduced with Postfix version 1.1. AUTHOR(S) Wietse Venema diff --git a/postfix/html/postscreen.8.html b/postfix/html/postscreen.8.html index 211357504..8ef9176a2 100644 --- a/postfix/html/postscreen.8.html +++ b/postfix/html/postscreen.8.html @@ -13,51 +13,46 @@ POSTSCREEN(8) POSTSCREEN(8) postscreen [generic Postfix daemon options] DESCRIPTION - The Postfix postscreen(8) server provides additional pro- - tection against mail server overload. One postscreen(8) - process handles multiple inbound SMTP connections, and - decides which clients may talk to a Postfix SMTP server - process. By keeping spambots away, postscreen(8) leaves - more SMTP server processes available for legitimate - clients, and delays the onset of server overload condi- - tions. - - This program should not be used on SMTP ports that receive - mail from end-user clients (MUAs). In a typical deploy- - ment, postscreen(8) handles the MX service on TCP port 25, - while MUA clients submit mail via the submission service - on TCP port 587 which requires client authentication. - Alternatively, a site could set up a dedicated, non- - postscreen, "port 25" server that provides submission ser- - vice and client authentication, but no MX service. - - postscreen(8) maintains a temporary whitelist for clients - that have passed a number of tests. When an SMTP client - IP address is whitelisted, postscreen(8) hands off the - connection immediately to a Postfix SMTP server process. - This minimizes the overhead for legitimate mail. - - By default, postscreen(8) logs statistics and hands off - every connection to a Postfix SMTP server process, while - excluding clients in mynetworks from all tests (primarily, - to avoid problems with non-standard SMTP implementations - in network appliances). This mode is useful for non- - destructive testing. - - In a typical production setting, postscreen(8) is config- - ured to reject mail from clients that fail one or more - tests. postscreen(8) logs rejected mail with the client - address, helo, sender and recipient information. - - postscreen(8) is not an SMTP proxy; this is intentional. - The purpose is to keep spambots away from Postfix SMTP - server processes, while minimizing overhead for legitimate - traffic. + The Postfix postscreen(8) server provides additional protection against + mail server overload. One postscreen(8) process handles multiple + inbound SMTP connections, and decides which clients may talk to a Post- + fix SMTP server process. By keeping spambots away, postscreen(8) + leaves more SMTP server processes available for legitimate clients, and + delays the onset of server overload conditions. + + This program should not be used on SMTP ports that receive mail from + end-user clients (MUAs). In a typical deployment, postscreen(8) handles + the MX service on TCP port 25, while MUA clients submit mail via the + submission service on TCP port 587 which requires client authentica- + tion. Alternatively, a site could set up a dedicated, non-postscreen, + "port 25" server that provides submission service and client authenti- + cation, but no MX service. + + postscreen(8) maintains a temporary whitelist for clients that have + passed a number of tests. When an SMTP client IP address is + whitelisted, postscreen(8) hands off the connection immediately to a + Postfix SMTP server process. This minimizes the overhead for legitimate + mail. + + By default, postscreen(8) logs statistics and hands off every connec- + tion to a Postfix SMTP server process, while excluding clients in + mynetworks from all tests (primarily, to avoid problems with non-stan- + dard SMTP implementations in network appliances). This mode is useful + for non-destructive testing. + + In a typical production setting, postscreen(8) is configured to reject + mail from clients that fail one or more tests. postscreen(8) logs + rejected mail with the client address, helo, sender and recipient + information. + + postscreen(8) is not an SMTP proxy; this is intentional. The purpose + is to keep spambots away from Postfix SMTP server processes, while min- + imizing overhead for legitimate traffic. SECURITY - The postscreen(8) server is moderately security-sensitive. - It talks to untrusted clients on the network. The process - can be run chrooted at fixed low privilege. + The postscreen(8) server is moderately security-sensitive. It talks to + untrusted clients on the network. The process can be run chrooted at + fixed low privilege. STANDARDS RFC 821 (SMTP protocol) @@ -78,361 +73,318 @@ POSTSCREEN(8) POSTSCREEN(8) Problems and transactions are logged to syslogd(8). BUGS - The postscreen(8) built-in SMTP protocol engine currently - does not announce support for AUTH, XCLIENT or XFORWARD. - If you need to make these services available on port 25, - then do not enable the optional "after 220 server greet- - ing" tests, and do not use DNSBLs that reject traffic from - dial-up and residential networks. - - The optional "after 220 server greeting" tests involve - postscreen(8)'s built-in SMTP protocol engine. When these - tests succeed, postscreen(8) adds the client to the tempo- - rary whitelist, but it cannot not hand off the "live" con- - nection to a Postfix SMTP server process in the middle of - a session. Instead, postscreen(8) defers attempts to - deliver mail with a 4XX status, and waits for the client - to disconnect. When the client connects again, - postscreen(8) will allow the client to talk to a Postfix - SMTP server process (provided that the whitelist status - has not expired). postscreen(8) mitigates the impact of - this limitation by giving the "after 220 server greeting" - tests a long expiration time. + The postscreen(8) built-in SMTP protocol engine currently does not + announce support for AUTH, XCLIENT or XFORWARD. If you need to make + these services available on port 25, then do not enable the optional + "after 220 server greeting" tests, and do not use DNSBLs that reject + traffic from dial-up and residential networks. + + The optional "after 220 server greeting" tests involve postscreen(8)'s + built-in SMTP protocol engine. When these tests succeed, postscreen(8) + adds the client to the temporary whitelist, but it cannot not hand off + the "live" connection to a Postfix SMTP server process in the middle of + a session. Instead, postscreen(8) defers attempts to deliver mail with + a 4XX status, and waits for the client to disconnect. When the client + connects again, postscreen(8) will allow the client to talk to a Post- + fix SMTP server process (provided that the whitelist status has not + expired). postscreen(8) mitigates the impact of this limitation by + giving the "after 220 server greeting" tests a long expiration time. CONFIGURATION PARAMETERS - Changes to main.cf are not picked up automatically, as - postscreen(8) processes may run for several hours. Use - the command "postfix reload" after a configuration change. + Changes to main.cf are not picked up automatically, as postscreen(8) + processes may run for several hours. Use the command "postfix reload" + after a configuration change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. - NOTE: Some postscreen(8) parameters implement stress- - dependent behavior. This is supported only when the - default parameter value is stress-dependent (that is, it - looks like ${stress?X}${stress:Y}, or it is the $name of - an smtpd parameter with a stress-dependent default). - Other parameters always evaluate as if the stress parame- - ter value is the empty string. + NOTE: Some postscreen(8) parameters implement stress-dependent behav- + ior. This is supported only when the default parameter value is + stress-dependent (that is, it looks like ${stress?X}${stress:Y}, or it + is the $name of an smtpd parameter with a stress-dependent default). + Other parameters always evaluate as if the stress parameter value is + the empty string. COMPATIBILITY CONTROLS postscreen_command_filter ($smtpd_command_filter) - A mechanism to transform commands from remote SMTP - clients. - - postscreen_discard_ehlo_keyword_address_maps ($smtpd_dis- - card_ehlo_keyword_address_maps) - Lookup tables, indexed by the remote SMTP client - address, with case insensitive lists of EHLO key- - words (pipelining, starttls, auth, etc.) that the - postscreen(8) server will not send in the EHLO - response to a remote SMTP client. - - postscreen_discard_ehlo_keywords ($smtpd_discard_ehlo_key- - words) - A case insensitive list of EHLO keywords (pipelin- - ing, starttls, auth, etc.) that the postscreen(8) - server will not send in the EHLO response to a - remote SMTP client. + A mechanism to transform commands from remote SMTP clients. + + postscreen_discard_ehlo_keyword_address_maps ($smtpd_discard_ehlo_key- + word_address_maps) + Lookup tables, indexed by the remote SMTP client address, with + case insensitive lists of EHLO keywords (pipelining, starttls, + auth, etc.) that the postscreen(8) server will not send in the + EHLO response to a remote SMTP client. + + postscreen_discard_ehlo_keywords ($smtpd_discard_ehlo_keywords) + A case insensitive list of EHLO keywords (pipelining, starttls, + auth, etc.) that the postscreen(8) server will not send in the + EHLO response to a remote SMTP client. TROUBLE SHOOTING CONTROLS postscreen_expansion_filter (see 'postconf -d' output) - List of characters that are permitted in + List of characters that are permitted in postscreen_reject_footer attribute expansions. postscreen_reject_footer ($smtpd_reject_footer) - Optional information that is appended after a 4XX - or 5XX postscreen(8) server response. + Optional information that is appended after a 4XX or 5XX + postscreen(8) server response. soft_bounce (no) - Safety net to keep mail queued that would otherwise - be returned to the sender. + Safety net to keep mail queued that would otherwise be returned + to the sender. BEFORE-POSTSCREEN PROXY AGENT Available in Postfix version 2.10 and later: postscreen_upstream_proxy_protocol (empty) - The name of the proxy protocol used by an optional - before-postscreen proxy agent. + The name of the proxy protocol used by an optional before- + postscreen proxy agent. postscreen_upstream_proxy_timeout (5s) - The time limit for the proxy protocol specified - with the postscreen_upstream_proxy_protocol parame- - ter. + The time limit for the proxy protocol specified with the + postscreen_upstream_proxy_protocol parameter. PERMANENT WHITE/BLACKLIST TEST - This test is executed immediately after a remote SMTP - client connects. If a client is permanently whitelisted, - the client will be handed off immediately to a Postfix - SMTP server process. + This test is executed immediately after a remote SMTP client connects. + If a client is permanently whitelisted, the client will be handed off + immediately to a Postfix SMTP server process. postscreen_access_list (permit_mynetworks) - Permanent white/blacklist for remote SMTP client IP - addresses. + Permanent white/blacklist for remote SMTP client IP addresses. postscreen_blacklist_action (ignore) - The action that postscreen(8) takes when a remote - SMTP client is permanently blacklisted with the - postscreen_access_list parameter. + The action that postscreen(8) takes when a remote SMTP client is + permanently blacklisted with the postscreen_access_list parame- + ter. MAIL EXCHANGER POLICY TESTS - When postscreen(8) is configured to monitor all primary - and backup MX addresses, it can refuse to whitelist - clients that connect to a backup MX address only. For - small sites, this requires configuring primary and backup - MX addresses on the same MTA. Larger sites would have to - share the postscreen(8) cache between primary and backup - MTAs, which would introduce a common point of failure. + When postscreen(8) is configured to monitor all primary and backup MX + addresses, it can refuse to whitelist clients that connect to a backup + MX address only. For small sites, this requires configuring primary and + backup MX addresses on the same MTA. Larger sites would have to share + the postscreen(8) cache between primary and backup MTAs, which would + introduce a common point of failure. postscreen_whitelist_interfaces (static:all) - A list of local postscreen(8) server IP addresses - where a non-whitelisted remote SMTP client can - obtain postscreen(8)'s temporary whitelist status. + A list of local postscreen(8) server IP addresses where a non- + whitelisted remote SMTP client can obtain postscreen(8)'s tempo- + rary whitelist status. BEFORE 220 GREETING TESTS - These tests are executed before the remote SMTP client - receives the "220 servername" greeting. If no tests remain - after the successful completion of this phase, the client - will be handed off immediately to a Postfix SMTP server - process. + These tests are executed before the remote SMTP client receives the + "220 servername" greeting. If no tests remain after the successful com- + pletion of this phase, the client will be handed off immediately to a + Postfix SMTP server process. dnsblog_service_name (dnsblog) - The name of the dnsblog(8) service entry in mas- - ter.cf. + The name of the dnsblog(8) service entry in master.cf. postscreen_dnsbl_action (ignore) - The action that postscreen(8) takes when a remote - SMTP client's combined DNSBL score is equal to or - greater than a threshold (as defined with the - postscreen_dnsbl_sites and postscreen_dnsbl_thresh- - old parameters). + The action that postscreen(8) takes when a remote SMTP client's + combined DNSBL score is equal to or greater than a threshold (as + defined with the postscreen_dnsbl_sites and + postscreen_dnsbl_threshold parameters). postscreen_dnsbl_reply_map (empty) - A mapping from actual DNSBL domain name which - includes a secret password, to the DNSBL domain - name that postscreen will reply with when it - rejects mail. + A mapping from actual DNSBL domain name which includes a secret + password, to the DNSBL domain name that postscreen will reply + with when it rejects mail. postscreen_dnsbl_sites (empty) - Optional list of DNS white/blacklist domains, fil- - ters and weight factors. + Optional list of DNS white/blacklist domains, filters and weight + factors. postscreen_dnsbl_threshold (1) - The inclusive lower bound for blocking a remote - SMTP client, based on its combined DNSBL score as - defined with the postscreen_dnsbl_sites parameter. + The inclusive lower bound for blocking a remote SMTP client, + based on its combined DNSBL score as defined with the + postscreen_dnsbl_sites parameter. postscreen_greet_action (ignore) - The action that postscreen(8) takes when a remote - SMTP client speaks before its turn within the time - specified with the postscreen_greet_wait parameter. + The action that postscreen(8) takes when a remote SMTP client + speaks before its turn within the time specified with the + postscreen_greet_wait parameter. postscreen_greet_banner ($smtpd_banner) - The text in the optional "220-text..." server - response that postscreen(8) sends ahead of the real - Postfix SMTP server's "220 text..." response, in an - attempt to confuse bad SMTP clients so that they - speak before their turn (pre-greet). + The text in the optional "220-text..." server response that + postscreen(8) sends ahead of the real Postfix SMTP server's "220 + text..." response, in an attempt to confuse bad SMTP clients so + that they speak before their turn (pre-greet). postscreen_greet_wait (${stress?2}${stress:6}s) - The amount of time that postscreen(8) will wait for - an SMTP client to send a command before its turn, - and for DNS blocklist lookup results to arrive - (default: up to 2 seconds under stress, up to 6 - seconds otherwise). + The amount of time that postscreen(8) will wait for an SMTP + client to send a command before its turn, and for DNS blocklist + lookup results to arrive (default: up to 2 seconds under stress, + up to 6 seconds otherwise). smtpd_service_name (smtpd) - The internal service that postscreen(8) hands off - allowed connections to. + The internal service that postscreen(8) hands off allowed con- + nections to. Available in Postfix version 2.11 and later: postscreen_dnsbl_whitelist_threshold (0) - Allow a remote SMTP client to skip "before" and - "after 220 greeting" protocol tests, based on its - combined DNSBL score as defined with the - postscreen_dnsbl_sites parameter. + Allow a remote SMTP client to skip "before" and "after 220 + greeting" protocol tests, based on its combined DNSBL score as + defined with the postscreen_dnsbl_sites parameter. AFTER 220 GREETING TESTS - These tests are executed after the remote SMTP client - receives the "220 servername" greeting. If a client passes - all tests during this phase, it will receive a 4XX - response to all RCPT TO commands. After the client recon- - nects, it will be allowed to talk directly to a Postfix + These tests are executed after the remote SMTP client receives the "220 + servername" greeting. If a client passes all tests during this phase, + it will receive a 4XX response to all RCPT TO commands. After the + client reconnects, it will be allowed to talk directly to a Postfix SMTP server process. postscreen_bare_newline_action (ignore) - The action that postscreen(8) takes when a remote - SMTP client sends a bare newline character, that - is, a newline not preceded by carriage return. + The action that postscreen(8) takes when a remote SMTP client + sends a bare newline character, that is, a newline not preceded + by carriage return. postscreen_bare_newline_enable (no) - Enable "bare newline" SMTP protocol tests in the - postscreen(8) server. + Enable "bare newline" SMTP protocol tests in the postscreen(8) + server. postscreen_disable_vrfy_command ($disable_vrfy_command) - Disable the SMTP VRFY command in the postscreen(8) - daemon. + Disable the SMTP VRFY command in the postscreen(8) daemon. postscreen_forbidden_commands ($smtpd_forbidden_commands) - List of commands that the postscreen(8) server con- - siders in violation of the SMTP protocol. + List of commands that the postscreen(8) server considers in vio- + lation of the SMTP protocol. postscreen_helo_required ($smtpd_helo_required) - Require that a remote SMTP client sends HELO or - EHLO before commencing a MAIL transaction. + Require that a remote SMTP client sends HELO or EHLO before com- + mencing a MAIL transaction. postscreen_non_smtp_command_action (drop) - The action that postscreen(8) takes when a remote - SMTP client sends non-SMTP commands as specified - with the postscreen_forbidden_commands parameter. + The action that postscreen(8) takes when a remote SMTP client + sends non-SMTP commands as specified with the postscreen_forbid- + den_commands parameter. postscreen_non_smtp_command_enable (no) - Enable "non-SMTP command" tests in the - postscreen(8) server. + Enable "non-SMTP command" tests in the postscreen(8) server. postscreen_pipelining_action (enforce) - The action that postscreen(8) takes when a remote - SMTP client sends multiple commands instead of - sending one command and waiting for the server to - respond. + The action that postscreen(8) takes when a remote SMTP client + sends multiple commands instead of sending one command and wait- + ing for the server to respond. postscreen_pipelining_enable (no) - Enable "pipelining" SMTP protocol tests in the - postscreen(8) server. + Enable "pipelining" SMTP protocol tests in the postscreen(8) + server. CACHE CONTROLS postscreen_cache_cleanup_interval (12h) - The amount of time between postscreen(8) cache - cleanup runs. + The amount of time between postscreen(8) cache cleanup runs. - postscreen_cache_map (btree:$data_direc- - tory/postscreen_cache) - Persistent storage for the postscreen(8) server - decisions. + postscreen_cache_map (btree:$data_directory/postscreen_cache) + Persistent storage for the postscreen(8) server decisions. postscreen_cache_retention_time (7d) - The amount of time that postscreen(8) will cache an - expired temporary whitelist entry before it is - removed. + The amount of time that postscreen(8) will cache an expired tem- + porary whitelist entry before it is removed. postscreen_bare_newline_ttl (30d) - The amount of time that postscreen(8) will use the - result from a successful "bare newline" SMTP proto- - col test. + The amount of time that postscreen(8) will use the result from a + successful "bare newline" SMTP protocol test. postscreen_dnsbl_ttl (1h) - The amount of time that postscreen(8) will use the - result from a successful DNS blocklist test. + The amount of time that postscreen(8) will use the result from a + successful DNS blocklist test. postscreen_greet_ttl (1d) - The amount of time that postscreen(8) will use the - result from a successful PREGREET test. + The amount of time that postscreen(8) will use the result from a + successful PREGREET test. postscreen_non_smtp_command_ttl (30d) - The amount of time that postscreen(8) will use the - result from a successful "non_smtp_command" SMTP - protocol test. + The amount of time that postscreen(8) will use the result from a + successful "non_smtp_command" SMTP protocol test. postscreen_pipelining_ttl (30d) - The amount of time that postscreen(8) will use the - result from a successful "pipelining" SMTP protocol - test. + The amount of time that postscreen(8) will use the result from a + successful "pipelining" SMTP protocol test. RESOURCE CONTROLS line_length_limit (2048) - Upon input, long lines are chopped up into pieces - of at most this length; upon delivery, long lines - are reconstructed. + Upon input, long lines are chopped up into pieces of at most + this length; upon delivery, long lines are reconstructed. - postscreen_client_connection_count_limit - ($smtpd_client_connection_count_limit) - How many simultaneous connections any remote SMTP - client is allowed to have with the postscreen(8) - daemon. + postscreen_client_connection_count_limit ($smtpd_client_connec- + tion_count_limit) + How many simultaneous connections any remote SMTP client is + allowed to have with the postscreen(8) daemon. postscreen_command_count_limit (20) - The limit on the total number of commands per SMTP - session for postscreen(8)'s built-in SMTP protocol - engine. + The limit on the total number of commands per SMTP session for + postscreen(8)'s built-in SMTP protocol engine. postscreen_command_time_limit (${stress?10}${stress:300}s) - The time limit to read an entire command line with + The time limit to read an entire command line with postscreen(8)'s built-in SMTP protocol engine. postscreen_post_queue_limit ($default_process_limit) - The number of clients that can be waiting for ser- - vice from a real Postfix SMTP server process. + The number of clients that can be waiting for service from a + real Postfix SMTP server process. postscreen_pre_queue_limit ($default_process_limit) - The number of non-whitelisted clients that can be - waiting for a decision whether they will receive - service from a real Postfix SMTP server process. + The number of non-whitelisted clients that can be waiting for a + decision whether they will receive service from a real Postfix + SMTP server process. postscreen_watchdog_timeout (10s) - How much time a postscreen(8) process may take to - respond to a remote SMTP client command or to per- - form a cache operation before it is terminated by a - built-in watchdog timer. + How much time a postscreen(8) process may take to respond to a + remote SMTP client command or to perform a cache operation + before it is terminated by a built-in watchdog timer. STARTTLS CONTROLS postscreen_tls_security_level ($smtpd_tls_security_level) - The SMTP TLS security level for the postscreen(8) - server; when a non-empty value is specified, this - overrides the obsolete parameters - postscreen_use_tls and postscreen_enforce_tls. + The SMTP TLS security level for the postscreen(8) server; when a + non-empty value is specified, this overrides the obsolete param- + eters postscreen_use_tls and postscreen_enforce_tls. tlsproxy_service_name (tlsproxy) - The name of the tlsproxy(8) service entry in mas- - ter.cf. + The name of the tlsproxy(8) service entry in master.cf. OBSOLETE STARTTLS SUPPORT CONTROLS - These parameters are supported for compatibility with - smtpd(8) legacy parameters. + These parameters are supported for compatibility with smtpd(8) legacy + parameters. postscreen_use_tls ($smtpd_use_tls) - Opportunistic TLS: announce STARTTLS support to - remote SMTP clients, but do not require that - clients use TLS encryption. + Opportunistic TLS: announce STARTTLS support to remote SMTP + clients, but do not require that clients use TLS encryption. postscreen_enforce_tls ($smtpd_enforce_tls) - Mandatory TLS: announce STARTTLS support to remote - SMTP clients, and require that clients use TLS - encryption. + Mandatory TLS: announce STARTTLS support to remote SMTP clients, + and require that clients use TLS encryption. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal - point when logging sub-second delay values. + The maximal number of digits after the decimal point when log- + ging sub-second delay values. command_directory (see 'postconf -d' output) - The location of all postfix administrative com- - mands. + The location of all postfix administrative commands. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". SEE ALSO smtpd(8), Postfix SMTP server @@ -444,15 +396,13 @@ POSTSCREEN(8) POSTSCREEN(8) POSTSCREEN_README, Postfix Postscreen Howto LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY This service was introduced with Postfix version 2.8. - Many ideas in postscreen(8) were explored in earlier work - by Michael Tokarev, in OpenBSD spamd, and in MailChannels - Traffic Control. + Many ideas in postscreen(8) were explored in earlier work by Michael + Tokarev, in OpenBSD spamd, and in MailChannels Traffic Control. AUTHOR(S) Wietse Venema diff --git a/postfix/html/postsuper.1.html b/postfix/html/postsuper.1.html index c7afceb54..ff69dea5a 100644 --- a/postfix/html/postsuper.1.html +++ b/postfix/html/postsuper.1.html @@ -15,35 +15,30 @@ POSTSUPER(1) POSTSUPER(1) [-r queue_id] [directory ...] DESCRIPTION - The postsuper(1) command does maintenance jobs on the - Postfix queue. Use of the command is restricted to the - superuser. See the postqueue(1) command for unprivileged - queue operations such as listing or flushing the mail - queue. - - By default, postsuper(1) performs the operations requested - with the -s and -p command-line options on all Postfix - queue directories - this includes the incoming, active and - deferred directories with mail files and the bounce, - defer, trace and flush directories with log files. + The postsuper(1) command does maintenance jobs on the Postfix queue. + Use of the command is restricted to the superuser. See the + postqueue(1) command for unprivileged queue operations such as listing + or flushing the mail queue. + + By default, postsuper(1) performs the operations requested with the -s + and -p command-line options on all Postfix queue directories - this + includes the incoming, active and deferred directories with mail files + and the bounce, defer, trace and flush directories with log files. Options: -c config_dir - The main.cf configuration file is in the named - directory instead of the default configuration - directory. See also the MAIL_CONFIG environment - setting below. + The main.cf configuration file is in the named directory instead + of the default configuration directory. See also the MAIL_CONFIG + environment setting below. -d queue_id - Delete one message with the named queue ID from the - named mail queue(s) (default: hold, incoming, - active and deferred). + Delete one message with the named queue ID from the named mail + queue(s) (default: hold, incoming, active and deferred). - If a queue_id of - is specified, the program reads - queue IDs from standard input. For example, to - delete all mail with exactly one recipient - user@example.com: + If a queue_id of - is specified, the program reads queue IDs + from standard input. For example, to delete all mail with + exactly one recipient user@example.com: mailq | tail +2 | grep -v '^ *(' | awk 'BEGIN { RS = "" } # $7=sender, $8=recipient1, $9=recipient2 @@ -51,231 +46,203 @@ POSTSUPER(1) POSTSUPER(1) print $1 } ' | tr -d '*!' | postsuper -d - - Specify "-d ALL" to remove all messages; for exam- - ple, specify "-d ALL deferred" to delete all mail - in the deferred queue. As a safety measure, the - word ALL must be specified in upper case. + Specify "-d ALL" to remove all messages; for example, specify + "-d ALL deferred" to delete all mail in the deferred queue. As + a safety measure, the word ALL must be specified in upper case. - Warning: Postfix queue IDs are reused (always with - Postfix <= 2.8; and with Postfix >= 2.9 when - enable_long_queue_ids=no). There is a very small - possibility that postsuper deletes the wrong mes- - sage file when it is executed while the Postfix - mail system is delivering mail. + Warning: Postfix queue IDs are reused (always with Postfix <= + 2.8; and with Postfix >= 2.9 when enable_long_queue_ids=no). + There is a very small possibility that postsuper deletes the + wrong message file when it is executed while the Postfix mail + system is delivering mail. The scenario is as follows: - 1) The Postfix queue manager deletes the mes- - sage that postsuper(1) is asked to delete, - because Postfix is finished with the message - (it is delivered, or it is returned to the - sender). + 1) The Postfix queue manager deletes the message that post- + super(1) is asked to delete, because Postfix is finished + with the message (it is delivered, or it is returned to + the sender). - 2) New mail arrives, and the new message is - given the same queue ID as the message that - postsuper(1) is supposed to delete. The - probability for reusing a deleted queue ID - is about 1 in 2**15 (the number of different - microsecond values that the system clock can - distinguish within a second). + 2) New mail arrives, and the new message is given the same + queue ID as the message that postsuper(1) is supposed to + delete. The probability for reusing a deleted queue ID + is about 1 in 2**15 (the number of different microsecond + values that the system clock can distinguish within a + second). - 3) postsuper(1) deletes the new message, - instead of the old message that it should - have deleted. + 3) postsuper(1) deletes the new message, instead of the old + message that it should have deleted. -h queue_id - Put mail "on hold" so that no attempt is made to - deliver it. Move one message with the named queue - ID from the named mail queue(s) (default: incoming, - active and deferred) to the hold queue. + Put mail "on hold" so that no attempt is made to deliver it. + Move one message with the named queue ID from the named mail + queue(s) (default: incoming, active and deferred) to the hold + queue. - If a queue_id of - is specified, the program reads - queue IDs from standard input. + If a queue_id of - is specified, the program reads queue IDs + from standard input. - Specify "-h ALL" to hold all messages; for example, - specify "-h ALL deferred" to hold all mail in the - deferred queue. As a safety measure, the word ALL - must be specified in upper case. + Specify "-h ALL" to hold all messages; for example, specify "-h + ALL deferred" to hold all mail in the deferred queue. As a + safety measure, the word ALL must be specified in upper case. - Note: while mail is "on hold" it will not expire - when its time in the queue exceeds the maxi- - mal_queue_lifetime or bounce_queue_lifetime set- - ting. It becomes subject to expiration after it is - released from "hold". + Note: while mail is "on hold" it will not expire when its time + in the queue exceeds the maximal_queue_lifetime or + bounce_queue_lifetime setting. It becomes subject to expiration + after it is released from "hold". This feature is available in Postfix 2.0 and later. -H queue_id - Release mail that was put "on hold". Move one mes- - sage with the named queue ID from the named mail - queue(s) (default: hold) to the deferred queue. + Release mail that was put "on hold". Move one message with the + named queue ID from the named mail queue(s) (default: hold) to + the deferred queue. - If a queue_id of - is specified, the program reads - queue IDs from standard input. + If a queue_id of - is specified, the program reads queue IDs + from standard input. - Note: specify "postsuper -r" to release mail that - was kept on hold for a significant fraction of - $maximal_queue_lifetime or $bounce_queue_lifetime, - or longer. + Note: specify "postsuper -r" to release mail that was kept on + hold for a significant fraction of $maximal_queue_lifetime or + $bounce_queue_lifetime, or longer. - Specify "-H ALL" to release all mail that is "on - hold". As a safety measure, the word ALL must be - specified in upper case. + Specify "-H ALL" to release all mail that is "on hold". As a + safety measure, the word ALL must be specified in upper case. This feature is available in Postfix 2.0 and later. - -p Purge old temporary files that are left over after - system or software crashes. + -p Purge old temporary files that are left over after system or + software crashes. -r queue_id - Requeue the message with the named queue ID from - the named mail queue(s) (default: hold, incoming, - active and deferred). To requeue multiple mes- - sages, specify multiple -r command-line options. - - Alternatively, if a queue_id of - is specified, the - program reads queue IDs from standard input. - - Specify "-r ALL" to requeue all messages. As a - safety measure, the word ALL must be specified in - upper case. - - A requeued message is moved to the maildrop queue, - from where it is copied by the pickup(8) and - cleanup(8) daemons to a new queue file. In many - respects its handling differs from that of a new + Requeue the message with the named queue ID from the named mail + queue(s) (default: hold, incoming, active and deferred). To + requeue multiple messages, specify multiple -r command-line + options. + + Alternatively, if a queue_id of - is specified, the program + reads queue IDs from standard input. + + Specify "-r ALL" to requeue all messages. As a safety measure, + the word ALL must be specified in upper case. + + A requeued message is moved to the maildrop queue, from where it + is copied by the pickup(8) and cleanup(8) daemons to a new queue + file. In many respects its handling differs from that of a new local submission. - o The message is not subjected to the - smtpd_milters or non_smtpd_milters settings. - When mail has passed through an external - content filter, this would produce incorrect - results with Milter applications that depend - on original SMTP connection state informa- - tion. - - o The message is subjected again to mail - address rewriting and substitution. This is - useful when rewriting rules or virtual map- - pings have changed. - - The address rewriting context (local or - remote) is the same as when the message was - received. - - o The message is subjected to the same con- - tent_filter settings (if any) as used for - new local mail submissions. This is useful - when content_filter settings have changed. - - Warning: Postfix queue IDs are reused (always with - Postfix <= 2.8; and with Postfix >= 2.9 when - enable_long_queue_ids=no). There is a very small - possibility that postsuper(1) requeues the wrong - message file when it is executed while the Postfix - mail system is running, but no harm should be done. + o The message is not subjected to the smtpd_milters or + non_smtpd_milters settings. When mail has passed through + an external content filter, this would produce incorrect + results with Milter applications that depend on original + SMTP connection state information. + + o The message is subjected again to mail address rewriting + and substitution. This is useful when rewriting rules or + virtual mappings have changed. + + The address rewriting context (local or remote) is the + same as when the message was received. + + o The message is subjected to the same content_filter set- + tings (if any) as used for new local mail submissions. + This is useful when content_filter settings have changed. + + Warning: Postfix queue IDs are reused (always with Postfix <= + 2.8; and with Postfix >= 2.9 when enable_long_queue_ids=no). + There is a very small possibility that postsuper(1) requeues the + wrong message file when it is executed while the Postfix mail + system is running, but no harm should be done. This feature is available in Postfix 1.1 and later. - -s Structure check and structure repair. This should - be done once before Postfix startup. - - o Rename files whose name does not match the - message file inode number. This operation is - necessary after restoring a mail queue from - a different machine or from backup, when - queue files were created with Postfix <= 2.8 - or with "enable_long_queue_ids = no". - - o Move queue files that are in the wrong place - in the file system hierarchy and remove sub- - directories that are no longer needed. File - position rearrangements are necessary after - a change in the hash_queue_names and/or + -s Structure check and structure repair. This should be done once + before Postfix startup. + + o Rename files whose name does not match the message file + inode number. This operation is necessary after restoring + a mail queue from a different machine or from backup, + when queue files were created with Postfix <= 2.8 or with + "enable_long_queue_ids = no". + + o Move queue files that are in the wrong place in the file + system hierarchy and remove subdirectories that are no + longer needed. File position rearrangements are neces- + sary after a change in the hash_queue_names and/or hash_queue_depth configuration parameters. - o Rename queue files created with - "enable_long_queue_ids = yes" to short - names, for migration to Postfix <= 2.8. The - procedure is as follows: + o Rename queue files created with "enable_long_queue_ids = + yes" to short names, for migration to Postfix <= 2.8. + The procedure is as follows: # postfix stop # postconf enable_long_queue_ids=no # postsuper - Run postsuper(1) repeatedly until it stops - reporting file name changes. + Run postsuper(1) repeatedly until it stops reporting file + name changes. - -S A redundant version of -s that requires that long - file names also match the message file inode num- - ber. This option exists for testing purposes, and - is available with Postfix 2.9 and later. + -S A redundant version of -s that requires that long file names + also match the message file inode number. This option exists for + testing purposes, and is available with Postfix 2.9 and later. - -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly - verbose. + -v Enable verbose logging for debugging purposes. Multiple -v + options make the software increasingly verbose. DIAGNOSTICS - Problems are reported to the standard error stream and to - syslogd(8). + Problems are reported to the standard error stream and to syslogd(8). - postsuper(1) reports the number of messages deleted with - -d, the number of messages requeued with -r, and the num- - ber of messages whose queue file name was fixed with -s. - The report is written to the standard error stream and to - syslogd(8). + postsuper(1) reports the number of messages deleted with -d, the number + of messages requeued with -r, and the number of messages whose queue + file name was fixed with -s. The report is written to the standard + error stream and to syslogd(8). ENVIRONMENT MAIL_CONFIG Directory with the main.cf file. BUGS - Mail that is not sanitized by Postfix (i.e. mail in the - maildrop queue) cannot be placed "on hold". + Mail that is not sanitized by Postfix (i.e. mail in the maildrop queue) + cannot be placed "on hold". CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. The text below provides only a parameter - summary. See postconf(5) for more details including exam- - ples. + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- + conf(5) for more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. hash_queue_depth (1) - The number of subdirectory levels for queue direc- - tories listed with the hash_queue_names parameter. + The number of subdirectory levels for queue directories listed + with the hash_queue_names parameter. hash_queue_names (deferred, defer) - The names of queue directories that are split - across multiple subdirectory levels. + The names of queue directories that are split across multiple + subdirectory levels. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". Available in Postfix version 2.9 and later: enable_long_queue_ids (no) - Enable long, non-repeating, queue IDs (queue file - names). + Enable long, non-repeating, queue IDs (queue file names). SEE ALSO sendmail(1), Sendmail-compatible user interface postqueue(1), unprivileged queue operations LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/posttls-finger.1.html b/postfix/html/posttls-finger.1.html index 1848d6d24..6a09b74b9 100644 --- a/postfix/html/posttls-finger.1.html +++ b/postfix/html/posttls-finger.1.html @@ -7,333 +7,287 @@ POSTTLS-FINGER(1) POSTTLS-FINGER(1) NAME - posttls-finger - Probe the TLS properties of an ESMTP or - LMTP server. + posttls-finger - Probe the TLS properties of an ESMTP or LMTP server. SYNOPSIS posttls-finger [options] [inet:]domain[:port] [match ...] posttls-finger -S [options] unix:pathname [match ...] DESCRIPTION - posttls-finger(1) connects to the specified destination - and reports TLS-related information about the server. With - SMTP, the destination is a domainname; with LMTP it is - either a domainname prefixed with inet: or a pathname pre- - fixed with unix:. If Postfix is built without TLS sup- - port, the resulting posttls-finger program has very lim- - ited functionality, and only the -a, -c, -h, -o, -S, -t, - -T and -v options are available. - - Note: this is an unsupported test program. No attempt is - made to maintain compatibility between successive ver- - sions. - - For SMTP servers that don't support ESMTP, only the greet- - ing banner and the negative EHLO response are reported. - Otherwise, the reported EHLO response details further - server capabilities. - - If TLS support is enabled when posttls-finger(1) is com- - piled, and the server supports STARTTLS, a TLS handshake - is attempted. - - If DNSSEC support is available, the connection TLS secu- - rity level (-l option) defaults to dane; see TLS_README - for details. Otherwise, it defaults to secure. This set- - ting determines the certificate matching policy. - - If TLS negotiation succeeds, the TLS protocol and cipher - details are reported. The server certificate is then veri- - fied in accordance with the policy at the chosen (or - default) security level. With public CA-based trust, when - the -L option includes certmatch, (true by default) name - matching is performed even if the certificate chain is not - trusted. This logs the names found in the remote SMTP - server certificate and which if any would match, were the - certificate chain trusted. - - Note: posttls-finger(1) does not perform any table - lookups, so the TLS policy table and obsolete per-site - tables are not consulted. It does not communicate with - the tlsmgr(8) daemon (or any other Postfix daemons); its - TLS session cache is held in private memory, and disap- - pears when the process exits. - - With the -r delay option, if the server assigns a TLS ses- - sion id, the TLS session is cached. The connection is then - closed and re-opened after the specified delay, and post- - tls-finger(1) then reports whether the cached TLS session - was re-used. - - When the destination is a load-balancer, it may be dis- - tributing load between multiple server caches. Typically, - each server returns its unique name in its EHLO response. - If, upon reconnecting with -r, a new server name is - detected, another session is cached for the new server, - and the reconnect is repeated up to a maximum number of - times (default 5) that can be specified via the -m option. - - The choice of SMTP or LMTP (-S option) determines the syn- - tax of the destination argument. With SMTP, one can spec- - ify a service on a non-default port as host:service, and - disable MX (mail exchanger) DNS lookups with [host] or - [host]:port. The [] form is required when you specify an - IP address instead of a hostname. An IPv6 address takes - the form [ipv6:address]. The default port for SMTP is - taken from the smtp/tcp entry in /etc/services, defaulting - to 25 if the entry is not found. - - With LMTP, specify unix:pathname to connect to a local - server listening on a unix-domain socket bound to the - specified pathname; otherwise, specify an optional inet: - prefix followed by a domain and an optional port, with the - same syntax as for SMTP. The default TCP port for LMTP is - 24. + posttls-finger(1) connects to the specified destination and reports + TLS-related information about the server. With SMTP, the destination is + a domainname; with LMTP it is either a domainname prefixed with inet: + or a pathname prefixed with unix:. If Postfix is built without TLS + support, the resulting posttls-finger program has very limited func- + tionality, and only the -a, -c, -h, -o, -S, -t, -T and -v options are + available. + + Note: this is an unsupported test program. No attempt is made to main- + tain compatibility between successive versions. + + For SMTP servers that don't support ESMTP, only the greeting banner and + the negative EHLO response are reported. Otherwise, the reported EHLO + response details further server capabilities. + + If TLS support is enabled when posttls-finger(1) is compiled, and the + server supports STARTTLS, a TLS handshake is attempted. + + If DNSSEC support is available, the connection TLS security level (-l + option) defaults to dane; see TLS_README for details. Otherwise, it + defaults to secure. This setting determines the certificate matching + policy. + + If TLS negotiation succeeds, the TLS protocol and cipher details are + reported. The server certificate is then verified in accordance with + the policy at the chosen (or default) security level. With public CA- + based trust, when the -L option includes certmatch, (true by default) + name matching is performed even if the certificate chain is not + trusted. This logs the names found in the remote SMTP server certifi- + cate and which if any would match, were the certificate chain trusted. + + Note: posttls-finger(1) does not perform any table lookups, so the TLS + policy table and obsolete per-site tables are not consulted. It does + not communicate with the tlsmgr(8) daemon (or any other Postfix dae- + mons); its TLS session cache is held in private memory, and disappears + when the process exits. + + With the -r delay option, if the server assigns a TLS session id, the + TLS session is cached. The connection is then closed and re-opened + after the specified delay, and posttls-finger(1) then reports whether + the cached TLS session was re-used. + + When the destination is a load-balancer, it may be distributing load + between multiple server caches. Typically, each server returns its + unique name in its EHLO response. If, upon reconnecting with -r, a new + server name is detected, another session is cached for the new server, + and the reconnect is repeated up to a maximum number of times (default + 5) that can be specified via the -m option. + + The choice of SMTP or LMTP (-S option) determines the syntax of the + destination argument. With SMTP, one can specify a service on a non- + default port as host:service, and disable MX (mail exchanger) DNS + lookups with [host] or [host]:port. The [] form is required when you + specify an IP address instead of a hostname. An IPv6 address takes the + form [ipv6:address]. The default port for SMTP is taken from the + smtp/tcp entry in /etc/services, defaulting to 25 if the entry is not + found. + + With LMTP, specify unix:pathname to connect to a local server listening + on a unix-domain socket bound to the specified pathname; otherwise, + specify an optional inet: prefix followed by a domain and an optional + port, with the same syntax as for SMTP. The default TCP port for LMTP + is 24. Arguments: -a family (default: any) - Address family preference: ipv4, ipv6 or any. When - using any, posttls-finger will randomly select one - of the two as the more preferred, and exhaust all - MX preferences for the first address family before - trying any addresses for the other. + Address family preference: ipv4, ipv6 or any. When using any, + posttls-finger will randomly select one of the two as the more + preferred, and exhaust all MX preferences for the first address + family before trying any addresses for the other. -A trust-anchor.pem (default: none) - A list of PEM trust-anchor files that overrides - CAfile and CApath trust chain verification. Spec- - ify the option multiple times to specify multiple - files. See the main.cf documentation for + A list of PEM trust-anchor files that overrides CAfile and CAp- + ath trust chain verification. Specify the option multiple times + to specify multiple files. See the main.cf documentation for smtp_tls_trust_anchor_file for details. - -c Disable SMTP chat logging; only TLS-related infor- - mation is logged. + -c Disable SMTP chat logging; only TLS-related information is + logged. - -C Print the remote SMTP server certificate trust - chain in PEM format. The issuer DN, subject DN, - certificate and public key fingerprints (see -d - mdalg option below) are printed above each PEM cer- - tificate block. If you specify -F CAfile or -P - CApath, the OpenSSL library may augment the chain - with missing issuer certificates. To see the - actual chain sent by the remote SMTP server leave - CAfile and CApath unset. + -C Print the remote SMTP server certificate trust chain in PEM for- + mat. The issuer DN, subject DN, certificate and public key fin- + gerprints (see -d mdalg option below) are printed above each PEM + certificate block. If you specify -F CAfile or -P CApath, the + OpenSSL library may augment the chain with missing issuer cer- + tificates. To see the actual chain sent by the remote SMTP + server leave CAfile and CApath unset. -d mdalg (default: sha1) - The message digest algorithm to use for reporting - remote SMTP server fingerprints and matching - against user provided certificate fingerprints - (with DANE TLSA records the algorithm is specified - in the DNS). + The message digest algorithm to use for reporting remote SMTP + server fingerprints and matching against user provided certifi- + cate fingerprints (with DANE TLSA records the algorithm is spec- + ified in the DNS). - -f Lookup the associated DANE TLSA RRset even when a - hostname is not an alias and its address records - lie in an unsigned zone. See smtp_tls_force_inse- - cure_host_tlsa_lookup for details. + -f Lookup the associated DANE TLSA RRset even when a hostname is + not an alias and its address records lie in an unsigned zone. + See smtp_tls_force_insecure_host_tlsa_lookup for details. -F CAfile.pem (default: none) - The PEM formatted CAfile for remote SMTP server - certificate verification. By default no CAfile is - used and no public CAs are trusted. + The PEM formatted CAfile for remote SMTP server certificate ver- + ification. By default no CAfile is used and no public CAs are + trusted. -g grade (default: medium) - The minimum TLS cipher grade used by posttls-fin- - ger. See smtp_tls_mandatory_ciphers for details. + The minimum TLS cipher grade used by posttls-finger. See + smtp_tls_mandatory_ciphers for details. -h host_lookup (default: dns) - The hostname lookup methods used for the connec- - tion. See the documentation of smtp_host_lookup - for syntax and semantics. + The hostname lookup methods used for the connection. See the + documentation of smtp_host_lookup for syntax and semantics. -l level (default: dane or secure) - The security level for the connection, default dane - or secure depending on whether DNSSEC is available. - For syntax and semantics, see the documentation of - smtp_tls_security_level. When dane or dane-only is - supported and selected, if no TLSA records are - found, or all the records found are unusable, the - secure level will be used instead. The fingerprint - security level allows you to test certificate or - public-key fingerprint matches before you deploy - them in the policy table. - - Note, since posttls-finger does not actually - deliver any email, the none, may and encrypt secu- - rity levels are not very useful. Since may and - encrypt don't require peer certificates, they will - often negotiate anonymous TLS ciphersuites, so you - won't learn much about the remote SMTP server's - certificates at these levels if it also supports - anonymous TLS (though you may learn that the server - supports anonymous TLS). + The security level for the connection, default dane or secure + depending on whether DNSSEC is available. For syntax and seman- + tics, see the documentation of smtp_tls_security_level. When + dane or dane-only is supported and selected, if no TLSA records + are found, or all the records found are unusable, the secure + level will be used instead. The fingerprint security level + allows you to test certificate or public-key fingerprint matches + before you deploy them in the policy table. + + Note, since posttls-finger does not actually deliver any email, + the none, may and encrypt security levels are not very useful. + Since may and encrypt don't require peer certificates, they will + often negotiate anonymous TLS ciphersuites, so you won't learn + much about the remote SMTP server's certificates at these levels + if it also supports anonymous TLS (though you may learn that the + server supports anonymous TLS). -L logopts (default: routine,certmatch) - Fine-grained TLS logging options. To tune the TLS - features logged during the TLS handshake, specify - one or more of: + Fine-grained TLS logging options. To tune the TLS features + logged during the TLS handshake, specify one or more of: 0, none - These yield no TLS logging; you'll generally - want more, but this is handy if you just - want the trust chain: + These yield no TLS logging; you'll generally want more, + but this is handy if you just want the trust chain: $ posttls-finger -cC -L none destination 1, routine, summary - These synonymous values yield a normal one- - line summary of the TLS connection. + These synonymous values yield a normal one-line summary + of the TLS connection. 2, debug - These synonymous values combine routine, - ssl-debug, cache and verbose. + These synonymous values combine routine, ssl-debug, cache + and verbose. 3, ssl-expert - These synonymous values combine debug with - ssl-handshake-packet-dump. For experts - only. + These synonymous values combine debug with ssl-handshake- + packet-dump. For experts only. 4, ssl-developer - These synonymous values combine ssl-expert - with ssl-session-packet-dump. For experts - only, and in most cases, use wireshark - instead. + These synonymous values combine ssl-expert with ssl-ses- + sion-packet-dump. For experts only, and in most cases, + use wireshark instead. ssl-debug - Turn on OpenSSL logging of the progress of - the SSL handshake. + Turn on OpenSSL logging of the progress of the SSL hand- + shake. ssl-handshake-packet-dump - Log hexadecimal packet dumps of the SSL - handshake; for experts only. + Log hexadecimal packet dumps of the SSL handshake; for + experts only. ssl-session-packet-dump - Log hexadecimal packet dumps of the entire - SSL session; only useful to those who can - debug SSL protocol problems from hex dumps. + Log hexadecimal packet dumps of the entire SSL session; + only useful to those who can debug SSL protocol problems + from hex dumps. untrusted - Logs trust chain verification problems. - This is turned on automatically at security - levels that use peer names signed by cer- - tificate authorities to validate certifi- - cates. So while this setting is recognized, - you should never need to set it explicitly. + Logs trust chain verification problems. This is turned + on automatically at security levels that use peer names + signed by certificate authorities to validate certifi- + cates. So while this setting is recognized, you should + never need to set it explicitly. peercert - This logs a one line summary of the remote - SMTP server certificate subject, issuer, and - fingerprints. + This logs a one line summary of the remote SMTP server + certificate subject, issuer, and fingerprints. certmatch - This logs remote SMTP server certificate - matching, showing the CN and each subjec- - tAltName and which name matched. With DANE, - logs matching of TLSA record trust-anchor - and end-entity certificates. - - cache This logs session cache operations, showing - whether session caching is effective with - the remote SMTP server. Automatically used - when reconnecting with the -r option; rarely - needs to be set explicitly. + This logs remote SMTP server certificate matching, show- + ing the CN and each subjectAltName and which name + matched. With DANE, logs matching of TLSA record trust- + anchor and end-entity certificates. + + cache This logs session cache operations, showing whether ses- + sion caching is effective with the remote SMTP server. + Automatically used when reconnecting with the -r option; + rarely needs to be set explicitly. verbose - Enables verbose logging in the Postfix TLS - driver; includes all of peercert..cache and - more. + Enables verbose logging in the Postfix TLS driver; + includes all of peercert..cache and more. - The default is routine,certmatch. After a recon- - nect, peercert, certmatch and verbose are automati- - cally disabled while cache and summary are enabled. + The default is routine,certmatch. After a reconnect, peercert, + certmatch and verbose are automatically disabled while cache and + summary are enabled. -m count (default: 5) - When the -r delay option is specified, the -m - option determines the maximum number of reconnect - attempts to use with a server behind a load-bal- - acer, to see whether connection caching is likely - to be effective for this destination. Some MTAs - don't expose the underlying server identity in - their EHLO response; with these servers there will - never be more than 1 reconnection attempt. + When the -r delay option is specified, the -m option determines + the maximum number of reconnect attempts to use with a server + behind a load-balacer, to see whether connection caching is + likely to be effective for this destination. Some MTAs don't + expose the underlying server identity in their EHLO response; + with these servers there will never be more than 1 reconnection + attempt. -o name=value - Specify zero or more times to override the value of - the main.cf parameter name with value. Possible - use-cases include overriding the values of TLS - library parameters, or "myhostname" to configure - the SMTP EHLO name sent to the remote server. + Specify zero or more times to override the value of the main.cf + parameter name with value. Possible use-cases include overrid- + ing the values of TLS library parameters, or "myhostname" to + configure the SMTP EHLO name sent to the remote server. -p protocols (default: !SSLv2) - List of TLS protocols that posttls-finger will - exclude or include. See smtp_tls_mandatory_proto- - cols for details. + List of TLS protocols that posttls-finger will exclude or + include. See smtp_tls_mandatory_protocols for details. -P CApath/ (default: none) - The OpenSSL CApath/ directory (indexed via - c_rehash(1)) for remote SMTP server certificate - verification. By default no CApath is used and no - public CAs are trusted. + The OpenSSL CApath/ directory (indexed via c_rehash(1)) for + remote SMTP server certificate verification. By default no CAp- + ath is used and no public CAs are trusted. -r delay - With a cachable TLS session, disconnect and recon- - nect after delay seconds. Report whether the ses- - sion is re-used. Retry if a new server is encoun- - tered, up to 5 times or as specified with the -m - option. By default reconnection is disabled, spec- - ify a positive delay to enable this behavior. - - -S Disable SMTP; that is, connect to an LMTP server. - The default port for LMTP over TCP is 24. Alterna- - tive ports can specified by appending ":service- - name" or ":portnumber" to the destination argument. + With a cachable TLS session, disconnect and reconnect after + delay seconds. Report whether the session is re-used. Retry if a + new server is encountered, up to 5 times or as specified with + the -m option. By default reconnection is disabled, specify a + positive delay to enable this behavior. + + -S Disable SMTP; that is, connect to an LMTP server. The default + port for LMTP over TCP is 24. Alternative ports can specified + by appending ":servicename" or ":portnumber" to the destination + argument. -t timeout (default: 30) - The TCP connection timeout to use. This is also - the timeout for reading the remote server's 220 - banner. + The TCP connection timeout to use. This is also the timeout for + reading the remote server's 220 banner. -T timeout (default: 30) - The SMTP/LMTP command timeout for EHLO/LHLO, START- - TLS and QUIT. + The SMTP/LMTP command timeout for EHLO/LHLO, STARTTLS and QUIT. - -v Enable verose Postfix logging. Specify more than - once to increase the level of verbose logging. + -v Enable verose Postfix logging. Specify more than once to + increase the level of verbose logging. [inet:]domain[:port] - Connect via TCP to domain domain, port port. The - default port is smtp (or 24 with LMTP). With SMTP - an MX lookup is performed to resolve the domain to - a host, unless the domain is enclosed in []. If - you want to connect to a specific MX host, for - instance mx1.example.com, specify [mx1.example.com] - as the destination and example.com as a match argu- - ment. When using DNS, the destination domain is - assumed fully qualified and no default domain or - search suffixes are applied; you must use fully- - qualified names or also enable native host lookups - (these don't support dane or dane-only as no DNSSEC - validation information is available via native - lookups). + Connect via TCP to domain domain, port port. The default port is + smtp (or 24 with LMTP). With SMTP an MX lookup is performed to + resolve the domain to a host, unless the domain is enclosed in + []. If you want to connect to a specific MX host, for instance + mx1.example.com, specify [mx1.example.com] as the destination + and example.com as a match argument. When using DNS, the desti- + nation domain is assumed fully qualified and no default domain + or search suffixes are applied; you must use fully-qualified + names or also enable native host lookups (these don't support + dane or dane-only as no DNSSEC validation information is avail- + able via native lookups). unix:pathname - Connect to the UNIX-domain socket at pathname. LMTP - only. + Connect to the UNIX-domain socket at pathname. LMTP only. match ... - With no match arguments specified, certificate - peername matching uses the compiled-in default - strategies for each security level. If you specify - one or more arguments, these will be used as the - list of certificate or public-key digests to match - for the fingerprint level, or as the list of DNS - names to match in the certificate at the verify and - secure levels. If the security level is dane, or - dane-only the match names are ignored, and host- - name, nexthop strategies are used. + With no match arguments specified, certificate peername matching + uses the compiled-in default strategies for each security level. + If you specify one or more arguments, these will be used as the + list of certificate or public-key digests to match for the fin- + gerprint level, or as the list of DNS names to match in the cer- + tificate at the verify and secure levels. If the security level + is dane, or dane-only the match names are ignored, and hostname, + nexthop strategies are used. ENVIRONMENT MAIL_CONFIG - Read configuration parameters from a non-default - location. + Read configuration parameters from a non-default location. MAIL_VERBOSE Same as -v option. @@ -346,8 +300,7 @@ POSTTLS-FINGER(1) POSTTLS-FINGER(1) TLS_README, Postfix STARTTLS howto LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/proxymap.8.html b/postfix/html/proxymap.8.html index 0b8561aac..ebe62e993 100644 --- a/postfix/html/proxymap.8.html +++ b/postfix/html/proxymap.8.html @@ -13,200 +13,181 @@ PROXYMAP(8) PROXYMAP(8) proxymap [generic Postfix daemon options] DESCRIPTION - The proxymap(8) server provides read-only or read-write - table lookup service to Postfix processes. These services - are implemented with distinct service names: proxymap and - proxywrite, respectively. The purpose of these services - is: - - o To overcome chroot restrictions. For example, a - chrooted SMTP server needs access to the system - passwd file in order to reject mail for non-exis- - tent local addresses, but it is not practical to - maintain a copy of the passwd file in the chroot - jail. The solution: + The proxymap(8) server provides read-only or read-write table lookup + service to Postfix processes. These services are implemented with dis- + tinct service names: proxymap and proxywrite, respectively. The purpose + of these services is: + + o To overcome chroot restrictions. For example, a chrooted SMTP + server needs access to the system passwd file in order to reject + mail for non-existent local addresses, but it is not practical + to maintain a copy of the passwd file in the chroot jail. The + solution: local_recipient_maps = proxy:unix:passwd.byname $alias_maps - o To consolidate the number of open lookup tables by - sharing one open table among multiple processes. - For example, making mysql connections from every - Postfix daemon process results in "too many connec- - tions" errors. The solution: + o To consolidate the number of open lookup tables by sharing one + open table among multiple processes. For example, making mysql + connections from every Postfix daemon process results in "too + many connections" errors. The solution: virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias.cf - The total number of connections is limited by the - number of proxymap server processes. + The total number of connections is limited by the number of + proxymap server processes. - o To provide single-updater functionality for lookup - tables that do not reliably support multiple writ- - ers (i.e. all file-based tables). + o To provide single-updater functionality for lookup tables that + do not reliably support multiple writers (i.e. all file-based + tables). The proxymap(8) server implements the following requests: open maptype:mapname flags - Open the table with type maptype and name mapname, - as controlled by flags. The reply includes the map- - type dependent flags (to distinguish a fixed string - table from a regular expression table). + Open the table with type maptype and name mapname, as controlled + by flags. The reply includes the maptype dependent flags (to + distinguish a fixed string table from a regular expression ta- + ble). lookup maptype:mapname flags key - Look up the data stored under the requested key. - The reply is the request completion status code and - the lookup result value. The maptype:mapname and - flags are the same as with the open request. + Look up the data stored under the requested key. The reply is + the request completion status code and the lookup result value. + The maptype:mapname and flags are the same as with the open + request. update maptype:mapname flags key value - Update the data stored under the requested key. - The reply is the request completion status code. - The maptype:mapname and flags are the same as with - the open request. + Update the data stored under the requested key. The reply is + the request completion status code. The maptype:mapname and + flags are the same as with the open request. - To implement single-updater maps, specify a process - limit of 1 in the master.cf file entry for the - proxywrite service. + To implement single-updater maps, specify a process limit of 1 + in the master.cf file entry for the proxywrite service. This request is supported in Postfix 2.5 and later. delete maptype:mapname flags key - Delete the data stored under the requested key. - The reply is the request completion status code. - The maptype:mapname and flags are the same as with - the open request. + Delete the data stored under the requested key. The reply is + the request completion status code. The maptype:mapname and + flags are the same as with the open request. This request is supported in Postfix 2.5 and later. sequence maptype:mapname flags function - Iterate over the specified database. The function - is one of DICT_SEQ_FUN_FIRST or DICT_SEQ_FUN_NEXT. - The reply is the request completion status code and - a lookup key and result value, if found. + Iterate over the specified database. The function is one of + DICT_SEQ_FUN_FIRST or DICT_SEQ_FUN_NEXT. The reply is the + request completion status code and a lookup key and result + value, if found. This request is supported in Postfix 2.9 and later. - The request completion status is one of OK, RETRY, NOKEY - (lookup failed because the key was not found), BAD (mal- - formed request) or DENY (the table is not approved for - proxy read or update access). + The request completion status is one of OK, RETRY, NOKEY (lookup failed + because the key was not found), BAD (malformed request) or DENY (the + table is not approved for proxy read or update access). - There is no close command, nor are tables implicitly - closed when a client disconnects. The purpose is to share - tables among multiple client processes. + There is no close command, nor are tables implicitly closed when a + client disconnects. The purpose is to share tables among multiple + client processes. SERVER PROCESS MANAGEMENT - proxymap(8) servers run under control by the Postfix mas- - ter(8) server. Each server can handle multiple simultane- - ous connections. When all servers are busy while a client - connects, the master(8) creates a new proxymap(8) server - process, provided that the process limit is not exceeded. - Each server terminates after serving at least $max_use + proxymap(8) servers run under control by the Postfix master(8) server. + Each server can handle multiple simultaneous connections. When all + servers are busy while a client connects, the master(8) creates a new + proxymap(8) server process, provided that the process limit is not + exceeded. Each server terminates after serving at least $max_use clients or after $max_idle seconds of idle time. SECURITY - The proxymap(8) server opens only tables that are approved - via the proxy_read_maps or proxy_write_maps configuration - parameters, does not talk to users, and can run at fixed - low privilege, chrooted or not. However, running the - proxymap server chrooted severely limits usability, - because it can open only chrooted tables. - - The proxymap(8) server is not a trusted daemon process, - and must not be used to look up sensitive information such - as UNIX user or group IDs, mailbox file/directory names or - external commands. - - In Postfix version 2.2 and later, the proxymap client rec- - ognizes requests to access a table for security-sensitive - purposes, and opens the table directly. This allows the - same main.cf setting to be used by sensitive and non-sen- - sitive processes. - - Postfix-writable data files should be stored under a dedi- - cated directory that is writable only by the Postfix mail - system, such as the Postfix-owned data_directory. - - In particular, Postfix-writable files should never exist - in root-owned directories. That would open up a particular - type of security hole where ownership of a file or direc- - tory does not match the provider of its content. + The proxymap(8) server opens only tables that are approved via the + proxy_read_maps or proxy_write_maps configuration parameters, does not + talk to users, and can run at fixed low privilege, chrooted or not. + However, running the proxymap server chrooted severely limits usabil- + ity, because it can open only chrooted tables. + + The proxymap(8) server is not a trusted daemon process, and must not be + used to look up sensitive information such as UNIX user or group IDs, + mailbox file/directory names or external commands. + + In Postfix version 2.2 and later, the proxymap client recognizes + requests to access a table for security-sensitive purposes, and opens + the table directly. This allows the same main.cf setting to be used by + sensitive and non-sensitive processes. + + Postfix-writable data files should be stored under a dedicated direc- + tory that is writable only by the Postfix mail system, such as the + Postfix-owned data_directory. + + In particular, Postfix-writable files should never exist in root-owned + directories. That would open up a particular type of security hole + where ownership of a file or directory does not match the provider of + its content. DIAGNOSTICS Problems and transactions are logged to syslogd(8). BUGS - The proxymap(8) server provides service to multiple - clients, and must therefore not be used for tables that - have high-latency lookups. - - The proxymap(8) read-write service does not explicitly - close lookup tables (even if it did, this could not be - relied on, because the process may be terminated between - table updates). The read-write service should therefore - not be used with tables that leave persistent storage in - an inconsistent state between updates (for example, CDB). - Tables that support "sync on update" should be safe (for - example, Berkeley DB) as should tables that are imple- - mented by a real DBMS. + The proxymap(8) server provides service to multiple clients, and must + therefore not be used for tables that have high-latency lookups. + + The proxymap(8) read-write service does not explicitly close lookup + tables (even if it did, this could not be relied on, because the + process may be terminated between table updates). The read-write ser- + vice should therefore not be used with tables that leave persistent + storage in an inconsistent state between updates (for example, CDB). + Tables that support "sync on update" should be safe (for example, + Berkeley DB) as should tables that are implemented by a real DBMS. CONFIGURATION PARAMETERS - On busy mail systems a long time may pass before prox- - ymap(8) relevant changes to main.cf are picked up. Use the - command "postfix reload" to speed up a change. + On busy mail systems a long time may pass before proxymap(8) relevant + changes to main.cf are picked up. Use the command "postfix reload" to + speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. data_directory (see 'postconf -d' output) - The directory with Postfix-writable data files (for - example: caches, pseudo-random numbers). + The directory with Postfix-writable data files (for example: + caches, pseudo-random numbers). daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. proxy_read_maps (see 'postconf -d' output) - The lookup tables that the proxymap(8) server is - allowed to access for the read-only service. + The lookup tables that the proxymap(8) server is allowed to + access for the read-only service. Available in Postfix 2.5 and later: data_directory (see 'postconf -d' output) - The directory with Postfix-writable data files (for - example: caches, pseudo-random numbers). + The directory with Postfix-writable data files (for example: + caches, pseudo-random numbers). proxy_write_maps (see 'postconf -d' output) - The lookup tables that the proxymap(8) server is - allowed to access for the read-write service. + The lookup tables that the proxymap(8) server is allowed to + access for the read-write service. SEE ALSO postconf(5), configuration parameters @@ -216,8 +197,7 @@ PROXYMAP(8) PROXYMAP(8) DATABASE_README, Postfix lookup table overview LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY The proxymap service was introduced with Postfix 2.0. diff --git a/postfix/html/qmgr.8.html b/postfix/html/qmgr.8.html index a9a069bab..67766445d 100644 --- a/postfix/html/qmgr.8.html +++ b/postfix/html/qmgr.8.html @@ -13,440 +13,392 @@ QMGR(8) QMGR(8) qmgr [generic Postfix daemon options] DESCRIPTION - The qmgr(8) daemon awaits the arrival of incoming mail and - arranges for its delivery via Postfix delivery processes. - The actual mail routing strategy is delegated to the triv- - ial-rewrite(8) daemon. This program expects to be run - from the master(8) process manager. + The qmgr(8) daemon awaits the arrival of incoming mail and arranges for + its delivery via Postfix delivery processes. The actual mail routing + strategy is delegated to the trivial-rewrite(8) daemon. This program + expects to be run from the master(8) process manager. - Mail addressed to the local double-bounce address is - logged and discarded. This stops potential loops caused - by undeliverable bounce notifications. + Mail addressed to the local double-bounce address is logged and dis- + carded. This stops potential loops caused by undeliverable bounce + notifications. MAIL QUEUES The qmgr(8) daemon maintains the following queues: incoming - Inbound mail from the network, or mail picked up by - the local pickup(8) daemon from the maildrop direc- - tory. + Inbound mail from the network, or mail picked up by the local + pickup(8) daemon from the maildrop directory. - active Messages that the queue manager has opened for - delivery. Only a limited number of messages is - allowed to enter the active queue (leaky bucket - strategy, for a fixed delivery rate). + active Messages that the queue manager has opened for delivery. Only a + limited number of messages is allowed to enter the active queue + (leaky bucket strategy, for a fixed delivery rate). deferred - Mail that could not be delivered upon the first - attempt. The queue manager implements exponential - backoff by doubling the time between delivery - attempts. + Mail that could not be delivered upon the first attempt. The + queue manager implements exponential backoff by doubling the + time between delivery attempts. corrupt - Unreadable or damaged queue files are moved here - for inspection. + Unreadable or damaged queue files are moved here for inspection. - hold Messages that are kept "on hold" are kept here - until someone sets them free. + hold Messages that are kept "on hold" are kept here until someone + sets them free. DELIVERY STATUS REPORTS - The qmgr(8) daemon keeps an eye on per-message delivery - status reports in the following directories. Each status - report file has the same name as the corresponding message - file: + The qmgr(8) daemon keeps an eye on per-message delivery status reports + in the following directories. Each status report file has the same name + as the corresponding message file: - bounce Per-recipient status information about why mail is - bounced. These files are maintained by the - bounce(8) daemon. + bounce Per-recipient status information about why mail is bounced. + These files are maintained by the bounce(8) daemon. - defer Per-recipient status information about why mail is - delayed. These files are maintained by the - defer(8) daemon. + defer Per-recipient status information about why mail is delayed. + These files are maintained by the defer(8) daemon. - trace Per-recipient status information as requested with - the Postfix "sendmail -v" or "sendmail -bv" com- - mand. These files are maintained by the trace(8) - daemon. + trace Per-recipient status information as requested with the Postfix + "sendmail -v" or "sendmail -bv" command. These files are main- + tained by the trace(8) daemon. - The qmgr(8) daemon is responsible for asking the - bounce(8), defer(8) or trace(8) daemons to send delivery - reports. + The qmgr(8) daemon is responsible for asking the bounce(8), defer(8) or + trace(8) daemons to send delivery reports. STRATEGIES - The queue manager implements a variety of strategies for - either opening queue files (input) or for message delivery - (output). + The queue manager implements a variety of strategies for either opening + queue files (input) or for message delivery (output). leaky bucket - This strategy limits the number of messages in the - active queue and prevents the queue manager from - running out of memory under heavy load. + This strategy limits the number of messages in the active queue + and prevents the queue manager from running out of memory under + heavy load. fairness - When the active queue has room, the queue manager - takes one message from the incoming queue and one - from the deferred queue. This prevents a large mail - backlog from blocking the delivery of new mail. + When the active queue has room, the queue manager takes one mes- + sage from the incoming queue and one from the deferred queue. + This prevents a large mail backlog from blocking the delivery of + new mail. slow start - This strategy eliminates "thundering herd" problems - by slowly adjusting the number of parallel deliver- - ies to the same destination. + This strategy eliminates "thundering herd" problems by slowly + adjusting the number of parallel deliveries to the same destina- + tion. round robin - The queue manager sorts delivery requests by desti- - nation. Round-robin selection prevents one desti- - nation from dominating deliveries to other destina- - tions. + The queue manager sorts delivery requests by destination. + Round-robin selection prevents one destination from dominating + deliveries to other destinations. exponential backoff - Mail that cannot be delivered upon the first - attempt is deferred. The time interval between - delivery attempts is doubled after each attempt. + Mail that cannot be delivered upon the first attempt is + deferred. The time interval between delivery attempts is dou- + bled after each attempt. destination status cache - The queue manager avoids unnecessary delivery - attempts by maintaining a short-term, in-memory - list of unreachable destinations. + The queue manager avoids unnecessary delivery attempts by main- + taining a short-term, in-memory list of unreachable destina- + tions. preemptive message scheduling - The queue manager attempts to minimize the average - per-recipient delay while still preserving the cor- - rect per-message delays, using a sophisticated pre- - emptive message scheduling. + The queue manager attempts to minimize the average per-recipient + delay while still preserving the correct per-message delays, + using a sophisticated preemptive message scheduling. TRIGGERS - On an idle system, the queue manager waits for the arrival - of trigger events, or it waits for a timer to go off. A - trigger is a one-byte message. Depending on the message - received, the queue manager performs one of the following - actions (the message is followed by the symbolic constant - used internally by the software): + On an idle system, the queue manager waits for the arrival of trigger + events, or it waits for a timer to go off. A trigger is a one-byte mes- + sage. Depending on the message received, the queue manager performs + one of the following actions (the message is followed by the symbolic + constant used internally by the software): D (QMGR_REQ_SCAN_DEFERRED) - Start a deferred queue scan. If a deferred queue - scan is already in progress, that scan will be - restarted as soon as it finishes. + Start a deferred queue scan. If a deferred queue scan is + already in progress, that scan will be restarted as soon as it + finishes. I (QMGR_REQ_SCAN_INCOMING) - Start an incoming queue scan. If an incoming queue - scan is already in progress, that scan will be - restarted as soon as it finishes. + Start an incoming queue scan. If an incoming queue scan is + already in progress, that scan will be restarted as soon as it + finishes. A (QMGR_REQ_SCAN_ALL) - Ignore deferred queue file time stamps. The request - affects the next deferred queue scan. + Ignore deferred queue file time stamps. The request affects the + next deferred queue scan. F (QMGR_REQ_FLUSH_DEAD) - Purge all information about dead transports and - destinations. + Purge all information about dead transports and destinations. W (TRIGGER_REQ_WAKEUP) - Wakeup call, This is used by the master server to - instantiate servers that should not go away for- - ever. The action is to start an incoming queue - scan. - - The qmgr(8) daemon reads an entire buffer worth of trig- - gers. Multiple identical trigger requests are collapsed - into one, and trigger requests are sorted so that A and F - precede D and I. Thus, in order to force a deferred queue - run, one would request A F D; in order to notify the queue - manager of the arrival of new mail one would request I. + Wakeup call, This is used by the master server to instantiate + servers that should not go away forever. The action is to start + an incoming queue scan. + + The qmgr(8) daemon reads an entire buffer worth of triggers. Multiple + identical trigger requests are collapsed into one, and trigger requests + are sorted so that A and F precede D and I. Thus, in order to force a + deferred queue run, one would request A F D; in order to notify the + queue manager of the arrival of new mail one would request I. STANDARDS RFC 3463 (Enhanced status codes) RFC 3464 (Delivery status notifications) SECURITY - The qmgr(8) daemon is not security sensitive. It reads - single-character messages from untrusted local users, and - thus may be susceptible to denial of service attacks. The - qmgr(8) daemon does not talk to the outside world, and it - can be run at fixed low privilege in a chrooted environ- - ment. + The qmgr(8) daemon is not security sensitive. It reads single-character + messages from untrusted local users, and thus may be susceptible to + denial of service attacks. The qmgr(8) daemon does not talk to the out- + side world, and it can be run at fixed low privilege in a chrooted + environment. DIAGNOSTICS - Problems and transactions are logged to the syslog daemon. - Corrupted message files are saved to the corrupt queue for - further inspection. + Problems and transactions are logged to the syslog daemon. Corrupted + message files are saved to the corrupt queue for further inspection. - Depending on the setting of the notify_classes parameter, - the postmaster is notified of bounces and of other trou- - ble. + Depending on the setting of the notify_classes parameter, the postmas- + ter is notified of bounces and of other trouble. BUGS - A single queue manager process has to compete for disk - access with multiple front-end processes such as - cleanup(8). A sudden burst of inbound mail can negatively - impact outbound delivery rates. + A single queue manager process has to compete for disk access with mul- + tiple front-end processes such as cleanup(8). A sudden burst of inbound + mail can negatively impact outbound delivery rates. CONFIGURATION PARAMETERS - Changes to main.cf are not picked up automatically as - qmgr(8) is a persistent process. Use the "postfix reload" - command after a configuration change. + Changes to main.cf are not picked up automatically as qmgr(8) is a per- + sistent process. Use the "postfix reload" command after a configuration + change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. - In the text below, transport is the first field in a mas- - ter.cf entry. + In the text below, transport is the first field in a master.cf entry. COMPATIBILITY CONTROLS Available before Postfix version 2.5: allow_min_user (no) - Allow a sender or recipient address to have `-' as - the first character. + Allow a sender or recipient address to have `-' as the first + character. Available with Postfix version 2.7 and later: default_filter_nexthop (empty) - When a content_filter or FILTER request specifies - no explicit next-hop destination, use $default_fil- - ter_nexthop instead; when that value is empty, use - the domain in the recipient address. + When a content_filter or FILTER request specifies no explicit + next-hop destination, use $default_filter_nexthop instead; when + that value is empty, use the domain in the recipient address. ACTIVE QUEUE CONTROLS qmgr_clog_warn_time (300s) - The minimal delay between warnings that a specific - destination is clogging up the Postfix active - queue. + The minimal delay between warnings that a specific destination + is clogging up the Postfix active queue. qmgr_message_active_limit (20000) The maximal number of messages in the active queue. qmgr_message_recipient_limit (20000) - The maximal number of recipients held in memory by - the Postfix queue manager, and the maximal size of - the short-term, in-memory "dead" destination status - cache. + The maximal number of recipients held in memory by the Postfix + queue manager, and the maximal size of the short-term, in-memory + "dead" destination status cache. qmgr_message_recipient_minimum (10) - The minimal number of in-memory recipients for any - message. + The minimal number of in-memory recipients for any message. default_recipient_limit (20000) - The default per-transport upper limit on the number - of in-memory recipients. + The default per-transport upper limit on the number of in-memory + recipients. transport_recipient_limit ($default_recipient_limit) Idem, for delivery via the named message transport. default_extra_recipient_limit (1000) - The default value for the extra per-transport limit - imposed on the number of in-memory recipients. + The default value for the extra per-transport limit imposed on + the number of in-memory recipients. - transport_extra_recipient_limit ($default_extra_recipi- - ent_limit) + transport_extra_recipient_limit ($default_extra_recipient_limit) Idem, for delivery via the named message transport. Available in Postfix version 2.4 and later: default_recipient_refill_limit (100) - The default per-transport limit on the number of - recipients refilled at once. + The default per-transport limit on the number of recipients + refilled at once. - transport_recipient_refill_limit ($default_recipi- - ent_refill_limit) + transport_recipient_refill_limit ($default_recipient_refill_limit) Idem, for delivery via the named message transport. default_recipient_refill_delay (5s) - The default per-transport maximum delay between - recipients refills. + The default per-transport maximum delay between recipients + refills. - transport_recipient_refill_delay ($default_recipi- - ent_refill_delay) + transport_recipient_refill_delay ($default_recipient_refill_delay) Idem, for delivery via the named message transport. DELIVERY CONCURRENCY CONTROLS initial_destination_concurrency (5) - The initial per-destination concurrency level for - parallel delivery to the same destination. + The initial per-destination concurrency level for parallel + delivery to the same destination. default_destination_concurrency_limit (20) - The default maximal number of parallel deliveries - to the same destination. + The default maximal number of parallel deliveries to the same + destination. - transport_destination_concurrency_limit ($default_destina- - tion_concurrency_limit) + transport_destination_concurrency_limit ($default_destination_concur- + rency_limit) Idem, for delivery via the named message transport. Available in Postfix version 2.5 and later: - transport_initial_destination_concurrency ($initial_desti- - nation_concurrency) - Initial concurrency for delivery via the named mes- - sage transport. + transport_initial_destination_concurrency ($initial_destination_concur- + rency) + Initial concurrency for delivery via the named message trans- + port. default_destination_concurrency_failed_cohort_limit (1) - How many pseudo-cohorts must suffer connection or - handshake failure before a specific destination is - considered unavailable (and further delivery is - suspended). + How many pseudo-cohorts must suffer connection or handshake + failure before a specific destination is considered unavailable + (and further delivery is suspended). - transport_destination_concurrency_failed_cohort_limit - ($default_destination_concurrency_failed_cohort_limit) + transport_destination_concurrency_failed_cohort_limit ($default_desti- + nation_concurrency_failed_cohort_limit) Idem, for delivery via the named message transport. default_destination_concurrency_negative_feedback (1) - The per-destination amount of delivery concurrency - negative feedback, after a delivery completes with - a connection or handshake failure. + The per-destination amount of delivery concurrency negative + feedback, after a delivery completes with a connection or hand- + shake failure. - transport_destination_concurrency_negative_feedback - ($default_destination_concurrency_negative_feedback) + transport_destination_concurrency_negative_feedback ($default_destina- + tion_concurrency_negative_feedback) Idem, for delivery via the named message transport. default_destination_concurrency_positive_feedback (1) - The per-destination amount of delivery concurrency - positive feedback, after a delivery completes with- - out connection or handshake failure. + The per-destination amount of delivery concurrency positive + feedback, after a delivery completes without connection or hand- + shake failure. - transport_destination_concurrency_positive_feedback - ($default_destination_concurrency_positive_feedback) + transport_destination_concurrency_positive_feedback ($default_destina- + tion_concurrency_positive_feedback) Idem, for delivery via the named message transport. destination_concurrency_feedback_debug (no) - Make the queue manager's feedback algorithm verbose - for performance analysis purposes. + Make the queue manager's feedback algorithm verbose for perfor- + mance analysis purposes. RECIPIENT SCHEDULING CONTROLS default_destination_recipient_limit (50) - The default maximal number of recipients per mes- - sage delivery. + The default maximal number of recipients per message delivery. - transport_destination_recipient_limit ($default_destina- - tion_recipient_limit) + transport_destination_recipient_limit ($default_destination_recipi- + ent_limit) Idem, for delivery via the named message transport. MESSAGE SCHEDULING CONTROLS default_delivery_slot_cost (5) - How often the Postfix queue manager's scheduler is - allowed to preempt delivery of one message with - another. + How often the Postfix queue manager's scheduler is allowed to + preempt delivery of one message with another. transport_delivery_slot_cost ($default_delivery_slot_cost) Idem, for delivery via the named message transport. default_minimum_delivery_slots (3) - How many recipients a message must have in order to - invoke the Postfix queue manager's scheduling algo- - rithm at all. + How many recipients a message must have in order to invoke the + Postfix queue manager's scheduling algorithm at all. - transport_minimum_delivery_slots ($default_minimum_deliv- - ery_slots) + transport_minimum_delivery_slots ($default_minimum_delivery_slots) Idem, for delivery via the named message transport. default_delivery_slot_discount (50) - The default value for transport-specific _deliv- - ery_slot_discount settings. + The default value for transport-specific _delivery_slot_discount + settings. - transport_delivery_slot_discount ($default_deliv- - ery_slot_discount) + transport_delivery_slot_discount ($default_delivery_slot_discount) Idem, for delivery via the named message transport. default_delivery_slot_loan (3) - The default value for transport-specific _deliv- - ery_slot_loan settings. + The default value for transport-specific _delivery_slot_loan + settings. transport_delivery_slot_loan ($default_delivery_slot_loan) Idem, for delivery via the named message transport. OTHER RESOURCE AND RATE CONTROLS minimal_backoff_time (300s) - The minimal time between attempts to deliver a - deferred message; prior to Postfix 2.4 the default - value was 1000s. + The minimal time between attempts to deliver a deferred message; + prior to Postfix 2.4 the default value was 1000s. maximal_backoff_time (4000s) - The maximal time between attempts to deliver a - deferred message. + The maximal time between attempts to deliver a deferred message. maximal_queue_lifetime (5d) - Consider a message as undeliverable, when delivery - fails with a temporary error, and the time in the - queue has reached the maximal_queue_lifetime limit. + Consider a message as undeliverable, when delivery fails with a + temporary error, and the time in the queue has reached the maxi- + mal_queue_lifetime limit. queue_run_delay (300s) - The time between deferred queue scans by the queue - manager; prior to Postfix 2.4 the default value was - 1000s. + The time between deferred queue scans by the queue manager; + prior to Postfix 2.4 the default value was 1000s. transport_retry_time (60s) - The time between attempts by the Postfix queue man- - ager to contact a malfunctioning message delivery - transport. + The time between attempts by the Postfix queue manager to con- + tact a malfunctioning message delivery transport. Available in Postfix version 2.1 and later: bounce_queue_lifetime (5d) - Consider a bounce message as undeliverable, when - delivery fails with a temporary error, and the time - in the queue has reached the bounce_queue_lifetime - limit. + Consider a bounce message as undeliverable, when delivery fails + with a temporary error, and the time in the queue has reached + the bounce_queue_lifetime limit. Available in Postfix version 2.5 and later: default_destination_rate_delay (0s) - The default amount of delay that is inserted - between individual deliveries to the same destina- - tion; the resulting behavior depends on the value - of the corresponding per-destination recipient - limit. - - transport_destination_rate_delay $default_destina- - tion_rate_delay + The default amount of delay that is inserted between individual + deliveries to the same destination; the resulting behavior + depends on the value of the corresponding per-destination recip- + ient limit. + + transport_destination_rate_delay $default_destination_rate_delay Idem, for delivery via the named message transport. SAFETY CONTROLS qmgr_daemon_timeout (1000s) - How much time a Postfix queue manager process may - take to handle a request before it is terminated by - a built-in watchdog timer. + How much time a Postfix queue manager process may take to handle + a request before it is terminated by a built-in watchdog timer. qmgr_ipc_timeout (60s) - The time limit for the queue manager to send or - receive information over an internal communication - channel. + The time limit for the queue manager to send or receive informa- + tion over an internal communication channel. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. defer_transports (empty) - The names of message delivery transports that - should not deliver mail unless someone issues - "sendmail -q" or equivalent. + The names of message delivery transports that should not deliver + mail unless someone issues "sendmail -q" or equivalent. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal - point when logging sub-second delay values. + The maximal number of digits after the decimal point when log- + ging sub-second delay values. helpful_warnings (yes) - Log warnings about problematic configuration set- - tings, and provide helpful suggestions. + Log warnings about problematic configuration settings, and pro- + vide helpful suggestions. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". FILES /var/spool/postfix/incoming, incoming queue @@ -469,8 +421,7 @@ QMGR(8) QMGR(8) QSHAPE_README, Postfix queue analysis LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/qmqp-sink.1.html b/postfix/html/qmqp-sink.1.html index 5811a8066..17077e496 100644 --- a/postfix/html/qmqp-sink.1.html +++ b/postfix/html/qmqp-sink.1.html @@ -15,42 +15,39 @@ QMQP-SINK(1) QMQP-SINK(1) qmqp-sink [-46cv] [-x time] unix:pathname backlog DESCRIPTION - qmqp-sink listens on the named host (or address) and port. - It receives messages from the network and throws them - away. The purpose is to measure QMQP client performance, - not protocol compliance. Connections can be accepted on - IPv4 or IPv6 endpoints, or on UNIX-domain sockets. IPv4 - and IPv6 are the default. This program is the complement - of the qmqp-source(1) program. - - Note: this is an unsupported test program. No attempt is - made to maintain compatibility between successive ver- - sions. + qmqp-sink listens on the named host (or address) and port. It receives + messages from the network and throws them away. The purpose is to mea- + sure QMQP client performance, not protocol compliance. Connections can + be accepted on IPv4 or IPv6 endpoints, or on UNIX-domain sockets. IPv4 + and IPv6 are the default. This program is the complement of the qmqp- + source(1) program. + + Note: this is an unsupported test program. No attempt is made to main- + tain compatibility between successive versions. Arguments: - -4 Support IPv4 only. This option has no effect when - Postfix is built without IPv6 support. + -4 Support IPv4 only. This option has no effect when Postfix is + built without IPv6 support. - -6 Support IPv6 only. This option is not available - when Postfix is built without IPv6 support. + -6 Support IPv6 only. This option is not available when Postfix is + built without IPv6 support. - -c Display a running counter that is updated whenever - a delivery is completed. + -c Display a running counter that is updated whenever a delivery is + completed. - -v Increase verbosity. Specify -v -v to see some of - the QMQP conversation. + -v Increase verbosity. Specify -v -v to see some of the QMQP con- + versation. -x time - Terminate after time seconds. This is to facilitate - memory leak testing. + Terminate after time seconds. This is to facilitate memory leak + testing. SEE ALSO qmqp-source(1), QMQP message generator LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/qmqp-source.1.html b/postfix/html/qmqp-source.1.html index 652741b7b..efd07b261 100644 --- a/postfix/html/qmqp-source.1.html +++ b/postfix/html/qmqp-source.1.html @@ -15,81 +15,72 @@ QMQP-SOURCE(1) QMQP-SOURCE(1) qmqp-source [options] unix:pathname DESCRIPTION - qmqp-source connects to the named host and TCP port - (default 628) and sends one or more messages to it, either - sequentially or in parallel. The program speaks the QMQP - protocol. Connections can be made to UNIX-domain and IPv4 - or IPv6 servers. IPv4 and IPv6 are the default. + qmqp-source connects to the named host and TCP port (default 628) and + sends one or more messages to it, either sequentially or in parallel. + The program speaks the QMQP protocol. Connections can be made to UNIX- + domain and IPv4 or IPv6 servers. IPv4 and IPv6 are the default. - Note: this is an unsupported test program. No attempt is - made to maintain compatibility between successive ver- - sions. + Note: this is an unsupported test program. No attempt is made to main- + tain compatibility between successive versions. Arguments: - -4 Connect to the server with IPv4. This option has no - effect when Postfix is built without IPv6 support. + -4 Connect to the server with IPv4. This option has no effect when + Postfix is built without IPv6 support. - -6 Connect to the server with IPv6. This option is not - available when Postfix is built without IPv6 sup- - port. + -6 Connect to the server with IPv6. This option is not available + when Postfix is built without IPv6 support. - -c Display a running counter that is incremented each - time a delivery completes. + -c Display a running counter that is incremented each time a deliv- + ery completes. -C count - When a host sends RESET instead of SYN|ACK, try - count times before giving up. The default count is - 1. Specify a larger count in order to work around a - problem with TCP/IP stacks that send RESET when the - listen queue is full. + When a host sends RESET instead of SYN|ACK, try count times + before giving up. The default count is 1. Specify a larger count + in order to work around a problem with TCP/IP stacks that send + RESET when the listen queue is full. -f from - Use the specified sender address (default: - <foo@myhostname>). + Use the specified sender address (default: <foo@myhostname>). -l length - Send length bytes as message payload. The length - includes the message headers. + Send length bytes as message payload. The length includes the + message headers. -m message_count Send the specified number of messages (default: 1). -M myhostname - Use the specified hostname or [address] in the - default sender and recipient addresses, instead of - the machine hostname. + Use the specified hostname or [address] in the default sender + and recipient addresses, instead of the machine hostname. -r recipient_count - Send the specified number of recipients per trans- - action (default: 1). Recipient names are generated - by prepending a number to the recipient address. + Send the specified number of recipients per transaction + (default: 1). Recipient names are generated by prepending a + number to the recipient address. -s session_count - Run the specified number of QMQP sessions in paral- - lel (default: 1). + Run the specified number of QMQP sessions in parallel (default: + 1). - -t to Use the specified recipient address (default: - <foo@myhostname>). + -t to Use the specified recipient address (default: <foo@myhostname>). -R interval - Wait for a random period of time 0 <= n <= interval - between messages. Suspending one thread does not - affect other delivery threads. + Wait for a random period of time 0 <= n <= interval between mes- + sages. Suspending one thread does not affect other delivery + threads. - -v Make the program more verbose, for debugging pur- - poses. + -v Make the program more verbose, for debugging purposes. -w interval - Wait a fixed time between messages. Suspending one - thread does not affect other delivery threads. + Wait a fixed time between messages. Suspending one thread does + not affect other delivery threads. SEE ALSO qmqp-sink(1), QMQP message dump LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/qmqpd.8.html b/postfix/html/qmqpd.8.html index 47f1c0fbc..48b870d09 100644 --- a/postfix/html/qmqpd.8.html +++ b/postfix/html/qmqpd.8.html @@ -13,149 +13,135 @@ QMQPD(8) QMQPD(8) qmqpd [generic Postfix daemon options] DESCRIPTION - The Postfix QMQP server receives one message per connec- - tion. Each message is piped through the cleanup(8) dae- - mon, and is placed into the incoming queue as one single - queue file. The program expects to be run from the mas- - ter(8) process manager. + The Postfix QMQP server receives one message per connection. Each mes- + sage is piped through the cleanup(8) daemon, and is placed into the + incoming queue as one single queue file. The program expects to be run + from the master(8) process manager. - The QMQP server implements one access policy: only explic- - itly authorized client hosts are allowed to use the ser- - vice. + The QMQP server implements one access policy: only explicitly autho- + rized client hosts are allowed to use the service. SECURITY - The QMQP server is moderately security-sensitive. It talks - to QMQP clients and to DNS servers on the network. The - QMQP server can be run chrooted at fixed low privilege. + The QMQP server is moderately security-sensitive. It talks to QMQP + clients and to DNS servers on the network. The QMQP server can be run + chrooted at fixed low privilege. DIAGNOSTICS Problems and transactions are logged to syslogd(8). BUGS - The QMQP protocol provides only one server reply per mes- - sage delivery. It is therefore not possible to reject - individual recipients. + The QMQP protocol provides only one server reply per message delivery. + It is therefore not possible to reject individual recipients. - The QMQP protocol requires the server to receive the - entire message before replying. If a message is malformed, - or if any netstring component is longer than acceptable, - Postfix replies immediately and closes the connection. It - is left up to the client to handle the situation. + The QMQP protocol requires the server to receive the entire message + before replying. If a message is malformed, or if any netstring compo- + nent is longer than acceptable, Postfix replies immediately and closes + the connection. It is left up to the client to handle the situation. CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically, as - qmqpd(8) processes run for only a limited amount of time. - Use the command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically, as qmqpd(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. CONTENT INSPECTION CONTROLS content_filter (empty) - After the message is queued, send the entire mes- - sage to the specified transport:destination. + After the message is queued, send the entire message to the + specified transport:destination. receive_override_options (empty) - Enable or disable recipient validation, built-in - content filtering, or address mapping. + Enable or disable recipient validation, built-in content filter- + ing, or address mapping. RESOURCE AND RATE CONTROLS line_length_limit (2048) - Upon input, long lines are chopped up into pieces - of at most this length; upon delivery, long lines - are reconstructed. + Upon input, long lines are chopped up into pieces of at most + this length; upon delivery, long lines are reconstructed. hopcount_limit (50) - The maximal number of Received: message headers - that is allowed in the primary message headers. + The maximal number of Received: message headers that is allowed + in the primary message headers. message_size_limit (10240000) - The maximal size in bytes of a message, including - envelope information. + The maximal size in bytes of a message, including envelope + information. qmqpd_timeout (300s) - The time limit for sending or receiving information - over the network. + The time limit for sending or receiving information over the + network. TROUBLE SHOOTING CONTROLS debug_peer_level (2) - The increment in verbose logging level when a - remote client or server matches a pattern in the - debug_peer_list parameter. + The increment in verbose logging level when a remote client or + server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname - or network address patterns that cause the verbose - logging level to increase by the amount specified - in $debug_peer_level. + Optional list of remote client or server hostname or network + address patterns that cause the verbose logging level to + increase by the amount specified in $debug_peer_level. soft_bounce (no) - Safety net to keep mail queued that would otherwise - be returned to the sender. + Safety net to keep mail queued that would otherwise be returned + to the sender. TARPIT CONTROLS qmqpd_error_delay (1s) - How long the Postfix QMQP server will pause before - sending a negative reply to the remote QMQP client. + How long the Postfix QMQP server will pause before sending a + negative reply to the remote QMQP client. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. qmqpd_authorized_clients (empty) - What remote QMQP clients are allowed to connect to - the Postfix QMQP server port. + What remote QMQP clients are allowed to connect to the Postfix + QMQP server port. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter - characters on the Postfix sendmail(1) command line - and in SMTP commands. + The characters Postfix accepts as VERP delimiter characters on + the Postfix sendmail(1) command line and in SMTP commands. Available in Postfix version 2.5 and later: qmqpd_client_port_logging (no) - Enable logging of the remote QMQP client port in - addition to the hostname and IP address. + Enable logging of the remote QMQP client port in addition to the + hostname and IP address. SEE ALSO http://cr.yp.to/proto/qmqp.html, QMQP protocol @@ -167,8 +153,7 @@ QMQPD(8) QMQPD(8) QMQP_README, Postfix ezmlm-idx howto. LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY The qmqpd service was introduced with Postfix version 1.1. diff --git a/postfix/html/qshape.1.html b/postfix/html/qshape.1.html index 4feacadab..1cecd33a5 100644 --- a/postfix/html/qshape.1.html +++ b/postfix/html/qshape.1.html @@ -17,101 +17,90 @@ QSHAPE(1) QSHAPE(1) [-c config_directory] [queue_name ...] DESCRIPTION - The qshape program helps the administrator understand the - Postfix queue message distribution in time and by sender - domain or recipient domain. The program needs read access - to the queue directories and queue files, so it must run - as the superuser or the mail_owner specified in main.cf + The qshape program helps the administrator understand the Postfix queue + message distribution in time and by sender domain or recipient domain. + The program needs read access to the queue directories and queue files, + so it must run as the superuser or the mail_owner specified in main.cf (typically postfix). Options: - -s Display the sender domain distribution instead of - the recipient domain distribution. By default the - recipient distribution is displayed. There can be - more recipients than messages, but as each message - has only one sender, the sender distribution is a + -s Display the sender domain distribution instead of the recipient + domain distribution. By default the recipient distribution is + displayed. There can be more recipients than messages, but as + each message has only one sender, the sender distribution is a message distribution. - -p Generate aggregate statistics for parent domains. - Top level domains are not shown, nor are domains - with fewer than min_subdomains subdomains. The - names of parent domains are shown with a leading - dot, (e.g. .example.com). + -p Generate aggregate statistics for parent domains. Top level + domains are not shown, nor are domains with fewer than min_sub- + domains subdomains. The names of parent domains are shown with a + leading dot, (e.g. .example.com). -m min_subdomains - When used with the -p option, sets the minimum sub- - domain count needed to show a separate line for a - parent domain. The default is 5. + When used with the -p option, sets the minimum subdomain count + needed to show a separate line for a parent domain. The default + is 5. -b bucket_count - The age distribution is broken up into a sequence - of geometrically increasing intervals. This option - sets the number of intervals or "buckets". Each - bucket has a maximum queue age that is twice as - large as that of the previous bucket. The last + The age distribution is broken up into a sequence of geometri- + cally increasing intervals. This option sets the number of + intervals or "buckets". Each bucket has a maximum queue age that + is twice as large as that of the previous bucket. The last bucket has no age limit. -t bucket_time - The age limit in minutes for the first time bucket. - The default value is 5, meaning that the first - bucket counts messages between 0 and 5 minutes old. + The age limit in minutes for the first time bucket. The default + value is 5, meaning that the first bucket counts messages + between 0 and 5 minutes old. - -l Instead of using a geometric age sequence, use a - linear age sequence, in other words simple multi- - ples of bucket_time. + -l Instead of using a geometric age sequence, use a linear age + sequence, in other words simple multiples of bucket_time. This feature is available in Postfix 2.2 and later. -w terminal_width - The output is right justified, with the counts for - the last bucket shown on the 80th column, the ter- - minal_width can be adjusted for wider screens - allowing more buckets to be displayed without trun- - cating the domain names on the left. When a row for - a full domain name and its counters does not fit in - the specified number of columns, only the last 17 - bytes of the domain name are shown with the prefix - replaced by a '+' character. Truncated parent - domain rows are shown as '.+' followed by the last - 16 bytes of the domain name. If this is still too - narrow to show the domain name and all the coun- - ters, the terminal_width limit is violated. + The output is right justified, with the counts for the last + bucket shown on the 80th column, the terminal_width can be + adjusted for wider screens allowing more buckets to be displayed + without truncating the domain names on the left. When a row for + a full domain name and its counters does not fit in the speci- + fied number of columns, only the last 17 bytes of the domain + name are shown with the prefix replaced by a '+' character. + Truncated parent domain rows are shown as '.+' followed by the + last 16 bytes of the domain name. If this is still too narrow to + show the domain name and all the counters, the terminal_width + limit is violated. -N batch_msg_count - When the output device is a terminal, intermediate - results are shown each "batch_msg_count" messages. - This produces usable results in a reasonable time - even when the deferred queue is large. The default - is to show intermediate results every 1000 mes- - sages. + When the output device is a terminal, intermediate results are + shown each "batch_msg_count" messages. This produces usable + results in a reasonable time even when the deferred queue is + large. The default is to show intermediate results every 1000 + messages. -n batch_top_domains - When reporting intermediate or final results to a - termainal, report only the top "batch_top_domains" - domains. The default limit is 20 domains. + When reporting intermediate or final results to a termainal, + report only the top "batch_top_domains" domains. The default + limit is 20 domains. -c config_directory - The main.cf configuration file is in the named - directory instead of the default configuration - directory. + The main.cf configuration file is in the named directory instead + of the default configuration directory. Arguments: queue_name - By default qshape displays the combined distribu- - tion of the incoming and active queues. To display - a different set of queues, just list their direc- - tory names on the command line. Absolute paths are - used as is, other paths are taken relative to the - main.cf queue_directory parameter setting. While - main.cf supports the use of $variable expansion in - the definition of the queue_directory parameter, - the qshape program does not. If you must use vari- - able expansions in the queue_directory setting, you - must specify an explicit absolute path for each - queue subdirectory even if you want the default - incoming and active queue distribution. + By default qshape displays the combined distribution of the + incoming and active queues. To display a different set of + queues, just list their directory names on the command line. + Absolute paths are used as is, other paths are taken relative to + the main.cf queue_directory parameter setting. While main.cf + supports the use of $variable expansion in the definition of the + queue_directory parameter, the qshape program does not. If you + must use variable expansions in the queue_directory setting, you + must specify an explicit absolute path for each queue subdirec- + tory even if you want the default incoming and active queue dis- + tribution. SEE ALSO mailq(1), List all messages in the queue. @@ -126,8 +115,7 @@ QSHAPE(1) QSHAPE(1) $queue_directory/deferred/, messages postponed for later delivery. LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Victor Duchovni diff --git a/postfix/html/regexp_table.5.html b/postfix/html/regexp_table.5.html index 8a5b9f9d9..0b154e3c0 100644 --- a/postfix/html/regexp_table.5.html +++ b/postfix/html/regexp_table.5.html @@ -15,126 +15,115 @@ REGEXP_TABLE(5) REGEXP_TABLE(5) postmap -q - regexp:/etc/postfix/filename <inputfile DESCRIPTION - The Postfix mail system uses optional tables for address - rewriting, mail routing, or access control. These tables - are usually in dbm or db format. + The Postfix mail system uses optional tables for address rewriting, + mail routing, or access control. These tables are usually in dbm or db + format. - Alternatively, lookup tables can be specified in POSIX - regular expression form. In this case, each input is com- - pared against a list of patterns. When a match is found, - the corresponding result is returned and the search is - terminated. + Alternatively, lookup tables can be specified in POSIX regular expres- + sion form. In this case, each input is compared against a list of pat- + terns. When a match is found, the corresponding result is returned and + the search is terminated. - To find out what types of lookup tables your Postfix sys- - tem supports use the "postconf -m" command. + To find out what types of lookup tables your Postfix system supports + use the "postconf -m" command. - To test lookup tables, use the "postmap -q" command as - described in the SYNOPSIS above. + To test lookup tables, use the "postmap -q" command as described in the + SYNOPSIS above. COMPATIBILITY - With Postfix version 2.2 and earlier specify "postmap -fq" - to query a table that contains case sensitive patterns. - Patterns are case insensitive by default. + With Postfix version 2.2 and earlier specify "postmap -fq" to query a + table that contains case sensitive patterns. Patterns are case insensi- + tive by default. TABLE FORMAT The general form of a Postfix regular expression table is: /pattern/flags result - When pattern matches the input string, use the cor- - responding result value. + When pattern matches the input string, use the corresponding + result value. !/pattern/flags result - When pattern does not match the input string, use - the corresponding result value. + When pattern does not match the input string, use the corre- + sponding result value. if /pattern/flags - endif Match the input string against the patterns between - if and endif, if and only if that same input string - also matches pattern. The if..endif can nest. + endif Match the input string against the patterns between if and + endif, if and only if that same input string also matches pat- + tern. The if..endif can nest. - Note: do not prepend whitespace to patterns inside - if..endif. + Note: do not prepend whitespace to patterns inside if..endif. This feature is available in Postfix 2.1 and later. if !/pattern/flags - endif Match the input string against the patterns between - if and endif, if and only if that same input string - does not match pattern. The if..endif can nest. + endif Match the input string against the patterns between if and + endif, if and only if that same input string does not match pat- + tern. The if..endif can nest. - Note: do not prepend whitespace to patterns inside - if..endif. + Note: do not prepend whitespace to patterns inside if..endif. This feature is available in Postfix 2.1 and later. blank lines and comments - Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character - is a `#'. + Empty lines and whitespace-only lines are ignored, as are lines + whose first non-whitespace character is a `#'. multi-line text - A logical line starts with non-whitespace text. A - line that starts with whitespace continues a logi- - cal line. - - Each pattern is a POSIX regular expression enclosed by a - pair of delimiters. The regular expression syntax is docu- - mented in re_format(7) with 4.4BSD, in regex(5) with - Solaris, and in regex(7) with Linux. Other systems may use - other document names. - - The expression delimiter can be any non-alphanumerical - character, except whitespace or characters that have spe- - cial meaning (traditionally the forward slash is used). - The regular expression can contain whitespace. - - By default, matching is case-insensitive, and newlines are - not treated as special characters. The behavior is con- - trolled by flags, which are toggled by appending one or - more of the following characters after the pattern: + A logical line starts with non-whitespace text. A line that + starts with whitespace continues a logical line. + + Each pattern is a POSIX regular expression enclosed by a pair of delim- + iters. The regular expression syntax is documented in re_format(7) with + 4.4BSD, in regex(5) with Solaris, and in regex(7) with Linux. Other + systems may use other document names. + + The expression delimiter can be any non-alphanumerical character, + except whitespace or characters that have special meaning (tradition- + ally the forward slash is used). The regular expression can contain + whitespace. + + By default, matching is case-insensitive, and newlines are not treated + as special characters. The behavior is controlled by flags, which are + toggled by appending one or more of the following characters after the + pattern: i (default: on) - Toggles the case sensitivity flag. By default, - matching is case insensitive. + Toggles the case sensitivity flag. By default, matching is case + insensitive. m (default: off) - Toggle the multi-line mode flag. When this flag is - on, the ^ and $ metacharacters match immediately - after and immediately before a newline character, - respectively, in addition to matching at the start - and end of the input string. + Toggle the multi-line mode flag. When this flag is on, the ^ and + $ metacharacters match immediately after and immediately before + a newline character, respectively, in addition to matching at + the start and end of the input string. x (default: on) - Toggles the extended expression syntax flag. By - default, support for extended expression syntax is - enabled. + Toggles the extended expression syntax flag. By default, support + for extended expression syntax is enabled. TABLE SEARCH ORDER - Patterns are applied in the order as specified in the ta- - ble, until a pattern is found that matches the input - string. - - Each pattern is applied to the entire input string. - Depending on the application, that string is an entire - client hostname, an entire client IP address, or an entire - mail address. Thus, no parent domain or parent network - search is done, and user@domain mail addresses are not - broken up into their user and domain constituent parts, - nor is user+foo broken up into user and foo. + Patterns are applied in the order as specified in the table, until a + pattern is found that matches the input string. + + Each pattern is applied to the entire input string. Depending on the + application, that string is an entire client hostname, an entire client + IP address, or an entire mail address. Thus, no parent domain or par- + ent network search is done, and user@domain mail addresses are not bro- + ken up into their user and domain constituent parts, nor is user+foo + broken up into user and foo. TEXT SUBSTITUTION - Substitution of substrings (text that matches patterns - inside "()") from the matched expression into the result - string is requested with $1, $2, etc.; specify $$ to pro- - duce a $ character as output. The macros in the result - string may need to be written as ${n} or $(n) if they - aren't followed by whitespace. - - Note: since negated patterns (those preceded by !) return - a result when the expression does not match, substitutions - are not available for negated patterns. + Substitution of substrings (text that matches patterns inside "()") + from the matched expression into the result string is requested with + $1, $2, etc.; specify $$ to produce a $ character as output. The + macros in the result string may need to be written as ${n} or $(n) if + they aren't followed by whitespace. + + Note: since negated patterns (those preceded by !) return a result when + the expression does not match, substitutions are not available for + negated patterns. EXAMPLE SMTPD ACCESS MAP # Disallow sender-specified routing. This is a must if you relay mail diff --git a/postfix/html/relocated.5.html b/postfix/html/relocated.5.html index b8d60e802..2970f0d08 100644 --- a/postfix/html/relocated.5.html +++ b/postfix/html/relocated.5.html @@ -13,35 +13,31 @@ RELOCATED(5) RELOCATED(5) postmap /etc/postfix/relocated DESCRIPTION - The optional relocated(5) table provides the information - that is used in "user has moved to new_location" bounce - messages. - - Normally, the relocated(5) table is specified as a text - file that serves as input to the postmap(1) command. The - result, an indexed file in dbm or db format, is used for - fast searching by the mail system. Execute the command - "postmap /etc/postfix/relocated" to rebuild an indexed - file after changing the corresponding relocated table. - - When the table is provided via other means such as NIS, - LDAP or SQL, the same lookups are done as for ordinary - indexed files. - - Alternatively, the table can be provided as a regular- - expression map where patterns are given as regular expres- - sions, or lookups can be directed to TCP-based server. In - those case, the lookups are done in a slightly different - way as described below under "REGULAR EXPRESSION TABLES" - or "TCP-BASED TABLES". + The optional relocated(5) table provides the information that is used + in "user has moved to new_location" bounce messages. + + Normally, the relocated(5) table is specified as a text file that + serves as input to the postmap(1) command. The result, an indexed file + in dbm or db format, is used for fast searching by the mail system. + Execute the command "postmap /etc/postfix/relocated" to rebuild an + indexed file after changing the corresponding relocated table. + + When the table is provided via other means such as NIS, LDAP or SQL, + the same lookups are done as for ordinary indexed files. + + Alternatively, the table can be provided as a regular-expression map + where patterns are given as regular expressions, or lookups can be + directed to TCP-based server. In those case, the lookups are done in a + slightly different way as described below under "REGULAR EXPRESSION + TABLES" or "TCP-BASED TABLES". Table lookups are case insensitive. CASE FOLDING - The search string is folded to lowercase before database - lookup. As of Postfix 2.3, the search string is not case - folded with database types such as regexp: or pcre: whose - lookup fields can match both upper and lower case. + The search string is folded to lowercase before database lookup. As of + Postfix 2.3, the search string is not case folded with database types + such as regexp: or pcre: whose lookup fields can match both upper and + lower case. TABLE FORMAT The input format for the postmap(1) command is as follows: @@ -50,86 +46,76 @@ RELOCATED(5) RELOCATED(5) pattern new_location - Where new_location specifies contact information - such as an email address, or perhaps a street - address or telephone number. + Where new_location specifies contact information such as an + email address, or perhaps a street address or telephone number. - o Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character - is a `#'. + o Empty lines and whitespace-only lines are ignored, as are lines + whose first non-whitespace character is a `#'. - o A logical line starts with non-whitespace text. A - line that starts with whitespace continues a logi- - cal line. + o A logical line starts with non-whitespace text. A line that + starts with whitespace continues a logical line. TABLE SEARCH ORDER - With lookups from indexed files such as DB or DBM, or from - networked tables such as NIS, LDAP or SQL, patterns are - tried in the order as listed below: + With lookups from indexed files such as DB or DBM, or from networked + tables such as NIS, LDAP or SQL, patterns are tried in the order as + listed below: user@domain - Matches user@domain. This form has precedence over - all other forms. + Matches user@domain. This form has precedence over all other + forms. - user Matches user@site when site is $myorigin, when site - is listed in $mydestination, or when site is listed - in $inet_interfaces or $proxy_interfaces. + user Matches user@site when site is $myorigin, when site is listed in + $mydestination, or when site is listed in $inet_interfaces or + $proxy_interfaces. @domain - Matches other addresses in domain. This form has - the lowest precedence. + Matches other addresses in domain. This form has the lowest + precedence. ADDRESS EXTENSION - When a mail address localpart contains the optional recip- - ient delimiter (e.g., user+foo@domain), the lookup order - becomes: user+foo@domain, user@domain, user+foo, user, and - @domain. + When a mail address localpart contains the optional recipient delimiter + (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, + user@domain, user+foo, user, and @domain. REGULAR EXPRESSION TABLES - This section describes how the table lookups change when - the table is given in the form of regular expressions or - when lookups are directed to a TCP-based server. For a - description of regular expression lookup table syntax, see - regexp_table(5) or pcre_table(5). For a description of the - TCP client/server table lookup protocol, see tcp_table(5). - This feature is not available up to and including Postfix - version 2.4. - - Each pattern is a regular expression that is applied to - the entire address being looked up. Thus, user@domain mail - addresses are not broken up into their user and @domain - constituent parts, nor is user+foo broken up into user and - foo. - - Patterns are applied in the order as specified in the ta- - ble, until a pattern is found that matches the search - string. - - Results are the same as with indexed file lookups, with - the additional feature that parenthesized substrings from - the pattern can be interpolated as $1, $2 and so on. + This section describes how the table lookups change when the table is + given in the form of regular expressions or when lookups are directed + to a TCP-based server. For a description of regular expression lookup + table syntax, see regexp_table(5) or pcre_table(5). For a description + of the TCP client/server table lookup protocol, see tcp_table(5). This + feature is not available up to and including Postfix version 2.4. + + Each pattern is a regular expression that is applied to the entire + address being looked up. Thus, user@domain mail addresses are not bro- + ken up into their user and @domain constituent parts, nor is user+foo + broken up into user and foo. + + Patterns are applied in the order as specified in the table, until a + pattern is found that matches the search string. + + Results are the same as with indexed file lookups, with the additional + feature that parenthesized substrings from the pattern can be interpo- + lated as $1, $2 and so on. TCP-BASED TABLES - This section describes how the table lookups change when - lookups are directed to a TCP-based server. For a descrip- - tion of the TCP client/server lookup protocol, see tcp_ta- - ble(5). This feature is not available up to and including - Postfix version 2.4. + This section describes how the table lookups change when lookups are + directed to a TCP-based server. For a description of the TCP + client/server lookup protocol, see tcp_table(5). This feature is not + available up to and including Postfix version 2.4. - Each lookup operation uses the entire address once. Thus, - user@domain mail addresses are not broken up into their - user and @domain constituent parts, nor is user+foo broken - up into user and foo. + Each lookup operation uses the entire address once. Thus, user@domain + mail addresses are not broken up into their user and @domain con- + stituent parts, nor is user+foo broken up into user and foo. Results are the same as with indexed file lookups. BUGS - The table format does not understand quoting conventions. + The table format does not understand quoting conventions. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The following main.cf parameters are especially relevant. The text + below provides only a parameter summary. See postconf(5) for more + details including examples. relocated_maps List of lookup tables for relocated users or sites. @@ -137,21 +123,19 @@ RELOCATED(5) RELOCATED(5) Other parameters of interest: inet_interfaces - The network interface addresses that this system - receives mail on. You need to stop and start Post- - fix when this parameter changes. + The network interface addresses that this system receives mail + on. You need to stop and start Postfix when this parameter + changes. mydestination - List of domains that this mail system considers - local. + List of domains that this mail system considers local. myorigin The domain that is appended to locally-posted mail. proxy_interfaces - Other interfaces that this machine receives mail on - by way of a proxy agent or network address transla- - tor. + Other interfaces that this machine receives mail on by way of a + proxy agent or network address translator. SEE ALSO trivial-rewrite(8), address resolver @@ -163,8 +147,7 @@ RELOCATED(5) RELOCATED(5) ADDRESS_REWRITING_README, address rewriting guide LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/scache.8.html b/postfix/html/scache.8.html index 7702135a0..b9b415859 100644 --- a/postfix/html/scache.8.html +++ b/postfix/html/scache.8.html @@ -13,131 +13,122 @@ SCACHE(8) SCACHE(8) scache [generic Postfix daemon options] DESCRIPTION - The scache(8) server maintains a shared multi-connection - cache. This information can be used by, for example, Post- - fix SMTP clients or other Postfix delivery agents. - - The connection cache is organized into logical destination - names, physical endpoint names, and connections. - - As a specific example, logical SMTP destinations specify - (transport, domain, port), and physical SMTP endpoints - specify (transport, IP address, port). An SMTP connection - may be saved after a successful mail transaction. - - In the general case, one logical destination may refer to - zero or more physical endpoints, one physical endpoint may - be referenced by zero or more logical destinations, and - one endpoint may refer to zero or more connections. - - The exact syntax of a logical destination or endpoint name - is application dependent; the scache(8) server does not - care. A connection is stored as a file descriptor - together with application-dependent information that is - needed to re-activate a connection object. Again, the - scache(8) server is completely unaware of the details of - that information. - - All information is stored with a finite time to live - (ttl). The connection cache daemon terminates when no - client is connected for max_idle time units. + The scache(8) server maintains a shared multi-connection cache. This + information can be used by, for example, Postfix SMTP clients or other + Postfix delivery agents. + + The connection cache is organized into logical destination names, phys- + ical endpoint names, and connections. + + As a specific example, logical SMTP destinations specify (transport, + domain, port), and physical SMTP endpoints specify (transport, IP + address, port). An SMTP connection may be saved after a successful + mail transaction. + + In the general case, one logical destination may refer to zero or more + physical endpoints, one physical endpoint may be referenced by zero or + more logical destinations, and one endpoint may refer to zero or more + connections. + + The exact syntax of a logical destination or endpoint name is applica- + tion dependent; the scache(8) server does not care. A connection is + stored as a file descriptor together with application-dependent infor- + mation that is needed to re-activate a connection object. Again, the + scache(8) server is completely unaware of the details of that informa- + tion. + + All information is stored with a finite time to live (ttl). The con- + nection cache daemon terminates when no client is connected for + max_idle time units. This server implements the following requests: save_endp ttl endpoint endpoint_properties file_descriptor - Save the specified file descriptor and connection - property data under the specified endpoint name. - The endpoint properties are used by the client to - re-activate a passivated connection object. + Save the specified file descriptor and connection property data + under the specified endpoint name. The endpoint properties are + used by the client to re-activate a passivated connection + object. find_endp endpoint - Look up cached properties and a cached file - descriptor for the specified endpoint. + Look up cached properties and a cached file descriptor for the + specified endpoint. save_dest ttl destination destination_properties endpoint - Save the binding between a logical destination and - an endpoint under the destination name, together - with destination specific connection properties. - The destination properties are used by the client - to re-activate a passivated connection object. + Save the binding between a logical destination and an endpoint + under the destination name, together with destination specific + connection properties. The destination properties are used by + the client to re-activate a passivated connection object. find_dest destination - Look up cached destination properties, cached end- - point properties, and a cached file descriptor for - the specified logical destination. + Look up cached destination properties, cached endpoint proper- + ties, and a cached file descriptor for the specified logical + destination. SECURITY - The scache(8) server is not security-sensitive. It does - not talk to the network, and it does not talk to local - users. The scache(8) server can run chrooted at fixed low - privilege. + The scache(8) server is not security-sensitive. It does not talk to the + network, and it does not talk to local users. The scache(8) server can + run chrooted at fixed low privilege. - The scache(8) server is not a trusted process. It must not - be used to store information that is security sensitive. + The scache(8) server is not a trusted process. It must not be used to + store information that is security sensitive. DIAGNOSTICS Problems and transactions are logged to syslogd(8). BUGS - The session cache cannot be shared among multiple - machines. + The session cache cannot be shared among multiple machines. - When a connection expires from the cache, it is closed - without the appropriate protocol specific handshake. + When a connection expires from the cache, it is closed without the + appropriate protocol specific handshake. CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically as - scache(8) processes run for only a limited amount of time. - Use the command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically as scache(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. RESOURCE CONTROLS connection_cache_ttl_limit (2s) - The maximal time-to-live value that the scache(8) - connection cache server allows. + The maximal time-to-live value that the scache(8) connection + cache server allows. connection_cache_status_update_time (600s) - How frequently the scache(8) server logs usage sta- - tistics with connection cache hit and miss rates - for logical destinations and for physical end- - points. + How frequently the scache(8) server logs usage statistics with + connection cache hit and miss rates for logical destinations and + for physical endpoints. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". SEE ALSO smtp(8), SMTP client @@ -149,8 +140,7 @@ SCACHE(8) SCACHE(8) CONNECTION_CACHE_README, Postfix connection cache LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY This service was introduced with Postfix version 2.2. diff --git a/postfix/html/sendmail.1.html b/postfix/html/sendmail.1.html index d463d2a64..5a535363d 100644 --- a/postfix/html/sendmail.1.html +++ b/postfix/html/sendmail.1.html @@ -19,165 +19,149 @@ SENDMAIL(1) SENDMAIL(1) sendmail -I DESCRIPTION - The Postfix sendmail(1) command implements the Postfix to - Sendmail compatibility interface. For the sake of compat- - ibility with existing applications, some Sendmail command- - line options are recognized but silently ignored. + The Postfix sendmail(1) command implements the Postfix to Sendmail com- + patibility interface. For the sake of compatibility with existing + applications, some Sendmail command-line options are recognized but + silently ignored. - By default, Postfix sendmail(1) reads a message from stan- - dard input until EOF or until it reads a line with only a - . character, and arranges for delivery. Postfix send- - mail(1) relies on the postdrop(1) command to create a - queue file in the maildrop directory. + By default, Postfix sendmail(1) reads a message from standard input + until EOF or until it reads a line with only a . character, and + arranges for delivery. Postfix sendmail(1) relies on the postdrop(1) + command to create a queue file in the maildrop directory. - Specific command aliases are provided for other common - modes of operation: + Specific command aliases are provided for other common modes of opera- + tion: - mailq List the mail queue. Each entry shows the queue - file ID, message size, arrival time, sender, and - the recipients that still need to be delivered. If - mail could not be delivered upon the last attempt, - the reason for failure is shown. The queue ID - string is followed by an optional status character: + mailq List the mail queue. Each entry shows the queue file ID, message + size, arrival time, sender, and the recipients that still need + to be delivered. If mail could not be delivered upon the last + attempt, the reason for failure is shown. The queue ID string is + followed by an optional status character: - * The message is in the active queue, i.e. the - message is selected for delivery. + * The message is in the active queue, i.e. the message is + selected for delivery. - ! The message is in the hold queue, i.e. no - further delivery attempt will be made until - the mail is taken off hold. + ! The message is in the hold queue, i.e. no further deliv- + ery attempt will be made until the mail is taken off + hold. - This mode of operation is implemented by executing - the postqueue(1) command. + This mode of operation is implemented by executing the + postqueue(1) command. newaliases - Initialize the alias database. If no input file is - specified (with the -oA option, see below), the - program processes the file(s) specified with the - alias_database configuration parameter. If no - alias database type is specified, the program uses - the type specified with the default_database_type - configuration parameter. This mode of operation is - implemented by running the postalias(1) command. - - Note: it may take a minute or so before an alias - database update becomes visible. Use the "postfix - reload" command to eliminate this delay. - - These and other features can be selected by specifying the - appropriate combination of command-line options. Some fea- - tures are controlled by parameters in the main.cf configu- - ration file. + Initialize the alias database. If no input file is specified + (with the -oA option, see below), the program processes the + file(s) specified with the alias_database configuration parame- + ter. If no alias database type is specified, the program uses + the type specified with the default_database_type configuration + parameter. This mode of operation is implemented by running the + postalias(1) command. + + Note: it may take a minute or so before an alias database update + becomes visible. Use the "postfix reload" command to eliminate + this delay. + + These and other features can be selected by specifying the appropriate + combination of command-line options. Some features are controlled by + parameters in the main.cf configuration file. The following options are recognized: -Am (ignored) -Ac (ignored) - Postfix sendmail uses the same configuration file - regardless of whether or not a message is an ini- - tial submission. + Postfix sendmail uses the same configuration file regardless of + whether or not a message is an initial submission. -B body_type The message body MIME type: 7BIT or 8BITMIME. - -bd Go into daemon mode. This mode of operation is - implemented by executing the "postfix start" com- - mand. + -bd Go into daemon mode. This mode of operation is implemented by + executing the "postfix start" command. -bh (ignored) -bH (ignored) Postfix has no persistent host status database. - -bi Initialize alias database. See the newaliases com- - mand above. + -bi Initialize alias database. See the newaliases command above. - -bl Go into daemon mode. To accept only local connec- - tions as with Sendmail's -bl option, specify - "inet_interfaces = loopback" in the Postfix main.cf - configuration file. + -bl Go into daemon mode. To accept only local connections as with + Sendmail's -bl option, specify "inet_interfaces = loopback" in + the Postfix main.cf configuration file. - -bm Read mail from standard input and arrange for - delivery. This is the default mode of operation. + -bm Read mail from standard input and arrange for delivery. This is + the default mode of operation. -bp List the mail queue. See the mailq command above. - -bs Stand-alone SMTP server mode. Read SMTP commands - from standard input, and write responses to stan- - dard output. In stand-alone SMTP server mode, mail - relaying and other access controls are disabled by - default. To enable them, run the process as the + -bs Stand-alone SMTP server mode. Read SMTP commands from standard + input, and write responses to standard output. In stand-alone + SMTP server mode, mail relaying and other access controls are + disabled by default. To enable them, run the process as the mail_owner user. - This mode of operation is implemented by running - the smtpd(8) daemon. + This mode of operation is implemented by running the smtpd(8) + daemon. - -bv Do not collect or deliver a message. Instead, send - an email report after verifying each recipient - address. This is useful for testing address - rewriting and routing configurations. + -bv Do not collect or deliver a message. Instead, send an email + report after verifying each recipient address. This is useful + for testing address rewriting and routing configurations. - This feature is available in Postfix version 2.1 - and later. + This feature is available in Postfix version 2.1 and later. -C config_file -C config_dir - The path name of the Postfix main.cf file, or of - its parent directory. This information is ignored - with Postfix versions before 2.3. + The path name of the Postfix main.cf file, or of its parent + directory. This information is ignored with Postfix versions + before 2.3. - With all Postfix versions, you can specify a direc- - tory pathname with the MAIL_CONFIG environment - variable to override the location of configuration - files. + With all Postfix versions, you can specify a directory pathname + with the MAIL_CONFIG environment variable to override the loca- + tion of configuration files. -F full_name - Set the sender full name. This overrides the NAME - environment variable, and is used only with mes- - sages that have no From: message header. + Set the sender full name. This overrides the NAME environment + variable, and is used only with messages that have no From: mes- + sage header. -f sender - Set the envelope sender address. This is the - address where delivery problems are sent to. With - Postfix versions before 2.1, the Errors-To: message - header overrides the error return address. + Set the envelope sender address. This is the address where + delivery problems are sent to. With Postfix versions before 2.1, + the Errors-To: message header overrides the error return + address. - -G Gateway (relay) submission, as opposed to initial - user submission. Either do not rewrite addresses - at all, or update incomplete addresses with the - domain information specified with remote_header_re- - write_domain. + -G Gateway (relay) submission, as opposed to initial user submis- + sion. Either do not rewrite addresses at all, or update incom- + plete addresses with the domain information specified with + remote_header_rewrite_domain. - This option is ignored before Postfix version 2.3. + This option is ignored before Postfix version 2.3. -h hop_count (ignored) - Hop count limit. Use the hopcount_limit configura- - tion parameter instead. + Hop count limit. Use the hopcount_limit configuration parameter + instead. - -I Initialize alias database. See the newaliases com- - mand above. + -I Initialize alias database. See the newaliases command above. - -i When reading a message from standard input, don't - treat a line with only a . character as the end of - input. + -i When reading a message from standard input, don't treat a line + with only a . character as the end of input. -L label (ignored) - The logging label. Use the syslog_name configura- - tion parameter instead. + The logging label. Use the syslog_name configuration parameter + instead. -m (ignored) Backwards compatibility. -N dsn (default: 'delay, failure') - Delivery status notification control. Specify - either a comma-separated list with one or more of - failure (send notification when delivery fails), - delay (send notification when delivery is delayed), - or success (send notification when the message is - delivered); or specify never (don't send any noti- - fications at all). + Delivery status notification control. Specify either a comma- + separated list with one or more of failure (send notification + when delivery fails), delay (send notification when delivery is + delayed), or success (send notification when the message is + delivered); or specify never (don't send any notifications at + all). This feature is available in Postfix 2.3 and later. @@ -185,133 +169,118 @@ SENDMAIL(1) SENDMAIL(1) Backwards compatibility. -oAalias_database - Non-default alias database. Specify pathname or - type:pathname. See postalias(1) for details. + Non-default alias database. Specify pathname or type:pathname. + See postalias(1) for details. -O option=value (ignored) - Set the named option to value. Use the equivalent - configuration parameter in main.cf instead. + Set the named option to value. Use the equivalent configuration + parameter in main.cf instead. -o7 (ignored) -o8 (ignored) - To send 8-bit or binary content, use an appropriate - MIME encapsulation and specify the appropriate -B - command-line option. + To send 8-bit or binary content, use an appropriate MIME encap- + sulation and specify the appropriate -B command-line option. - -oi When reading a message from standard input, don't - treat a line with only a . character as the end of - input. + -oi When reading a message from standard input, don't treat a line + with only a . character as the end of input. -om (ignored) - The sender is never eliminated from alias etc. - expansions. + The sender is never eliminated from alias etc. expansions. -o x value (ignored) - Set option x to value. Use the equivalent configu- - ration parameter in main.cf instead. + Set option x to value. Use the equivalent configuration parame- + ter in main.cf instead. -r sender - Set the envelope sender address. This is the - address where delivery problems are sent to. With - Postfix versions before 2.1, the Errors-To: message - header overrides the error return address. + Set the envelope sender address. This is the address where + delivery problems are sent to. With Postfix versions before 2.1, + the Errors-To: message header overrides the error return + address. -R return - Delivery status notification control. Specify - "hdrs" to return only the header when a message - bounces, "full" to return a full copy (the default - behavior). + Delivery status notification control. Specify "hdrs" to return + only the header when a message bounces, "full" to return a full + copy (the default behavior). - The -R option specifies an upper bound; Postfix - will return only the header, when a full copy would - exceed the bounce_size_limit setting. + The -R option specifies an upper bound; Postfix will return only + the header, when a full copy would exceed the bounce_size_limit + setting. This option is ignored before Postfix version 2.10. - -q Attempt to deliver all queued mail. This is imple- - mented by executing the postqueue(1) command. + -q Attempt to deliver all queued mail. This is implemented by exe- + cuting the postqueue(1) command. - Warning: flushing undeliverable mail frequently - will result in poor delivery performance of all - other mail. + Warning: flushing undeliverable mail frequently will result in + poor delivery performance of all other mail. -qinterval (ignored) - The interval between queue runs. Use the - queue_run_delay configuration parameter instead. + The interval between queue runs. Use the queue_run_delay config- + uration parameter instead. -qIqueueid - Schedule immediate delivery of mail with the speci- - fied queue ID. This option is implemented by exe- - cuting the postqueue(1) command, and is available - with Postfix version 2.4 and later. + Schedule immediate delivery of mail with the specified queue ID. + This option is implemented by executing the postqueue(1) com- + mand, and is available with Postfix version 2.4 and later. -qRsite - Schedule immediate delivery of all mail that is - queued for the named site. This option accepts only - site names that are eligible for the "fast flush" - service, and is implemented by executing the - postqueue(1) command. See flush(8) for more infor- - mation about the "fast flush" service. + Schedule immediate delivery of all mail that is queued for the + named site. This option accepts only site names that are eligi- + ble for the "fast flush" service, and is implemented by execut- + ing the postqueue(1) command. See flush(8) for more information + about the "fast flush" service. -qSsite - This command is not implemented. Use the slower - "sendmail -q" command instead. + This command is not implemented. Use the slower "sendmail -q" + command instead. - -t Extract recipients from message headers. These are - added to any recipients specified on the command - line. + -t Extract recipients from message headers. These are added to any + recipients specified on the command line. - With Postfix versions prior to 2.1, this option - requires that no recipient addresses are specified - on the command line. + With Postfix versions prior to 2.1, this option requires that no + recipient addresses are specified on the command line. -U (ignored) Initial user submission. -V envid - Specify the envelope ID for notification by servers - that support DSN. + Specify the envelope ID for notification by servers that support + DSN. This feature is available in Postfix 2.3 and later. -XV (Postfix 2.2 and earlier: -V) - Variable Envelope Return Path. Given an envelope - sender address of the form owner-listname@origin, - each recipient user@domain receives mail with a - personalized envelope sender address. + Variable Envelope Return Path. Given an envelope sender address + of the form owner-listname@origin, each recipient user@domain + receives mail with a personalized envelope sender address. - By default, the personalized envelope sender - address is owner-listname+user=domain@origin. The - default + and = characters are configurable with - the default_verp_delimiters configuration parame- - ter. + By default, the personalized envelope sender address is owner- + listname+user=domain@origin. The default + and = characters are + configurable with the default_verp_delimiters configuration + parameter. -XVxy (Postfix 2.2 and earlier: -Vxy) - As -XV, but uses x and y as the VERP delimiter - characters, instead of the characters specified - with the default_verp_delimiters configuration - parameter. + As -XV, but uses x and y as the VERP delimiter characters, + instead of the characters specified with the default_verp_delim- + iters configuration parameter. - -v Send an email report of the first delivery attempt - (Postfix versions 2.1 and later). Mail delivery - always happens in the background. When multiple -v - options are given, enable verbose logging for - debugging purposes. + -v Send an email report of the first delivery attempt (Postfix ver- + sions 2.1 and later). Mail delivery always happens in the back- + ground. When multiple -v options are given, enable verbose log- + ging for debugging purposes. -X log_file (ignored) - Log mailer traffic. Use the debug_peer_list and - debug_peer_level configuration parameters instead. + Log mailer traffic. Use the debug_peer_list and debug_peer_level + configuration parameters instead. SECURITY - By design, this program is not set-user (or group) id. - However, it must handle data from untrusted, possibly - remote, users. Thus, the usual precautions need to be - taken against malicious inputs. + By design, this program is not set-user (or group) id. However, it must + handle data from untrusted, possibly remote, users. Thus, the usual + precautions need to be taken against malicious inputs. DIAGNOSTICS - Problems are logged to syslogd(8) and to the standard - error stream. + Problems are logged to syslogd(8) and to the standard error stream. ENVIRONMENT MAIL_CONFIG @@ -321,161 +290,142 @@ SENDMAIL(1) SENDMAIL(1) Enable verbose logging for debugging purposes. MAIL_DEBUG (value does not matter) - Enable debugging with an external command, as spec- - ified with the debugger_command configuration - parameter. + Enable debugging with an external command, as specified with the + debugger_command configuration parameter. - NAME The sender full name. This is used only with mes- - sages that have no From: message header. See also - the -F option above. + NAME The sender full name. This is used only with messages that have + no From: message header. See also the -F option above. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. The text below provides only a parameter - summary. See postconf(5) for more details including exam- - ples. + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- + conf(5) for more details including examples. COMPATIBILITY CONTROLS Available with Postfix 2.9 and later: sendmail_fix_line_endings (always) - Controls how the Postfix sendmail command converts - email message line endings from <CR><LF> into UNIX - format (<LF>). + Controls how the Postfix sendmail command converts email message + line endings from <CR><LF> into UNIX format (<LF>). TROUBLE SHOOTING CONTROLS - The DEBUG_README file gives examples of how to trouble - shoot a Postfix system. + The DEBUG_README file gives examples of how to trouble shoot a Postfix + system. debugger_command (empty) - The external command to execute when a Postfix dae- - mon program is invoked with the -D option. + The external command to execute when a Postfix daemon program is + invoked with the -D option. debug_peer_level (2) - The increment in verbose logging level when a - remote client or server matches a pattern in the - debug_peer_list parameter. + The increment in verbose logging level when a remote client or + server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname - or network address patterns that cause the verbose - logging level to increase by the amount specified - in $debug_peer_level. + Optional list of remote client or server hostname or network + address patterns that cause the verbose logging level to + increase by the amount specified in $debug_peer_level. ACCESS CONTROLS Available in Postfix version 2.2 and later: authorized_flush_users (static:anyone) - List of users who are authorized to flush the - queue. + List of users who are authorized to flush the queue. authorized_mailq_users (static:anyone) List of users who are authorized to view the queue. authorized_submit_users (static:anyone) - List of users who are authorized to submit mail - with the sendmail(1) command (and with the privi- - leged postdrop(1) helper command). + List of users who are authorized to submit mail with the send- + mail(1) command (and with the privileged postdrop(1) helper com- + mand). RESOURCE AND RATE CONTROLS bounce_size_limit (50000) - The maximal amount of original message text that is - sent in a non-delivery notification. + The maximal amount of original message text that is sent in a + non-delivery notification. fork_attempts (5) - The maximal number of attempts to fork() a child - process. + The maximal number of attempts to fork() a child process. fork_delay (1s) - The delay between attempts to fork() a child - process. + The delay between attempts to fork() a child process. hopcount_limit (50) - The maximal number of Received: message headers - that is allowed in the primary message headers. + The maximal number of Received: message headers that is allowed + in the primary message headers. queue_run_delay (300s) - The time between deferred queue scans by the queue - manager; prior to Postfix 2.4 the default value was - 1000s. + The time between deferred queue scans by the queue manager; + prior to Postfix 2.4 the default value was 1000s. FAST FLUSH CONTROLS - The ETRN_README file describes configuration and operation - details for the Postfix "fast flush" service. + The ETRN_README file describes configuration and operation details for + the Postfix "fast flush" service. fast_flush_domains ($relay_domains) - Optional list of destinations that are eligible for - per-destination logfiles with mail that is queued - to those destinations. + Optional list of destinations that are eligible for per-destina- + tion logfiles with mail that is queued to those destinations. VERP CONTROLS - The VERP_README file describes configuration and operation - details of Postfix support for variable envelope return - path addresses. + The VERP_README file describes configuration and operation details of + Postfix support for variable envelope return path addresses. default_verp_delimiters (+=) The two default VERP delimiter characters. verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter - characters on the Postfix sendmail(1) command line - and in SMTP commands. + The characters Postfix accepts as VERP delimiter characters on + the Postfix sendmail(1) command line and in SMTP commands. MISCELLANEOUS CONTROLS alias_database (see 'postconf -d' output) - The alias databases for local(8) delivery that are - updated with "newaliases" or with "sendmail -bi". + The alias databases for local(8) delivery that are updated with + "newaliases" or with "sendmail -bi". command_directory (see 'postconf -d' output) - The location of all postfix administrative com- - mands. + The location of all postfix administrative commands. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_directory (see 'postconf -d' output) - The directory with Postfix support programs and - daemon programs. + The directory with Postfix support programs and daemon programs. default_database_type (see 'postconf -d' output) - The default database type for use in newaliases(1), - postalias(1) and postmap(1) commands. + The default database type for use in newaliases(1), postalias(1) + and postmap(1) commands. delay_warning_time (0h) - The time after which the sender receives a copy of - the message headers of mail that is still queued. + The time after which the sender receives a copy of the message + headers of mail that is still queued. enable_errors_to (no) - Report mail delivery errors to the address speci- - fied with the non-standard Errors-To: message - header, instead of the envelope sender address - (this feature is removed with Postfix version 2.2, - is turned off by default with Postfix version 2.1, - and is always turned on with older Postfix ver- - sions). + Report mail delivery errors to the address specified with the + non-standard Errors-To: message header, instead of the envelope + sender address (this feature is removed with Postfix version + 2.2, is turned off by default with Postfix version 2.1, and is + always turned on with older Postfix versions). mail_owner (postfix) - The UNIX system account that owns the Postfix queue - and most Postfix daemon processes. + The UNIX system account that owns the Postfix queue and most + Postfix daemon processes. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. remote_header_rewrite_domain (empty) - Don't rewrite message headers from remote clients - at all when this parameter is empty; otherwise, re- - write message headers and append the specified - domain name to incomplete addresses. + Don't rewrite message headers from remote clients at all when + this parameter is empty; otherwise, rewrite message headers and + append the specified domain name to incomplete addresses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". FILES /var/spool/postfix, mail queue @@ -494,13 +444,14 @@ SENDMAIL(1) SENDMAIL(1) syslogd(8), system logging README_FILES + Use "postconf readme_directory" or "postconf html_directory" to locate + this information. DEBUG_README, Postfix debugging howto ETRN_README, Postfix ETRN howto VERP_README, Postfix VERP howto LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/showq.8.html b/postfix/html/showq.8.html index b03b6d722..2733e0f0b 100644 --- a/postfix/html/showq.8.html +++ b/postfix/html/showq.8.html @@ -13,93 +13,82 @@ SHOWQ(8) SHOWQ(8) showq [generic Postfix daemon options] DESCRIPTION - The showq(8) daemon reports the Postfix mail queue status. - It is the program that emulates the sendmail `mailq' com- - mand. + The showq(8) daemon reports the Postfix mail queue status. It is the + program that emulates the sendmail `mailq' command. - The showq(8) daemon can also be run in stand-alone mode by - the superuser. This mode of operation is used to emulate - the `mailq' command while the Postfix mail system is down. + The showq(8) daemon can also be run in stand-alone mode by the supe- + ruser. This mode of operation is used to emulate the `mailq' command + while the Postfix mail system is down. SECURITY - The showq(8) daemon can run in a chroot jail at fixed low - privilege, and takes no input from the client. Its service - port is accessible to local untrusted users, so the ser- - vice can be susceptible to denial of service attacks. + The showq(8) daemon can run in a chroot jail at fixed low privilege, + and takes no input from the client. Its service port is accessible to + local untrusted users, so the service can be susceptible to denial of + service attacks. STANDARDS - None. The showq(8) daemon does not interact with the out- - side world. + None. The showq(8) daemon does not interact with the outside world. DIAGNOSTICS Problems and transactions are logged to syslogd(8). CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically as showq(8) - processes run for only a limited amount of time. Use the - command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically as showq(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. duplicate_filter_limit (1000) - The maximal number of addresses remembered by the - address duplicate filter for aliases(5) or vir- - tual(5) alias expansion, or for showq(8) queue dis- - plays. + The maximal number of addresses remembered by the address dupli- + cate filter for aliases(5) or virtual(5) alias expansion, or for + showq(8) queue displays. empty_address_recipient (MAILER-DAEMON) - The recipient of mail addressed to the null - address. + The recipient of mail addressed to the null address. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". Available in Postfix version 2.9 and later: enable_long_queue_ids (no) - Enable long, non-repeating, queue IDs (queue file - names). + Enable long, non-repeating, queue IDs (queue file names). FILES /var/spool/postfix, queue directories @@ -113,8 +102,7 @@ SHOWQ(8) SHOWQ(8) syslogd(8), system logging LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/smtp-sink.1.html b/postfix/html/smtp-sink.1.html index 18768e945..8c676de7c 100644 --- a/postfix/html/smtp-sink.1.html +++ b/postfix/html/smtp-sink.1.html @@ -15,114 +15,100 @@ SMTP-SINK(1) SMTP-SINK(1) smtp-sink [options] unix:pathname backlog DESCRIPTION - smtp-sink listens on the named host (or address) and port. - It takes SMTP messages from the network and throws them - away. The purpose is to measure client performance, not - protocol compliance. - - smtp-sink may also be configured to capture each mail - delivery transaction to file. Since disk latencies are - large compared to network delays, this mode of operation - can reduce the maximal performance by several orders of - magnitude. - - Connections can be accepted on IPv4 or IPv6 endpoints, or - on UNIX-domain sockets. IPv4 and IPv6 are the default. - This program is the complement of the smtp-source(1) pro- - gram. - - Note: this is an unsupported test program. No attempt is - made to maintain compatibility between successive ver- - sions. + smtp-sink listens on the named host (or address) and port. It takes + SMTP messages from the network and throws them away. The purpose is to + measure client performance, not protocol compliance. + + smtp-sink may also be configured to capture each mail delivery transac- + tion to file. Since disk latencies are large compared to network + delays, this mode of operation can reduce the maximal performance by + several orders of magnitude. + + Connections can be accepted on IPv4 or IPv6 endpoints, or on UNIX- + domain sockets. IPv4 and IPv6 are the default. This program is the + complement of the smtp-source(1) program. + + Note: this is an unsupported test program. No attempt is made to main- + tain compatibility between successive versions. Arguments: - -4 Support IPv4 only. This option has no effect when - Postfix is built without IPv6 support. + -4 Support IPv4 only. This option has no effect when Postfix is + built without IPv6 support. - -6 Support IPv6 only. This option is not available - when Postfix is built without IPv6 support. + -6 Support IPv6 only. This option is not available when Postfix is + built without IPv6 support. -8 Do not announce 8BITMIME support. -a Do not announce SASL authentication support. -A delay - Wait delay seconds after responding to DATA, then - abort prematurely with a 550 reply status. Do not - read further input from the client; this is an - attempt to block the client before it sends ".". - Specify a zero delay value to abort immediately. + Wait delay seconds after responding to DATA, then abort prema- + turely with a 550 reply status. Do not read further input from + the client; this is an attempt to block the client before it + sends ".". Specify a zero delay value to abort immediately. -b soft-bounce-reply - Use soft-bounce-reply for soft reject responses. - The default reply is "450 4.3.0 Error: command - failed". + Use soft-bounce-reply for soft reject responses. The default + reply is "450 4.3.0 Error: command failed". -B hard-bounce-reply - Use hard-bounce-reply for hard reject responses. - The default reply is "500 5.3.0 Error: command - failed". + Use hard-bounce-reply for hard reject responses. The default + reply is "500 5.3.0 Error: command failed". - -c Display running counters that are updated whenever - an SMTP session ends, a QUIT command is executed, - or when "." is received. + -c Display running counters that are updated whenever an SMTP ses- + sion ends, a QUIT command is executed, or when "." is received. -C Disable XCLIENT support. -d dump-template - Dump each mail transaction to a single-message file - whose name is created by expanding the dump-tem- - plate via strftime(3) and appending a pseudo-random - hexadecimal number (example: "%Y%m%d%H/%M." expands - into "2006081203/05.809a62e3"). If the template - contains "/" characters, missing directories are - created automatically. The message dump format is - described below. - - Note: this option keeps one capture file open for - every mail transaction in progress. + Dump each mail transaction to a single-message file whose name + is created by expanding the dump-template via strftime(3) and + appending a pseudo-random hexadecimal number (example: + "%Y%m%d%H/%M." expands into "2006081203/05.809a62e3"). If the + template contains "/" characters, missing directories are cre- + ated automatically. The message dump format is described below. + + Note: this option keeps one capture file open for every mail + transaction in progress. -D dump-template - Append mail transactions to a multi-message dump - file whose name is created by expanding the dump- - template via strftime(3). If the template contains - "/" characters, missing directories are created - automatically. The message dump format is - described below. + Append mail transactions to a multi-message dump file whose name + is created by expanding the dump-template via strftime(3). If + the template contains "/" characters, missing directories are + created automatically. The message dump format is described + below. - Note: this option keeps one capture file open for - every mail transaction in progress. + Note: this option keeps one capture file open for every mail + transaction in progress. -e Do not announce ESMTP support. -E Do not announce ENHANCEDSTATUSCODES support. -f command,command,... - Reject the specified commands with a hard (5xx) - error code. This option implies -p. + Reject the specified commands with a hard (5xx) error code. + This option implies -p. - Examples of commands are CONNECT, HELO, EHLO, LHLO, - MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT. - Separate command names by white space or commas, - and use quotes to protect white space from the - shell. Command names are case-insensitive. + Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, + VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by + white space or commas, and use quotes to protect white space + from the shell. Command names are case-insensitive. -F Disable XFORWARD support. -h hostname - Use hostname in the SMTP greeting, in the HELO - response, and in the EHLO response. The default - hostname is "smtp-sink". + Use hostname in the SMTP greeting, in the HELO response, and in + the EHLO response. The default hostname is "smtp-sink". -L Enable LMTP instead of SMTP. -m count (default: 256) - An upper bound on the maximal number of simultane- - ous connections that smtp-sink will handle. This - prevents the process from running out of file - descriptors. Excess connections will stay queued in - the TCP/IP stack. + An upper bound on the maximal number of simultaneous connections + that smtp-sink will handle. This prevents the process from run- + ning out of file descriptors. Excess connections will stay + queued in the TCP/IP stack. -M count Terminate after receiving count messages. @@ -130,170 +116,149 @@ SMTP-SINK(1) SMTP-SINK(1) -n count Terminate after count sessions. - -p Do not announce support for ESMTP command pipelin- - ing. + -p Do not announce support for ESMTP command pipelining. - -P Change the server greeting so that it appears to - come through a CISCO PIX system. Implies -e. + -P Change the server greeting so that it appears to come through a + CISCO PIX system. Implies -e. -q command,command,... - Disconnect (without replying) after receiving one - of the specified commands. + Disconnect (without replying) after receiving one of the speci- + fied commands. - Examples of commands are CONNECT, HELO, EHLO, LHLO, - MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT. - Separate command names by white space or commas, - and use quotes to protect white space from the - shell. Command names are case-insensitive. + Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, + VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by + white space or commas, and use quotes to protect white space + from the shell. Command names are case-insensitive. -Q command,command,... - Send a 421 reply and disconnect after receiving one - of the specified commands. + Send a 421 reply and disconnect after receiving one of the spec- + ified commands. - Examples of commands are CONNECT, HELO, EHLO, LHLO, - MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT. - Separate command names by white space or commas, - and use quotes to protect white space from the - shell. Command names are case-insensitive. + Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, + VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by + white space or commas, and use quotes to protect white space + from the shell. Command names are case-insensitive. -r command,command,... - Reject the specified commands with a soft (4xx) - error code. This option implies -p. + Reject the specified commands with a soft (4xx) error code. + This option implies -p. - Examples of commands are CONNECT, HELO, EHLO, LHLO, - MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT. - Separate command names by white space or commas, - and use quotes to protect white space from the - shell. Command names are case-insensitive. + Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, + VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by + white space or commas, and use quotes to protect white space + from the shell. Command names are case-insensitive. -R root-directory - Change the process root directory to the specified - location. This option requires super-user privi- - leges. See also the -u option. + Change the process root directory to the specified location. + This option requires super-user privileges. See also the -u + option. -s command,command,... Log the named commands to syslogd. - Examples of commands are CONNECT, HELO, EHLO, LHLO, - MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT. - Separate command names by white space or commas, - and use quotes to protect white space from the - shell. Command names are case-insensitive. + Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, + VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by + white space or commas, and use quotes to protect white space + from the shell. Command names are case-insensitive. -S start-string - An optional string that is prepended to each mes- - sage that is written to a dump file (see the dump - file format description below). The following C - escape sequences are supported: \a (bell), \b - (backslace), \f (formfeed), \n (newline), \r (car- - riage return), \t (horizontal tab), \v (vertical - tab), \ddd (up to three octal digits) and \\ (the - backslash character). + An optional string that is prepended to each message that is + written to a dump file (see the dump file format description + below). The following C escape sequences are supported: \a + (bell), \b (backslace), \f (formfeed), \n (newline), \r (car- + riage return), \t (horizontal tab), \v (vertical tab), \ddd (up + to three octal digits) and \\ (the backslash character). -t timeout (default: 100) - Limit the time for receiving a command or sending a - response. The time limit is specified in seconds. + Limit the time for receiving a command or sending a response. + The time limit is specified in seconds. -T windowsize - Override the default TCP window size. To work - around broken TCP window scaling implementations, - specify a value > 0 and < 65536. + Override the default TCP window size. To work around broken TCP + window scaling implementations, specify a value > 0 and < 65536. -u username - Switch to the specified user privileges after open- - ing the network socket and optionally changing the - process root directory. This option is required - when the process runs with super-user privileges. - See also the -R option. + Switch to the specified user privileges after opening the net- + work socket and optionally changing the process root directory. + This option is required when the process runs with super-user + privileges. See also the -R option. -v Show the SMTP conversations. -w delay - Wait delay seconds before responding to a DATA com- - mand. + Wait delay seconds before responding to a DATA command. -W command:delay[:odds] - Wait delay seconds before responding to command. - If odds is also specified (a number between 1-99 - inclusive), wait for a random multiple of delay. - The random multiplier is equal to the number of - times the program needs to roll a dice with a range - of 0..99 inclusive, before the dice produces a - result greater than or equal to odds. + Wait delay seconds before responding to command. If odds is + also specified (a number between 1-99 inclusive), wait for a + random multiple of delay. The random multiplier is equal to the + number of times the program needs to roll a dice with a range of + 0..99 inclusive, before the dice produces a result greater than + or equal to odds. [inet:][host]:port - Listen on network interface host (default: any - interface) TCP port port. Both host and port may be - specified in numeric or symbolic form. + Listen on network interface host (default: any interface) TCP + port port. Both host and port may be specified in numeric or + symbolic form. unix:pathname Listen on the UNIX-domain socket at pathname. backlog - The maximum length the queue of pending connec- - tions, as defined by the listen(2) system call. + The maximum length the queue of pending connections, as defined + by the listen(2) system call. DUMP FILE FORMAT - Each dumped message contains a sequence of text lines, - terminated with the newline character. The sequence of - information is as follows: + Each dumped message contains a sequence of text lines, terminated with + the newline character. The sequence of information is as follows: o The optional string specified with the -S option. - o The smtp-sink generated headers as documented - below. + o The smtp-sink generated headers as documented below. - o The message header and body as received from the - SMTP client. + o The message header and body as received from the SMTP client. o An empty line. - The format of the smtp-sink generated headers is as fol- - lows: + The format of the smtp-sink generated headers is as follows: X-Client-Addr: text - The client IP address without enclosing []. An IPv6 - address is prefixed with "ipv6:". This record is - always present. + The client IP address without enclosing []. An IPv6 address is + prefixed with "ipv6:". This record is always present. X-Client-Proto: text - The client protocol: SMTP, ESMTP or LMTP. This - record is always present. + The client protocol: SMTP, ESMTP or LMTP. This record is always + present. X-Helo-Args: text - The arguments of the last HELO or EHLO command - before this mail delivery transaction. This record - is present only if the client sent a recognizable - HELO or EHLO command before the DATA command. + The arguments of the last HELO or EHLO command before this mail + delivery transaction. This record is present only if the client + sent a recognizable HELO or EHLO command before the DATA com- + mand. X-Mail-Args: text - The arguments of the MAIL command that started this - mail delivery transaction. This record is present - exactly once. + The arguments of the MAIL command that started this mail deliv- + ery transaction. This record is present exactly once. X-Rcpt-Args: text - The arguments of an RCPT command within this mail - delivery transaction. There is one record for each - RCPT command, and they are in the order as sent by - the client. + The arguments of an RCPT command within this mail delivery + transaction. There is one record for each RCPT command, and they + are in the order as sent by the client. Received: text - A message header for compatibility with mail pro- - cessing software. This three-line header marks the - end of the headers provided by smtp-sink, and is - formatted as follows: + A message header for compatibility with mail processing soft- + ware. This three-line header marks the end of the headers pro- + vided by smtp-sink, and is formatted as follows: from helo ([addr]) - The HELO or EHLO command argument and client - IP address. If the client did not send HELO - or EHLO, the client IP address is used - instead. + The HELO or EHLO command argument and client IP address. + If the client did not send HELO or EHLO, the client IP + address is used instead. by host (smtp-sink) with proto id random; - The hostname specified with the -h option, - the client protocol (see X-Client-Proto - above), and the pseudo-random portion of the - per-message capture file name. + The hostname specified with the -h option, the client + protocol (see X-Client-Proto above), and the pseudo-ran- + dom portion of the per-message capture file name. time-stamp A time stamp as defined in RFC 2822. @@ -302,8 +267,7 @@ SMTP-SINK(1) SMTP-SINK(1) smtp-source(1), SMTP/LMTP message generator LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/smtp-source.1.html b/postfix/html/smtp-source.1.html index 969eecc3d..46e5b110b 100644 --- a/postfix/html/smtp-source.1.html +++ b/postfix/html/smtp-source.1.html @@ -15,55 +15,49 @@ SMTP-SOURCE(1) SMTP-SOURCE(1) smtp-source [options] unix:pathname DESCRIPTION - smtp-source connects to the named host and TCP port - (default: port 25) and sends one or more messages to it, - either sequentially or in parallel. The program speaks - either SMTP (default) or LMTP. Connections can be made to - UNIX-domain and IPv4 or IPv6 servers. IPv4 and IPv6 are - the default. + smtp-source connects to the named host and TCP port (default: port 25) + and sends one or more messages to it, either sequentially or in paral- + lel. The program speaks either SMTP (default) or LMTP. Connections can + be made to UNIX-domain and IPv4 or IPv6 servers. IPv4 and IPv6 are the + default. - Note: this is an unsupported test program. No attempt is - made to maintain compatibility between successive ver- - sions. + Note: this is an unsupported test program. No attempt is made to main- + tain compatibility between successive versions. Arguments: - -4 Connect to the server with IPv4. This option has no - effect when Postfix is built without IPv6 support. + -4 Connect to the server with IPv4. This option has no effect when + Postfix is built without IPv6 support. - -6 Connect to the server with IPv6. This option is not - available when Postfix is built without IPv6 sup- - port. + -6 Connect to the server with IPv6. This option is not available + when Postfix is built without IPv6 support. - -A Don't abort when the server sends something other - than the expected positive reply code. + -A Don't abort when the server sends something other than the + expected positive reply code. - -c Display a running counter that is incremented each - time an SMTP DATA command completes. + -c Display a running counter that is incremented each time an SMTP + DATA command completes. -C count - When a host sends RESET instead of SYN|ACK, try - count times before giving up. The default count is - 1. Specify a larger count in order to work around a - problem with TCP/IP stacks that send RESET when the - listen queue is full. + When a host sends RESET instead of SYN|ACK, try count times + before giving up. The default count is 1. Specify a larger count + in order to work around a problem with TCP/IP stacks that send + RESET when the listen queue is full. - -d Don't disconnect after sending a message; send the - next message over the same connection. + -d Don't disconnect after sending a message; send the next message + over the same connection. -f from - Use the specified sender address (default: - <foo@myhostname>). + Use the specified sender address (default: <foo@myhostname>). -F file - Send the pre-formatted message header and body in - the specified file, while prepending '.' before - lines that begin with '.', and while appending CRLF - after each line. + Send the pre-formatted message header and body in the specified + file, while prepending '.' before lines that begin with '.', and + while appending CRLF after each line. -l length - Send length bytes as message payload. The length - does not include message headers. + Send length bytes as message payload. The length does not + include message headers. -L Speak LMTP rather than SMTP. @@ -71,56 +65,50 @@ SMTP-SOURCE(1) SMTP-SOURCE(1) Send the specified number of messages (default: 1). -M myhostname - Use the specified hostname or [address] in the HELO - command and in the default sender and recipient - addresses, instead of the machine hostname. - - -N Prepend a non-repeating sequence number to each - recipient address. This avoids the artificial 100% - hit rate in the resolve and rewrite client caches - and exercises the trivial-rewrite daemon, better - approximating Postfix performance under real-life + Use the specified hostname or [address] in the HELO command and + in the default sender and recipient addresses, instead of the + machine hostname. + + -N Prepend a non-repeating sequence number to each recipient + address. This avoids the artificial 100% hit rate in the resolve + and rewrite client caches and exercises the trivial-rewrite dae- + mon, better approximating Postfix performance under real-life work-loads. - -o Old mode: don't send HELO, and don't send message - headers. + -o Old mode: don't send HELO, and don't send message headers. -r recipient_count - Send the specified number of recipients per trans- - action (default: 1). Recipient names are generated - by prepending a number to the recipient address. + Send the specified number of recipients per transaction + (default: 1). Recipient names are generated by prepending a + number to the recipient address. -R interval - Wait for a random period of time 0 <= n <= interval - between messages. Suspending one thread does not - affect other delivery threads. + Wait for a random period of time 0 <= n <= interval between mes- + sages. Suspending one thread does not affect other delivery + threads. -s session_count - Run the specified number of SMTP sessions in paral- - lel (default: 1). + Run the specified number of SMTP sessions in parallel (default: + 1). -S subject - Send mail with the named subject line (default: - none). + Send mail with the named subject line (default: none). - -t to Use the specified recipient address (default: - <foo@myhostname>). + -t to Use the specified recipient address (default: <foo@myhostname>). -T windowsize - Override the default TCP window size. To work - around broken TCP window scaling implementations, - specify a value > 0 and < 65536. + Override the default TCP window size. To work around broken TCP + window scaling implementations, specify a value > 0 and < 65536. - -v Make the program more verbose, for debugging pur- - poses. + -v Make the program more verbose, for debugging purposes. -w interval - Wait a fixed time between messages. Suspending one - thread does not affect other delivery threads. + Wait a fixed time between messages. Suspending one thread does + not affect other delivery threads. [inet:]host[:port] - Connect via TCP to host host, port port. The - default port is smtp. + Connect via TCP to host host, port port. The default port is + smtp. unix:pathname Connect to the UNIX-domain socket at pathname. @@ -132,8 +120,7 @@ SMTP-SOURCE(1) SMTP-SOURCE(1) smtp-sink(1), SMTP/LMTP message dump LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index fce80c8e5..1816f341c 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -13,37 +13,32 @@ SMTP(8) SMTP(8) smtp [generic Postfix daemon options] DESCRIPTION - The Postfix SMTP+LMTP client implements the SMTP and LMTP - mail delivery protocols. It processes message delivery - requests from the queue manager. Each request specifies a - queue file, a sender address, a domain or host to deliver - to, and recipient information. This program expects to be - run from the master(8) process manager. - - The SMTP+LMTP client updates the queue file and marks - recipients as finished, or it informs the queue manager - that delivery should be tried again at a later time. - Delivery status reports are sent to the bounce(8), - defer(8) or trace(8) daemon as appropriate. - - The SMTP+LMTP client looks up a list of mail exchanger - addresses for the destination host, sorts the list by - preference, and connects to each listed address until it - finds a server that responds. - - When a server is not reachable, or when mail delivery - fails due to a recoverable error condition, the SMTP+LMTP - client will try to deliver the mail to an alternate host. - - After a successful mail transaction, a connection may be - saved to the scache(8) connection cache server, so that it - may be used by any SMTP+LMTP client for a subsequent - transaction. - - By default, connection caching is enabled temporarily for - destinations that have a high volume of mail in the active - queue. Connection caching can be enabled permanently for - specific destinations. + The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery + protocols. It processes message delivery requests from the queue man- + ager. Each request specifies a queue file, a sender address, a domain + or host to deliver to, and recipient information. This program expects + to be run from the master(8) process manager. + + The SMTP+LMTP client updates the queue file and marks recipients as + finished, or it informs the queue manager that delivery should be tried + again at a later time. Delivery status reports are sent to the + bounce(8), defer(8) or trace(8) daemon as appropriate. + + The SMTP+LMTP client looks up a list of mail exchanger addresses for + the destination host, sorts the list by preference, and connects to + each listed address until it finds a server that responds. + + When a server is not reachable, or when mail delivery fails due to a + recoverable error condition, the SMTP+LMTP client will try to deliver + the mail to an alternate host. + + After a successful mail transaction, a connection may be saved to the + scache(8) connection cache server, so that it may be used by any + SMTP+LMTP client for a subsequent transaction. + + By default, connection caching is enabled temporarily for destinations + that have a high volume of mail in the active queue. Connection caching + can be enabled permanently for specific destinations. SMTP DESTINATION SYNTAX SMTP destinations have the following form: @@ -51,31 +46,29 @@ SMTP(8) SMTP(8) domainname domainname:port - Look up the mail exchangers for the specified - domain, and connect to the specified port (default: - smtp). + Look up the mail exchangers for the specified domain, and con- + nect to the specified port (default: smtp). [hostname] [hostname]:port - Look up the address(es) of the specified host, and - connect to the specified port (default: smtp). + Look up the address(es) of the specified host, and connect to + the specified port (default: smtp). [address] [address]:port - Connect to the host at the specified address, and - connect to the specified port (default: smtp). An - IPv6 address must be formatted as [ipv6:address]. + Connect to the host at the specified address, and connect to the + specified port (default: smtp). An IPv6 address must be format- + ted as [ipv6:address]. LMTP DESTINATION SYNTAX LMTP destinations have the following form: unix:pathname - Connect to the local UNIX-domain server that is - bound to the specified pathname. If the process - runs chrooted, an absolute pathname is interpreted - relative to the Postfix queue directory. + Connect to the local UNIX-domain server that is bound to the + specified pathname. If the process runs chrooted, an absolute + pathname is interpreted relative to the Postfix queue directory. inet:hostname @@ -84,19 +77,17 @@ SMTP(8) SMTP(8) inet:[address] inet:[address]:port - Connect to the specified TCP port on the specified - local or remote host. If no port is specified, con- - nect to the port defined as lmtp in services(4). - If no such service is found, the lmtp_tcp_port con- - figuration parameter (default value of 24) will be - used. An IPv6 address must be formatted as + Connect to the specified TCP port on the specified local or + remote host. If no port is specified, connect to the port + defined as lmtp in services(4). If no such service is found, + the lmtp_tcp_port configuration parameter (default value of 24) + will be used. An IPv6 address must be formatted as [ipv6:address]. SECURITY - The SMTP+LMTP client is moderately security-sensitive. It - talks to SMTP or LMTP servers and to DNS servers on the - network. The SMTP+LMTP client can be run chrooted at fixed - low privilege. + The SMTP+LMTP client is moderately security-sensitive. It talks to SMTP + or LMTP servers and to DNS servers on the network. The SMTP+LMTP client + can be run chrooted at fixed low privilege. STANDARDS RFC 821 (SMTP protocol) @@ -118,42 +109,38 @@ SMTP(8) SMTP(8) RFC 5321 (SMTP protocol) DIAGNOSTICS - Problems and transactions are logged to syslogd(8). Cor- - rupted message files are marked so that the queue manager - can move them to the corrupt queue for further inspection. + Problems and transactions are logged to syslogd(8). Corrupted message + files are marked so that the queue manager can move them to the corrupt + queue for further inspection. - Depending on the setting of the notify_classes parameter, - the postmaster is notified of bounces, protocol problems, - and of other trouble. + Depending on the setting of the notify_classes parameter, the postmas- + ter is notified of bounces, protocol problems, and of other trouble. BUGS - SMTP and LMTP connection caching does not work with TLS. - The necessary support for TLS object passivation and re- - activation does not exist without closing the session, - which defeats the purpose. + SMTP and LMTP connection caching does not work with TLS. The necessary + support for TLS object passivation and re-activation does not exist + without closing the session, which defeats the purpose. - SMTP and LMTP connection caching assumes that SASL creden- - tials are valid for all destinations that map onto the - same IP address and TCP port. + SMTP and LMTP connection caching assumes that SASL credentials are + valid for all destinations that map onto the same IP address and TCP + port. CONFIGURATION PARAMETERS - Before Postfix version 2.3, the LMTP client is a separate - program that implements only a subset of the functionality - available with SMTP: there is no support for TLS, and con- - nections are cached in-process, making it ineffective when - the client is used for multiple domains. + Before Postfix version 2.3, the LMTP client is a separate program that + implements only a subset of the functionality available with SMTP: + there is no support for TLS, and connections are cached in-process, + making it ineffective when the client is used for multiple domains. - Most smtp_xxx configuration parameters have an lmtp_xxx - "mirror" parameter for the equivalent LMTP feature. This - document describes only those LMTP-related parameters that - aren't simply "mirror" parameters. + Most smtp_xxx configuration parameters have an lmtp_xxx "mirror" param- + eter for the equivalent LMTP feature. This document describes only + those LMTP-related parameters that aren't simply "mirror" parameters. - Changes to main.cf are picked up automatically, as smtp(8) - processes run for only a limited amount of time. Use the - command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically, as smtp(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. COMPATIBILITY CONTROLS ignore_mx_lookup_error (no) @@ -166,130 +153,118 @@ SMTP(8) SMTP(8) Never send EHLO at the start of an SMTP session. smtp_defer_if_no_mx_address_found (no) - Defer mail delivery when no MX record resolves to - an IP address. + Defer mail delivery when no MX record resolves to an IP address. smtp_line_length_limit (998) - The maximal length of message header and body lines - that Postfix will send via SMTP. + The maximal length of message header and body lines that Postfix + will send via SMTP. smtp_pix_workaround_delay_time (10s) - How long the Postfix SMTP client pauses before - sending ".<CR><LF>" in order to work around the PIX - firewall "<CR><LF>.<CR><LF>" bug. + How long the Postfix SMTP client pauses before sending + ".<CR><LF>" in order to work around the PIX firewall + "<CR><LF>.<CR><LF>" bug. smtp_pix_workaround_threshold_time (500s) - How long a message must be queued before the Post- - fix SMTP client turns on the PIX firewall - "<CR><LF>.<CR><LF>" bug workaround for delivery - through firewalls with "smtp fixup" mode turned on. + How long a message must be queued before the Postfix SMTP client + turns on the PIX firewall "<CR><LF>.<CR><LF>" bug workaround for + delivery through firewalls with "smtp fixup" mode turned on. smtp_pix_workarounds (disable_esmtp, delay_dotcrlf) - A list that specifies zero or more workarounds for - CISCO PIX firewall bugs. + A list that specifies zero or more workarounds for CISCO PIX + firewall bugs. smtp_pix_workaround_maps (empty) - Lookup tables, indexed by the remote SMTP server - address, with per-destination workarounds for CISCO - PIX firewall bugs. + Lookup tables, indexed by the remote SMTP server address, with + per-destination workarounds for CISCO PIX firewall bugs. smtp_quote_rfc821_envelope (yes) - Quote addresses in Postfix SMTP client MAIL FROM - and RCPT TO commands as required by RFC 5321. + Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO + commands as required by RFC 5321. smtp_reply_filter (empty) - A mechanism to transform replies from remote SMTP - servers one line at a time. + A mechanism to transform replies from remote SMTP servers one + line at a time. smtp_skip_5xx_greeting (yes) - Skip remote SMTP servers that greet with a 5XX sta- - tus code. + Skip remote SMTP servers that greet with a 5XX status code. smtp_skip_quit_response (yes) - Do not wait for the response to the SMTP QUIT com- - mand. + Do not wait for the response to the SMTP QUIT command. Available in Postfix version 2.0 and earlier: smtp_skip_4xx_greeting (yes) - Skip SMTP servers that greet with a 4XX status code - (go away, try again later). + Skip SMTP servers that greet with a 4XX status code (go away, + try again later). Available in Postfix version 2.2 and later: smtp_discard_ehlo_keyword_address_maps (empty) - Lookup tables, indexed by the remote SMTP server - address, with case insensitive lists of EHLO key- - words (pipelining, starttls, auth, etc.) that the - Postfix SMTP client will ignore in the EHLO + Lookup tables, indexed by the remote SMTP server address, with + case insensitive lists of EHLO keywords (pipelining, starttls, + auth, etc.) that the Postfix SMTP client will ignore in the EHLO response from a remote SMTP server. smtp_discard_ehlo_keywords (empty) - A case insensitive list of EHLO keywords (pipelin- - ing, starttls, auth, etc.) that the Postfix SMTP - client will ignore in the EHLO response from a - remote SMTP server. + A case insensitive list of EHLO keywords (pipelining, starttls, + auth, etc.) that the Postfix SMTP client will ignore in the EHLO + response from a remote SMTP server. smtp_generic_maps (empty) - Optional lookup tables that perform address rewrit- - ing in the Postfix SMTP client, typically to trans- - form a locally valid address into a globally valid - address when sending mail across the Internet. + Optional lookup tables that perform address rewriting in the + Postfix SMTP client, typically to transform a locally valid + address into a globally valid address when sending mail across + the Internet. Available in Postfix version 2.2.9 and later: smtp_cname_overrides_servername (version dependent) - Allow DNS CNAME records to override the servername - that the Postfix SMTP client uses for logging, SASL - password lookup, TLS policy decisions, or TLS cer- - tificate verification. + Allow DNS CNAME records to override the servername that the + Postfix SMTP client uses for logging, SASL password lookup, TLS + policy decisions, or TLS certificate verification. Available in Postfix version 2.3 and later: lmtp_discard_lhlo_keyword_address_maps (empty) - Lookup tables, indexed by the remote LMTP server - address, with case insensitive lists of LHLO key- - words (pipelining, starttls, auth, etc.) that the - Postfix LMTP client will ignore in the LHLO + Lookup tables, indexed by the remote LMTP server address, with + case insensitive lists of LHLO keywords (pipelining, starttls, + auth, etc.) that the Postfix LMTP client will ignore in the LHLO response from a remote LMTP server. lmtp_discard_lhlo_keywords (empty) - A case insensitive list of LHLO keywords (pipelin- - ing, starttls, auth, etc.) that the Postfix LMTP - client will ignore in the LHLO response from a - remote LMTP server. + A case insensitive list of LHLO keywords (pipelining, starttls, + auth, etc.) that the Postfix LMTP client will ignore in the LHLO + response from a remote LMTP server. Available in Postfix version 2.4.4 and later: send_cyrus_sasl_authzid (no) - When authenticating to a remote SMTP or LMTP server - with the default setting "no", send no SASL autho- - riZation ID (authzid); send only the SASL authenti- - Cation ID (authcid) plus the authcid's password. + When authenticating to a remote SMTP or LMTP server with the + default setting "no", send no SASL authoriZation ID (authzid); + send only the SASL authentiCation ID (authcid) plus the auth- + cid's password. Available in Postfix version 2.5 and later: smtp_header_checks (empty) - Restricted header_checks(5) tables for the Postfix - SMTP client. + Restricted header_checks(5) tables for the Postfix SMTP client. smtp_mime_header_checks (empty) - Restricted mime_header_checks(5) tables for the - Postfix SMTP client. + Restricted mime_header_checks(5) tables for the Postfix SMTP + client. smtp_nested_header_checks (empty) - Restricted nested_header_checks(5) tables for the - Postfix SMTP client. + Restricted nested_header_checks(5) tables for the Postfix SMTP + client. smtp_body_checks (empty) - Restricted body_checks(5) tables for the Postfix - SMTP client. + Restricted body_checks(5) tables for the Postfix SMTP client. Available in Postfix version 2.6 and later: tcp_windowsize (0) - An optional workaround for routers that break TCP - window scaling. + An optional workaround for routers that break TCP window scal- + ing. Available in Postfix version 2.8 and later: @@ -299,17 +274,15 @@ SMTP(8) SMTP(8) Available in Postfix version 2.9 and later: smtp_per_record_deadline (no) - Change the behavior of the smtp_*_timeout time lim- - its, from a time limit per read or write system - call, to a time limit to send or receive a complete - record (an SMTP command line, SMTP response line, - SMTP message content line, or TLS protocol mes- + Change the behavior of the smtp_*_timeout time limits, from a + time limit per read or write system call, to a time limit to + send or receive a complete record (an SMTP command line, SMTP + response line, SMTP message content line, or TLS protocol mes- sage). smtp_send_dummy_mail_auth (no) - Whether or not to append the "AUTH=<>" option to - the MAIL FROM command in SASL-authenticated SMTP - sessions. + Whether or not to append the "AUTH=<>" option to the MAIL FROM + command in SASL-authenticated SMTP sessions. Available in Postfix version 2.11 and later: @@ -320,593 +293,521 @@ SMTP(8) SMTP(8) Available in Postfix version 2.0 and later: disable_mime_output_conversion (no) - Disable the conversion of 8BITMIME format to 7BIT - format. + Disable the conversion of 8BITMIME format to 7BIT format. mime_boundary_length_limit (2048) - The maximal length of MIME multipart boundary - strings. + The maximal length of MIME multipart boundary strings. mime_nesting_limit (100) - The maximal recursion level that the MIME processor - will handle. + The maximal recursion level that the MIME processor will handle. EXTERNAL CONTENT INSPECTION CONTROLS Available in Postfix version 2.1 and later: smtp_send_xforward_command (no) - Send the non-standard XFORWARD command when the - Postfix SMTP server EHLO response announces XFOR- - WARD support. + Send the non-standard XFORWARD command when the Postfix SMTP + server EHLO response announces XFORWARD support. SASL AUTHENTICATION CONTROLS smtp_sasl_auth_enable (no) - Enable SASL authentication in the Postfix SMTP - client. + Enable SASL authentication in the Postfix SMTP client. smtp_sasl_password_maps (empty) - Optional Postfix SMTP client lookup tables with one - username:password entry per remote hostname or - domain, or sender address when sender-dependent - authentication is enabled. + Optional Postfix SMTP client lookup tables with one user- + name:password entry per remote hostname or domain, or sender + address when sender-dependent authentication is enabled. smtp_sasl_security_options (noplaintext, noanonymous) - Postfix SMTP client SASL security options; as of - Postfix 2.3 the list of available features depends - on the SASL client implementation that is selected - with smtp_sasl_type. + Postfix SMTP client SASL security options; as of Postfix 2.3 the + list of available features depends on the SASL client implemen- + tation that is selected with smtp_sasl_type. Available in Postfix version 2.2 and later: smtp_sasl_mechanism_filter (empty) - If non-empty, a Postfix SMTP client filter for the - remote SMTP server's list of offered SASL mecha- - nisms. + If non-empty, a Postfix SMTP client filter for the remote SMTP + server's list of offered SASL mechanisms. Available in Postfix version 2.3 and later: smtp_sender_dependent_authentication (no) - Enable sender-dependent authentication in the Post- - fix SMTP client; this is available only with SASL - authentication, and disables SMTP connection - caching to ensure that mail from different senders - will use the appropriate credentials. + Enable sender-dependent authentication in the Postfix SMTP + client; this is available only with SASL authentication, and + disables SMTP connection caching to ensure that mail from dif- + ferent senders will use the appropriate credentials. smtp_sasl_path (empty) - Implementation-specific information that the Post- - fix SMTP client passes through to the SASL plug-in - implementation that is selected with - smtp_sasl_type. + Implementation-specific information that the Postfix SMTP client + passes through to the SASL plug-in implementation that is + selected with smtp_sasl_type. smtp_sasl_type (cyrus) - The SASL plug-in type that the Postfix SMTP client - should use for authentication. + The SASL plug-in type that the Postfix SMTP client should use + for authentication. Available in Postfix version 2.5 and later: smtp_sasl_auth_cache_name (empty) - An optional table to prevent repeated SASL authen- - tication failures with the same remote SMTP server - hostname, username and password. + An optional table to prevent repeated SASL authentication fail- + ures with the same remote SMTP server hostname, username and + password. smtp_sasl_auth_cache_time (90d) - The maximal age of an smtp_sasl_auth_cache_name - entry before it is removed. + The maximal age of an smtp_sasl_auth_cache_name entry before it + is removed. smtp_sasl_auth_soft_bounce (yes) - When a remote SMTP server rejects a SASL authenti- - cation request with a 535 reply code, defer mail - delivery instead of returning mail as undeliver- - able. + When a remote SMTP server rejects a SASL authentication request + with a 535 reply code, defer mail delivery instead of returning + mail as undeliverable. Available in Postfix version 2.9 and later: smtp_send_dummy_mail_auth (no) - Whether or not to append the "AUTH=<>" option to - the MAIL FROM command in SASL-authenticated SMTP - sessions. + Whether or not to append the "AUTH=<>" option to the MAIL FROM + command in SASL-authenticated SMTP sessions. STARTTLS SUPPORT CONTROLS - Detailed information about STARTTLS configuration may be - found in the TLS_README document. + Detailed information about STARTTLS configuration may be found in the + TLS_README document. smtp_tls_security_level (empty) - The default SMTP TLS security level for the Postfix - SMTP client; when a non-empty value is specified, - this overrides the obsolete parameters - smtp_use_tls, smtp_enforce_tls, and + The default SMTP TLS security level for the Postfix SMTP client; + when a non-empty value is specified, this overrides the obsolete + parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. - smtp_sasl_tls_security_options ($smtp_sasl_secu- - rity_options) - The SASL authentication security options that the - Postfix SMTP client uses for TLS encrypted SMTP - sessions. + smtp_sasl_tls_security_options ($smtp_sasl_security_options) + The SASL authentication security options that the Postfix SMTP + client uses for TLS encrypted SMTP sessions. smtp_starttls_timeout (300s) - Time limit for Postfix SMTP client write and read - operations during TLS startup and shutdown hand- - shake procedures. + Time limit for Postfix SMTP client write and read operations + during TLS startup and shutdown handshake procedures. smtp_tls_CAfile (empty) - A file containing CA certificates of root CAs - trusted to sign either remote SMTP server certifi- - cates or intermediate CA certificates. + A file containing CA certificates of root CAs trusted to sign + either remote SMTP server certificates or intermediate CA cer- + tificates. smtp_tls_CApath (empty) - Directory with PEM format certificate authority - certificates that the Postfix SMTP client uses to - verify a remote SMTP server certificate. + Directory with PEM format certificate authority certificates + that the Postfix SMTP client uses to verify a remote SMTP server + certificate. smtp_tls_cert_file (empty) - File with the Postfix SMTP client RSA certificate - in PEM format. + File with the Postfix SMTP client RSA certificate in PEM format. smtp_tls_mandatory_ciphers (medium) - The minimum TLS cipher grade that the Postfix SMTP - client will use with mandatory TLS encryption. + The minimum TLS cipher grade that the Postfix SMTP client will + use with mandatory TLS encryption. smtp_tls_exclude_ciphers (empty) - List of ciphers or cipher types to exclude from the - Postfix SMTP client cipher list at all TLS security - levels. + List of ciphers or cipher types to exclude from the Postfix SMTP + client cipher list at all TLS security levels. smtp_tls_mandatory_exclude_ciphers (empty) - Additional list of ciphers or cipher types to - exclude from the Postfix SMTP client cipher list at - mandatory TLS security levels. + Additional list of ciphers or cipher types to exclude from the + Postfix SMTP client cipher list at mandatory TLS security lev- + els. smtp_tls_dcert_file (empty) - File with the Postfix SMTP client DSA certificate - in PEM format. + File with the Postfix SMTP client DSA certificate in PEM format. smtp_tls_dkey_file ($smtp_tls_dcert_file) - File with the Postfix SMTP client DSA private key - in PEM format. + File with the Postfix SMTP client DSA private key in PEM format. smtp_tls_key_file ($smtp_tls_cert_file) - File with the Postfix SMTP client RSA private key - in PEM format. + File with the Postfix SMTP client RSA private key in PEM format. smtp_tls_loglevel (0) - Enable additional Postfix SMTP client logging of - TLS activity. + Enable additional Postfix SMTP client logging of TLS activity. smtp_tls_note_starttls_offer (no) - Log the hostname of a remote SMTP server that - offers STARTTLS, when TLS is not already enabled - for that server. + Log the hostname of a remote SMTP server that offers STARTTLS, + when TLS is not already enabled for that server. smtp_tls_policy_maps (empty) - Optional lookup tables with the Postfix SMTP client - TLS security policy by next-hop destination; when a - non-empty value is specified, this overrides the - obsolete smtp_tls_per_site parameter. + Optional lookup tables with the Postfix SMTP client TLS security + policy by next-hop destination; when a non-empty value is speci- + fied, this overrides the obsolete smtp_tls_per_site parameter. smtp_tls_mandatory_protocols (!SSLv2) - List of SSL/TLS protocols that the Postfix SMTP - client will use with mandatory TLS encryption. + List of SSL/TLS protocols that the Postfix SMTP client will use + with mandatory TLS encryption. smtp_tls_scert_verifydepth (9) - The verification depth for remote SMTP server cer- - tificates. + The verification depth for remote SMTP server certificates. smtp_tls_secure_cert_match (nexthop, dot-nexthop) - How the Postfix SMTP client verifies the server - certificate peername for the "secure" TLS security - level. + How the Postfix SMTP client verifies the server certificate + peername for the "secure" TLS security level. smtp_tls_session_cache_database (empty) - Name of the file containing the optional Postfix - SMTP client TLS session cache. + Name of the file containing the optional Postfix SMTP client TLS + session cache. smtp_tls_session_cache_timeout (3600s) - The expiration time of Postfix SMTP client TLS ses- - sion cache information. + The expiration time of Postfix SMTP client TLS session cache + information. smtp_tls_verify_cert_match (hostname) - How the Postfix SMTP client verifies the server - certificate peername for the "verify" TLS security - level. + How the Postfix SMTP client verifies the server certificate + peername for the "verify" TLS security level. tls_daemon_random_bytes (32) - The number of pseudo-random bytes that an smtp(8) - or smtpd(8) process requests from the tlsmgr(8) - server in order to seed its internal pseudo random - number generator (PRNG). + The number of pseudo-random bytes that an smtp(8) or smtpd(8) + process requests from the tlsmgr(8) server in order to seed its + internal pseudo random number generator (PRNG). - tls_high_cipherlist - (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) + tls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) The OpenSSL cipherlist for "HIGH" grade ciphers. tls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH) - The OpenSSL cipherlist for "MEDIUM" or higher grade - ciphers. + The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH) - The OpenSSL cipherlist for "LOW" or higher grade - ciphers. + The OpenSSL cipherlist for "LOW" or higher grade ciphers. tls_export_cipherlist (ALL:+RC4:@STRENGTH) - The OpenSSL cipherlist for "EXPORT" or higher grade - ciphers. + The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. tls_null_cipherlist (eNULL:!aNULL) - The OpenSSL cipherlist for "NULL" grade ciphers - that provide authentication without encryption. + The OpenSSL cipherlist for "NULL" grade ciphers that provide + authentication without encryption. Available in Postfix version 2.4 and later: - smtp_sasl_tls_verified_security_options - ($smtp_sasl_tls_security_options) - The SASL authentication security options that the - Postfix SMTP client uses for TLS encrypted SMTP - sessions with a verified server certificate. + smtp_sasl_tls_verified_security_options ($smtp_sasl_tls_secu- + rity_options) + The SASL authentication security options that the Postfix SMTP + client uses for TLS encrypted SMTP sessions with a verified + server certificate. Available in Postfix version 2.5 and later: smtp_tls_fingerprint_cert_match (empty) - List of acceptable remote SMTP server certificate - fingerprints for the "fingerprint" TLS security - level (smtp_tls_security_level = fingerprint). + List of acceptable remote SMTP server certificate fingerprints + for the "fingerprint" TLS security level (smtp_tls_secu- + rity_level = fingerprint). smtp_tls_fingerprint_digest (md5) - The message digest algorithm used to construct - remote SMTP server certificate fingerprints. + The message digest algorithm used to construct remote SMTP + server certificate fingerprints. Available in Postfix version 2.6 and later: smtp_tls_protocols (!SSLv2) - List of TLS protocols that the Postfix SMTP client - will exclude or include with opportunistic TLS - encryption. + List of TLS protocols that the Postfix SMTP client will exclude + or include with opportunistic TLS encryption. smtp_tls_ciphers (export) - The minimum TLS cipher grade that the Postfix SMTP - client will use with opportunistic TLS encryption. + The minimum TLS cipher grade that the Postfix SMTP client will + use with opportunistic TLS encryption. smtp_tls_eccert_file (empty) - File with the Postfix SMTP client ECDSA certificate - in PEM format. + File with the Postfix SMTP client ECDSA certificate in PEM for- + mat. smtp_tls_eckey_file ($smtp_tls_eccert_file) - File with the Postfix SMTP client ECDSA private key - in PEM format. + File with the Postfix SMTP client ECDSA private key in PEM for- + mat. Available in Postfix version 2.7 and later: smtp_tls_block_early_mail_reply (no) - Try to detect a mail hijacking attack based on a - TLS protocol vulnerability (CVE-2009-3555), where - an attacker prepends malicious HELO, MAIL, RCPT, - DATA commands to a Postfix SMTP client TLS session. + Try to detect a mail hijacking attack based on a TLS protocol + vulnerability (CVE-2009-3555), where an attacker prepends mali- + cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client + TLS session. Available in Postfix version 2.8 and later: tls_disable_workarounds (see 'postconf -d' output) - List or bit-mask of OpenSSL bug work-arounds to - disable. + List or bit-mask of OpenSSL bug work-arounds to disable. Available in Postfix version 2.11 and later: smtp_tls_trust_anchor_file (empty) - Zero or more PEM-format files with trust-anchor - certificates and/or public keys. + Zero or more PEM-format files with trust-anchor certificates + and/or public keys. smtp_tls_force_insecure_host_tlsa_lookup (no) - Lookup the associated DANE TLSA RRset even when a - hostname is not an alias and its address records - lie in an unsigned zone. + Lookup the associated DANE TLSA RRset even when a hostname is + not an alias and its address records lie in an unsigned zone. tls_dane_trust_anchor_digest_enable (yes) - RFC 6698 trust-anchor digest support in the Postfix - TLS library. + RFC 6698 trust-anchor digest support in the Postfix TLS library. tlsmgr_service_name (tlsmgr) - The name of the tlsmgr(8) service entry in mas- - ter.cf. + The name of the tlsmgr(8) service entry in master.cf. OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compati- - bility with Postfix versions before 2.3. Support for these - will be removed in a future release. + The following configuration parameters exist for compatibility with + Postfix versions before 2.3. Support for these will be removed in a + future release. smtp_use_tls (no) - Opportunistic mode: use TLS when a remote SMTP - server announces STARTTLS support, otherwise send - the mail in the clear. + Opportunistic mode: use TLS when a remote SMTP server announces + STARTTLS support, otherwise send the mail in the clear. smtp_enforce_tls (no) - Enforcement mode: require that remote SMTP servers - use TLS encryption, and never send mail in the - clear. + Enforcement mode: require that remote SMTP servers use TLS + encryption, and never send mail in the clear. smtp_tls_enforce_peername (yes) - With mandatory TLS encryption, require that the - remote SMTP server hostname matches the information - in the remote SMTP server certificate. + With mandatory TLS encryption, require that the remote SMTP + server hostname matches the information in the remote SMTP + server certificate. smtp_tls_per_site (empty) - Optional lookup tables with the Postfix SMTP client - TLS usage policy by next-hop destination and by - remote SMTP server hostname. + Optional lookup tables with the Postfix SMTP client TLS usage + policy by next-hop destination and by remote SMTP server host- + name. smtp_tls_cipherlist (empty) - Obsolete Postfix < 2.3 control for the Postfix SMTP - client TLS cipher list. + Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS + cipher list. RESOURCE AND RATE CONTROLS - smtp_destination_concurrency_limit ($default_destina- - tion_concurrency_limit) - The maximal number of parallel deliveries to the - same destination via the smtp message delivery - transport. + smtp_destination_concurrency_limit ($default_destination_concur- + rency_limit) + The maximal number of parallel deliveries to the same destina- + tion via the smtp message delivery transport. - smtp_destination_recipient_limit ($default_destina- - tion_recipient_limit) - The maximal number of recipients per message for - the smtp message delivery transport. + smtp_destination_recipient_limit ($default_destination_recipient_limit) + The maximal number of recipients per message for the smtp mes- + sage delivery transport. smtp_connect_timeout (30s) - The Postfix SMTP client time limit for completing a - TCP connection, or zero (use the operating system - built-in time limit). + The Postfix SMTP client time limit for completing a TCP connec- + tion, or zero (use the operating system built-in time limit). smtp_helo_timeout (300s) - The Postfix SMTP client time limit for sending the - HELO or EHLO command, and for receiving the initial - remote SMTP server response. + The Postfix SMTP client time limit for sending the HELO or EHLO + command, and for receiving the initial remote SMTP server + response. lmtp_lhlo_timeout (300s) - The Postfix LMTP client time limit for sending the - LHLO command, and for receiving the initial remote - LMTP server response. + The Postfix LMTP client time limit for sending the LHLO command, + and for receiving the initial remote LMTP server response. smtp_xforward_timeout (300s) - The Postfix SMTP client time limit for sending the - XFORWARD command, and for receiving the remote SMTP - server response. + The Postfix SMTP client time limit for sending the XFORWARD com- + mand, and for receiving the remote SMTP server response. smtp_mail_timeout (300s) - The Postfix SMTP client time limit for sending the - MAIL FROM command, and for receiving the remote - SMTP server response. + The Postfix SMTP client time limit for sending the MAIL FROM + command, and for receiving the remote SMTP server response. smtp_rcpt_timeout (300s) - The Postfix SMTP client time limit for sending the - SMTP RCPT TO command, and for receiving the remote - SMTP server response. + The Postfix SMTP client time limit for sending the SMTP RCPT TO + command, and for receiving the remote SMTP server response. smtp_data_init_timeout (120s) - The Postfix SMTP client time limit for sending the - SMTP DATA command, and for receiving the remote - SMTP server response. + The Postfix SMTP client time limit for sending the SMTP DATA + command, and for receiving the remote SMTP server response. smtp_data_xfer_timeout (180s) - The Postfix SMTP client time limit for sending the - SMTP message content. + The Postfix SMTP client time limit for sending the SMTP message + content. smtp_data_done_timeout (600s) - The Postfix SMTP client time limit for sending the - SMTP ".", and for receiving the remote SMTP server - response. + The Postfix SMTP client time limit for sending the SMTP ".", and + for receiving the remote SMTP server response. smtp_quit_timeout (300s) - The Postfix SMTP client time limit for sending the - QUIT command, and for receiving the remote SMTP - server response. + The Postfix SMTP client time limit for sending the QUIT command, + and for receiving the remote SMTP server response. Available in Postfix version 2.1 and later: smtp_mx_address_limit (5) - The maximal number of MX (mail exchanger) IP - addresses that can result from Postfix SMTP client - mail exchanger lookups, or zero (no limit). + The maximal number of MX (mail exchanger) IP addresses that can + result from Postfix SMTP client mail exchanger lookups, or zero + (no limit). smtp_mx_session_limit (2) - The maximal number of SMTP sessions per delivery - request before the Postfix SMTP client gives up or - delivers to a fall-back relay host, or zero (no - limit). + The maximal number of SMTP sessions per delivery request before + the Postfix SMTP client gives up or delivers to a fall-back + relay host, or zero (no limit). smtp_rset_timeout (20s) - The Postfix SMTP client time limit for sending the - RSET command, and for receiving the remote SMTP - server response. + The Postfix SMTP client time limit for sending the RSET command, + and for receiving the remote SMTP server response. Available in Postfix version 2.2 and earlier: lmtp_cache_connection (yes) - Keep Postfix LMTP client connections open for up to - $max_idle seconds. + Keep Postfix LMTP client connections open for up to $max_idle + seconds. Available in Postfix version 2.2 and later: smtp_connection_cache_destinations (empty) - Permanently enable SMTP connection caching for the - specified destinations. + Permanently enable SMTP connection caching for the specified + destinations. smtp_connection_cache_on_demand (yes) - Temporarily enable SMTP connection caching while a - destination has a high volume of mail in the active - queue. + Temporarily enable SMTP connection caching while a destination + has a high volume of mail in the active queue. smtp_connection_reuse_time_limit (300s) - The amount of time during which Postfix will use an - SMTP connection repeatedly. + The amount of time during which Postfix will use an SMTP connec- + tion repeatedly. smtp_connection_cache_time_limit (2s) - When SMTP connection caching is enabled, the amount - of time that an unused SMTP client socket is kept - open before it is closed. + When SMTP connection caching is enabled, the amount of time that + an unused SMTP client socket is kept open before it is closed. Available in Postfix version 2.3 and later: connection_cache_protocol_timeout (5s) - Time limit for connection cache connect, send or - receive operations. + Time limit for connection cache connect, send or receive opera- + tions. Available in Postfix version 2.9 and later: smtp_per_record_deadline (no) - Change the behavior of the smtp_*_timeout time lim- - its, from a time limit per read or write system - call, to a time limit to send or receive a complete - record (an SMTP command line, SMTP response line, - SMTP message content line, or TLS protocol mes- + Change the behavior of the smtp_*_timeout time limits, from a + time limit per read or write system call, to a time limit to + send or receive a complete record (an SMTP command line, SMTP + response line, SMTP message content line, or TLS protocol mes- sage). Available in Postfix version 2.11 and later: smtp_connection_reuse_count_limit (0) - When SMTP connection caching is enabled, the number - of times that an SMTP session may be reused before - it is closed, or zero (no limit). + When SMTP connection caching is enabled, the number of times + that an SMTP session may be reused before it is closed, or zero + (no limit). TROUBLE SHOOTING CONTROLS debug_peer_level (2) - The increment in verbose logging level when a - remote client or server matches a pattern in the - debug_peer_list parameter. + The increment in verbose logging level when a remote client or + server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname - or network address patterns that cause the verbose - logging level to increase by the amount specified - in $debug_peer_level. + Optional list of remote client or server hostname or network + address patterns that cause the verbose logging level to + increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about - mail delivery problems that are caused by policy, - resource, software or protocol errors. + The recipient of postmaster notifications about mail delivery + problems that are caused by policy, resource, software or proto- + col errors. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are sub- - ject to before-queue content inspection by - non_smtpd_milters, header_checks and body_checks. + What categories of Postfix-generated mail are subject to before- + queue content inspection by non_smtpd_milters, header_checks and + body_checks. notify_classes (resource, software) - The list of error classes that are reported to the - postmaster. + The list of error classes that are reported to the postmaster. MISCELLANEOUS CONTROLS best_mx_transport (empty) - Where the Postfix SMTP client should deliver mail - when it detects a "mail loops back to myself" error - condition. + Where the Postfix SMTP client should deliver mail when it + detects a "mail loops back to myself" error condition. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal - point when logging sub-second delay values. + The maximal number of digits after the decimal point when log- + ging sub-second delay values. disable_dns_lookups (no) - Disable DNS lookups in the Postfix SMTP and LMTP - clients. + Disable DNS lookups in the Postfix SMTP and LMTP clients. inet_interfaces (all) - The network interface addresses that this mail sys- - tem receives mail on. + The network interface addresses that this mail system receives + mail on. inet_protocols (all) - The Internet protocols Postfix will attempt to use - when making or accepting connections. + The Internet protocols Postfix will attempt to use when making + or accepting connections. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. lmtp_assume_final (no) - When a remote LMTP server announces no DSN support, - assume that the server performs final delivery, and - send "delivered" delivery status notifications - instead of "relayed". + When a remote LMTP server announces no DSN support, assume that + the server performs final delivery, and send "delivered" deliv- + ery status notifications instead of "relayed". lmtp_tcp_port (24) - The default TCP port that the Postfix LMTP client - connects to. + The default TCP port that the Postfix LMTP client connects to. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. proxy_interfaces (empty) - The network interface addresses that this mail sys- - tem receives mail on by way of a proxy or network - address translation unit. + The network interface addresses that this mail system receives + mail on by way of a proxy or network address translation unit. smtp_address_preference (any) - The address type ("ipv6", "ipv4" or "any") that the - Postfix SMTP client will try first, when a destina- - tion has IPv6 and IPv4 addresses with equal MX - preference. + The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP + client will try first, when a destination has IPv6 and IPv4 + addresses with equal MX preference. smtp_bind_address (empty) - An optional numerical network address that the - Postfix SMTP client should bind to when making an - IPv4 connection. + An optional numerical network address that the Postfix SMTP + client should bind to when making an IPv4 connection. smtp_bind_address6 (empty) - An optional numerical network address that the - Postfix SMTP client should bind to when making an - IPv6 connection. + An optional numerical network address that the Postfix SMTP + client should bind to when making an IPv6 connection. smtp_helo_name ($myhostname) - The hostname to send in the SMTP EHLO or HELO com- - mand. + The hostname to send in the SMTP EHLO or HELO command. lmtp_lhlo_name ($myhostname) The hostname to send in the LMTP LHLO command. smtp_host_lookup (dns) - What mechanisms the Postfix SMTP client uses to - look up a host's IP address. + What mechanisms the Postfix SMTP client uses to look up a host's + IP address. smtp_randomize_addresses (yes) - Randomize the order of equal-preference MX host - addresses. + Randomize the order of equal-preference MX host addresses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". Available with Postfix 2.2 and earlier: fallback_relay (empty) - Optional list of relay hosts for SMTP destinations - that can't be found or that are unreachable. + Optional list of relay hosts for SMTP destinations that can't be + found or that are unreachable. Available with Postfix 2.3 and later: smtp_fallback_relay ($fallback_relay) - Optional list of relay hosts for SMTP destinations - that can't be found or that are unreachable. + Optional list of relay hosts for SMTP destinations that can't be + found or that are unreachable. SEE ALSO generic(5), output address rewriting @@ -926,8 +827,7 @@ SMTP(8) SMTP(8) TLS_README, Postfix STARTTLS howto LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index e9e23ff47..d22809024 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -15,32 +15,29 @@ SMTPD(8) SMTPD(8) sendmail -bs DESCRIPTION - The SMTP server accepts network connection requests and - performs zero or more SMTP transactions per connection. - Each received message is piped through the cleanup(8) dae- - mon, and is placed into the incoming queue as one single - queue file. For this mode of operation, the program - expects to be run from the master(8) process manager. - - Alternatively, the SMTP server be can run in stand-alone - mode; this is traditionally obtained with "sendmail -bs". - When the SMTP server runs stand-alone with non $mail_owner - privileges, it receives mail even while the mail system is - not running, deposits messages directly into the maildrop - queue, and disables the SMTP server's access policies. As - of Postfix version 2.3, the SMTP server refuses to receive - mail from the network when it runs with non $mail_owner - privileges. - - The SMTP server implements a variety of policies for con- - nection requests, and for parameters given to HELO, ETRN, - MAIL FROM, VRFY and RCPT TO commands. They are detailed - below and in the main.cf configuration file. + The SMTP server accepts network connection requests and performs zero + or more SMTP transactions per connection. Each received message is + piped through the cleanup(8) daemon, and is placed into the incoming + queue as one single queue file. For this mode of operation, the pro- + gram expects to be run from the master(8) process manager. + + Alternatively, the SMTP server be can run in stand-alone mode; this is + traditionally obtained with "sendmail -bs". When the SMTP server runs + stand-alone with non $mail_owner privileges, it receives mail even + while the mail system is not running, deposits messages directly into + the maildrop queue, and disables the SMTP server's access policies. As + of Postfix version 2.3, the SMTP server refuses to receive mail from + the network when it runs with non $mail_owner privileges. + + The SMTP server implements a variety of policies for connection + requests, and for parameters given to HELO, ETRN, MAIL FROM, VRFY and + RCPT TO commands. They are detailed below and in the main.cf configura- + tion file. SECURITY - The SMTP server is moderately security-sensitive. It talks - to SMTP clients and to DNS servers on the network. The - SMTP server can be run chrooted at fixed low privilege. + The SMTP server is moderately security-sensitive. It talks to SMTP + clients and to DNS servers on the network. The SMTP server can be run + chrooted at fixed low privilege. STANDARDS RFC 821 (SMTP protocol) @@ -64,1134 +61,1019 @@ SMTPD(8) SMTPD(8) DIAGNOSTICS Problems and transactions are logged to syslogd(8). - Depending on the setting of the notify_classes parameter, - the postmaster is notified of bounces, protocol problems, - policy violations, and of other trouble. + Depending on the setting of the notify_classes parameter, the postmas- + ter is notified of bounces, protocol problems, policy violations, and + of other trouble. CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically, as - smtpd(8) processes run for only a limited amount of time. - Use the command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically, as smtpd(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. COMPATIBILITY CONTROLS - The following parameters work around implementation errors - in other software, and/or allow you to override standards - in order to prevent undesirable use. + The following parameters work around implementation errors in other + software, and/or allow you to override standards in order to prevent + undesirable use. broken_sasl_auth_clients (no) - Enable inter-operability with remote SMTP clients - that implement an obsolete version of the AUTH com- - mand (RFC 4954). + Enable inter-operability with remote SMTP clients that implement + an obsolete version of the AUTH command (RFC 4954). disable_vrfy_command (no) Disable the SMTP VRFY command. smtpd_noop_commands (empty) - List of commands that the Postfix SMTP server - replies to with "250 Ok", without doing any syntax - checks and without changing state. + List of commands that the Postfix SMTP server replies to with + "250 Ok", without doing any syntax checks and without changing + state. strict_rfc821_envelopes (no) - Require that addresses received in SMTP MAIL FROM - and RCPT TO commands are enclosed with <>, and that - those addresses do not contain RFC 822 style com- - ments or phrases. + Require that addresses received in SMTP MAIL FROM and RCPT TO + commands are enclosed with <>, and that those addresses do not + contain RFC 822 style comments or phrases. Available in Postfix version 2.1 and later: smtpd_reject_unlisted_sender (no) - Request that the Postfix SMTP server rejects mail - from unknown sender addresses, even when no - explicit reject_unlisted_sender access restriction - is specified. + Request that the Postfix SMTP server rejects mail from unknown + sender addresses, even when no explicit reject_unlisted_sender + access restriction is specified. smtpd_sasl_exceptions_networks (empty) - What remote SMTP clients the Postfix SMTP server - will not offer AUTH support to. + What remote SMTP clients the Postfix SMTP server will not offer + AUTH support to. Available in Postfix version 2.2 and later: smtpd_discard_ehlo_keyword_address_maps (empty) - Lookup tables, indexed by the remote SMTP client - address, with case insensitive lists of EHLO key- - words (pipelining, starttls, auth, etc.) that the - Postfix SMTP server will not send in the EHLO - response to a remote SMTP client. + Lookup tables, indexed by the remote SMTP client address, with + case insensitive lists of EHLO keywords (pipelining, starttls, + auth, etc.) that the Postfix SMTP server will not send in the + EHLO response to a remote SMTP client. smtpd_discard_ehlo_keywords (empty) - A case insensitive list of EHLO keywords (pipelin- - ing, starttls, auth, etc.) that the Postfix SMTP - server will not send in the EHLO response to a - remote SMTP client. + A case insensitive list of EHLO keywords (pipelining, starttls, + auth, etc.) that the Postfix SMTP server will not send in the + EHLO response to a remote SMTP client. smtpd_delay_open_until_valid_rcpt (yes) - Postpone the start of an SMTP mail transaction - until a valid RCPT TO command is received. + Postpone the start of an SMTP mail transaction until a valid + RCPT TO command is received. Available in Postfix version 2.3 and later: smtpd_tls_always_issue_session_ids (yes) - Force the Postfix SMTP server to issue a TLS ses- - sion id, even when TLS session caching is turned - off (smtpd_tls_session_cache_database is empty). + Force the Postfix SMTP server to issue a TLS session id, even + when TLS session caching is turned off (smtpd_tls_ses- + sion_cache_database is empty). Available in Postfix version 2.6 and later: tcp_windowsize (0) - An optional workaround for routers that break TCP - window scaling. + An optional workaround for routers that break TCP window scal- + ing. Available in Postfix version 2.7 and later: smtpd_command_filter (empty) - A mechanism to transform commands from remote SMTP - clients. + A mechanism to transform commands from remote SMTP clients. Available in Postfix version 2.9 and later: smtpd_per_record_deadline (normal: no, overload: yes) - Change the behavior of the smtpd_timeout and - smtpd_starttls_timeout time limits, from a time - limit per read or write system call, to a time - limit to send or receive a complete record (an SMTP - command line, SMTP response line, SMTP message con- - tent line, or TLS protocol message). + Change the behavior of the smtpd_timeout and smtpd_start- + tls_timeout time limits, from a time limit per read or write + system call, to a time limit to send or receive a complete + record (an SMTP command line, SMTP response line, SMTP message + content line, or TLS protocol message). ADDRESS REWRITING CONTROLS - See the ADDRESS_REWRITING_README document for a detailed - discussion of Postfix address rewriting. + See the ADDRESS_REWRITING_README document for a detailed discussion of + Postfix address rewriting. receive_override_options (empty) - Enable or disable recipient validation, built-in - content filtering, or address mapping. + Enable or disable recipient validation, built-in content filter- + ing, or address mapping. Available in Postfix version 2.2 and later: local_header_rewrite_clients (permit_inet_interfaces) - Rewrite message header addresses in mail from these - clients and update incomplete addresses with the - domain name in $myorigin or $mydomain; either don't - rewrite message headers from other clients at all, - or rewrite message headers and update incomplete - addresses with the domain specified in the - remote_header_rewrite_domain parameter. + Rewrite message header addresses in mail from these clients and + update incomplete addresses with the domain name in $myorigin or + $mydomain; either don't rewrite message headers from other + clients at all, or rewrite message headers and update incomplete + addresses with the domain specified in the remote_header_re- + write_domain parameter. BEFORE-SMTPD PROXY AGENT Available in Postfix version 2.10 and later: smtpd_upstream_proxy_protocol (empty) - The name of the proxy protocol used by an optional - before-smtpd proxy agent. + The name of the proxy protocol used by an optional before-smtpd + proxy agent. smtpd_upstream_proxy_timeout (5s) - The time limit for the proxy protocol specified - with the smtpd_upstream_proxy_protocol parameter. + The time limit for the proxy protocol specified with the + smtpd_upstream_proxy_protocol parameter. AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS - As of version 1.0, Postfix can be configured to send new - mail to an external content filter AFTER the mail is - queued. This content filter is expected to inject mail - back into a (Postfix or other) MTA for further delivery. - See the FILTER_README document for details. + As of version 1.0, Postfix can be configured to send new mail to an + external content filter AFTER the mail is queued. This content filter + is expected to inject mail back into a (Postfix or other) MTA for fur- + ther delivery. See the FILTER_README document for details. content_filter (empty) - After the message is queued, send the entire mes- - sage to the specified transport:destination. + After the message is queued, send the entire message to the + specified transport:destination. BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS - As of version 2.1, the Postfix SMTP server can be config- - ured to send incoming mail to a real-time SMTP-based con- - tent filter BEFORE mail is queued. This content filter is - expected to inject mail back into Postfix. See the - SMTPD_PROXY_README document for details on how to config- + As of version 2.1, the Postfix SMTP server can be configured to send + incoming mail to a real-time SMTP-based content filter BEFORE mail is + queued. This content filter is expected to inject mail back into Post- + fix. See the SMTPD_PROXY_README document for details on how to config- ure and operate this feature. smtpd_proxy_filter (empty) - The hostname and TCP port of the mail filtering - proxy server. + The hostname and TCP port of the mail filtering proxy server. smtpd_proxy_ehlo ($myhostname) - How the Postfix SMTP server announces itself to the - proxy filter. + How the Postfix SMTP server announces itself to the proxy fil- + ter. smtpd_proxy_options (empty) - List of options that control how the Postfix SMTP - server communicates with a before-queue content - filter. + List of options that control how the Postfix SMTP server commu- + nicates with a before-queue content filter. smtpd_proxy_timeout (100s) - The time limit for connecting to a proxy filter and - for sending or receiving information. + The time limit for connecting to a proxy filter and for sending + or receiving information. BEFORE QUEUE MILTER CONTROLS - As of version 2.3, Postfix supports the Sendmail version 8 - Milter (mail filter) protocol. These content filters run - outside Postfix. They can inspect the SMTP command stream - and the message content, and can request modifications - before mail is queued. For details see the MILTER_README - document. + As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail + filter) protocol. These content filters run outside Postfix. They can + inspect the SMTP command stream and the message content, and can + request modifications before mail is queued. For details see the MIL- + TER_README document. smtpd_milters (empty) - A list of Milter (mail filter) applications for new - mail that arrives via the Postfix smtpd(8) server. + A list of Milter (mail filter) applications for new mail that + arrives via the Postfix smtpd(8) server. milter_protocol (6) - The mail filter protocol version and optional pro- - tocol extensions for communication with a Milter - application; prior to Postfix 2.6 the default pro- - tocol is 2. + The mail filter protocol version and optional protocol exten- + sions for communication with a Milter application; prior to + Postfix 2.6 the default protocol is 2. milter_default_action (tempfail) - The default action when a Milter (mail filter) - application is unavailable or mis-configured. + The default action when a Milter (mail filter) application is + unavailable or mis-configured. milter_macro_daemon_name ($myhostname) - The {daemon_name} macro value for Milter (mail fil- - ter) applications. + The {daemon_name} macro value for Milter (mail filter) applica- + tions. milter_macro_v ($mail_name $mail_version) - The {v} macro value for Milter (mail filter) appli- - cations. + The {v} macro value for Milter (mail filter) applications. milter_connect_timeout (30s) - The time limit for connecting to a Milter (mail - filter) application, and for negotiating protocol - options. + The time limit for connecting to a Milter (mail filter) applica- + tion, and for negotiating protocol options. milter_command_timeout (30s) - The time limit for sending an SMTP command to a - Milter (mail filter) application, and for receiving - the response. + The time limit for sending an SMTP command to a Milter (mail + filter) application, and for receiving the response. milter_content_timeout (300s) - The time limit for sending message content to a - Milter (mail filter) application, and for receiving - the response. + The time limit for sending message content to a Milter (mail + filter) application, and for receiving the response. milter_connect_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) - applications after completion of an SMTP connec- - tion. + The macros that are sent to Milter (mail filter) applications + after completion of an SMTP connection. milter_helo_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) - applications after the SMTP HELO or EHLO command. + The macros that are sent to Milter (mail filter) applications + after the SMTP HELO or EHLO command. milter_mail_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) - applications after the SMTP MAIL FROM command. + The macros that are sent to Milter (mail filter) applications + after the SMTP MAIL FROM command. milter_rcpt_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) - applications after the SMTP RCPT TO command. + The macros that are sent to Milter (mail filter) applications + after the SMTP RCPT TO command. milter_data_macros (see 'postconf -d' output) - The macros that are sent to version 4 or higher - Milter (mail filter) applications after the SMTP - DATA command. + The macros that are sent to version 4 or higher Milter (mail + filter) applications after the SMTP DATA command. milter_unknown_command_macros (see 'postconf -d' output) - The macros that are sent to version 3 or higher - Milter (mail filter) applications after an unknown - SMTP command. + The macros that are sent to version 3 or higher Milter (mail + filter) applications after an unknown SMTP command. milter_end_of_header_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) - applications after the end of the message header. + The macros that are sent to Milter (mail filter) applications + after the end of the message header. milter_end_of_data_macros (see 'postconf -d' output) - The macros that are sent to Milter (mail filter) - applications after the message end-of-data. + The macros that are sent to Milter (mail filter) applications + after the message end-of-data. GENERAL CONTENT INSPECTION CONTROLS - The following parameters are applicable for both built-in - and external content filters. + The following parameters are applicable for both built-in and external + content filters. Available in Postfix version 2.1 and later: receive_override_options (empty) - Enable or disable recipient validation, built-in - content filtering, or address mapping. + Enable or disable recipient validation, built-in content filter- + ing, or address mapping. EXTERNAL CONTENT INSPECTION CONTROLS - The following parameters are applicable for both before- - queue and after-queue content filtering. + The following parameters are applicable for both before-queue and + after-queue content filtering. Available in Postfix version 2.1 and later: smtpd_authorized_xforward_hosts (empty) - What remote SMTP clients are allowed to use the - XFORWARD feature. + What remote SMTP clients are allowed to use the XFORWARD fea- + ture. SASL AUTHENTICATION CONTROLS - Postfix SASL support (RFC 4954) can be used to authenti- - cate remote SMTP clients to the Postfix SMTP server, and - to authenticate the Postfix SMTP client to a remote SMTP - server. See the SASL_README document for details. + Postfix SASL support (RFC 4954) can be used to authenticate remote SMTP + clients to the Postfix SMTP server, and to authenticate the Postfix + SMTP client to a remote SMTP server. See the SASL_README document for + details. broken_sasl_auth_clients (no) - Enable inter-operability with remote SMTP clients - that implement an obsolete version of the AUTH com- - mand (RFC 4954). + Enable inter-operability with remote SMTP clients that implement + an obsolete version of the AUTH command (RFC 4954). smtpd_sasl_auth_enable (no) - Enable SASL authentication in the Postfix SMTP - server. + Enable SASL authentication in the Postfix SMTP server. smtpd_sasl_local_domain (empty) - The name of the Postfix SMTP server's local SASL - authentication realm. + The name of the Postfix SMTP server's local SASL authentication + realm. smtpd_sasl_security_options (noanonymous) - Postfix SMTP server SASL security options; as of - Postfix 2.3 the list of available features depends - on the SASL server implementation that is selected - with smtpd_sasl_type. + Postfix SMTP server SASL security options; as of Postfix 2.3 the + list of available features depends on the SASL server implemen- + tation that is selected with smtpd_sasl_type. smtpd_sender_login_maps (empty) - Optional lookup table with the SASL login names - that own sender (MAIL FROM) addresses. + Optional lookup table with the SASL login names that own sender + (MAIL FROM) addresses. Available in Postfix version 2.1 and later: smtpd_sasl_exceptions_networks (empty) - What remote SMTP clients the Postfix SMTP server - will not offer AUTH support to. + What remote SMTP clients the Postfix SMTP server will not offer + AUTH support to. Available in Postfix version 2.1 and 2.2: smtpd_sasl_application_name (smtpd) - The application name that the Postfix SMTP server - uses for SASL server initialization. + The application name that the Postfix SMTP server uses for SASL + server initialization. Available in Postfix version 2.3 and later: smtpd_sasl_authenticated_header (no) - Report the SASL authenticated user name in the - smtpd(8) Received message header. + Report the SASL authenticated user name in the smtpd(8) Received + message header. smtpd_sasl_path (smtpd) - Implementation-specific information that the Post- - fix SMTP server passes through to the SASL plug-in - implementation that is selected with - smtpd_sasl_type. + Implementation-specific information that the Postfix SMTP server + passes through to the SASL plug-in implementation that is + selected with smtpd_sasl_type. smtpd_sasl_type (cyrus) - The SASL plug-in type that the Postfix SMTP server - should use for authentication. + The SASL plug-in type that the Postfix SMTP server should use + for authentication. Available in Postfix version 2.5 and later: cyrus_sasl_config_path (empty) - Search path for Cyrus SASL application configura- - tion files, currently used only to locate the - $smtpd_sasl_path.conf file. + Search path for Cyrus SASL application configuration files, cur- + rently used only to locate the $smtpd_sasl_path.conf file. STARTTLS SUPPORT CONTROLS - Detailed information about STARTTLS configuration may be - found in the TLS_README document. + Detailed information about STARTTLS configuration may be found in the + TLS_README document. smtpd_tls_security_level (empty) - The SMTP TLS security level for the Postfix SMTP - server; when a non-empty value is specified, this - overrides the obsolete parameters smtpd_use_tls and - smtpd_enforce_tls. + The SMTP TLS security level for the Postfix SMTP server; when a + non-empty value is specified, this overrides the obsolete param- + eters smtpd_use_tls and smtpd_enforce_tls. - smtpd_sasl_tls_security_options ($smtpd_sasl_secu- - rity_options) - The SASL authentication security options that the - Postfix SMTP server uses for TLS encrypted SMTP - sessions. + smtpd_sasl_tls_security_options ($smtpd_sasl_security_options) + The SASL authentication security options that the Postfix SMTP + server uses for TLS encrypted SMTP sessions. smtpd_starttls_timeout (see 'postconf -d' output) - The time limit for Postfix SMTP server write and - read operations during TLS startup and shutdown - handshake procedures. + The time limit for Postfix SMTP server write and read operations + during TLS startup and shutdown handshake procedures. smtpd_tls_CAfile (empty) - A file containing (PEM format) CA certificates of - root CAs trusted to sign either remote SMTP client - certificates or intermediate CA certificates. + A file containing (PEM format) CA certificates of root CAs + trusted to sign either remote SMTP client certificates or inter- + mediate CA certificates. smtpd_tls_CApath (empty) - A directory containing (PEM format) CA certificates - of root CAs trusted to sign either remote SMTP - client certificates or intermediate CA certifi- - cates. + A directory containing (PEM format) CA certificates of root CAs + trusted to sign either remote SMTP client certificates or inter- + mediate CA certificates. smtpd_tls_always_issue_session_ids (yes) - Force the Postfix SMTP server to issue a TLS ses- - sion id, even when TLS session caching is turned - off (smtpd_tls_session_cache_database is empty). + Force the Postfix SMTP server to issue a TLS session id, even + when TLS session caching is turned off (smtpd_tls_ses- + sion_cache_database is empty). smtpd_tls_ask_ccert (no) - Ask a remote SMTP client for a client certificate. + Ask a remote SMTP client for a client certificate. smtpd_tls_auth_only (no) - When TLS encryption is optional in the Postfix SMTP - server, do not announce or accept SASL authentica- - tion over unencrypted connections. + When TLS encryption is optional in the Postfix SMTP server, do + not announce or accept SASL authentication over unencrypted con- + nections. smtpd_tls_ccert_verifydepth (9) - The verification depth for remote SMTP client cer- - tificates. + The verification depth for remote SMTP client certificates. smtpd_tls_cert_file (empty) - File with the Postfix SMTP server RSA certificate - in PEM format. + File with the Postfix SMTP server RSA certificate in PEM format. smtpd_tls_exclude_ciphers (empty) - List of ciphers or cipher types to exclude from the - SMTP server cipher list at all TLS security levels. + List of ciphers or cipher types to exclude from the SMTP server + cipher list at all TLS security levels. smtpd_tls_dcert_file (empty) - File with the Postfix SMTP server DSA certificate - in PEM format. + File with the Postfix SMTP server DSA certificate in PEM format. smtpd_tls_dh1024_param_file (empty) - File with DH parameters that the Postfix SMTP - server should use with EDH ciphers. + File with DH parameters that the Postfix SMTP server should use + with EDH ciphers. smtpd_tls_dh512_param_file (empty) - File with DH parameters that the Postfix SMTP - server should use with EDH ciphers. + File with DH parameters that the Postfix SMTP server should use + with EDH ciphers. smtpd_tls_dkey_file ($smtpd_tls_dcert_file) - File with the Postfix SMTP server DSA private key - in PEM format. + File with the Postfix SMTP server DSA private key in PEM format. smtpd_tls_key_file ($smtpd_tls_cert_file) - File with the Postfix SMTP server RSA private key - in PEM format. + File with the Postfix SMTP server RSA private key in PEM format. smtpd_tls_loglevel (0) - Enable additional Postfix SMTP server logging of - TLS activity. + Enable additional Postfix SMTP server logging of TLS activity. smtpd_tls_mandatory_ciphers (medium) - The minimum TLS cipher grade that the Postfix SMTP - server will use with mandatory TLS encryption. + The minimum TLS cipher grade that the Postfix SMTP server will + use with mandatory TLS encryption. smtpd_tls_mandatory_exclude_ciphers (empty) - Additional list of ciphers or cipher types to - exclude from the Postfix SMTP server cipher list at - mandatory TLS security levels. + Additional list of ciphers or cipher types to exclude from the + Postfix SMTP server cipher list at mandatory TLS security lev- + els. smtpd_tls_mandatory_protocols (!SSLv2) - The SSL/TLS protocols accepted by the Postfix SMTP - server with mandatory TLS encryption. + The SSL/TLS protocols accepted by the Postfix SMTP server with + mandatory TLS encryption. smtpd_tls_received_header (no) - Request that the Postfix SMTP server produces - Received: message headers that include information - about the protocol and cipher used, as well as the - remote SMTP client CommonName and client certifi- - cate issuer CommonName. + Request that the Postfix SMTP server produces Received: message + headers that include information about the protocol and cipher + used, as well as the remote SMTP client CommonName and client + certificate issuer CommonName. smtpd_tls_req_ccert (no) - With mandatory TLS encryption, require a trusted - remote SMTP client certificate in order to allow - TLS connections to proceed. + With mandatory TLS encryption, require a trusted remote SMTP + client certificate in order to allow TLS connections to proceed. smtpd_tls_wrappermode (no) - Run the Postfix SMTP server in the non-standard - "wrapper" mode, instead of using the STARTTLS com- - mand. + Run the Postfix SMTP server in the non-standard "wrapper" mode, + instead of using the STARTTLS command. tls_daemon_random_bytes (32) - The number of pseudo-random bytes that an smtp(8) - or smtpd(8) process requests from the tlsmgr(8) - server in order to seed its internal pseudo random - number generator (PRNG). + The number of pseudo-random bytes that an smtp(8) or smtpd(8) + process requests from the tlsmgr(8) server in order to seed its + internal pseudo random number generator (PRNG). - tls_high_cipherlist - (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) + tls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) The OpenSSL cipherlist for "HIGH" grade ciphers. tls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH) - The OpenSSL cipherlist for "MEDIUM" or higher grade - ciphers. + The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH) - The OpenSSL cipherlist for "LOW" or higher grade - ciphers. + The OpenSSL cipherlist for "LOW" or higher grade ciphers. tls_export_cipherlist (ALL:+RC4:@STRENGTH) - The OpenSSL cipherlist for "EXPORT" or higher grade - ciphers. + The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. tls_null_cipherlist (eNULL:!aNULL) - The OpenSSL cipherlist for "NULL" grade ciphers - that provide authentication without encryption. + The OpenSSL cipherlist for "NULL" grade ciphers that provide + authentication without encryption. Available in Postfix version 2.5 and later: smtpd_tls_fingerprint_digest (md5) - The message digest algorithm to construct remote - SMTP client-certificate fingerprints or public key - fingerprints (Postfix 2.9 and later) for - check_ccert_access and permit_tls_clientcerts. + The message digest algorithm to construct remote SMTP client- + certificate fingerprints or public key fingerprints (Postfix 2.9 + and later) for check_ccert_access and permit_tls_clientcerts. Available in Postfix version 2.6 and later: smtpd_tls_protocols (empty) - List of TLS protocols that the Postfix SMTP server - will exclude or include with opportunistic TLS - encryption. + List of TLS protocols that the Postfix SMTP server will exclude + or include with opportunistic TLS encryption. smtpd_tls_ciphers (export) - The minimum TLS cipher grade that the Postfix SMTP - server will use with opportunistic TLS encryption. + The minimum TLS cipher grade that the Postfix SMTP server will + use with opportunistic TLS encryption. smtpd_tls_eccert_file (empty) - File with the Postfix SMTP server ECDSA certificate - in PEM format. + File with the Postfix SMTP server ECDSA certificate in PEM for- + mat. smtpd_tls_eckey_file ($smtpd_tls_eccert_file) - File with the Postfix SMTP server ECDSA private key - in PEM format. + File with the Postfix SMTP server ECDSA private key in PEM for- + mat. smtpd_tls_eecdh_grade (see 'postconf -d' output) - The Postfix SMTP server security grade for - ephemeral elliptic-curve Diffie-Hellman (EECDH) key - exchange. + The Postfix SMTP server security grade for ephemeral elliptic- + curve Diffie-Hellman (EECDH) key exchange. tls_eecdh_strong_curve (prime256v1) - The elliptic curve used by the Postfix SMTP server - for sensibly strong ephemeral ECDH key exchange. + The elliptic curve used by the Postfix SMTP server for sensibly + strong ephemeral ECDH key exchange. tls_eecdh_ultra_curve (secp384r1) - The elliptic curve used by the Postfix SMTP server - for maximally strong ephemeral ECDH key exchange. + The elliptic curve used by the Postfix SMTP server for maximally + strong ephemeral ECDH key exchange. Available in Postfix version 2.8 and later: tls_preempt_cipherlist (no) - With SSLv3 and later, use the Postfix SMTP server's - cipher preference order instead of the remote - client's cipher preference order. + With SSLv3 and later, use the Postfix SMTP server's cipher pref- + erence order instead of the remote client's cipher preference + order. tls_disable_workarounds (see 'postconf -d' output) - List or bit-mask of OpenSSL bug work-arounds to - disable. + List or bit-mask of OpenSSL bug work-arounds to disable. Available in Postfix version 2.11 and later: tlsmgr_service_name (tlsmgr) - The name of the tlsmgr(8) service entry in mas- - ter.cf. + The name of the tlsmgr(8) service entry in master.cf. OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compati- - bility with Postfix versions before 2.3. Support for these - will be removed in a future release. + The following configuration parameters exist for compatibility with + Postfix versions before 2.3. Support for these will be removed in a + future release. smtpd_use_tls (no) - Opportunistic TLS: announce STARTTLS support to - remote SMTP clients, but do not require that - clients use TLS encryption. + Opportunistic TLS: announce STARTTLS support to remote SMTP + clients, but do not require that clients use TLS encryption. smtpd_enforce_tls (no) - Mandatory TLS: announce STARTTLS support to remote - SMTP clients, and require that clients use TLS - encryption. + Mandatory TLS: announce STARTTLS support to remote SMTP clients, + and require that clients use TLS encryption. smtpd_tls_cipherlist (empty) - Obsolete Postfix < 2.3 control for the Postfix SMTP - server TLS cipher list. + Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS + cipher list. VERP SUPPORT CONTROLS - With VERP style delivery, each recipient of a message - receives a customized copy of the message with his/her own - recipient address encoded in the envelope sender address. - The VERP_README file describes configuration and operation - details of Postfix support for variable envelope return - path addresses. VERP style delivery is requested with the - SMTP XVERP command or with the "sendmail -V" command-line - option and is available in Postfix version 1.1 and later. + With VERP style delivery, each recipient of a message receives a cus- + tomized copy of the message with his/her own recipient address encoded + in the envelope sender address. The VERP_README file describes config- + uration and operation details of Postfix support for variable envelope + return path addresses. VERP style delivery is requested with the SMTP + XVERP command or with the "sendmail -V" command-line option and is + available in Postfix version 1.1 and later. default_verp_delimiters (+=) The two default VERP delimiter characters. verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter - characters on the Postfix sendmail(1) command line - and in SMTP commands. + The characters Postfix accepts as VERP delimiter characters on + the Postfix sendmail(1) command line and in SMTP commands. Available in Postfix version 1.1 and 2.0: authorized_verp_clients ($mynetworks) - What remote SMTP clients are allowed to specify the - XVERP command. + What remote SMTP clients are allowed to specify the XVERP com- + mand. Available in Postfix version 2.1 and later: smtpd_authorized_verp_clients ($authorized_verp_clients) - What remote SMTP clients are allowed to specify the - XVERP command. + What remote SMTP clients are allowed to specify the XVERP com- + mand. TROUBLE SHOOTING CONTROLS - The DEBUG_README document describes how to debug parts of - the Postfix mail system. The methods vary from making the - software log a lot of detail, to running some daemon pro- - cesses under control of a call tracer or debugger. + The DEBUG_README document describes how to debug parts of the Postfix + mail system. The methods vary from making the software log a lot of + detail, to running some daemon processes under control of a call tracer + or debugger. debug_peer_level (2) - The increment in verbose logging level when a - remote client or server matches a pattern in the - debug_peer_list parameter. + The increment in verbose logging level when a remote client or + server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname - or network address patterns that cause the verbose - logging level to increase by the amount specified - in $debug_peer_level. + Optional list of remote client or server hostname or network + address patterns that cause the verbose logging level to + increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about - mail delivery problems that are caused by policy, - resource, software or protocol errors. + The recipient of postmaster notifications about mail delivery + problems that are caused by policy, resource, software or proto- + col errors. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are sub- - ject to before-queue content inspection by - non_smtpd_milters, header_checks and body_checks. + What categories of Postfix-generated mail are subject to before- + queue content inspection by non_smtpd_milters, header_checks and + body_checks. notify_classes (resource, software) - The list of error classes that are reported to the - postmaster. + The list of error classes that are reported to the postmaster. smtpd_reject_footer (empty) - Optional information that is appended after each - Postfix SMTP server 4XX or 5XX response. + Optional information that is appended after each Postfix SMTP + server 4XX or 5XX response. soft_bounce (no) - Safety net to keep mail queued that would otherwise - be returned to the sender. + Safety net to keep mail queued that would otherwise be returned + to the sender. Available in Postfix version 2.1 and later: smtpd_authorized_xclient_hosts (empty) - What remote SMTP clients are allowed to use the - XCLIENT feature. + What remote SMTP clients are allowed to use the XCLIENT feature. Available in Postfix version 2.10 and later: smtpd_log_access_permit_actions (empty) - Enable logging of the named "permit" actions in - SMTP server access lists (by default, the SMTP - server logs "reject" actions but not "permit" - actions). + Enable logging of the named "permit" actions in SMTP server + access lists (by default, the SMTP server logs "reject" actions + but not "permit" actions). KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS - As of Postfix version 2.0, the SMTP server rejects mail - for unknown recipients. This prevents the mail queue from - clogging up with undeliverable MAILER-DAEMON messages. - Additional information on this topic is in the - LOCAL_RECIPIENT_README and ADDRESS_CLASS_README documents. + As of Postfix version 2.0, the SMTP server rejects mail for unknown + recipients. This prevents the mail queue from clogging up with undeliv- + erable MAILER-DAEMON messages. Additional information on this topic is + in the LOCAL_RECIPIENT_README and ADDRESS_CLASS_README documents. show_user_unknown_table_name (yes) - Display the name of the recipient table in the - "User unknown" responses. + Display the name of the recipient table in the "User unknown" + responses. canonical_maps (empty) - Optional address mapping lookup tables for message - headers and envelopes. + Optional address mapping lookup tables for message headers and + envelopes. recipient_canonical_maps (empty) - Optional address mapping lookup tables for envelope - and header recipient addresses. + Optional address mapping lookup tables for envelope and header + recipient addresses. Parameters concerning known/unknown local recipients: - mydestination ($myhostname, localhost.$mydomain, local- - host) - The list of domains that are delivered via the - $local_transport mail delivery transport. + mydestination ($myhostname, localhost.$mydomain, localhost) + The list of domains that are delivered via the $local_transport + mail delivery transport. inet_interfaces (all) - The network interface addresses that this mail sys- - tem receives mail on. + The network interface addresses that this mail system receives + mail on. proxy_interfaces (empty) - The network interface addresses that this mail sys- - tem receives mail on by way of a proxy or network - address translation unit. + The network interface addresses that this mail system receives + mail on by way of a proxy or network address translation unit. inet_protocols (all) - The Internet protocols Postfix will attempt to use - when making or accepting connections. + The Internet protocols Postfix will attempt to use when making + or accepting connections. - local_recipient_maps (proxy:unix:passwd.byname - $alias_maps) - Lookup tables with all names or addresses of local - recipients: a recipient address is local when its - domain matches $mydestination, $inet_interfaces or - $proxy_interfaces. + local_recipient_maps (proxy:unix:passwd.byname $alias_maps) + Lookup tables with all names or addresses of local recipients: a + recipient address is local when its domain matches $mydestina- + tion, $inet_interfaces or $proxy_interfaces. unknown_local_recipient_reject_code (550) - The numerical Postfix SMTP server response code - when a recipient address is local, and - $local_recipient_maps specifies a list of lookup - tables that does not match the recipient. + The numerical Postfix SMTP server response code when a recipient + address is local, and $local_recipient_maps specifies a list of + lookup tables that does not match the recipient. - Parameters concerning known/unknown recipients of relay - destinations: + Parameters concerning known/unknown recipients of relay destinations: relay_domains ($mydestination) - What destination domains (and subdomains thereof) - this system will relay mail to. + What destination domains (and subdomains thereof) this system + will relay mail to. relay_recipient_maps (empty) - Optional lookup tables with all valid addresses in - the domains that match $relay_domains. + Optional lookup tables with all valid addresses in the domains + that match $relay_domains. unknown_relay_recipient_reject_code (550) - The numerical Postfix SMTP server reply code when a - recipient address matches $relay_domains, and - relay_recipient_maps specifies a list of lookup - tables that does not match the recipient address. + The numerical Postfix SMTP server reply code when a recipient + address matches $relay_domains, and relay_recipient_maps speci- + fies a list of lookup tables that does not match the recipient + address. - Parameters concerning known/unknown recipients in virtual - alias domains: + Parameters concerning known/unknown recipients in virtual alias + domains: virtual_alias_domains ($virtual_alias_maps) - Postfix is final destination for the specified list - of virtual alias domains, that is, domains for - which all addresses are aliased to addresses in - other local or remote domains. + Postfix is final destination for the specified list of virtual + alias domains, that is, domains for which all addresses are + aliased to addresses in other local or remote domains. virtual_alias_maps ($virtual_maps) - Optional lookup tables that alias specific mail - addresses or domains to other local or remote - address. + Optional lookup tables that alias specific mail addresses or + domains to other local or remote address. unknown_virtual_alias_reject_code (550) - The Postfix SMTP server reply code when a recipient - address matches $virtual_alias_domains, and $vir- - tual_alias_maps specifies a list of lookup tables - that does not match the recipient address. + The Postfix SMTP server reply code when a recipient address + matches $virtual_alias_domains, and $virtual_alias_maps speci- + fies a list of lookup tables that does not match the recipient + address. - Parameters concerning known/unknown recipients in virtual - mailbox domains: + Parameters concerning known/unknown recipients in virtual mailbox + domains: virtual_mailbox_domains ($virtual_mailbox_maps) - Postfix is final destination for the specified list - of domains; mail is delivered via the $vir- - tual_transport mail delivery transport. + Postfix is final destination for the specified list of domains; + mail is delivered via the $virtual_transport mail delivery + transport. virtual_mailbox_maps (empty) - Optional lookup tables with all valid addresses in - the domains that match $virtual_mailbox_domains. + Optional lookup tables with all valid addresses in the domains + that match $virtual_mailbox_domains. unknown_virtual_mailbox_reject_code (550) - The Postfix SMTP server reply code when a recipient - address matches $virtual_mailbox_domains, and $vir- - tual_mailbox_maps specifies a list of lookup tables - that does not match the recipient address. + The Postfix SMTP server reply code when a recipient address + matches $virtual_mailbox_domains, and $virtual_mailbox_maps + specifies a list of lookup tables that does not match the recip- + ient address. RESOURCE AND RATE CONTROLS - The following parameters limit resource usage by the SMTP - server and/or control client request rates. + The following parameters limit resource usage by the SMTP server and/or + control client request rates. line_length_limit (2048) - Upon input, long lines are chopped up into pieces - of at most this length; upon delivery, long lines - are reconstructed. + Upon input, long lines are chopped up into pieces of at most + this length; upon delivery, long lines are reconstructed. queue_minfree (0) - The minimal amount of free space in bytes in the - queue file system that is needed to receive mail. + The minimal amount of free space in bytes in the queue file sys- + tem that is needed to receive mail. message_size_limit (10240000) - The maximal size in bytes of a message, including - envelope information. + The maximal size in bytes of a message, including envelope + information. smtpd_recipient_limit (1000) - The maximal number of recipients that the Postfix - SMTP server accepts per message delivery request. + The maximal number of recipients that the Postfix SMTP server + accepts per message delivery request. smtpd_timeout (normal: 300s, overload: 10s) - The time limit for sending a Postfix SMTP server - response and for receiving a remote SMTP client - request. + The time limit for sending a Postfix SMTP server response and + for receiving a remote SMTP client request. smtpd_history_flush_threshold (100) - The maximal number of lines in the Postfix SMTP - server command history before it is flushed upon - receipt of EHLO, RSET, or end of DATA. + The maximal number of lines in the Postfix SMTP server command + history before it is flushed upon receipt of EHLO, RSET, or end + of DATA. Available in Postfix version 2.3 and later: smtpd_peername_lookup (yes) - Attempt to look up the remote SMTP client hostname, - and verify that the name matches the client IP - address. + Attempt to look up the remote SMTP client hostname, and verify + that the name matches the client IP address. - The per SMTP client connection count and request rate lim- - its are implemented in co-operation with the anvil(8) ser- - vice, and are available in Postfix version 2.2 and later. + The per SMTP client connection count and request rate limits are imple- + mented in co-operation with the anvil(8) service, and are available in + Postfix version 2.2 and later. smtpd_client_connection_count_limit (50) - How many simultaneous connections any client is - allowed to make to this service. + How many simultaneous connections any client is allowed to make + to this service. smtpd_client_connection_rate_limit (0) - The maximal number of connection attempts any - client is allowed to make to this service per time - unit. + The maximal number of connection attempts any client is allowed + to make to this service per time unit. smtpd_client_message_rate_limit (0) - The maximal number of message delivery requests - that any client is allowed to make to this service - per time unit, regardless of whether or not Postfix - actually accepts those messages. + The maximal number of message delivery requests that any client + is allowed to make to this service per time unit, regardless of + whether or not Postfix actually accepts those messages. smtpd_client_recipient_rate_limit (0) - The maximal number of recipient addresses that any - client is allowed to send to this service per time - unit, regardless of whether or not Postfix actually - accepts those recipients. + The maximal number of recipient addresses that any client is + allowed to send to this service per time unit, regardless of + whether or not Postfix actually accepts those recipients. smtpd_client_event_limit_exceptions ($mynetworks) - Clients that are excluded from - smtpd_client_*_count/rate_limit restrictions. + Clients that are excluded from smtpd_client_*_count/rate_limit + restrictions. Available in Postfix version 2.3 and later: smtpd_client_new_tls_session_rate_limit (0) - The maximal number of new (i.e., uncached) TLS ses- - sions that a remote SMTP client is allowed to nego- - tiate with this service per time unit. + The maximal number of new (i.e., uncached) TLS sessions that a + remote SMTP client is allowed to negotiate with this service per + time unit. Available in Postfix version 2.9 and later: smtpd_per_record_deadline (normal: no, overload: yes) - Change the behavior of the smtpd_timeout and - smtpd_starttls_timeout time limits, from a time - limit per read or write system call, to a time - limit to send or receive a complete record (an SMTP - command line, SMTP response line, SMTP message con- - tent line, or TLS protocol message). + Change the behavior of the smtpd_timeout and smtpd_start- + tls_timeout time limits, from a time limit per read or write + system call, to a time limit to send or receive a complete + record (an SMTP command line, SMTP response line, SMTP message + content line, or TLS protocol message). TARPIT CONTROLS - When a remote SMTP client makes errors, the Postfix SMTP - server can insert delays before responding. This can help - to slow down run-away software. The behavior is con- - trolled by an error counter that counts the number of - errors within an SMTP session that a client makes without + When a remote SMTP client makes errors, the Postfix SMTP server can + insert delays before responding. This can help to slow down run-away + software. The behavior is controlled by an error counter that counts + the number of errors within an SMTP session that a client makes without delivering mail. smtpd_error_sleep_time (1s) - With Postfix version 2.1 and later: the SMTP server - response delay after a client has made more than - $smtpd_soft_error_limit errors, and fewer than - $smtpd_hard_error_limit errors, without delivering - mail. + With Postfix version 2.1 and later: the SMTP server response + delay after a client has made more than $smtpd_soft_error_limit + errors, and fewer than $smtpd_hard_error_limit errors, without + delivering mail. smtpd_soft_error_limit (10) - The number of errors a remote SMTP client is - allowed to make without delivering mail before the - Postfix SMTP server slows down all its responses. + The number of errors a remote SMTP client is allowed to make + without delivering mail before the Postfix SMTP server slows + down all its responses. smtpd_hard_error_limit (normal: 20, overload: 1) - The maximal number of errors a remote SMTP client - is allowed to make without delivering mail. + The maximal number of errors a remote SMTP client is allowed to + make without delivering mail. smtpd_junk_command_limit (normal: 100, overload: 1) - The number of junk commands (NOOP, VRFY, ETRN or - RSET) that a remote SMTP client can send before the - Postfix SMTP server starts to increment the error - counter with each junk command. + The number of junk commands (NOOP, VRFY, ETRN or RSET) that a + remote SMTP client can send before the Postfix SMTP server + starts to increment the error counter with each junk command. Available in Postfix version 2.1 and later: smtpd_recipient_overshoot_limit (1000) - The number of recipients that a remote SMTP client - can send in excess of the limit specified with - $smtpd_recipient_limit, before the Postfix SMTP - server increments the per-session error count for - each excess recipient. + The number of recipients that a remote SMTP client can send in + excess of the limit specified with $smtpd_recipient_limit, + before the Postfix SMTP server increments the per-session error + count for each excess recipient. ACCESS POLICY DELEGATION CONTROLS - As of version 2.1, Postfix can be configured to delegate - access policy decisions to an external server that runs - outside Postfix. See the file SMTPD_POLICY_README for - more information. + As of version 2.1, Postfix can be configured to delegate access policy + decisions to an external server that runs outside Postfix. See the + file SMTPD_POLICY_README for more information. smtpd_policy_service_max_idle (300s) - The time after which an idle SMTPD policy service - connection is closed. + The time after which an idle SMTPD policy service connection is + closed. smtpd_policy_service_max_ttl (1000s) - The time after which an active SMTPD policy service - connection is closed. + The time after which an active SMTPD policy service connection + is closed. smtpd_policy_service_timeout (100s) - The time limit for connecting to, writing to or - receiving from a delegated SMTPD policy server. + The time limit for connecting to, writing to or receiving from a + delegated SMTPD policy server. ACCESS CONTROLS - The SMTPD_ACCESS_README document gives an introduction to - all the SMTP server access control features. + The SMTPD_ACCESS_README document gives an introduction to all the SMTP + server access control features. smtpd_delay_reject (yes) - Wait until the RCPT TO command before evaluating - $smtpd_client_restrictions, $smtpd_helo_restric- - tions and $smtpd_sender_restrictions, or wait until - the ETRN command before evaluating - $smtpd_client_restrictions and $smtpd_helo_restric- - tions. + Wait until the RCPT TO command before evaluating + $smtpd_client_restrictions, $smtpd_helo_restrictions and + $smtpd_sender_restrictions, or wait until the ETRN command + before evaluating $smtpd_client_restrictions and + $smtpd_helo_restrictions. - parent_domain_matches_subdomains (see 'postconf -d' out- - put) - What Postfix features match subdomains of - "domain.tld" automatically, instead of requiring an - explicit ".domain.tld" pattern. + parent_domain_matches_subdomains (see 'postconf -d' output) + What Postfix features match subdomains of "domain.tld" automati- + cally, instead of requiring an explicit ".domain.tld" pattern. smtpd_client_restrictions (empty) - Optional restrictions that the Postfix SMTP server - applies in the context of a client connection - request. + Optional restrictions that the Postfix SMTP server applies in + the context of a client connection request. smtpd_helo_required (no) - Require that a remote SMTP client introduces itself - with the HELO or EHLO command before sending the - MAIL command or other commands that require EHLO - negotiation. + Require that a remote SMTP client introduces itself with the + HELO or EHLO command before sending the MAIL command or other + commands that require EHLO negotiation. smtpd_helo_restrictions (empty) - Optional restrictions that the Postfix SMTP server - applies in the context of a client HELO command. + Optional restrictions that the Postfix SMTP server applies in + the context of a client HELO command. smtpd_sender_restrictions (empty) - Optional restrictions that the Postfix SMTP server - applies in the context of a client MAIL FROM com- - mand. + Optional restrictions that the Postfix SMTP server applies in + the context of a client MAIL FROM command. smtpd_recipient_restrictions (see 'postconf -d' output) - Optional restrictions that the Postfix SMTP server - applies in the context of a client RCPT TO command, - after smtpd_relay_restrictions. + Optional restrictions that the Postfix SMTP server applies in + the context of a client RCPT TO command, after + smtpd_relay_restrictions. smtpd_etrn_restrictions (empty) - Optional restrictions that the Postfix SMTP server - applies in the context of a client ETRN command. + Optional restrictions that the Postfix SMTP server applies in + the context of a client ETRN command. allow_untrusted_routing (no) - Forward mail with sender-specified routing - (user[@%!]remote[@%!]site) from untrusted clients - to destinations matching $relay_domains. + Forward mail with sender-specified routing + (user[@%!]remote[@%!]site) from untrusted clients to destina- + tions matching $relay_domains. smtpd_restriction_classes (empty) - User-defined aliases for groups of access restric- - tions. + User-defined aliases for groups of access restrictions. smtpd_null_access_lookup_key (<>) - The lookup key to be used in SMTP access(5) tables - instead of the null sender address. + The lookup key to be used in SMTP access(5) tables instead of + the null sender address. permit_mx_backup_networks (empty) - Restrict the use of the permit_mx_backup SMTP - access feature to only domains whose primary MX - hosts match the listed networks. + Restrict the use of the permit_mx_backup SMTP access feature to + only domains whose primary MX hosts match the listed networks. Available in Postfix version 2.0 and later: smtpd_data_restrictions (empty) - Optional access restrictions that the Postfix SMTP - server applies in the context of the SMTP DATA com- - mand. + Optional access restrictions that the Postfix SMTP server + applies in the context of the SMTP DATA command. smtpd_expansion_filter (see 'postconf -d' output) - What characters are allowed in $name expansions of - RBL reply templates. + What characters are allowed in $name expansions of RBL reply + templates. Available in Postfix version 2.1 and later: smtpd_reject_unlisted_sender (no) - Request that the Postfix SMTP server rejects mail - from unknown sender addresses, even when no - explicit reject_unlisted_sender access restriction - is specified. + Request that the Postfix SMTP server rejects mail from unknown + sender addresses, even when no explicit reject_unlisted_sender + access restriction is specified. smtpd_reject_unlisted_recipient (yes) - Request that the Postfix SMTP server rejects mail - for unknown recipient addresses, even when no - explicit reject_unlisted_recipient access restric- - tion is specified. + Request that the Postfix SMTP server rejects mail for unknown + recipient addresses, even when no explicit + reject_unlisted_recipient access restriction is specified. Available in Postfix version 2.2 and later: smtpd_end_of_data_restrictions (empty) - Optional access restrictions that the Postfix SMTP - server applies in the context of the SMTP END-OF- - DATA command. + Optional access restrictions that the Postfix SMTP server + applies in the context of the SMTP END-OF-DATA command. Available in Postfix version 2.10 and later: - smtpd_relay_restrictions (permit_mynetworks, per- - mit_sasl_authenticated, defer_unauth_destination) - Access restrictions for mail relay control that the - Postfix SMTP server applies in the context of the - RCPT TO command, before smtpd_recipient_restric- - tions. + smtpd_relay_restrictions (permit_mynetworks, permit_sasl_authenticated, + defer_unauth_destination) + Access restrictions for mail relay control that the Postfix SMTP + server applies in the context of the RCPT TO command, before + smtpd_recipient_restrictions. SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS - Postfix version 2.1 introduces sender and recipient - address verification. This feature is implemented by - sending probe email messages that are not actually deliv- - ered. This feature is requested via the reject_unveri- - fied_sender and reject_unverified_recipient access - restrictions. The status of verification probes is main- - tained by the verify(8) server. See the file ADDRESS_VER- - IFICATION_README for information about how to configure - and operate the Postfix sender/recipient address verifica- - tion service. + Postfix version 2.1 introduces sender and recipient address verifica- + tion. This feature is implemented by sending probe email messages that + are not actually delivered. This feature is requested via the + reject_unverified_sender and reject_unverified_recipient access + restrictions. The status of verification probes is maintained by the + verify(8) server. See the file ADDRESS_VERIFICATION_README for infor- + mation about how to configure and operate the Postfix sender/recipient + address verification service. address_verify_poll_count (normal: 3, overload: 1) - How many times to query the verify(8) service for - the completion of an address verification request - in progress. + How many times to query the verify(8) service for the completion + of an address verification request in progress. address_verify_poll_delay (3s) - The delay between queries for the completion of an - address verification request in progress. + The delay between queries for the completion of an address veri- + fication request in progress. address_verify_sender ($double_bounce_sender) - The sender address to use in address verification - probes; prior to Postfix 2.5 the default was "post- - master". + The sender address to use in address verification probes; prior + to Postfix 2.5 the default was "postmaster". unverified_sender_reject_code (450) - The numerical Postfix SMTP server response code - when a recipient address is rejected by the - reject_unverified_sender restriction. + The numerical Postfix SMTP server response code when a recipient + address is rejected by the reject_unverified_sender restriction. unverified_recipient_reject_code (450) - The numerical Postfix SMTP server response when a - recipient address is rejected by the reject_unveri- - fied_recipient restriction. + The numerical Postfix SMTP server response when a recipient + address is rejected by the reject_unverified_recipient restric- + tion. Available in Postfix version 2.6 and later: unverified_sender_defer_code (450) - The numerical Postfix SMTP server response code - when a sender address probe fails due to a tempo- - rary error condition. + The numerical Postfix SMTP server response code when a sender + address probe fails due to a temporary error condition. unverified_recipient_defer_code (450) - The numerical Postfix SMTP server response when a - recipient address probe fails due to a temporary - error condition. + The numerical Postfix SMTP server response when a recipient + address probe fails due to a temporary error condition. unverified_sender_reject_reason (empty) - The Postfix SMTP server's reply when rejecting mail - with reject_unverified_sender. + The Postfix SMTP server's reply when rejecting mail with + reject_unverified_sender. unverified_recipient_reject_reason (empty) - The Postfix SMTP server's reply when rejecting mail - with reject_unverified_recipient. + The Postfix SMTP server's reply when rejecting mail with + reject_unverified_recipient. - unverified_sender_tempfail_action ($reject_temp- - fail_action) - The Postfix SMTP server's action when reject_unver- - ified_sender fails due to a temporary error condi- - tion. + unverified_sender_tempfail_action ($reject_tempfail_action) + The Postfix SMTP server's action when reject_unverified_sender + fails due to a temporary error condition. - unverified_recipient_tempfail_action ($reject_temp- - fail_action) - The Postfix SMTP server's action when reject_unver- - ified_recipient fails due to a temporary error con- - dition. + unverified_recipient_tempfail_action ($reject_tempfail_action) + The Postfix SMTP server's action when reject_unverified_recipi- + ent fails due to a temporary error condition. Available with Postfix 2.9 and later: address_verify_sender_ttl (0s) - The time between changes in the time-dependent por- - tion of address verification probe sender - addresses. + The time between changes in the time-dependent portion of + address verification probe sender addresses. ACCESS CONTROL RESPONSES - The following parameters control numerical SMTP reply - codes and/or text responses. + The following parameters control numerical SMTP reply codes and/or text + responses. access_map_reject_code (554) - The numerical Postfix SMTP server response code for - an access(5) map "reject" action. + The numerical Postfix SMTP server response code for an access(5) + map "reject" action. defer_code (450) - The numerical Postfix SMTP server response code - when a remote SMTP client request is rejected by - the "defer" restriction. + The numerical Postfix SMTP server response code when a remote + SMTP client request is rejected by the "defer" restriction. invalid_hostname_reject_code (501) - The numerical Postfix SMTP server response code - when the client HELO or EHLO command parameter is - rejected by the reject_invalid_helo_hostname - restriction. + The numerical Postfix SMTP server response code when the client + HELO or EHLO command parameter is rejected by the + reject_invalid_helo_hostname restriction. maps_rbl_reject_code (554) - The numerical Postfix SMTP server response code - when a remote SMTP client request is blocked by the - reject_rbl_client, reject_rhsbl_client, - reject_rhsbl_reverse_client, reject_rhsbl_sender or - reject_rhsbl_recipient restriction. + The numerical Postfix SMTP server response code when a remote + SMTP client request is blocked by the reject_rbl_client, + reject_rhsbl_client, reject_rhsbl_reverse_client, + reject_rhsbl_sender or reject_rhsbl_recipient restriction. non_fqdn_reject_code (504) - The numerical Postfix SMTP server reply code when a - client request is rejected by the - reject_non_fqdn_helo_hostname, - reject_non_fqdn_sender or reject_non_fqdn_recipient - restriction. + The numerical Postfix SMTP server reply code when a client + request is rejected by the reject_non_fqdn_helo_hostname, + reject_non_fqdn_sender or reject_non_fqdn_recipient restriction. plaintext_reject_code (450) - The numerical Postfix SMTP server response code - when a request is rejected by the reject_plain- - text_session restriction. + The numerical Postfix SMTP server response code when a request + is rejected by the reject_plaintext_session restriction. reject_code (554) - The numerical Postfix SMTP server response code - when a remote SMTP client request is rejected by - the "reject" restriction. + The numerical Postfix SMTP server response code when a remote + SMTP client request is rejected by the "reject" restriction. relay_domains_reject_code (554) - The numerical Postfix SMTP server response code - when a client request is rejected by the - reject_unauth_destination recipient restriction. + The numerical Postfix SMTP server response code when a client + request is rejected by the reject_unauth_destination recipient + restriction. unknown_address_reject_code (450) - The numerical Postfix SMTP server response code - when a sender or recipient address is rejected by - the reject_unknown_sender_domain or - reject_unknown_recipient_domain restriction. + The numerical Postfix SMTP server response code when a sender or + recipient address is rejected by the + reject_unknown_sender_domain or reject_unknown_recipient_domain + restriction. unknown_client_reject_code (450) - The numerical Postfix SMTP server response code - when a client without valid address <=> name map- - ping is rejected by the reject_unknown_client_host- - name restriction. + The numerical Postfix SMTP server response code when a client + without valid address <=> name mapping is rejected by the + reject_unknown_client_hostname restriction. unknown_hostname_reject_code (450) - The numerical Postfix SMTP server response code - when the hostname specified with the HELO or EHLO - command is rejected by the + The numerical Postfix SMTP server response code when the host- + name specified with the HELO or EHLO command is rejected by the reject_unknown_helo_hostname restriction. Available in Postfix version 2.0 and later: default_rbl_reply (see 'postconf -d' output) - The default Postfix SMTP server response template - for a request that is rejected by an RBL-based - restriction. + The default Postfix SMTP server response template for a request + that is rejected by an RBL-based restriction. multi_recipient_bounce_reject_code (550) - The numerical Postfix SMTP server response code - when a remote SMTP client request is blocked by the - reject_multi_recipient_bounce restriction. + The numerical Postfix SMTP server response code when a remote + SMTP client request is blocked by the reject_multi_recipi- + ent_bounce restriction. rbl_reply_maps (empty) Optional lookup tables with RBL response templates. @@ -1199,122 +1081,107 @@ SMTPD(8) SMTPD(8) Available in Postfix version 2.6 and later: access_map_defer_code (450) - The numerical Postfix SMTP server response code for - an access(5) map "defer" action, including - "defer_if_permit" or "defer_if_reject". + The numerical Postfix SMTP server response code for an access(5) + map "defer" action, including "defer_if_permit" or + "defer_if_reject". reject_tempfail_action (defer_if_permit) - The Postfix SMTP server's action when a reject-type - restriction fails due to a temporary error condi- - tion. + The Postfix SMTP server's action when a reject-type restriction + fails due to a temporary error condition. - unknown_helo_hostname_tempfail_action ($reject_temp- - fail_action) - The Postfix SMTP server's action when - reject_unknown_helo_hostname fails due to an tempo- - rary error condition. + unknown_helo_hostname_tempfail_action ($reject_tempfail_action) + The Postfix SMTP server's action when reject_unknown_helo_host- + name fails due to an temporary error condition. unknown_address_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when - reject_unknown_sender_domain or - reject_unknown_recipient_domain fail due to a tem- - porary error condition. + The Postfix SMTP server's action when + reject_unknown_sender_domain or reject_unknown_recipient_domain + fail due to a temporary error condition. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. command_directory (see 'postconf -d' output) - The location of all postfix administrative com- - mands. + The location of all postfix administrative commands. double_bounce_sender (double-bounce) - The sender address of postmaster notifications that - are generated by the mail system. + The sender address of postmaster notifications that are gener- + ated by the mail system. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. mail_name (Postfix) - The mail system name that is displayed in Received: - headers, in the SMTP greeting banner, and in - bounced mail. + The mail system name that is displayed in Received: headers, in + the SMTP greeting banner, and in bounced mail. mail_owner (postfix) - The UNIX system account that owns the Postfix queue - and most Postfix daemon processes. + The UNIX system account that owns the Postfix queue and most + Postfix daemon processes. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. myhostname (see 'postconf -d' output) The internet hostname of this mail system. mynetworks (see 'postconf -d' output) - The list of "trusted" remote SMTP clients that have - more privileges than "strangers". + The list of "trusted" remote SMTP clients that have more privi- + leges than "strangers". myorigin ($myhostname) - The domain name that locally-posted mail appears to - come from, and that locally posted mail is deliv- - ered to. + The domain name that locally-posted mail appears to come from, + and that locally posted mail is delivered to. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. recipient_delimiter (empty) - The set of characters that can separate a user name - from its extension (example: user+foo), or a .for- - ward file name from its extension (example: .for- - ward+foo). + The set of characters that can separate a user name from its + extension (example: user+foo), or a .forward file name from its + extension (example: .forward+foo). smtpd_banner ($myhostname ESMTP $mail_name) - The text that follows the 220 status code in the - SMTP greeting banner. + The text that follows the 220 status code in the SMTP greeting + banner. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". Available in Postfix version 2.2 and later: smtpd_forbidden_commands (CONNECT, GET, POST) - List of commands that cause the Postfix SMTP server - to immediately terminate the session with a 221 - code. + List of commands that cause the Postfix SMTP server to immedi- + ately terminate the session with a 221 code. Available in Postfix version 2.5 and later: smtpd_client_port_logging (no) - Enable logging of the remote SMTP client port in - addition to the hostname and IP address. + Enable logging of the remote SMTP client port in addition to the + hostname and IP address. SEE ALSO anvil(8), connection/rate limiting @@ -1343,8 +1210,7 @@ SMTPD(8) SMTPD(8) XFORWARD_README, Postfix XFORWARD extension LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/socketmap_table.5.html b/postfix/html/socketmap_table.5.html index d2008c24c..72582acd2 100644 --- a/postfix/html/socketmap_table.5.html +++ b/postfix/html/socketmap_table.5.html @@ -17,37 +17,35 @@ SOCKETMAP_TABLE(5) SOCKETMAP_TABLE(5) postmap -q - socketmap:unix:pathname:name <inputfile DESCRIPTION - The Postfix mail system uses optional tables for address - rewriting. mail routing or policy lookup. + The Postfix mail system uses optional tables for address rewriting. + mail routing or policy lookup. - The Postfix socketmap client expects TCP endpoint names of - the form inet:host:port:name, or UNIX-domain endponts of - the form unix:pathname:name. In both cases, name speci- - fies the name field in a socketmap client request (see - "REQUEST FORMAT" below). + The Postfix socketmap client expects TCP endpoint names of the form + inet:host:port:name, or UNIX-domain endponts of the form unix:path- + name:name. In both cases, name specifies the name field in a socketmap + client request (see "REQUEST FORMAT" below). PROTOCOL - Socketmaps use a simple protocol: the client sends one - request, and the server sends one reply. Each request and - reply are sent as one netstring object. + Socketmaps use a simple protocol: the client sends one request, and the + server sends one reply. Each request and reply are sent as one net- + string object. REQUEST FORMAT The socketmap protocol supports only the lookup request. - Postfix will not generate partial search keys such as - domain names without one or more subdomains, network - addresses without one or more least-significant octets, or - email addresses without the localpart, address extension - or domain portion. This behavior is also found with cidr:, - pcre:, and regexp: tables. + Postfix will not generate partial search keys such as domain names + without one or more subdomains, network addresses without one or more + least-significant octets, or email addresses without the localpart, + address extension or domain portion. This behavior is also found with + cidr:, pcre:, and regexp: tables. name <space> key Search the named socketmap for the specified key. REPLY FORMAT - The Postfix socketmap client requires that replies are not - longer than 100000 characters (not including the netstring - encapsulation). Replies must have the following form: + The Postfix socketmap client requires that replies are not longer than + 100000 characters (not including the netstring encapsulation). Replies + must have the following form: OK <space> data The requested data was found. @@ -60,8 +58,8 @@ SOCKETMAP_TABLE(5) SOCKETMAP_TABLE(5) TIMEOUT <space> reason PERM <space> reason - The request failed. The reason, if non-empty, is - descriptive text. + The request failed. The reason, if non-empty, is descriptive + text. SECURITY This map cannot be used for security-sensitive information, @@ -82,8 +80,7 @@ SOCKETMAP_TABLE(5) SOCKETMAP_TABLE(5) The protocol limits are not yet configurable. LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY Socketmap support was introduced with Postfix version 2.10. diff --git a/postfix/html/spawn.8.html b/postfix/html/spawn.8.html index fbd6523e9..f2f905b1f 100644 --- a/postfix/html/spawn.8.html +++ b/postfix/html/spawn.8.html @@ -13,130 +13,116 @@ SPAWN(8) SPAWN(8) spawn [generic Postfix daemon options] command_attributes... DESCRIPTION - The spawn(8) daemon provides the Postfix equivalent of - inetd. It listens on a port as specified in the Postfix - master.cf file and spawns an external command whenever a - connection is established. The connection can be made - over local IPC (such as UNIX-domain sockets) or over non- - local IPC (such as TCP sockets). The command's standard - input, output and error streams are connected directly to - the communication endpoint. - - This daemon expects to be run from the master(8) process - manager. + The spawn(8) daemon provides the Postfix equivalent of inetd. It lis- + tens on a port as specified in the Postfix master.cf file and spawns an + external command whenever a connection is established. The connection + can be made over local IPC (such as UNIX-domain sockets) or over non- + local IPC (such as TCP sockets). The command's standard input, output + and error streams are connected directly to the communication endpoint. + + This daemon expects to be run from the master(8) process manager. COMMAND ATTRIBUTE SYNTAX - The external command attributes are given in the master.cf - file at the end of a service definition. The syntax is as - follows: + The external command attributes are given in the master.cf file at the + end of a service definition. The syntax is as follows: user=username (required) user=username:groupname - The external command is executed with the rights of - the specified username. The software refuses to - execute commands with root privileges, or with the - privileges of the mail system owner. If groupname - is specified, the corresponding group ID is used - instead of the group ID of username. + The external command is executed with the rights of the speci- + fied username. The software refuses to execute commands with + root privileges, or with the privileges of the mail system + owner. If groupname is specified, the corresponding group ID is + used instead of the group ID of username. argv=command... (required) - The command to be executed. This must be specified - as the last command attribute. The command is exe- - cuted directly, i.e. without interpretation of - shell meta characters by a shell command inter- - preter. + The command to be executed. This must be specified as the last + command attribute. The command is executed directly, i.e. with- + out interpretation of shell meta characters by a shell command + interpreter. BUGS - In order to enforce standard Postfix process resource con- - trols, the spawn(8) daemon runs only one external command - at a time. As such, it presents a noticeable overhead by - wasting precious process resources. The spawn(8) daemon is - expected to be replaced by a more structural solution. + In order to enforce standard Postfix process resource controls, the + spawn(8) daemon runs only one external command at a time. As such, it + presents a noticeable overhead by wasting precious process resources. + The spawn(8) daemon is expected to be replaced by a more structural + solution. DIAGNOSTICS - The spawn(8) daemon reports abnormal child exits. Prob- - lems are logged to syslogd(8). + The spawn(8) daemon reports abnormal child exits. Problems are logged + to syslogd(8). SECURITY - This program needs root privilege in order to execute - external commands as the specified user. It is therefore - security sensitive. However the spawn(8) daemon does not - talk to the external command and thus is not vulnerable to - data-driven attacks. + This program needs root privilege in order to execute external commands + as the specified user. It is therefore security sensitive. However the + spawn(8) daemon does not talk to the external command and thus is not + vulnerable to data-driven attacks. CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically as spawn(8) - processes run for only a limited amount of time. Use the - command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically as spawn(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. - In the text below, transport is the first field of the - entry in the master.cf file. + In the text below, transport is the first field of the entry in the + master.cf file. RESOURCE AND RATE CONTROL transport_time_limit ($command_time_limit) - The amount of time the command is allowed to run - before it is terminated. + The amount of time the command is allowed to run before it is + terminated. - Postfix 2.4 and later support a suffix that speci- - fies the time unit: s (seconds), m (minutes), h - (hours), d (days), w (weeks). The default time unit - is seconds. + Postfix 2.4 and later support a suffix that specifies the time + unit: s (seconds), m (minutes), h (hours), d (days), w (weeks). + The default time unit is seconds. MISCELLANEOUS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. export_environment (see 'postconf -d' output) - The list of environment variables that a Postfix - process will export to non-Postfix processes. + The list of environment variables that a Postfix process will + export to non-Postfix processes. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. mail_owner (postfix) - The UNIX system account that owns the Postfix queue - and most Postfix daemon processes. + The UNIX system account that owns the Postfix queue and most + Postfix daemon processes. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". SEE ALSO postconf(5), configuration parameters @@ -144,8 +130,7 @@ SPAWN(8) SPAWN(8) syslogd(8), system logging LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/sqlite_table.5.html b/postfix/html/sqlite_table.5.html index d1585eeab..f396aaa50 100644 --- a/postfix/html/sqlite_table.5.html +++ b/postfix/html/sqlite_table.5.html @@ -15,235 +15,204 @@ SQLITE_TABLE(5) SQLITE_TABLE(5) postmap -q - sqlite:/etc/postfix/filename <inputfile DESCRIPTION - The Postfix mail system uses optional tables for address - rewriting or mail routing. These tables are usually in dbm - or db format. + The Postfix mail system uses optional tables for address rewriting or + mail routing. These tables are usually in dbm or db format. - Alternatively, lookup tables can be specified as SQLite - databases. In order to use SQLite lookups, define an - SQLite source as a lookup table in main.cf, for example: + Alternatively, lookup tables can be specified as SQLite databases. In + order to use SQLite lookups, define an SQLite source as a lookup table + in main.cf, for example: alias_maps = sqlite:/etc/sqlite-aliases.cf - The file /etc/postfix/sqlite-aliases.cf has the same for- - mat as the Postfix main.cf file, and can specify the - parameters described below. + The file /etc/postfix/sqlite-aliases.cf has the same format as the + Postfix main.cf file, and can specify the parameters described below. BACKWARDS COMPATIBILITY - For compatibility with other Postfix lookup tables, SQLite - parameters can also be defined in main.cf. In order to do - that, specify as SQLite source a name that doesn't begin - with a slash or a dot. The SQLite parameters will then be - accessible as the name you've given the source in its def- - inition, an underscore, and the name of the parameter. - For example, if the map is specified as "sqlite:sqlite- - name", the parameter "query" below would be defined in - main.cf as "sqlitename_query". - - Normally, the SQL query is specified via a single query - parameter (described in more detail below). When this - parameter is not specified in the map definition, Postfix - reverts to an older interface, with the SQL query con- - structed from the select_field, table, where_field and - additional_conditions parameters. The old interface will - be gradually phased out. To migrate to the new interface - set: + For compatibility with other Postfix lookup tables, SQLite parameters + can also be defined in main.cf. In order to do that, specify as SQLite + source a name that doesn't begin with a slash or a dot. The SQLite + parameters will then be accessible as the name you've given the source + in its definition, an underscore, and the name of the parameter. For + example, if the map is specified as "sqlite:sqlitename", the parameter + "query" below would be defined in main.cf as "sqlitename_query". + + Normally, the SQL query is specified via a single query parameter + (described in more detail below). When this parameter is not specified + in the map definition, Postfix reverts to an older interface, with the + SQL query constructed from the select_field, table, where_field and + additional_conditions parameters. The old interface will be gradually + phased out. To migrate to the new interface set: query = SELECT [select_field] FROM [table] WHERE [where_field] = '%s' [additional_conditions] - Insert the value, not the name, of each legacy parameter. - Note that the additional_conditions parameter is optional - and if not empty, will always start with AND. + Insert the value, not the name, of each legacy parameter. Note that the + additional_conditions parameter is optional and if not empty, will + always start with AND. LIST MEMBERSHIP - When using SQL to store lists such as $mynetworks, $mydes- - tination, $relay_domains, $local_recipient_maps, etc., it - is important to understand that the table must store each - list member as a separate key. The table lookup verifies - the *existence* of the key. See "Postfix lists versus - tables" in the DATABASE_README document for a discussion. + When using SQL to store lists such as $mynetworks, $mydestination, + $relay_domains, $local_recipient_maps, etc., it is important to under- + stand that the table must store each list member as a separate key. The + table lookup verifies the *existence* of the key. See "Postfix lists + versus tables" in the DATABASE_README document for a discussion. - Do NOT create tables that return the full list of domains - in $mydestination or $relay_domains etc., or IP addresses - in $mynetworks. + Do NOT create tables that return the full list of domains in $mydesti- + nation or $relay_domains etc., or IP addresses in $mynetworks. - DO create tables with each matching item as a key and with - an arbitrary value. With SQL databases it is not uncommon - to return the key itself or a constant value. + DO create tables with each matching item as a key and with an arbitrary + value. With SQL databases it is not uncommon to return the key itself + or a constant value. SQLITE PARAMETERS dbpath The SQLite database file location. Example: dbpath = customer_database - query The SQL query template used to search the database, - where %s is a substitute for the address Postfix is - trying to resolve, e.g. + query The SQL query template used to search the database, where %s is + a substitute for the address Postfix is trying to resolve, e.g. query = SELECT replacement FROM aliases WHERE mailbox = '%s' - This parameter supports the following '%' expan- - sions: + This parameter supports the following '%' expansions: %% This is replaced by a literal '%' character. - %s This is replaced by the input key. SQL - quoting is used to make sure that the input - key does not add unexpected metacharacters. - - %u When the input key is an address of the form - user@domain, %u is replaced by the SQL - quoted local part of the address. Other- - wise, %u is replaced by the entire search - string. If the localpart is empty, the - query is suppressed and returns no results. - - %d When the input key is an address of the form - user@domain, %d is replaced by the SQL - quoted domain part of the address. Other- - wise, the query is suppressed and returns no - results. - - %[SUD] The upper-case equivalents of the above - expansions behave in the query parameter - identically to their lower-case counter- - parts. With the result_format parameter - (see below), they expand the input key - rather than the result value. - - %[1-9] The patterns %1, %2, ... %9 are replaced by - the corresponding most significant component - of the input key's domain. If the input key - is user@mail.example.com, then %1 is com, %2 - is example and %3 is mail. If the input key - is unqualified or does not have enough - domain components to satisfy all the speci- - fied patterns, the query is suppressed and - returns no results. - - The domain parameter described below limits the - input keys to addresses in matching domains. When - the domain parameter is non-empty, SQL queries for - unqualified addresses or addresses in non-matching - domains are suppressed and return no results. - - This parameter is available with Postfix 2.2. In - prior releases the SQL query was built from the - separate parameters: select_field, table, - where_field and additional_conditions. The mapping - from the old parameters to the equivalent query is: + %s This is replaced by the input key. SQL quoting is used + to make sure that the input key does not add unexpected + metacharacters. + + %u When the input key is an address of the form user@domain, + %u is replaced by the SQL quoted local part of the + address. Otherwise, %u is replaced by the entire search + string. If the localpart is empty, the query is sup- + pressed and returns no results. + + %d When the input key is an address of the form user@domain, + %d is replaced by the SQL quoted domain part of the + address. Otherwise, the query is suppressed and returns + no results. + + %[SUD] The upper-case equivalents of the above expansions behave + in the query parameter identically to their lower-case + counter-parts. With the result_format parameter (see + below), they expand the input key rather than the result + value. + + %[1-9] The patterns %1, %2, ... %9 are replaced by the corre- + sponding most significant component of the input key's + domain. If the input key is user@mail.example.com, then + %1 is com, %2 is example and %3 is mail. If the input key + is unqualified or does not have enough domain components + to satisfy all the specified patterns, the query is sup- + pressed and returns no results. + + The domain parameter described below limits the input keys to + addresses in matching domains. When the domain parameter is non- + empty, SQL queries for unqualified addresses or addresses in + non-matching domains are suppressed and return no results. + + This parameter is available with Postfix 2.2. In prior releases + the SQL query was built from the separate parameters: + select_field, table, where_field and additional_conditions. The + mapping from the old parameters to the equivalent query is: SELECT [select_field] FROM [table] WHERE [where_field] = '%s' [additional_conditions] - The '%s' in the WHERE clause expands to the escaped - search string. With Postfix 2.2 these legacy - parameters are used if the query parameter is not - specified. + The '%s' in the WHERE clause expands to the escaped search + string. With Postfix 2.2 these legacy parameters are used if + the query parameter is not specified. NOTE: DO NOT put quotes around the query parameter. result_format (default: %s) - Format template applied to result attributes. Most - commonly used to append (or prepend) text to the - result. This parameter supports the following '%' - expansions: + Format template applied to result attributes. Most commonly used + to append (or prepend) text to the result. This parameter sup- + ports the following '%' expansions: %% This is replaced by a literal '%' character. - %s This is replaced by the value of the result - attribute. When result is empty it is - skipped. + %s This is replaced by the value of the result attribute. + When result is empty it is skipped. - %u When the result attribute value is an - address of the form user@domain, %u is - replaced by the local part of the address. - When the result has an empty localpart it is + %u When the result attribute value is an address of the form + user@domain, %u is replaced by the local part of the + address. When the result has an empty localpart it is skipped. - %d When a result attribute value is an address - of the form user@domain, %d is replaced by - the domain part of the attribute value. When - the result is unqualified it is skipped. + %d When a result attribute value is an address of the form + user@domain, %d is replaced by the domain part of the + attribute value. When the result is unqualified it is + skipped. %[SUD1-9] - The upper-case and decimal digit expansions - interpolate the parts of the input key - rather than the result. Their behavior is - identical to that described with query, and - in fact because the input key is known in - advance, queries whose key does not contain - all the information specified in the result - template are suppressed and return no - results. - - For example, using "result_format = smtp:[%s]" - allows one to use a mailHost attribute as the basis - of a transport(5) table. After applying the result - format, multiple values are concatenated as comma - separated strings. The expansion_limit and parame- - ter explained below allows one to restrict the num- - ber of values in the result, which is especially - useful for maps that must return at most one value. - - The default value %s specifies that each result - value should be used as is. - - This parameter is available with Postfix 2.2 and - later. + The upper-case and decimal digit expansions interpolate + the parts of the input key rather than the result. Their + behavior is identical to that described with query, and + in fact because the input key is known in advance, + queries whose key does not contain all the information + specified in the result template are suppressed and + return no results. + + For example, using "result_format = smtp:[%s]" allows one to use + a mailHost attribute as the basis of a transport(5) table. After + applying the result format, multiple values are concatenated as + comma separated strings. The expansion_limit and parameter + explained below allows one to restrict the number of values in + the result, which is especially useful for maps that must return + at most one value. + + The default value %s specifies that each result value should be + used as is. + + This parameter is available with Postfix 2.2 and later. NOTE: DO NOT put quotes around the result format! domain (default: no domain list) - This is a list of domain names, paths to files, or - dictionaries. When specified, only fully qualified - search keys with a *non-empty* localpart and a - matching domain are eligible for lookup: 'user' - lookups, bare domain lookups and "@domain" lookups - are not performed. This can significantly reduce - the query load on the SQLite server. + This is a list of domain names, paths to files, or dictionaries. + When specified, only fully qualified search keys with a *non- + empty* localpart and a matching domain are eligible for lookup: + 'user' lookups, bare domain lookups and "@domain" lookups are + not performed. This can significantly reduce the query load on + the SQLite server. domain = postfix.org, hash:/etc/postfix/searchdomains - It is best not to use SQL to store the domains eli- - gible for SQL lookups. + It is best not to use SQL to store the domains eligible for SQL + lookups. - This parameter is available with Postfix 2.2 and - later. + This parameter is available with Postfix 2.2 and later. - NOTE: DO NOT define this parameter for local(8) - aliases, because the input keys are always unquali- - fied. + NOTE: DO NOT define this parameter for local(8) aliases, because + the input keys are always unqualified. expansion_limit (default: 0) - A limit on the total number of result elements - returned (as a comma separated list) by a lookup - against the map. A setting of zero disables the - limit. Lookups fail with a temporary error if the - limit is exceeded. Setting the limit to 1 ensures - that lookups do not return multiple values. + A limit on the total number of result elements returned (as a + comma separated list) by a lookup against the map. A setting of + zero disables the limit. Lookups fail with a temporary error if + the limit is exceeded. Setting the limit to 1 ensures that + lookups do not return multiple values. OBSOLETE QUERY INTERFACE - This section describes an interface that is deprecated as - of Postfix 2.2. It is replaced by the more general query - interface described above. If the query parameter is - defined, the legacy parameters described here ignored. - Please migrate to the new interface as the legacy inter- - face may be removed in a future release. + This section describes an interface that is deprecated as of Postfix + 2.2. It is replaced by the more general query interface described + above. If the query parameter is defined, the legacy parameters + described here ignored. Please migrate to the new interface as the + legacy interface may be removed in a future release. - The following parameters can be used to fill in a SELECT - template statement of the form: + The following parameters can be used to fill in a SELECT template + statement of the form: SELECT [select_field] FROM [table] WHERE [where_field] = '%s' [additional_conditions] - The specifier %s is replaced by the search string, and is - escaped so if it contains single quotes or other odd char- - acters, it will not cause a parse error, or worse, a secu- - rity problem. + The specifier %s is replaced by the search string, and is escaped so if + it contains single quotes or other odd characters, it will not cause a + parse error, or worse, a security problem. select_field The SQL "select" parameter. Example: @@ -272,8 +241,7 @@ SQLITE_TABLE(5) SQLITE_TABLE(5) SQLITE_README, Postfix SQLITE howto LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY SQLite support was introduced with Postfix version 2.8. diff --git a/postfix/html/tcp_table.5.html b/postfix/html/tcp_table.5.html index 33750d336..de88f9ef1 100644 --- a/postfix/html/tcp_table.5.html +++ b/postfix/html/tcp_table.5.html @@ -15,29 +15,27 @@ TCP_TABLE(5) TCP_TABLE(5) postmap -q - tcp:host:port <inputfile DESCRIPTION - The Postfix mail system uses optional tables for address - rewriting or mail routing. These tables are usually in dbm - or db format. Alternatively, table lookups can be directed - to a TCP server. + The Postfix mail system uses optional tables for address rewriting or + mail routing. These tables are usually in dbm or db format. Alterna- + tively, table lookups can be directed to a TCP server. - To find out what types of lookup tables your Postfix sys- - tem supports use the "postconf -m" command. + To find out what types of lookup tables your Postfix system supports + use the "postconf -m" command. - To test lookup tables, use the "postmap -q" command as - described in the SYNOPSIS above. + To test lookup tables, use the "postmap -q" command as described in the + SYNOPSIS above. PROTOCOL DESCRIPTION - The TCP map class implements a very simple protocol: the - client sends a request, and the server sends one reply. - Requests and replies are sent as one line of ASCII text, - terminated by the ASCII newline character. Request and - reply parameters (see below) are separated by whitespace. + The TCP map class implements a very simple protocol: the client sends a + request, and the server sends one reply. Requests and replies are sent + as one line of ASCII text, terminated by the ASCII newline character. + Request and reply parameters (see below) are separated by whitespace. - Send and receive operations must complete in 100 seconds. + Send and receive operations must complete in 100 seconds. REQUEST FORMAT - Each request specifies a command, a lookup key, and possi- - bly a lookup result. + Each request specifies a command, a lookup key, and possibly a lookup + result. get SPACE key NEWLINE Look up data under the specified key. @@ -46,47 +44,42 @@ TCP_TABLE(5) TCP_TABLE(5) This request is currently not implemented. REPLY FORMAT - Each reply specifies a status code and text. Replies must - be no longer than 4096 characters including the newline - terminator. + Each reply specifies a status code and text. Replies must be no longer + than 4096 characters including the newline terminator. 500 SPACE text NEWLINE - In case of a lookup request, the requested data - does not exist. In case of an update request, the - request was rejected. The text describes the - nature of the problem. + In case of a lookup request, the requested data does not exist. + In case of an update request, the request was rejected. The + text describes the nature of the problem. 400 SPACE text NEWLINE - This indicates an error condition. The text - describes the nature of the problem. The client - should retry the request later. + This indicates an error condition. The text describes the nature + of the problem. The client should retry the request later. 200 SPACE text NEWLINE - The request was successful. In the case of a lookup - request, the text contains an encoded version of - the requested data. + The request was successful. In the case of a lookup request, the + text contains an encoded version of the requested data. ENCODING - In request and reply parameters, the character %, each - non-printing character, and each whitespace character must - be replaced by %XX, where XX is the corresponding ASCII - hexadecimal character value. The hexadecimal codes can be - specified in any case (upper, lower, mixed). + In request and reply parameters, the character %, each non-printing + character, and each whitespace character must be replaced by %XX, where + XX is the corresponding ASCII hexadecimal character value. The hexadec- + imal codes can be specified in any case (upper, lower, mixed). - The Postfix client always encodes a request. The server - may omit the encoding as long as the reply is guaranteed - to not contain the % or NEWLINE character. + The Postfix client always encodes a request. The server may omit the + encoding as long as the reply is guaranteed to not contain the % or + NEWLINE character. SECURITY - Do not use TCP lookup tables for security critical pur- - poses. The client-server connection is not protected and - the server is not authenticated. + Do not use TCP lookup tables for security critical purposes. The + client-server connection is not protected and the server is not authen- + ticated. BUGS Only the lookup method is currently implemented. - The client does not hang up when the connection is idle - for a long time. + The client does not hang up when the connection is idle for a long + time. SEE ALSO postmap(1), Postfix lookup table manager @@ -98,8 +91,7 @@ TCP_TABLE(5) TCP_TABLE(5) DATABASE_README, Postfix lookup table overview LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/tlsmgr.8.html b/postfix/html/tlsmgr.8.html index 12e43777e..f24d6dbe2 100644 --- a/postfix/html/tlsmgr.8.html +++ b/postfix/html/tlsmgr.8.html @@ -13,155 +13,142 @@ TLSMGR(8) TLSMGR(8) tlsmgr [generic Postfix daemon options] DESCRIPTION - The tlsmgr(8) manages the Postfix TLS session caches. It - stores and retrieves cache entries on request by smtpd(8) - and smtp(8) processes, and periodically removes entries - that have expired. - - The tlsmgr(8) also manages the PRNG (pseudo random number - generator) pool. It answers queries by the smtpd(8) and - smtp(8) processes to seed their internal PRNG pools. - - The tlsmgr(8)'s PRNG pool is initially seeded from an - external source (EGD, /dev/urandom, or regular file). It - is updated at configurable pseudo-random intervals with - data from the external source. It is updated periodically - with data from TLS session cache entries and with the time - of day, and is updated with the time of day whenever a - process requests tlsmgr(8) service. - - The tlsmgr(8) saves the PRNG state to an exchange file - periodically and when the process terminates, and reads - the exchange file when initializing its PRNG. + The tlsmgr(8) manages the Postfix TLS session caches. It stores and + retrieves cache entries on request by smtpd(8) and smtp(8) processes, + and periodically removes entries that have expired. + + The tlsmgr(8) also manages the PRNG (pseudo random number generator) + pool. It answers queries by the smtpd(8) and smtp(8) processes to seed + their internal PRNG pools. + + The tlsmgr(8)'s PRNG pool is initially seeded from an external source + (EGD, /dev/urandom, or regular file). It is updated at configurable + pseudo-random intervals with data from the external source. It is + updated periodically with data from TLS session cache entries and with + the time of day, and is updated with the time of day whenever a process + requests tlsmgr(8) service. + + The tlsmgr(8) saves the PRNG state to an exchange file periodically and + when the process terminates, and reads the exchange file when initial- + izing its PRNG. SECURITY - The tlsmgr(8) is not security-sensitive. The code that - maintains the external and internal PRNG pools does not - "trust" the data that it manipulates, and the code that - maintains the TLS session cache does not touch the con- - tents of the cached entries, except for seeding its inter- + The tlsmgr(8) is not security-sensitive. The code that maintains the + external and internal PRNG pools does not "trust" the data that it + manipulates, and the code that maintains the TLS session cache does not + touch the contents of the cached entries, except for seeding its inter- nal PRNG pool. - The tlsmgr(8) can be run chrooted and with reduced privi- - leges. At process startup it connects to the entropy - source and exchange file, and creates or truncates the - optional TLS session cache files. + The tlsmgr(8) can be run chrooted and with reduced privileges. At + process startup it connects to the entropy source and exchange file, + and creates or truncates the optional TLS session cache files. - With Postfix version 2.5 and later, the tlsmgr(8) no - longer uses root privileges when opening cache files. - These files should now be stored under the Postfix-owned - data_directory. As a migration aid, an attempt to open a - cache file under a non-Postfix directory is redirected to - the Postfix-owned data_directory, and a warning is logged. + With Postfix version 2.5 and later, the tlsmgr(8) no longer uses root + privileges when opening cache files. These files should now be stored + under the Postfix-owned data_directory. As a migration aid, an attempt + to open a cache file under a non-Postfix directory is redirected to the + Postfix-owned data_directory, and a warning is logged. DIAGNOSTICS Problems and transactions are logged to the syslog daemon. BUGS - There is no automatic means to limit the number of entries - in the TLS session caches and/or the size of the TLS cache - files. + There is no automatic means to limit the number of entries in the TLS + session caches and/or the size of the TLS cache files. CONFIGURATION PARAMETERS - Changes to main.cf are not picked up automatically, - because tlsmgr(8) is a persistent processes. Use the com- - mand "postfix reload" after a configuration change. + Changes to main.cf are not picked up automatically, because tlsmgr(8) + is a persistent processes. Use the command "postfix reload" after a + configuration change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. TLS SESSION CACHE lmtp_tls_loglevel (0) - The LMTP-specific version of the smtp_tls_loglevel - configuration parameter. + The LMTP-specific version of the smtp_tls_loglevel configuration + parameter. lmtp_tls_session_cache_database (empty) - The LMTP-specific version of the smtp_tls_ses- - sion_cache_database configuration parameter. + The LMTP-specific version of the smtp_tls_session_cache_database + configuration parameter. lmtp_tls_session_cache_timeout (3600s) - The LMTP-specific version of the smtp_tls_ses- - sion_cache_timeout configuration parameter. + The LMTP-specific version of the smtp_tls_session_cache_timeout + configuration parameter. smtp_tls_loglevel (0) - Enable additional Postfix SMTP client logging of - TLS activity. + Enable additional Postfix SMTP client logging of TLS activity. smtp_tls_session_cache_database (empty) - Name of the file containing the optional Postfix - SMTP client TLS session cache. + Name of the file containing the optional Postfix SMTP client TLS + session cache. smtp_tls_session_cache_timeout (3600s) - The expiration time of Postfix SMTP client TLS ses- - sion cache information. + The expiration time of Postfix SMTP client TLS session cache + information. smtpd_tls_loglevel (0) - Enable additional Postfix SMTP server logging of - TLS activity. + Enable additional Postfix SMTP server logging of TLS activity. smtpd_tls_session_cache_database (empty) - Name of the file containing the optional Postfix - SMTP server TLS session cache. + Name of the file containing the optional Postfix SMTP server TLS + session cache. smtpd_tls_session_cache_timeout (3600s) - The expiration time of Postfix SMTP server TLS ses- - sion cache information. + The expiration time of Postfix SMTP server TLS session cache + information. PSEUDO RANDOM NUMBER GENERATOR tls_random_source (see 'postconf -d' output) - The external entropy source for the in-memory - tlsmgr(8) pseudo random number generator (PRNG) - pool. + The external entropy source for the in-memory tlsmgr(8) pseudo + random number generator (PRNG) pool. tls_random_bytes (32) - The number of bytes that tlsmgr(8) reads from - $tls_random_source when (re)seeding the in-memory - pseudo random number generator (PRNG) pool. + The number of bytes that tlsmgr(8) reads from $tls_random_source + when (re)seeding the in-memory pseudo random number generator + (PRNG) pool. tls_random_exchange_name (see 'postconf -d' output) - Name of the pseudo random number generator (PRNG) - state file that is maintained by tlsmgr(8). + Name of the pseudo random number generator (PRNG) state file + that is maintained by tlsmgr(8). tls_random_prng_update_period (3600s) - The time between attempts by tlsmgr(8) to save the - state of the pseudo random number generator (PRNG) - to the file specified with $tls_ran- - dom_exchange_name. + The time between attempts by tlsmgr(8) to save the state of the + pseudo random number generator (PRNG) to the file specified with + $tls_random_exchange_name. tls_random_reseed_period (3600s) - The maximal time between attempts by tlsmgr(8) to - re-seed the in-memory pseudo random number genera- - tor (PRNG) pool from external sources. + The maximal time between attempts by tlsmgr(8) to re-seed the + in-memory pseudo random number generator (PRNG) pool from exter- + nal sources. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. data_directory (see 'postconf -d' output) - The directory with Postfix-writable data files (for - example: caches, pseudo-random numbers). + The directory with Postfix-writable data files (for example: + caches, pseudo-random numbers). daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". SEE ALSO smtp(8), Postfix SMTP client @@ -175,8 +162,7 @@ TLSMGR(8) TLSMGR(8) TLS_README, Postfix TLS configuration and operation LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY This service was introduced with Postfix version 2.2. diff --git a/postfix/html/tlsproxy.8.html b/postfix/html/tlsproxy.8.html index dfd20d4f7..7a239b224 100644 --- a/postfix/html/tlsproxy.8.html +++ b/postfix/html/tlsproxy.8.html @@ -13,217 +13,187 @@ TLSPROXY(8) TLSPROXY(8) tlsproxy [generic Postfix daemon options] DESCRIPTION - The tlsproxy(8) server implements a server-side TLS proxy. - It is used by postscreen(8) to talk SMTP-over-TLS with - remote SMTP clients that are not whitelisted (including - clients whose whitelist status has expired), but it should - also work for non-SMTP protocols. + The tlsproxy(8) server implements a server-side TLS proxy. It is used + by postscreen(8) to talk SMTP-over-TLS with remote SMTP clients that + are not whitelisted (including clients whose whitelist status has + expired), but it should also work for non-SMTP protocols. - Although one tlsproxy(8) process can serve multiple ses- - sions at the same time, it is a good idea to allow the - number of processes to increase with load, so that the - service remains responsive. + Although one tlsproxy(8) process can serve multiple sessions at the + same time, it is a good idea to allow the number of processes to + increase with load, so that the service remains responsive. PROTOCOL EXAMPLE - The example below concerns postscreen(8). However, the - tlsproxy(8) server is agnostic of the application proto- - col, and the example is easily adapted to other applica- - tions. - - After receiving a valid remote SMTP client STARTTLS com- - mand, the postscreen(8) server sends the remote SMTP - client endpoint string, the requested role (server), and - the requested timeout to tlsproxy(8). postscreen(8) then - receives a "TLS available" indication from tlsproxy(8). - If the TLS service is available, postscreen(8) sends the - remote SMTP client file descriptor to tlsproxy(8), and - sends the plaintext 220 greeting to the remote SMTP - client. This triggers TLS negotiations between the remote - SMTP client and tlsproxy(8). Upon completion of the TLS- - level handshake, tlsproxy(8) translates between plaintext - from/to postscreen(8) and ciphertext to/from the remote - SMTP client. + The example below concerns postscreen(8). However, the tlsproxy(8) + server is agnostic of the application protocol, and the example is eas- + ily adapted to other applications. + + After receiving a valid remote SMTP client STARTTLS command, the + postscreen(8) server sends the remote SMTP client endpoint string, the + requested role (server), and the requested timeout to tlsproxy(8). + postscreen(8) then receives a "TLS available" indication from + tlsproxy(8). If the TLS service is available, postscreen(8) sends the + remote SMTP client file descriptor to tlsproxy(8), and sends the plain- + text 220 greeting to the remote SMTP client. This triggers TLS negoti- + ations between the remote SMTP client and tlsproxy(8). Upon completion + of the TLS-level handshake, tlsproxy(8) translates between plaintext + from/to postscreen(8) and ciphertext to/from the remote SMTP client. SECURITY - The tlsproxy(8) server is moderately security-sensitive. - It talks to untrusted clients on the network. The process - can be run chrooted at fixed low privilege. + The tlsproxy(8) server is moderately security-sensitive. It talks to + untrusted clients on the network. The process can be run chrooted at + fixed low privilege. DIAGNOSTICS Problems and transactions are logged to syslogd(8). CONFIGURATION PARAMETERS - Changes to main.cf are not picked up automatically, as - tlsproxy(8) processes may run for a long time depending on - mail server load. Use the command "postfix reload" to - speed up a change. + Changes to main.cf are not picked up automatically, as tlsproxy(8) pro- + cesses may run for a long time depending on mail server load. Use the + command "postfix reload" to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. STARTTLS SUPPORT CONTROLS tlsproxy_tls_CAfile ($smtpd_tls_CAfile) - A file containing (PEM format) CA certificates of - root CAs trusted to sign either remote SMTP client - certificates or intermediate CA certificates. + A file containing (PEM format) CA certificates of root CAs + trusted to sign either remote SMTP client certificates or inter- + mediate CA certificates. tlsproxy_tls_CApath ($smtpd_tls_CApath) - A directory containing (PEM format) CA certificates - of root CAs trusted to sign either remote SMTP - client certificates or intermediate CA certifi- - cates. + A directory containing (PEM format) CA certificates of root CAs + trusted to sign either remote SMTP client certificates or inter- + mediate CA certificates. - tlsproxy_tls_always_issue_session_ids - ($smtpd_tls_always_issue_session_ids) - Force the Postfix tlsproxy(8) server to issue a TLS - session id, even when TLS session caching is turned - off. + tlsproxy_tls_always_issue_session_ids ($smtpd_tls_always_issue_ses- + sion_ids) + Force the Postfix tlsproxy(8) server to issue a TLS session id, + even when TLS session caching is turned off. tlsproxy_tls_ask_ccert ($smtpd_tls_ask_ccert) - Ask a remote SMTP client for a client certificate. + Ask a remote SMTP client for a client certificate. - tlsproxy_tls_ccert_verifydepth ($smtpd_tls_ccert_verify- - depth) - The verification depth for remote SMTP client cer- - tificates. + tlsproxy_tls_ccert_verifydepth ($smtpd_tls_ccert_verifydepth) + The verification depth for remote SMTP client certificates. tlsproxy_tls_cert_file ($smtpd_tls_cert_file) - File with the Postfix tlsproxy(8) server RSA cer- - tificate in PEM format. + File with the Postfix tlsproxy(8) server RSA certificate in PEM + format. tlsproxy_tls_ciphers ($smtpd_tls_ciphers) - The minimum TLS cipher grade that the Postfix - tlsproxy(8) server will use with opportunistic TLS - encryption. + The minimum TLS cipher grade that the Postfix tlsproxy(8) server + will use with opportunistic TLS encryption. tlsproxy_tls_dcert_file ($smtpd_tls_dcert_file) - File with the Postfix tlsproxy(8) server DSA cer- - tificate in PEM format. + File with the Postfix tlsproxy(8) server DSA certificate in PEM + format. - tlsproxy_tls_dh1024_param_file - ($smtpd_tls_dh1024_param_file) - File with DH parameters that the Postfix - tlsproxy(8) server should use with EDH ciphers. + tlsproxy_tls_dh1024_param_file ($smtpd_tls_dh1024_param_file) + File with DH parameters that the Postfix tlsproxy(8) server + should use with EDH ciphers. - tlsproxy_tls_dh512_param_file - ($smtpd_tls_dh512_param_file) - File with DH parameters that the Postfix - tlsproxy(8) server should use with EDH ciphers. + tlsproxy_tls_dh512_param_file ($smtpd_tls_dh512_param_file) + File with DH parameters that the Postfix tlsproxy(8) server + should use with EDH ciphers. tlsproxy_tls_dkey_file ($smtpd_tls_dkey_file) - File with the Postfix tlsproxy(8) server DSA pri- - vate key in PEM format. + File with the Postfix tlsproxy(8) server DSA private key in PEM + format. tlsproxy_tls_eccert_file ($smtpd_tls_eccert_file) - File with the Postfix tlsproxy(8) server ECDSA cer- - tificate in PEM format. + File with the Postfix tlsproxy(8) server ECDSA certificate in + PEM format. tlsproxy_tls_eckey_file ($smtpd_tls_eckey_file) - File with the Postfix tlsproxy(8) server ECDSA pri- - vate key in PEM format. + File with the Postfix tlsproxy(8) server ECDSA private key in + PEM format. tlsproxy_tls_eecdh_grade ($smtpd_tls_eecdh_grade) - The Postfix tlsproxy(8) server security grade for - ephemeral elliptic-curve Diffie-Hellman (EECDH) key - exchange. + The Postfix tlsproxy(8) server security grade for ephemeral + elliptic-curve Diffie-Hellman (EECDH) key exchange. tlsproxy_tls_exclude_ciphers ($smtpd_tls_exclude_ciphers) - List of ciphers or cipher types to exclude from the - tlsproxy(8) server cipher list at all TLS security - levels. + List of ciphers or cipher types to exclude from the tlsproxy(8) + server cipher list at all TLS security levels. - tlsproxy_tls_fingerprint_digest ($smtpd_tls_finger- - print_digest) - The message digest algorithm to construct remote - SMTP client-certificate fingerprints. + tlsproxy_tls_fingerprint_digest ($smtpd_tls_fingerprint_digest) + The message digest algorithm to construct remote SMTP client- + certificate fingerprints. tlsproxy_tls_key_file ($smtpd_tls_key_file) - File with the Postfix tlsproxy(8) server RSA pri- - vate key in PEM format. + File with the Postfix tlsproxy(8) server RSA private key in PEM + format. tlsproxy_tls_loglevel ($smtpd_tls_loglevel) - Enable additional Postfix tlsproxy(8) server log- - ging of TLS activity. + Enable additional Postfix tlsproxy(8) server logging of TLS + activity. - tlsproxy_tls_mandatory_ciphers ($smtpd_tls_manda- - tory_ciphers) - The minimum TLS cipher grade that the Postfix - tlsproxy(8) server will use with mandatory TLS - encryption. + tlsproxy_tls_mandatory_ciphers ($smtpd_tls_mandatory_ciphers) + The minimum TLS cipher grade that the Postfix tlsproxy(8) server + will use with mandatory TLS encryption. - tlsproxy_tls_mandatory_exclude_ciphers ($smtpd_tls_manda- + tlsproxy_tls_mandatory_exclude_ciphers ($smtpd_tls_manda- tory_exclude_ciphers) - Additional list of ciphers or cipher types to - exclude from the tlsproxy(8) server cipher list at - mandatory TLS security levels. + Additional list of ciphers or cipher types to exclude from the + tlsproxy(8) server cipher list at mandatory TLS security levels. - tlsproxy_tls_mandatory_protocols ($smtpd_tls_manda- - tory_protocols) - The SSL/TLS protocols accepted by the Postfix - tlsproxy(8) server with mandatory TLS encryption. + tlsproxy_tls_mandatory_protocols ($smtpd_tls_mandatory_protocols) + The SSL/TLS protocols accepted by the Postfix tlsproxy(8) server + with mandatory TLS encryption. tlsproxy_tls_protocols ($smtpd_tls_protocols) - List of TLS protocols that the Postfix tlsproxy(8) - server will exclude or include with opportunistic - TLS encryption. + List of TLS protocols that the Postfix tlsproxy(8) server will + exclude or include with opportunistic TLS encryption. tlsproxy_tls_req_ccert ($smtpd_tls_req_ccert) - With mandatory TLS encryption, require a trusted - remote SMTP client certificate in order to allow - TLS connections to proceed. + With mandatory TLS encryption, require a trusted remote SMTP + client certificate in order to allow TLS connections to proceed. tlsproxy_tls_security_level ($smtpd_tls_security_level) - The SMTP TLS security level for the Postfix - tlsproxy(8) server; when a non-empty value is spec- - ified, this overrides the obsolete parameters - smtpd_use_tls and smtpd_enforce_tls. + The SMTP TLS security level for the Postfix tlsproxy(8) server; + when a non-empty value is specified, this overrides the obsolete + parameters smtpd_use_tls and smtpd_enforce_tls. Available in Postfix version 2.11 and later: tlsmgr_service_name (tlsmgr) - The name of the tlsmgr(8) service entry in mas- - ter.cf. + The name of the tlsmgr(8) service entry in master.cf. OBSOLETE STARTTLS SUPPORT CONTROLS - These parameters are supported for compatibility with - smtpd(8) legacy parameters. + These parameters are supported for compatibility with smtpd(8) legacy + parameters. tlsproxy_use_tls ($smtpd_use_tls) - Opportunistic TLS: announce STARTTLS support to - remote SMTP clients, but do not require that - clients use TLS encryption. + Opportunistic TLS: announce STARTTLS support to remote SMTP + clients, but do not require that clients use TLS encryption. tlsproxy_enforce_tls ($smtpd_enforce_tls) - Mandatory TLS: announce STARTTLS support to remote - SMTP clients, and require that clients use TLS - encryption. + Mandatory TLS: announce STARTTLS support to remote SMTP clients, + and require that clients use TLS encryption. RESOURCE CONTROLS tlsproxy_watchdog_timeout (10s) - How much time a tlsproxy(8) process may take to - process local or remote I/O before it is terminated - by a built-in watchdog timer. + How much time a tlsproxy(8) process may take to process local or + remote I/O before it is terminated by a built-in watchdog timer. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". SEE ALSO postscreen(8), Postfix zombie blocker @@ -232,8 +202,7 @@ TLSPROXY(8) TLSPROXY(8) syslogd(5), system logging LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY This service was introduced with Postfix version 2.8. diff --git a/postfix/html/trace.8.html b/postfix/html/trace.8.html index 4896b1f11..8d7d38f08 100644 --- a/postfix/html/trace.8.html +++ b/postfix/html/trace.8.html @@ -13,34 +13,30 @@ BOUNCE(8) BOUNCE(8) bounce [generic Postfix daemon options] DESCRIPTION - The bounce(8) daemon maintains per-message log files with - delivery status information. Each log file is named after - the queue file that it corresponds to, and is kept in a - queue subdirectory named after the service name in the - master.cf file (either bounce, defer or trace). This pro- - gram expects to be run from the master(8) process manager. - - The bounce(8) daemon processes two types of service - requests: - - o Append a recipient (non-)delivery status record to - a per-message log file. - - o Enqueue a delivery status notification message, - with a copy of a per-message log file and of the - corresponding message. When the delivery status - notification message is enqueued successfully, the - per-message log file is deleted. - - The software does a best notification effort. A non-deliv- - ery notification is sent even when the log file or the - original message cannot be read. - - Optionally, a bounce (defer, trace) client can request - that the per-message log file be deleted when the - requested operation fails. This is used by clients that - cannot retry transactions by themselves, and that depend - on retry logic in their own client. + The bounce(8) daemon maintains per-message log files with delivery sta- + tus information. Each log file is named after the queue file that it + corresponds to, and is kept in a queue subdirectory named after the + service name in the master.cf file (either bounce, defer or trace). + This program expects to be run from the master(8) process manager. + + The bounce(8) daemon processes two types of service requests: + + o Append a recipient (non-)delivery status record to a per-message + log file. + + o Enqueue a delivery status notification message, with a copy of a + per-message log file and of the corresponding message. When the + delivery status notification message is enqueued successfully, + the per-message log file is deleted. + + The software does a best notification effort. A non-delivery notifica- + tion is sent even when the log file or the original message cannot be + read. + + Optionally, a bounce (defer, trace) client can request that the per- + message log file be deleted when the requested operation fails. This + is used by clients that cannot retry transactions by themselves, and + that depend on retry logic in their own client. STANDARDS RFC 822 (ARPA Internet Text Messages) @@ -55,104 +51,94 @@ BOUNCE(8) BOUNCE(8) Problems and transactions are logged to syslogd(8). CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically, as - bounce(8) processes run for only a limited amount of time. - Use the command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically, as bounce(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. 2bounce_notice_recipient (postmaster) - The recipient of undeliverable mail that cannot be - returned to the sender. + The recipient of undeliverable mail that cannot be returned to + the sender. backwards_bounce_logfile_compatibility (yes) - Produce additional bounce(8) logfile records that - can be read by Postfix versions before 2.0. + Produce additional bounce(8) logfile records that can be read by + Postfix versions before 2.0. bounce_notice_recipient (postmaster) - The recipient of postmaster notifications with the - message headers of mail that Postfix did not - deliver and of SMTP conversation transcripts of - mail that Postfix did not receive. + The recipient of postmaster notifications with the message head- + ers of mail that Postfix did not deliver and of SMTP conversa- + tion transcripts of mail that Postfix did not receive. bounce_size_limit (50000) - The maximal amount of original message text that is - sent in a non-delivery notification. + The maximal amount of original message text that is sent in a + non-delivery notification. bounce_template_file (empty) - Pathname of a configuration file with bounce mes- - sage templates. + Pathname of a configuration file with bounce message templates. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. delay_notice_recipient (postmaster) - The recipient of postmaster notifications with the - message headers of mail that cannot be delivered - within $delay_warning_time time units. + The recipient of postmaster notifications with the message head- + ers of mail that cannot be delivered within $delay_warning_time + time units. deliver_lock_attempts (20) - The maximal number of attempts to acquire an exclu- - sive lock on a mailbox file or bounce(8) logfile. + The maximal number of attempts to acquire an exclusive lock on a + mailbox file or bounce(8) logfile. deliver_lock_delay (1s) - The time between attempts to acquire an exclusive - lock on a mailbox file or bounce(8) logfile. + The time between attempts to acquire an exclusive lock on a + mailbox file or bounce(8) logfile. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are sub- - ject to before-queue content inspection by - non_smtpd_milters, header_checks and body_checks. + What categories of Postfix-generated mail are subject to before- + queue content inspection by non_smtpd_milters, header_checks and + body_checks. mail_name (Postfix) - The mail system name that is displayed in Received: - headers, in the SMTP greeting banner, and in - bounced mail. + The mail system name that is displayed in Received: headers, in + the SMTP greeting banner, and in bounced mail. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. notify_classes (resource, software) - The list of error classes that are reported to the - postmaster. + The list of error classes that are reported to the postmaster. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". FILES /var/spool/postfix/bounce/* non-delivery records @@ -168,8 +154,7 @@ BOUNCE(8) BOUNCE(8) syslogd(8), system logging LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/transport.5.html b/postfix/html/transport.5.html index 90fe3fe57..d8055f3ba 100644 --- a/postfix/html/transport.5.html +++ b/postfix/html/transport.5.html @@ -17,259 +17,230 @@ TRANSPORT(5) TRANSPORT(5) postmap -q - /etc/postfix/transport <inputfile DESCRIPTION - The optional transport(5) table specifies a mapping from - email addresses to message delivery transports and next- - hop destinations. Message delivery transports such as - local or smtp are defined in the master.cf file, and next- - hop destinations are typically hosts or domain names. The - table is searched by the trivial-rewrite(8) daemon. + The optional transport(5) table specifies a mapping from email + addresses to message delivery transports and next-hop destinations. + Message delivery transports such as local or smtp are defined in the + master.cf file, and next-hop destinations are typically hosts or domain + names. The table is searched by the trivial-rewrite(8) daemon. - This mapping overrides the default transport:nexthop - selection that is built into Postfix: + This mapping overrides the default transport:nexthop selection that is + built into Postfix: local_transport (default: local:$myhostname) - This is the default for final delivery to domains - listed with mydestination, and for [ipaddress] des- - tinations that match $inet_interfaces or - $proxy_interfaces. The default nexthop destination - is the MTA hostname. + This is the default for final delivery to domains listed with + mydestination, and for [ipaddress] destinations that match + $inet_interfaces or $proxy_interfaces. The default nexthop des- + tination is the MTA hostname. virtual_transport (default: virtual:) - This is the default for final delivery to domains - listed with virtual_mailbox_domains. The default - nexthop destination is the recipient domain. + This is the default for final delivery to domains listed with + virtual_mailbox_domains. The default nexthop destination is the + recipient domain. relay_transport (default: relay:) - This is the default for remote delivery to domains - listed with relay_domains. In order of decreasing - precedence, the nexthop destination is taken from - relay_transport, sender_dependent_relayhost_maps, - relayhost, or from the recipient domain. + This is the default for remote delivery to domains listed with + relay_domains. In order of decreasing precedence, the nexthop + destination is taken from relay_transport, sender_depen- + dent_relayhost_maps, relayhost, or from the recipient domain. default_transport (default: smtp:) - This is the default for remote delivery to other - destinations. In order of decreasing precedence, - the nexthop destination is taken from sender_depen- - dent_default_transport_maps, default_transport, - sender_dependent_relayhost_maps, relayhost, or from - the recipient domain. - - Normally, the transport(5) table is specified as a text - file that serves as input to the postmap(1) command. The - result, an indexed file in dbm or db format, is used for - fast searching by the mail system. Execute the command - "postmap /etc/postfix/transport" to rebuild an indexed - file after changing the corresponding transport table. - - When the table is provided via other means such as NIS, - LDAP or SQL, the same lookups are done as for ordinary - indexed files. - - Alternatively, the table can be provided as a regular- - expression map where patterns are given as regular expres- - sions, or lookups can be directed to TCP-based server. In - those case, the lookups are done in a slightly different - way as described below under "REGULAR EXPRESSION TABLES" - or "TCP-BASED TABLES". + This is the default for remote delivery to other destinations. + In order of decreasing precedence, the nexthop destination is + taken from sender_dependent_default_transport_maps, + default_transport, sender_dependent_relayhost_maps, relayhost, + or from the recipient domain. + + Normally, the transport(5) table is specified as a text file that + serves as input to the postmap(1) command. The result, an indexed file + in dbm or db format, is used for fast searching by the mail system. + Execute the command "postmap /etc/postfix/transport" to rebuild an + indexed file after changing the corresponding transport table. + + When the table is provided via other means such as NIS, LDAP or SQL, + the same lookups are done as for ordinary indexed files. + + Alternatively, the table can be provided as a regular-expression map + where patterns are given as regular expressions, or lookups can be + directed to TCP-based server. In those case, the lookups are done in a + slightly different way as described below under "REGULAR EXPRESSION + TABLES" or "TCP-BASED TABLES". CASE FOLDING - The search string is folded to lowercase before database - lookup. As of Postfix 2.3, the search string is not case - folded with database types such as regexp: or pcre: whose - lookup fields can match both upper and lower case. + The search string is folded to lowercase before database lookup. As of + Postfix 2.3, the search string is not case folded with database types + such as regexp: or pcre: whose lookup fields can match both upper and + lower case. TABLE FORMAT The input format for the postmap(1) command is as follows: pattern result - When pattern matches the recipient address or - domain, use the corresponding result. + When pattern matches the recipient address or domain, use the + corresponding result. blank lines and comments - Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character - is a `#'. + Empty lines and whitespace-only lines are ignored, as are lines + whose first non-whitespace character is a `#'. multi-line text - A logical line starts with non-whitespace text. A - line that starts with whitespace continues a logi- - cal line. + A logical line starts with non-whitespace text. A line that + starts with whitespace continues a logical line. - The pattern specifies an email address, a domain name, or - a domain name hierarchy, as described in section "TABLE - LOOKUP". + The pattern specifies an email address, a domain name, or a domain name + hierarchy, as described in section "TABLE LOOKUP". - The result is of the form transport:nexthop and specifies - how or where to deliver mail. This is described in section - "RESULT FORMAT". + The result is of the form transport:nexthop and specifies how or where + to deliver mail. This is described in section "RESULT FORMAT". TABLE SEARCH ORDER - With lookups from indexed files such as DB or DBM, or from - networked tables such as NIS, LDAP or SQL, patterns are - tried in the order as listed below: + With lookups from indexed files such as DB or DBM, or from networked + tables such as NIS, LDAP or SQL, patterns are tried in the order as + listed below: user+extension@domain transport:nexthop - Deliver mail for user+extension@domain through - transport to nexthop. + Deliver mail for user+extension@domain through transport to nex- + thop. user@domain transport:nexthop - Deliver mail for user@domain through transport to - nexthop. + Deliver mail for user@domain through transport to nexthop. domain transport:nexthop - Deliver mail for domain through transport to nex- - thop. + Deliver mail for domain through transport to nexthop. .domain transport:nexthop - Deliver mail for any subdomain of domain through - transport to nexthop. This applies only when the - string transport_maps is not listed in the par- - ent_domain_matches_subdomains configuration set- - ting. Otherwise, a domain name matches itself and - its subdomains. + Deliver mail for any subdomain of domain through transport to + nexthop. This applies only when the string transport_maps is not + listed in the parent_domain_matches_subdomains configuration + setting. Otherwise, a domain name matches itself and its subdo- + mains. * transport:nexthop - The special pattern * represents any address (i.e. - it functions as the wild-card pattern, and is - unique to Postfix transport tables). + The special pattern * represents any address (i.e. it functions + as the wild-card pattern, and is unique to Postfix transport + tables). - Note 1: the null recipient address is looked up as - $empty_address_recipient@$myhostname (default: mailer-dae- - mon@hostname). + Note 1: the null recipient address is looked up as + $empty_address_recipient@$myhostname (default: mailer-daemon@hostname). - Note 2: user@domain or user+extension@domain lookup is - available in Postfix 2.0 and later. + Note 2: user@domain or user+extension@domain lookup is available in + Postfix 2.0 and later. RESULT FORMAT - The lookup result is of the form transport:nexthop. The - transport field specifies a mail delivery transport such - as smtp or local. The nexthop field specifies where and - how to deliver mail. + The lookup result is of the form transport:nexthop. The transport + field specifies a mail delivery transport such as smtp or local. The + nexthop field specifies where and how to deliver mail. - The transport field specifies the name of a mail delivery - transport (the first name of a mail delivery service entry - in the Postfix master.cf file). + The transport field specifies the name of a mail delivery transport + (the first name of a mail delivery service entry in the Postfix mas- + ter.cf file). - The interpretation of the nexthop field is transport - dependent. In the case of SMTP, specify a service on a - non-default port as host:service, and disable MX (mail - exchanger) DNS lookups with [host] or [host]:port. The [] - form is required when you specify an IP address instead of - a hostname. + The interpretation of the nexthop field is transport dependent. In the + case of SMTP, specify a service on a non-default port as host:service, + and disable MX (mail exchanger) DNS lookups with [host] or [host]:port. + The [] form is required when you specify an IP address instead of a + hostname. - A null transport and null nexthop result means "do not - change": use the delivery transport and nexthop informa- - tion that would be used when the entire transport table - did not exist. + A null transport and null nexthop result means "do not change": use the + delivery transport and nexthop information that would be used when the + entire transport table did not exist. - A non-null transport field with a null nexthop field - resets the nexthop information to the recipient domain. + A non-null transport field with a null nexthop field resets the nexthop + information to the recipient domain. - A null transport field with non-null nexthop field does - not modify the transport information. + A null transport field with non-null nexthop field does not modify the + transport information. EXAMPLES - In order to deliver internal mail directly, while using a - mail relay for all other mail, specify a null entry for - internal destinations (do not change the delivery trans- - port or the nexthop information) and specify a wildcard - for all other destinations. + In order to deliver internal mail directly, while using a mail relay + for all other mail, specify a null entry for internal destinations (do + not change the delivery transport or the nexthop information) and spec- + ify a wildcard for all other destinations. my.domain : .my.domain : * smtp:outbound-relay.my.domain - In order to send mail for example.com and its subdomains - via the uucp transport to the UUCP host named example: + In order to send mail for example.com and its subdomains via the uucp + transport to the UUCP host named example: example.com uucp:example .example.com uucp:example - When no nexthop host name is specified, the destination - domain name is used instead. For example, the following - directs mail for user@example.com via the slow transport - to a mail exchanger for example.com. The slow transport - could be configured to run at most one delivery process at - a time: + When no nexthop host name is specified, the destination domain name is + used instead. For example, the following directs mail for user@exam- + ple.com via the slow transport to a mail exchanger for example.com. + The slow transport could be configured to run at most one delivery + process at a time: example.com slow: - When no transport is specified, Postfix uses the transport - that matches the address domain class (see DESCRIPTION - above). The following sends all mail for example.com and - its subdomains to host gateway.example.com: + When no transport is specified, Postfix uses the transport that matches + the address domain class (see DESCRIPTION above). The following sends + all mail for example.com and its subdomains to host gateway.exam- + ple.com: example.com :[gateway.example.com] .example.com :[gateway.example.com] - In the above example, the [] suppress MX lookups. This - prevents mail routing loops when your machine is primary - MX host for example.com. + In the above example, the [] suppress MX lookups. This prevents mail + routing loops when your machine is primary MX host for example.com. - In the case of delivery via SMTP, one may specify host- - name:service instead of just a host: + In the case of delivery via SMTP, one may specify hostname:service + instead of just a host: example.com smtp:bar.example:2025 - This directs mail for user@example.com to host bar.example - port 2025. Instead of a numerical port a symbolic name may - be used. Specify [] around the hostname if MX lookups must - be disabled. + This directs mail for user@example.com to host bar.example port 2025. + Instead of a numerical port a symbolic name may be used. Specify [] + around the hostname if MX lookups must be disabled. The error mailer can be used to bounce mail: .example.com error:mail for *.example.com is not deliverable - This causes all mail for user@anything.example.com to be - bounced. + This causes all mail for user@anything.example.com to be bounced. REGULAR EXPRESSION TABLES - This section describes how the table lookups change when - the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, - see regexp_table(5) or pcre_table(5). + This section describes how the table lookups change when the table is + given in the form of regular expressions. For a description of regular + expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to - the entire address being looked up. Thus, - some.domain.hierarchy is not looked up via its parent - domains, nor is user+foo@domain looked up as user@domain. + Each pattern is a regular expression that is applied to the entire + address being looked up. Thus, some.domain.hierarchy is not looked up + via its parent domains, nor is user+foo@domain looked up as + user@domain. - Patterns are applied in the order as specified in the ta- - ble, until a pattern is found that matches the search - string. + Patterns are applied in the order as specified in the table, until a + pattern is found that matches the search string. - The trivial-rewrite(8) server disallows regular expression - substitution of $1 etc. in regular expression lookup - tables, because that could open a security hole (Postfix - version 2.3 and later). + The trivial-rewrite(8) server disallows regular expression substitution + of $1 etc. in regular expression lookup tables, because that could open + a security hole (Postfix version 2.3 and later). TCP-BASED TABLES - This section describes how the table lookups change when - lookups are directed to a TCP-based server. For a descrip- - tion of the TCP client/server lookup protocol, see tcp_ta- - ble(5). This feature is not available up to and including - Postfix version 2.4. - - Each lookup operation uses the entire recipient address - once. Thus, some.domain.hierarchy is not looked up via - its parent domains, nor is user+foo@domain looked up as - user@domain. + This section describes how the table lookups change when lookups are + directed to a TCP-based server. For a description of the TCP + client/server lookup protocol, see tcp_table(5). This feature is not + available up to and including Postfix version 2.4. + + Each lookup operation uses the entire recipient address once. Thus, + some.domain.hierarchy is not looked up via its parent domains, nor is + user+foo@domain looked up as user@domain. Results are the same as with indexed file lookups. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The following main.cf parameters are especially relevant. The text + below provides only a parameter summary. See postconf(5) for more + details including examples. empty_address_recipient - The address that is looked up instead of the null - sender address. + The address that is looked up instead of the null sender + address. parent_domain_matches_subdomains - List of Postfix features that use domain.tld pat- - terns to match sub.domain.tld (as opposed to - requiring .domain.tld patterns). + List of Postfix features that use domain.tld patterns to match + sub.domain.tld (as opposed to requiring .domain.tld patterns). transport_maps List of transport lookup tables. @@ -286,8 +257,7 @@ TRANSPORT(5) TRANSPORT(5) FILTER_README, external content filter LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/trivial-rewrite.8.html b/postfix/html/trivial-rewrite.8.html index 4d2fdac3d..23a7e52fb 100644 --- a/postfix/html/trivial-rewrite.8.html +++ b/postfix/html/trivial-rewrite.8.html @@ -7,331 +7,296 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) NAME - trivial-rewrite - Postfix address rewriting and resolving - daemon + trivial-rewrite - Postfix address rewriting and resolving daemon SYNOPSIS trivial-rewrite [generic Postfix daemon options] DESCRIPTION - The trivial-rewrite(8) daemon processes three types of - client service requests: + The trivial-rewrite(8) daemon processes three types of client service + requests: rewrite context address - Rewrite an address to standard form, according to - the address rewriting context: - - local Append the domain names specified with $myo- - rigin or $mydomain to incomplete addresses; - do swap_bangpath and allow_percent_hack pro- - cessing as described below, and strip source - routed addresses (@site,@site:user@domain) + Rewrite an address to standard form, according to the address + rewriting context: + + local Append the domain names specified with $myorigin or + $mydomain to incomplete addresses; do swap_bangpath and + allow_percent_hack processing as described below, and + strip source routed addresses (@site,@site:user@domain) to user@domain form. - remote Append the domain name specified with - $remote_header_rewrite_domain to incomplete - addresses. Otherwise the result is identical - to that of the local address rewriting con- - text. This prevents Postfix from appending - the local domain to spam from poorly written - remote clients. + remote Append the domain name specified with $remote_header_re- + write_domain to incomplete addresses. Otherwise the + result is identical to that of the local address rewrit- + ing context. This prevents Postfix from appending the + local domain to spam from poorly written remote clients. resolve sender address - Resolve the address to a (transport, nexthop, - recipient, flags) quadruple. The meaning of the - results is as follows: + Resolve the address to a (transport, nexthop, recipient, flags) + quadruple. The meaning of the results is as follows: transport - The delivery agent to use. This is the first - field of an entry in the master.cf file. + The delivery agent to use. This is the first field of an + entry in the master.cf file. nexthop - The host to send to and optional delivery - method information. + The host to send to and optional delivery method informa- + tion. recipient - The envelope recipient address that is - passed on to nexthop. + The envelope recipient address that is passed on to nex- + thop. - flags The address class, whether the address - requires relaying, whether the address has - problems, and whether the request failed. + flags The address class, whether the address requires relaying, + whether the address has problems, and whether the request + failed. verify sender address - Resolve the address for address verification pur- - poses. + Resolve the address for address verification purposes. SERVER PROCESS MANAGEMENT - The trivial-rewrite(8) servers run under control by the - Postfix master server. Each server can handle multiple - simultaneous connections. When all servers are busy while - a client connects, the master creates a new server - process, provided that the trivial-rewrite server process - limit is not exceeded. Each trivial-rewrite server termi- - nates after serving at least $max_use clients of after - $max_idle seconds of idle time. + The trivial-rewrite(8) servers run under control by the Postfix master + server. Each server can handle multiple simultaneous connections. + When all servers are busy while a client connects, the master creates a + new server process, provided that the trivial-rewrite server process + limit is not exceeded. Each trivial-rewrite server terminates after + serving at least $max_use clients of after $max_idle seconds of idle + time. STANDARDS - None. The command does not interact with the outside - world. + None. The command does not interact with the outside world. SECURITY - The trivial-rewrite(8) daemon is not security sensitive. - By default, this daemon does not talk to remote or local - users. It can run at a fixed low privilege in a chrooted - environment. + The trivial-rewrite(8) daemon is not security sensitive. By default, + this daemon does not talk to remote or local users. It can run at a + fixed low privilege in a chrooted environment. DIAGNOSTICS Problems and transactions are logged to syslogd(8). CONFIGURATION PARAMETERS - On busy mail systems a long time may pass before a main.cf - change affecting trivial-rewrite(8) is picked up. Use the - command "postfix reload" to speed up a change. + On busy mail systems a long time may pass before a main.cf change + affecting trivial-rewrite(8) is picked up. Use the command "postfix + reload" to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. COMPATIBILITY CONTROLS resolve_dequoted_address (yes) - Resolve a recipient address safely instead of cor- - rectly, by looking inside quotes. + Resolve a recipient address safely instead of correctly, by + looking inside quotes. Available with Postfix version 2.1 and later: resolve_null_domain (no) - Resolve an address that ends in the "@" null domain - as if the local hostname were specified, instead of - rejecting the address as invalid. + Resolve an address that ends in the "@" null domain as if the + local hostname were specified, instead of rejecting the address + as invalid. Available with Postfix version 2.3 and later: resolve_numeric_domain (no) - Resolve "user@ipaddress" as "user@[ipaddress]", - instead of rejecting the address as invalid. + Resolve "user@ipaddress" as "user@[ipaddress]", instead of + rejecting the address as invalid. Available with Postfix version 2.5 and later: allow_min_user (no) - Allow a sender or recipient address to have `-' as - the first character. + Allow a sender or recipient address to have `-' as the first + character. ADDRESS REWRITING CONTROLS myorigin ($myhostname) - The domain name that locally-posted mail appears to - come from, and that locally posted mail is deliv- - ered to. + The domain name that locally-posted mail appears to come from, + and that locally posted mail is delivered to. allow_percent_hack (yes) - Enable the rewriting of the form "user%domain" to - "user@domain". + Enable the rewriting of the form "user%domain" to "user@domain". append_at_myorigin (yes) - With locally submitted mail, append the string - "@$myorigin" to mail addresses without domain - information. + With locally submitted mail, append the string "@$myorigin" to + mail addresses without domain information. append_dot_mydomain (yes) - With locally submitted mail, append the string - ".$mydomain" to addresses that have no ".domain" - information. + With locally submitted mail, append the string ".$mydomain" to + addresses that have no ".domain" information. recipient_delimiter (empty) - The set of characters that can separate a user name - from its extension (example: user+foo), or a .for- - ward file name from its extension (example: .for- - ward+foo). + The set of characters that can separate a user name from its + extension (example: user+foo), or a .forward file name from its + extension (example: .forward+foo). swap_bangpath (yes) - Enable the rewriting of "site!user" into - "user@site". + Enable the rewriting of "site!user" into "user@site". Available in Postfix 2.2 and later: remote_header_rewrite_domain (empty) - Don't rewrite message headers from remote clients - at all when this parameter is empty; otherwise, re- - write message headers and append the specified - domain name to incomplete addresses. + Don't rewrite message headers from remote clients at all when + this parameter is empty; otherwise, rewrite message headers and + append the specified domain name to incomplete addresses. ROUTING CONTROLS - The following is applicable to Postfix version 2.0 and - later. Earlier versions do not have support for: vir- - tual_transport, relay_transport, virtual_alias_domains, - virtual_mailbox_domains or proxy_interfaces. + The following is applicable to Postfix version 2.0 and later. Earlier + versions do not have support for: virtual_transport, relay_transport, + virtual_alias_domains, virtual_mailbox_domains or proxy_interfaces. local_transport (local:$myhostname) - The default mail delivery transport and next-hop - destination for final delivery to domains listed - with mydestination, and for [ipaddress] destina- - tions that match $inet_interfaces or $proxy_inter- - faces. + The default mail delivery transport and next-hop destination for + final delivery to domains listed with mydestination, and for + [ipaddress] destinations that match $inet_interfaces or + $proxy_interfaces. virtual_transport (virtual) - The default mail delivery transport and next-hop - destination for final delivery to domains listed - with $virtual_mailbox_domains. + The default mail delivery transport and next-hop destination for + final delivery to domains listed with $virtual_mailbox_domains. relay_transport (relay) - The default mail delivery transport and next-hop - destination for remote delivery to domains listed - with $relay_domains. + The default mail delivery transport and next-hop destination for + remote delivery to domains listed with $relay_domains. default_transport (smtp) - The default mail delivery transport and next-hop - destination for destinations that do not match - $mydestination, $inet_interfaces, $proxy_inter- - faces, $virtual_alias_domains, $virtual_mail- - box_domains, or $relay_domains. - - parent_domain_matches_subdomains (see 'postconf -d' out- - put) - What Postfix features match subdomains of - "domain.tld" automatically, instead of requiring an - explicit ".domain.tld" pattern. + The default mail delivery transport and next-hop destination for + destinations that do not match $mydestination, $inet_interfaces, + $proxy_interfaces, $virtual_alias_domains, $virtual_mail- + box_domains, or $relay_domains. + + parent_domain_matches_subdomains (see 'postconf -d' output) + What Postfix features match subdomains of "domain.tld" automati- + cally, instead of requiring an explicit ".domain.tld" pattern. relayhost (empty) - The next-hop destination of non-local mail; over- - rides non-local domains in recipient addresses. + The next-hop destination of non-local mail; overrides non-local + domains in recipient addresses. transport_maps (empty) - Optional lookup tables with mappings from recipient - address to (message delivery transport, next-hop - destination). + Optional lookup tables with mappings from recipient address to + (message delivery transport, next-hop destination). Available in Postfix version 2.3 and later: sender_dependent_relayhost_maps (empty) - A sender-dependent override for the global relay- - host parameter setting. + A sender-dependent override for the global relayhost parameter + setting. Available in Postfix version 2.5 and later: empty_address_relayhost_maps_lookup_key (<>) - The sender_dependent_relayhost_maps search string - that will be used instead of the null sender - address. + The sender_dependent_relayhost_maps search string that will be + used instead of the null sender address. Available in Postfix version 2.7 and later: empty_address_default_transport_maps_lookup_key (<>) - The sender_dependent_default_transport_maps search - string that will be used instead of the null sender - address. + The sender_dependent_default_transport_maps search string that + will be used instead of the null sender address. sender_dependent_default_transport_maps (empty) - A sender-dependent override for the global - default_transport parameter setting. + A sender-dependent override for the global default_transport + parameter setting. ADDRESS VERIFICATION CONTROLS - Postfix version 2.1 introduces sender and recipient - address verification. This feature is implemented by - sending probe email messages that are not actually deliv- - ered. By default, address verification probes use the - same route as regular mail. To override specific aspects - of message routing for address verification probes, spec- - ify one or more of the following: + Postfix version 2.1 introduces sender and recipient address verifica- + tion. This feature is implemented by sending probe email messages that + are not actually delivered. By default, address verification probes + use the same route as regular mail. To override specific aspects of + message routing for address verification probes, specify one or more of + the following: address_verify_local_transport ($local_transport) - Overrides the local_transport parameter setting for - address verification probes. + Overrides the local_transport parameter setting for address ver- + ification probes. address_verify_virtual_transport ($virtual_transport) - Overrides the virtual_transport parameter setting - for address verification probes. + Overrides the virtual_transport parameter setting for address + verification probes. address_verify_relay_transport ($relay_transport) - Overrides the relay_transport parameter setting for - address verification probes. + Overrides the relay_transport parameter setting for address ver- + ification probes. address_verify_default_transport ($default_transport) - Overrides the default_transport parameter setting - for address verification probes. + Overrides the default_transport parameter setting for address + verification probes. address_verify_relayhost ($relayhost) - Overrides the relayhost parameter setting for - address verification probes. + Overrides the relayhost parameter setting for address verifica- + tion probes. address_verify_transport_maps ($transport_maps) - Overrides the transport_maps parameter setting for - address verification probes. + Overrides the transport_maps parameter setting for address veri- + fication probes. Available in Postfix version 2.3 and later: - address_verify_sender_dependent_relayhost_maps - ($sender_dependent_relayhost_maps) - Overrides the sender_dependent_relayhost_maps - parameter setting for address verification probes. + address_verify_sender_dependent_relayhost_maps ($sender_depen- + dent_relayhost_maps) + Overrides the sender_dependent_relayhost_maps parameter setting + for address verification probes. Available in Postfix version 2.7 and later: - address_verify_sender_dependent_default_transport_maps - ($sender_dependent_default_transport_maps) - Overrides the sender_dependent_default_trans- - port_maps parameter setting for address verifica- - tion probes. + address_verify_sender_dependent_default_transport_maps ($sender_depen- + dent_default_transport_maps) + Overrides the sender_dependent_default_transport_maps parameter + setting for address verification probes. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. empty_address_recipient (MAILER-DAEMON) - The recipient of mail addressed to the null - address. + The recipient of mail addressed to the null address. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. relocated_maps (empty) - Optional lookup tables with new contact information - for users or domains that no longer exist. + Optional lookup tables with new contact information for users or + domains that no longer exist. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. show_user_unknown_table_name (yes) - Display the name of the recipient table in the - "User unknown" responses. + Display the name of the recipient table in the "User unknown" + responses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". Available in Postfix version 2.0 and later: helpful_warnings (yes) - Log warnings about problematic configuration set- - tings, and provide helpful suggestions. + Log warnings about problematic configuration settings, and pro- + vide helpful suggestions. SEE ALSO postconf(5), configuration parameters @@ -345,8 +310,7 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) ADDRESS_VERIFICATION_README, Postfix address verification LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/verify.8.html b/postfix/html/verify.8.html index 692cb94b5..82da5940d 100644 --- a/postfix/html/verify.8.html +++ b/postfix/html/verify.8.html @@ -13,199 +13,184 @@ VERIFY(8) VERIFY(8) verify [generic Postfix daemon options] DESCRIPTION - The verify(8) address verification server maintains a - record of what recipient addresses are known to be deliv- - erable or undeliverable. + The verify(8) address verification server maintains a record of what + recipient addresses are known to be deliverable or undeliverable. - Addresses are verified by injecting probe messages into - the Postfix queue. Probe messages are run through all the - routing and rewriting machinery except for final delivery, - and are discarded rather than being deferred or bounced. + Addresses are verified by injecting probe messages into the Postfix + queue. Probe messages are run through all the routing and rewriting + machinery except for final delivery, and are discarded rather than + being deferred or bounced. - Address verification relies on the answer from the nearest - MTA for the specified address, and will therefore not - detect all undeliverable addresses. + Address verification relies on the answer from the nearest MTA for the + specified address, and will therefore not detect all undeliverable + addresses. - The verify(8) server is designed to run under control by - the Postfix master server. It maintains an optional per- - sistent database. To avoid being interrupted by "postfix - stop" in the middle of a database update, the process runs - in a separate process group. + The verify(8) server is designed to run under control by the Postfix + master server. It maintains an optional persistent database. To avoid + being interrupted by "postfix stop" in the middle of a database update, + the process runs in a separate process group. The verify(8) server implements the following requests: update address status text - Update the status and text of the specified - address. + Update the status and text of the specified address. query address - Look up the status and text for the specified - address. If the status is unknown, a probe is sent - and an "in progress" status is returned. + Look up the status and text for the specified address. If the + status is unknown, a probe is sent and an "in progress" status + is returned. SECURITY - The address verification server is not security-sensitive. - It does not talk to the network, and it does not talk to - local users. The verify server can run chrooted at fixed - low privilege. - - The address verification server can be coerced to store - unlimited amounts of garbage. Limiting the cache expiry - time trades one problem (disk space exhaustion) for - another one (poor response time to client requests). - - With Postfix version 2.5 and later, the verify(8) server - no longer uses root privileges when opening the - address_verify_map cache file. The file should now be - stored under the Postfix-owned data_directory. As a - migration aid, an attempt to open a cache file under a - non-Postfix directory is redirected to the Postfix-owned - data_directory, and a warning is logged. + The address verification server is not security-sensitive. It does not + talk to the network, and it does not talk to local users. The verify + server can run chrooted at fixed low privilege. + + The address verification server can be coerced to store unlimited + amounts of garbage. Limiting the cache expiry time trades one problem + (disk space exhaustion) for another one (poor response time to client + requests). + + With Postfix version 2.5 and later, the verify(8) server no longer uses + root privileges when opening the address_verify_map cache file. The + file should now be stored under the Postfix-owned data_directory. As a + migration aid, an attempt to open a cache file under a non-Postfix + directory is redirected to the Postfix-owned data_directory, and a + warning is logged. DIAGNOSTICS Problems and transactions are logged to syslogd(8). BUGS - Address verification probe messages add additional traffic - to the mail queue. Recipient verification may cause an - increased load on down-stream servers in the case of a - dictionary attack or a flood of backscatter bounces. - Sender address verification may cause your site to be - blacklisted by some providers. + Address verification probe messages add additional traffic to the mail + queue. Recipient verification may cause an increased load on down- + stream servers in the case of a dictionary attack or a flood of + backscatter bounces. Sender address verification may cause your site + to be blacklisted by some providers. - If the persistent database ever gets corrupted then the - world comes to an end and human intervention is needed. - This violates a basic Postfix principle. + If the persistent database ever gets corrupted then the world comes to + an end and human intervention is needed. This violates a basic Postfix + principle. CONFIGURATION PARAMETERS - Changes to main.cf are not picked up automatically, as - verify(8) processes are long-lived. Use the command "post- - fix reload" after a configuration change. + Changes to main.cf are not picked up automatically, as verify(8) pro- + cesses are long-lived. Use the command "postfix reload" after a config- + uration change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. PROBE MESSAGE CONTROLS address_verify_sender ($double_bounce_sender) - The sender address to use in address verification - probes; prior to Postfix 2.5 the default was "post- - master". + The sender address to use in address verification probes; prior + to Postfix 2.5 the default was "postmaster". Available with Postfix 2.9 and later: address_verify_sender_ttl (0s) - The time between changes in the time-dependent por- - tion of address verification probe sender - addresses. + The time between changes in the time-dependent portion of + address verification probe sender addresses. CACHE CONTROLS address_verify_map (see 'postconf -d' output) - Lookup table for persistent address verification - status storage. + Lookup table for persistent address verification status storage. address_verify_positive_expire_time (31d) - The time after which a successful probe expires - from the address verification cache. + The time after which a successful probe expires from the address + verification cache. address_verify_positive_refresh_time (7d) - The time after which a successful address verifica- - tion probe needs to be refreshed. + The time after which a successful address verification probe + needs to be refreshed. address_verify_negative_cache (yes) - Enable caching of failed address verification probe - results. + Enable caching of failed address verification probe results. address_verify_negative_expire_time (3d) - The time after which a failed probe expires from - the address verification cache. + The time after which a failed probe expires from the address + verification cache. address_verify_negative_refresh_time (3h) - The time after which a failed address verification - probe needs to be refreshed. + The time after which a failed address verification probe needs + to be refreshed. Available with Postfix 2.7 and later: address_verify_cache_cleanup_interval (12h) - The amount of time between verify(8) address veri- - fication database cleanup runs. + The amount of time between verify(8) address verification data- + base cleanup runs. PROBE MESSAGE ROUTING CONTROLS - By default, probe messages are delivered via the same - route as regular messages. The following parameters can - be used to override specific message routing mechanisms. + By default, probe messages are delivered via the same route as regular + messages. The following parameters can be used to override specific + message routing mechanisms. address_verify_relayhost ($relayhost) - Overrides the relayhost parameter setting for - address verification probes. + Overrides the relayhost parameter setting for address verifica- + tion probes. address_verify_transport_maps ($transport_maps) - Overrides the transport_maps parameter setting for - address verification probes. + Overrides the transport_maps parameter setting for address veri- + fication probes. address_verify_local_transport ($local_transport) - Overrides the local_transport parameter setting for - address verification probes. + Overrides the local_transport parameter setting for address ver- + ification probes. address_verify_virtual_transport ($virtual_transport) - Overrides the virtual_transport parameter setting - for address verification probes. + Overrides the virtual_transport parameter setting for address + verification probes. address_verify_relay_transport ($relay_transport) - Overrides the relay_transport parameter setting for - address verification probes. + Overrides the relay_transport parameter setting for address ver- + ification probes. address_verify_default_transport ($default_transport) - Overrides the default_transport parameter setting - for address verification probes. + Overrides the default_transport parameter setting for address + verification probes. Available in Postfix 2.3 and later: - address_verify_sender_dependent_relayhost_maps - ($sender_dependent_relayhost_maps) - Overrides the sender_dependent_relayhost_maps - parameter setting for address verification probes. + address_verify_sender_dependent_relayhost_maps ($sender_depen- + dent_relayhost_maps) + Overrides the sender_dependent_relayhost_maps parameter setting + for address verification probes. Available in Postfix 2.7 and later: - address_verify_sender_dependent_default_transport_maps - ($sender_dependent_default_transport_maps) - Overrides the sender_dependent_default_trans- - port_maps parameter setting for address verifica- - tion probes. + address_verify_sender_dependent_default_transport_maps ($sender_depen- + dent_default_transport_maps) + Overrides the sender_dependent_default_transport_maps parameter + setting for address verification probes. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". SEE ALSO smtpd(8), Postfix SMTP server @@ -217,8 +202,7 @@ VERIFY(8) VERIFY(8) ADDRESS_VERIFICATION_README, address verification howto LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY This service was introduced with Postfix version 2.1. diff --git a/postfix/html/virtual.5.html b/postfix/html/virtual.5.html index dc655c28c..e3619766b 100644 --- a/postfix/html/virtual.5.html +++ b/postfix/html/virtual.5.html @@ -17,156 +17,137 @@ VIRTUAL(5) VIRTUAL(5) postmap -q - /etc/postfix/virtual <inputfile DESCRIPTION - The optional virtual(5) alias table rewrites recipient - addresses for all local, all virtual, and all remote mail - destinations. This is unlike the aliases(5) table which - is used only for local(8) delivery. Virtual aliasing is - recursive, and is implemented by the Postfix cleanup(8) - daemon before mail is queued. + The optional virtual(5) alias table rewrites recipient addresses for + all local, all virtual, and all remote mail destinations. This is + unlike the aliases(5) table which is used only for local(8) delivery. + Virtual aliasing is recursive, and is implemented by the Postfix + cleanup(8) daemon before mail is queued. The main applications of virtual aliasing are: - o To redirect mail for one address to one or more - addresses. - - o To implement virtual alias domains where all - addresses are aliased to addresses in other - domains. - - Virtual alias domains are not to be confused with - the virtual mailbox domains that are implemented - with the Postfix virtual(8) mail delivery agent. - With virtual mailbox domains, each recipient - address can have its own mailbox. - - Virtual aliasing is applied only to recipient envelope - addresses, and does not affect message headers. Use - canonical(5) mapping to rewrite header and envelope - addresses in general. - - Normally, the virtual(5) alias table is specified as a - text file that serves as input to the postmap(1) command. - The result, an indexed file in dbm or db format, is used - for fast searching by the mail system. Execute the command - "postmap /etc/postfix/virtual" to rebuild an indexed file - after changing the corresponding text file. - - When the table is provided via other means such as NIS, - LDAP or SQL, the same lookups are done as for ordinary - indexed files. - - Alternatively, the table can be provided as a regular- - expression map where patterns are given as regular expres- - sions, or lookups can be directed to TCP-based server. In - those case, the lookups are done in a slightly different - way as described below under "REGULAR EXPRESSION TABLES" - or "TCP-BASED TABLES". + o To redirect mail for one address to one or more addresses. + + o To implement virtual alias domains where all addresses are + aliased to addresses in other domains. + + Virtual alias domains are not to be confused with the virtual + mailbox domains that are implemented with the Postfix virtual(8) + mail delivery agent. With virtual mailbox domains, each recipi- + ent address can have its own mailbox. + + Virtual aliasing is applied only to recipient envelope addresses, and + does not affect message headers. Use canonical(5) mapping to rewrite + header and envelope addresses in general. + + Normally, the virtual(5) alias table is specified as a text file that + serves as input to the postmap(1) command. The result, an indexed file + in dbm or db format, is used for fast searching by the mail system. + Execute the command "postmap /etc/postfix/virtual" to rebuild an + indexed file after changing the corresponding text file. + + When the table is provided via other means such as NIS, LDAP or SQL, + the same lookups are done as for ordinary indexed files. + + Alternatively, the table can be provided as a regular-expression map + where patterns are given as regular expressions, or lookups can be + directed to TCP-based server. In those case, the lookups are done in a + slightly different way as described below under "REGULAR EXPRESSION + TABLES" or "TCP-BASED TABLES". CASE FOLDING - The search string is folded to lowercase before database - lookup. As of Postfix 2.3, the search string is not case - folded with database types such as regexp: or pcre: whose - lookup fields can match both upper and lower case. + The search string is folded to lowercase before database lookup. As of + Postfix 2.3, the search string is not case folded with database types + such as regexp: or pcre: whose lookup fields can match both upper and + lower case. TABLE FORMAT The input format for the postmap(1) command is as follows: pattern address, address, ... - When pattern matches a mail address, replace it by - the corresponding address. + When pattern matches a mail address, replace it by the corre- + sponding address. blank lines and comments - Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character - is a `#'. + Empty lines and whitespace-only lines are ignored, as are lines + whose first non-whitespace character is a `#'. multi-line text - A logical line starts with non-whitespace text. A - line that starts with whitespace continues a logi- - cal line. + A logical line starts with non-whitespace text. A line that + starts with whitespace continues a logical line. TABLE SEARCH ORDER - With lookups from indexed files such as DB or DBM, or from - networked tables such as NIS, LDAP or SQL, patterns are - tried in the order as listed below: + With lookups from indexed files such as DB or DBM, or from networked + tables such as NIS, LDAP or SQL, patterns are tried in the order as + listed below: user@domain address, address, ... - Redirect mail for user@domain to address. This - form has the highest precedence. + Redirect mail for user@domain to address. This form has the + highest precedence. user address, address, ... - Redirect mail for user@site to address when site is - equal to $myorigin, when site is listed in $mydes- - tination, or when it is listed in $inet_interfaces - or $proxy_interfaces. + Redirect mail for user@site to address when site is equal to + $myorigin, when site is listed in $mydestination, or when it is + listed in $inet_interfaces or $proxy_interfaces. - This functionality overlaps with functionality of - the local aliases(5) database. The difference is - that virtual(5) mapping can be applied to non-local - addresses. + This functionality overlaps with functionality of the local + aliases(5) database. The difference is that virtual(5) mapping + can be applied to non-local addresses. @domain address, address, ... - Redirect mail for other users in domain to address. - This form has the lowest precedence. - - Note: @domain is a wild-card. With this form, the - Postfix SMTP server accepts mail for any recipient - in domain, regardless of whether that recipient - exists. This may turn your mail system into a - backscatter source: Postfix first accepts mail for - non-existent recipients and then tries to return - that mail as "undeliverable" to the often forged - sender address. + Redirect mail for other users in domain to address. This form + has the lowest precedence. + + Note: @domain is a wild-card. With this form, the Postfix SMTP + server accepts mail for any recipient in domain, regardless of + whether that recipient exists. This may turn your mail system + into a backscatter source: Postfix first accepts mail for non- + existent recipients and then tries to return that mail as "unde- + liverable" to the often forged sender address. RESULT ADDRESS REWRITING The lookup result is subject to address rewriting: - o When the result has the form @otherdomain, the - result becomes the same user in otherdomain. This - works only for the first address in a multi-address - lookup result. + o When the result has the form @otherdomain, the result becomes + the same user in otherdomain. This works only for the first + address in a multi-address lookup result. - o When "append_at_myorigin=yes", append "@$myorigin" - to addresses without "@domain". + o When "append_at_myorigin=yes", append "@$myorigin" to addresses + without "@domain". - o When "append_dot_mydomain=yes", append ".$mydomain" - to addresses without ".domain". + o When "append_dot_mydomain=yes", append ".$mydomain" to addresses + without ".domain". ADDRESS EXTENSION - When a mail address localpart contains the optional recip- - ient delimiter (e.g., user+foo@domain), the lookup order - becomes: user+foo@domain, user@domain, user+foo, user, and - @domain. + When a mail address localpart contains the optional recipient delimiter + (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, + user@domain, user+foo, user, and @domain. - The propagate_unmatched_extensions parameter controls - whether an unmatched address extension (+foo) is propa- - gated to the result of table lookup. + The propagate_unmatched_extensions parameter controls whether an + unmatched address extension (+foo) is propagated to the result of table + lookup. VIRTUAL ALIAS DOMAINS - Besides virtual aliases, the virtual alias table can also - be used to implement virtual alias domains. With a virtual - alias domain, all recipient addresses are aliased to - addresses in other domains. - - Virtual alias domains are not to be confused with the vir- - tual mailbox domains that are implemented with the Postfix - virtual(8) mail delivery agent. With virtual mailbox - domains, each recipient address can have its own mailbox. - - With a virtual alias domain, the virtual domain has its - own user name space. Local (i.e. non-virtual) usernames - are not visible in a virtual alias domain. In particular, - local aliases(5) and local mailing lists are not visible - as localname@virtual-alias.domain. + Besides virtual aliases, the virtual alias table can also be used to + implement virtual alias domains. With a virtual alias domain, all + recipient addresses are aliased to addresses in other domains. + + Virtual alias domains are not to be confused with the virtual mailbox + domains that are implemented with the Postfix virtual(8) mail delivery + agent. With virtual mailbox domains, each recipient address can have + its own mailbox. + + With a virtual alias domain, the virtual domain has its own user name + space. Local (i.e. non-virtual) usernames are not visible in a virtual + alias domain. In particular, local aliases(5) and local mailing lists + are not visible as localname@virtual-alias.domain. Support for a virtual alias domain looks like: /etc/postfix/main.cf: virtual_alias_maps = hash:/etc/postfix/virtual - Note: some systems use dbm databases instead of hash. See - the output from "postconf -m" for available database - types. + Note: some systems use dbm databases instead of hash. See the output + from "postconf -m" for available database types. /etc/postfix/virtual: virtual-alias.domain anything (right-hand content does not matter) @@ -174,105 +155,92 @@ VIRTUAL(5) VIRTUAL(5) user1@virtual-alias.domain address1 user2@virtual-alias.domain address2, address3 - The virtual-alias.domain anything entry is required for a - virtual alias domain. Without this entry, mail is rejected - with "relay access denied", or bounces with "mail loops - back to myself". + The virtual-alias.domain anything entry is required for a virtual alias + domain. Without this entry, mail is rejected with "relay access + denied", or bounces with "mail loops back to myself". - Do not specify virtual alias domain names in the main.cf - mydestination or relay_domains configuration parameters. + Do not specify virtual alias domain names in the main.cf mydestination + or relay_domains configuration parameters. - With a virtual alias domain, the Postfix SMTP server - accepts mail for known-user@virtual-alias.domain, and - rejects mail for unknown-user@virtual-alias.domain as - undeliverable. + With a virtual alias domain, the Postfix SMTP server accepts mail for + known-user@virtual-alias.domain, and rejects mail for unknown-user@vir- + tual-alias.domain as undeliverable. - Instead of specifying the virtual alias domain name via - the virtual_alias_maps table, you may also specify it via - the main.cf virtual_alias_domains configuration parameter. - This latter parameter uses the same syntax as the main.cf - mydestination configuration parameter. + Instead of specifying the virtual alias domain name via the vir- + tual_alias_maps table, you may also specify it via the main.cf vir- + tual_alias_domains configuration parameter. This latter parameter uses + the same syntax as the main.cf mydestination configuration parameter. REGULAR EXPRESSION TABLES - This section describes how the table lookups change when - the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, - see regexp_table(5) or pcre_table(5). + This section describes how the table lookups change when the table is + given in the form of regular expressions. For a description of regular + expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to - the entire address being looked up. Thus, user@domain mail - addresses are not broken up into their user and @domain - constituent parts, nor is user+foo broken up into user and - foo. + Each pattern is a regular expression that is applied to the entire + address being looked up. Thus, user@domain mail addresses are not bro- + ken up into their user and @domain constituent parts, nor is user+foo + broken up into user and foo. - Patterns are applied in the order as specified in the ta- - ble, until a pattern is found that matches the search - string. + Patterns are applied in the order as specified in the table, until a + pattern is found that matches the search string. - Results are the same as with indexed file lookups, with - the additional feature that parenthesized substrings from - the pattern can be interpolated as $1, $2 and so on. + Results are the same as with indexed file lookups, with the additional + feature that parenthesized substrings from the pattern can be interpo- + lated as $1, $2 and so on. TCP-BASED TABLES - This section describes how the table lookups change when - lookups are directed to a TCP-based server. For a descrip- - tion of the TCP client/server lookup protocol, see tcp_ta- - ble(5). This feature is not available up to and including - Postfix version 2.4. + This section describes how the table lookups change when lookups are + directed to a TCP-based server. For a description of the TCP + client/server lookup protocol, see tcp_table(5). This feature is not + available up to and including Postfix version 2.4. - Each lookup operation uses the entire address once. Thus, - user@domain mail addresses are not broken up into their - user and @domain constituent parts, nor is user+foo broken - up into user and foo. + Each lookup operation uses the entire address once. Thus, user@domain + mail addresses are not broken up into their user and @domain con- + stituent parts, nor is user+foo broken up into user and foo. Results are the same as with indexed file lookups. BUGS - The table format does not understand quoting conventions. + The table format does not understand quoting conventions. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this topic. See the Postfix main.cf file for syntax - details and for default values. Use the "postfix reload" - command after a configuration change. + The following main.cf parameters are especially relevant to this topic. + See the Postfix main.cf file for syntax details and for default values. + Use the "postfix reload" command after a configuration change. virtual_alias_maps List of virtual aliasing tables. virtual_alias_domains - List of virtual alias domains. This uses the same - syntax as the mydestination parameter. + List of virtual alias domains. This uses the same syntax as the + mydestination parameter. propagate_unmatched_extensions - A list of address rewriting or forwarding mecha- - nisms that propagate an address extension from the - original address to the result. Specify zero or - more of canonical, virtual, alias, forward, - include, or generic. + A list of address rewriting or forwarding mechanisms that propa- + gate an address extension from the original address to the + result. Specify zero or more of canonical, virtual, alias, for- + ward, include, or generic. Other parameters of interest: inet_interfaces - The network interface addresses that this system - receives mail on. You need to stop and start Post- - fix when this parameter changes. + The network interface addresses that this system receives mail + on. You need to stop and start Postfix when this parameter + changes. mydestination - List of domains that this mail system considers - local. + List of domains that this mail system considers local. myorigin - The domain that is appended to any address that - does not have a domain. + The domain that is appended to any address that does not have a + domain. owner_request_special - Give special treatment to owner-xxx and xxx-request - addresses. + Give special treatment to owner-xxx and xxx-request addresses. proxy_interfaces - Other interfaces that this machine receives mail on - by way of a proxy agent or network address transla- - tor. + Other interfaces that this machine receives mail on by way of a + proxy agent or network address translator. SEE ALSO cleanup(8), canonicalize and enqueue mail @@ -286,8 +254,7 @@ VIRTUAL(5) VIRTUAL(5) VIRTUAL_README, domain hosting guide LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema diff --git a/postfix/html/virtual.8.html b/postfix/html/virtual.8.html index bff378fd7..b2534932e 100644 --- a/postfix/html/virtual.8.html +++ b/postfix/html/virtual.8.html @@ -13,24 +13,21 @@ VIRTUAL(8) VIRTUAL(8) virtual [generic Postfix daemon options] DESCRIPTION - The virtual(8) delivery agent is designed for virtual mail - hosting services. Originally based on the Postfix local(8) - delivery agent, this agent looks up recipients with map - lookups of their full recipient address, instead of using - hard-coded unix password file lookups of the address local - part only. - - This delivery agent only delivers mail. Other features - such as mail forwarding, out-of-office notifications, - etc., must be configured via virtual_alias maps or via - similar lookup mechanisms. + The virtual(8) delivery agent is designed for virtual mail hosting ser- + vices. Originally based on the Postfix local(8) delivery agent, this + agent looks up recipients with map lookups of their full recipient + address, instead of using hard-coded unix password file lookups of the + address local part only. + + This delivery agent only delivers mail. Other features such as mail + forwarding, out-of-office notifications, etc., must be configured via + virtual_alias maps or via similar lookup mechanisms. MAILBOX LOCATION - The mailbox location is controlled by the virtual_mail- - box_base and virtual_mailbox_maps configuration parameters - (see below). The virtual_mailbox_maps table is indexed by - the recipient address as described under TABLE SEARCH - ORDER below. + The mailbox location is controlled by the virtual_mailbox_base and vir- + tual_mailbox_maps configuration parameters (see below). The vir- + tual_mailbox_maps table is indexed by the recipient address as + described under TABLE SEARCH ORDER below. The mailbox pathname is constructed as follows: @@ -39,254 +36,230 @@ VIRTUAL(8) VIRTUAL(8) where recipient is the full recipient address. UNIX MAILBOX FORMAT - When the mailbox location does not end in /, the message - is delivered in UNIX mailbox format. This format stores - multiple messages in one textfile. - - The virtual(8) delivery agent prepends a "From sender - time_stamp" envelope header to each message, prepends a - Delivered-To: message header with the envelope recipient - address, prepends an X-Original-To: header with the recip- - ient address as given to Postfix, prepends a Return-Path: - message header with the envelope sender address, prepends - a > character to lines beginning with "From ", and appends - an empty line. - - The mailbox is locked for exclusive access while delivery - is in progress. In case of problems, an attempt is made to - truncate the mailbox to its original length. + When the mailbox location does not end in /, the message is delivered + in UNIX mailbox format. This format stores multiple messages in one + textfile. + + The virtual(8) delivery agent prepends a "From sender time_stamp" enve- + lope header to each message, prepends a Delivered-To: message header + with the envelope recipient address, prepends an X-Original-To: header + with the recipient address as given to Postfix, prepends a Return-Path: + message header with the envelope sender address, prepends a > character + to lines beginning with "From ", and appends an empty line. + + The mailbox is locked for exclusive access while delivery is in + progress. In case of problems, an attempt is made to truncate the mail- + box to its original length. QMAIL MAILDIR FORMAT - When the mailbox location ends in /, the message is deliv- - ered in qmail maildir format. This format stores one mes- - sage per file. + When the mailbox location ends in /, the message is delivered in qmail + maildir format. This format stores one message per file. - The virtual(8) delivery agent prepends a Delivered-To: - message header with the final envelope recipient address, - prepends an X-Original-To: header with the recipient - address as given to Postfix, and prepends a Return-Path: - message header with the envelope sender address. + The virtual(8) delivery agent prepends a Delivered-To: message header + with the final envelope recipient address, prepends an X-Original-To: + header with the recipient address as given to Postfix, and prepends a + Return-Path: message header with the envelope sender address. - By definition, maildir format does not require applica- - tion-level file locking during mail delivery or retrieval. + By definition, maildir format does not require application-level file + locking during mail delivery or retrieval. MAILBOX OWNERSHIP - Mailbox ownership is controlled by the virtual_uid_maps - and virtual_gid_maps lookup tables, which are indexed with - the full recipient address. Each table provides a string - with the numerical user and group ID, respectively. + Mailbox ownership is controlled by the virtual_uid_maps and vir- + tual_gid_maps lookup tables, which are indexed with the full recipient + address. Each table provides a string with the numerical user and group + ID, respectively. - The virtual_minimum_uid parameter imposes a lower bound on - numerical user ID values that may be specified in any vir- - tual_uid_maps. + The virtual_minimum_uid parameter imposes a lower bound on numerical + user ID values that may be specified in any virtual_uid_maps. CASE FOLDING - All delivery decisions are made using the full recipient - address, folded to lower case. See also the next section - for a few exceptions with optional address extensions. + All delivery decisions are made using the full recipient address, + folded to lower case. See also the next section for a few exceptions + with optional address extensions. TABLE SEARCH ORDER - Normally, a lookup table is specified as a text file that - serves as input to the postmap(1) command. The result, an - indexed file in dbm or db format, is used for fast search- - ing by the mail system. + Normally, a lookup table is specified as a text file that serves as + input to the postmap(1) command. The result, an indexed file in dbm or + db format, is used for fast searching by the mail system. - The search order is as follows. The search stops upon the - first successful lookup. + The search order is as follows. The search stops upon the first suc- + cessful lookup. - o When the recipient has an optional address exten- - sion the user+extension@domain.tld address is - looked up first. + o When the recipient has an optional address extension the + user+extension@domain.tld address is looked up first. - With Postfix versions before 2.1, the optional - address extension is always ignored. + With Postfix versions before 2.1, the optional address extension + is always ignored. - o The user@domain.tld address, without address exten- - sion, is looked up next. + o The user@domain.tld address, without address extension, is + looked up next. o Finally, the recipient @domain is looked up. - When the table is provided via other means such as NIS, - LDAP or SQL, the same lookups are done as for ordinary - indexed files. + When the table is provided via other means such as NIS, LDAP or SQL, + the same lookups are done as for ordinary indexed files. - Alternatively, a table can be provided as a regular- - expression map where patterns are given as regular expres- - sions. In that case, only the full recipient address is - given to the regular-expression map. + Alternatively, a table can be provided as a regular-expression map + where patterns are given as regular expressions. In that case, only the + full recipient address is given to the regular-expression map. SECURITY - The virtual(8) delivery agent is not security sensitive, - provided that the lookup tables with recipient user/group - ID information are adequately protected. This program is - not designed to run chrooted. + The virtual(8) delivery agent is not security sensitive, provided that + the lookup tables with recipient user/group ID information are ade- + quately protected. This program is not designed to run chrooted. - The virtual(8) delivery agent disallows regular expression - substitution of $1 etc. in regular expression lookup - tables, because that would open a security hole. + The virtual(8) delivery agent disallows regular expression substitution + of $1 etc. in regular expression lookup tables, because that would open + a security hole. - The virtual(8) delivery agent will silently ignore - requests to use the proxymap(8) server. Instead it will - open the table directly. Before Postfix version 2.2, the - virtual delivery agent will terminate with a fatal error. + The virtual(8) delivery agent will silently ignore requests to use the + proxymap(8) server. Instead it will open the table directly. Before + Postfix version 2.2, the virtual delivery agent will terminate with a + fatal error. STANDARDS RFC 822 (ARPA Internet Text Messages) DIAGNOSTICS - Mail bounces when the recipient has no mailbox or when the - recipient is over disk quota. In all other cases, mail for - an existing recipient is deferred and a warning is logged. + Mail bounces when the recipient has no mailbox or when the recipient is + over disk quota. In all other cases, mail for an existing recipient is + deferred and a warning is logged. - Problems and transactions are logged to syslogd(8). Cor- - rupted message files are marked so that the queue manager - can move them to the corrupt queue afterwards. + Problems and transactions are logged to syslogd(8). Corrupted message + files are marked so that the queue manager can move them to the corrupt + queue afterwards. - Depending on the setting of the notify_classes parameter, - the postmaster is notified of bounces and of other trou- - ble. + Depending on the setting of the notify_classes parameter, the postmas- + ter is notified of bounces and of other trouble. BUGS - This delivery agent supports address extensions in email - addresses and in lookup table keys, but does not propagate - address extension information to the result of table - lookup. + This delivery agent supports address extensions in email addresses and + in lookup table keys, but does not propagate address extension informa- + tion to the result of table lookup. - Postfix should have lookup tables that can return multiple - result attributes. In order to avoid the inconvenience of - maintaining three tables, use an LDAP or MYSQL database. + Postfix should have lookup tables that can return multiple result + attributes. In order to avoid the inconvenience of maintaining three + tables, use an LDAP or MYSQL database. CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically, as vir- - tual(8) processes run for only a limited amount of time. - Use the command "postfix reload" to speed up a change. + Changes to main.cf are picked up automatically, as virtual(8) processes + run for only a limited amount of time. Use the command "postfix reload" + to speed up a change. - The text below provides only a parameter summary. See - postconf(5) for more details including examples. + The text below provides only a parameter summary. See postconf(5) for + more details including examples. MAILBOX DELIVERY CONTROLS virtual_mailbox_base (empty) - A prefix that the virtual(8) delivery agent - prepends to all pathname results from $vir- - tual_mailbox_maps table lookups. + A prefix that the virtual(8) delivery agent prepends to all + pathname results from $virtual_mailbox_maps table lookups. virtual_mailbox_maps (empty) - Optional lookup tables with all valid addresses in - the domains that match $virtual_mailbox_domains. + Optional lookup tables with all valid addresses in the domains + that match $virtual_mailbox_domains. virtual_minimum_uid (100) - The minimum user ID value that the virtual(8) - delivery agent accepts as a result from $vir- - tual_uid_maps table lookup. + The minimum user ID value that the virtual(8) delivery agent + accepts as a result from $virtual_uid_maps table lookup. virtual_uid_maps (empty) - Lookup tables with the per-recipient user ID that - the virtual(8) delivery agent uses while writing to - the recipient's mailbox. + Lookup tables with the per-recipient user ID that the virtual(8) + delivery agent uses while writing to the recipient's mailbox. virtual_gid_maps (empty) - Lookup tables with the per-recipient group ID for - virtual(8) mailbox delivery. + Lookup tables with the per-recipient group ID for virtual(8) + mailbox delivery. Available in Postfix version 2.0 and later: virtual_mailbox_domains ($virtual_mailbox_maps) - Postfix is final destination for the specified list - of domains; mail is delivered via the $vir- - tual_transport mail delivery transport. + Postfix is final destination for the specified list of domains; + mail is delivered via the $virtual_transport mail delivery + transport. virtual_transport (virtual) - The default mail delivery transport and next-hop - destination for final delivery to domains listed - with $virtual_mailbox_domains. + The default mail delivery transport and next-hop destination for + final delivery to domains listed with $virtual_mailbox_domains. Available in Postfix version 2.5.3 and later: strict_mailbox_ownership (yes) - Defer delivery when a mailbox file is not owned by - its recipient. + Defer delivery when a mailbox file is not owned by its recipi- + ent. LOCKING CONTROLS virtual_mailbox_lock (see 'postconf -d' output) - How to lock a UNIX-style virtual(8) mailbox before - attempting delivery. + How to lock a UNIX-style virtual(8) mailbox before attempting + delivery. deliver_lock_attempts (20) - The maximal number of attempts to acquire an exclu- - sive lock on a mailbox file or bounce(8) logfile. + The maximal number of attempts to acquire an exclusive lock on a + mailbox file or bounce(8) logfile. deliver_lock_delay (1s) - The time between attempts to acquire an exclusive - lock on a mailbox file or bounce(8) logfile. + The time between attempts to acquire an exclusive lock on a + mailbox file or bounce(8) logfile. stale_lock_time (500s) - The time after which a stale exclusive mailbox - lockfile is removed. + The time after which a stale exclusive mailbox lockfile is + removed. RESOURCE AND RATE CONTROLS - virtual_destination_concurrency_limit ($default_destina- - tion_concurrency_limit) - The maximal number of parallel deliveries to the - same destination via the virtual message delivery - transport. + virtual_destination_concurrency_limit ($default_destination_concur- + rency_limit) + The maximal number of parallel deliveries to the same destina- + tion via the virtual message delivery transport. - virtual_destination_recipient_limit ($default_destina- - tion_recipient_limit) - The maximal number of recipients per message for - the virtual message delivery transport. + virtual_destination_recipient_limit ($default_destination_recipi- + ent_limit) + The maximal number of recipients per message for the virtual + message delivery transport. virtual_mailbox_limit (51200000) - The maximal size in bytes of an individual vir- - tual(8) mailbox or maildir file, or zero (no - limit). + The maximal size in bytes of an individual virtual(8) mailbox or + maildir file, or zero (no limit). MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and master.cf con- + figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a - built-in watchdog timer. + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal - point when logging sub-second delay values. + The maximal number of digits after the decimal point when log- + ging sub-second delay values. ipc_timeout (3600s) - The time limit for sending or receiving information - over an internal communication channel. + The time limit for sending or receiving information over an + internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection - before terminating voluntarily. + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- - nating voluntarily. + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon - process. + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon - process. + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- - tory. + The location of the Postfix top-level queue directory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" - becomes, for example, "postfix/smtpd". + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- + fix/smtpd". SEE ALSO qmgr(8), queue manager @@ -295,24 +268,23 @@ VIRTUAL(8) VIRTUAL(8) syslogd(8), system logging README_FILES + Use "postconf readme_directory" or + "postconf html_directory" to locate this information. VIRTUAL_README, domain hosting howto LICENSE - The Secure Mailer license must be distributed with this - software. + The Secure Mailer license must be distributed with this software. HISTORY - This delivery agent was originally based on the Postfix - local delivery agent. Modifications mainly consisted of - removing code that either was not applicable or that was - not safe in this context: aliases, ~user/.forward files, - delivery to "|command" or to /file/name. + This delivery agent was originally based on the Postfix local delivery + agent. Modifications mainly consisted of removing code that either was + not applicable or that was not safe in this context: aliases, + ~user/.forward files, delivery to "|command" or to /file/name. - The Delivered-To: message header appears in the qmail sys- - tem by Daniel Bernstein. + The Delivered-To: message header appears in the qmail system by Daniel + Bernstein. - The maildir structure appears in the qmail system by - Daniel Bernstein. + The maildir structure appears in the qmail system by Daniel Bernstein. AUTHOR(S) Wietse Venema diff --git a/postfix/man/man1/postconf.1 b/postfix/man/man1/postconf.1 index 463fee94a..59631d036 100644 --- a/postfix/man/man1/postconf.1 +++ b/postfix/man/man1/postconf.1 @@ -11,63 +11,63 @@ Postfix configuration utility .fi \fBManaging main.cf:\fR -\fBpostconf\fR [\fB-dfhnopvx\fR] [\fB-c \fIconf_dir\fR] +\fBpostconf\fR [\fB-dfhnopvx\fR] [\fB-c \fIconfig_dir\fR] [\fB-C \fIclass,...\fR] [\fIparameter ...\fR] -\fBpostconf\fR [\fB-epv\fR] [\fB-c \fIconf_dir\fR] +\fBpostconf\fR [\fB-epv\fR] [\fB-c \fIconfig_dir\fR] \fIparameter\fB=\fIvalue ...\fR -\fBpostconf\fR \fB-#\fR [\fB-pv\fR] [\fB-c \fIconf_dir\fR] +\fBpostconf\fR \fB-#\fR [\fB-pv\fR] [\fB-c \fIconfig_dir\fR] \fIparameter ...\fR -\fBpostconf\fR \fB-X\fR [\fB-pv\fR] [\fB-c \fIconf_dir\fR] +\fBpostconf\fR \fB-X\fR [\fB-pv\fR] [\fB-c \fIconfig_dir\fR] \fIparameter ...\fR \fBManaging master.cf service entries:\fR -\fBpostconf\fR \fB-M\fR [\fB-fovx\fR] [\fB-c \fIconf_dir\fR] +\fBpostconf\fR \fB-M\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR] [\fIservice\fR[\fB/\fItype\fR]\fI ...\fR] -\fBpostconf\fR \fB-M\fR [\fB-ev\fR] [\fB-c \fIconf_dir\fR] +\fBpostconf\fR \fB-M\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR] \fIservice\fB/\fItype\fB=\fIvalue ...\fR -\fBpostconf\fR \fB-M#\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR] +\fBpostconf\fR \fB-M#\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] \fIservice\fB/\fItype ...\fR -\fBpostconf\fR \fB-MX\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR] +\fBpostconf\fR \fB-MX\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] \fIservice\fB/\fItype ...\fR \fBManaging master.cf service fields:\fR -\fBpostconf\fR \fB-F\fR [\fB-fovx\fR] [\fB-c \fIconf_dir\fR] +\fBpostconf\fR \fB-F\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR] [\fIservice\fR[\fB/\fItype\fR[\fB/\fIfield\fR]]\fI ...\fR] -\fBpostconf\fR \fB-F\fR [\fB-ev\fR] [\fB-c \fIconf_dir\fR] +\fBpostconf\fR \fB-F\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR] \fIservice\fB/\fItype\fB/\fIfield\fB=\fIvalue ...\fR \fBManaging master.cf service parameters:\fR -\fBpostconf\fR \fB-P\fR [\fB-fovx\fR] [\fB-c \fIconf_dir\fR] +\fBpostconf\fR \fB-P\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR] [\fIservice\fR[\fB/\fItype\fR[\fB/\fIparameter\fR]]\fI ...\fR] -\fBpostconf\fR \fB-P\fR [\fB-ev\fR] [\fB-c \fIconf_dir\fR] +\fBpostconf\fR \fB-P\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR] \fIservice\fB/\fItype\fB/\fIparameter\fB=\fIvalue ...\fR -\fBpostconf\fR \fB-PX\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR] +\fBpostconf\fR \fB-PX\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] \fIservice\fB/\fItype\fB/\fIparameter ...\fR \fBManaging bounce message templates:\fR -\fBpostconf\fR \fB-b\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR] +\fBpostconf\fR \fB-b\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] [\fItemplate_file\fR] -\fBpostconf\fR \fB-t\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR] +\fBpostconf\fR \fB-t\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] [\fItemplate_file\fR] \fBManaging other configuration:\fR \fBpostconf\fR \fB-a\fR|\fB-A\fR|\fB-l\fR|\fB-m\fR [\fB-v\fR] -[\fB-c \fIconf_dir\fR] +[\fB-c \fIconfig_dir\fR] .SH DESCRIPTION .ad .fi @@ -123,7 +123,7 @@ empty template file name on the \fBpostconf\fR(1) command line (in shell language: ""). This feature is available with Postfix 2.3 and later. -.IP "\fB-c \fIconf_dir\fR" +.IP "\fB-c \fIconfig_dir\fR" The \fBmain.cf\fR configuration file is in the named directory instead of the default configuration directory. .IP "\fB-C \fIclass,...\fR" diff --git a/postfix/man/man1/postmulti.1 b/postfix/man/man1/postmulti.1 index 8bafd70d6..593316571 100644 --- a/postfix/man/man1/postmulti.1 +++ b/postfix/man/man1/postmulti.1 @@ -382,8 +382,12 @@ postfix-wrapper(5), Postfix multi-instance API .SH "README FILES" .na .nf +.ad +.fi Use "\fBpostconf readme_directory\fR" or "\fBpostconf html_directory\fR" to locate this information. +.nf +.na MULTI_INSTANCE_README, Postfix multi-instance management .SH "HISTORY" .na diff --git a/postfix/mantools/man2html b/postfix/mantools/man2html index e443e1189..020df2e87 100755 --- a/postfix/mantools/man2html +++ b/postfix/mantools/man2html @@ -1,6 +1,6 @@ #!/bin/sh -# Crude script to convert formatted manual pages to HTML +# Crude script to convert formatted manpages to HTML. Requires GROFF_NO_SGR. while : do @@ -31,7 +31,8 @@ sed ' s/>/\>/g s;_\([^_]\);\1;g s;.\(.\);\1;g - # Why change nroff to hard-coded ANSI escape sequences? + + # Begin incomplete workarounds for grotty SGR escape sequences. #/'$ESC'\[0m$/{ # /'$ESC'\[1m[^'$ESC']*'$ESC'\[0m$/{ # # Here, ESC[0m means end-of-bold. @@ -48,9 +49,19 @@ sed ' #s;'$ESC'\[24m;;g # Undo gratuitous whitespace changes. #s;\( *\)\(\);\2\1;g - # End nroff ANSI escape sequence workarounds. + # End workarounds for grotty SGR escape sequences. + s;\( *\);\1;g s;\( *\);\1;g -' "$@" | egrep -v 'postconf (readme|html)_direc|tory" *to *locate *this' + + # Skip the redundant readme/html_directory blurb. The + # document names that follow will be hyperlinked. + /^README FILES/{ + h + N + N + g + } +' "$@" echo ' ' diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index d7a87e106..5a50fe1f2 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -91,7 +91,7 @@ while (<>) { s;\baddress_verify_virtual_transport\b;$&;g; s;\balias_database\b;$&;g; s;\balias_maps\b;$&;g; - s;\ballow_mail_to_commands\b;$&;g; + s;\ballow_mail_to_com[-]*\n*[ ]*mands\b;$&;g; s;\ballow_mail_to_files\b;$&;g; s;\ballow_min_user\b;$&;g; s;\ballow_percent_hack\b;$&;g; @@ -114,19 +114,19 @@ while (<>) { s;\bbounce_queue_lifetime\b;$&;g; s;\bbounce_service_name\b;$&;g; s;\bbounce_size_limit\b;$&;g; - s;\bbounce_template_file\b;$&;g; + s;\bbounce_tem[-]*\n* *[]*plate_file\b;$&;g; s;\bbroken_sasl_auth_clients\b;$&;g; s;\bcanonical_classes\b;$&;g; s;\bcanonical_maps\b;$&;g; s;\bnon_smtpd_milters\b;$&;g; s;\bcleanup_service_name\b;$&;g; s;\bcommand_execu[-]*\n* *[]*tion_direc[-]*\n* *[]*tory\b;$&;g; - s;\bexecu[-]*\n* *[]*tion_directory_expansion_filter\b;$&;g; + s;\bexecu[-]*\n* *[]*tion_direc[-]*\n* *[]*tory_expansion_filter\b;$&;g; s;\banvil_status_update_time\b;$&;g; s;\bcommand_direc[-]*\n* *[]*tory\b;$&;g; s;\bcommand_expan[-]*\n* *[]*sion_filter\b;$&;g; s;\bcommand_time_limit\b;$&;g; - s;\bconfig_direc[-]*\n*[ ]*tory\b;$&;g; + s;\bcon[-]*\n*[ ]*fig_direc[-]*\n*[ ]*tory\b;$&;g; s;\bcon[-]*\n*[ ]*tent_filter\b;$&;g; s;\bdata_direc[-]*\n*[ ]*tory\b;$&;g; s;\bdae[-]*\n*[ ]*mon_direc[-]*\n*[ ]*tory\b;$&;g; @@ -138,7 +138,7 @@ while (<>) { s;\bdefault_deliv[-]*\n* *[]*ery_slot_discount\b;$&;g; s;\bdefault_deliv[-]*\n* *[]*ery_slot_loan\b;$&;g; s;\bdefault_destina[-]*\n* *[]*tion_concur[-]*\n* *[]*rency_limit\b;$&;g; - s;\bdefault_destina[-]*\n* *[]*tion_recip[-]*\n* *[]*ient_limit\b;$&;g; + s;\bdefault_destina[-]*\n* *[]*tion_recip[-]*\n* *[]*i[-]*\n* *[]*ent_limit\b;$&;g; s;\bdefault_extra_recipi[-]*\n* *[]*ent_limit\b;$&;g; s;\bdefault_minimum_deliv[-]*\n* *[]*ery_slots\b;$&;g; s;\bdefault_privs\b;$&;g; @@ -150,7 +150,7 @@ while (<>) { s;\bdefault_transport\b;$&;g; s;\bsender[-]*\n* *[]*_de[-]*\n* *[]*pen[-]*\n* *[]*dent_de[-]*\n* *[]*fault[-]*\n* *[]*_trans[-]*\n* *[]*port[-]*\n* *[]*_maps\b;$&;g; s;\bempty_address_default_transport_maps_lookup_key\b;$&;g; - s;\bdefault_verp_delimiters\b;$&;g; + s;\bdefault_verp_delim[-]*\n* *[]*iters\b;$&;g; s;\bdefer_code\b;$&;g; s;\bdefer_service_name\b;$&;g; s;\bdefer_transports\b;$&;g; @@ -202,7 +202,7 @@ while (<>) { s;\bin_flow_delay\b;$&;g; s;\binet_inter[-]*\n*[ ]*faces\b;$&;g; s;\binet_protocols\b;$&;g; - s;\binitial_desti[-]*\n*[ ]*nation_concurrency\b;$&;g; + s;\binitial_desti[-]*\n*[ ]*nation_concur[-]*\n*[ ]*rency\b;$&;g; s;\binvalid_hostname_reject_code\b;$&;g; s;\bipc_idle\b;$&;g; s;\bipc_timeout\b;$&;g; @@ -306,12 +306,12 @@ while (<>) { s;\blmtp_tcp_port\b;$&;g; s;\blmtp_xforward_timeout\b;$&;g; s;\blocal_command_shell\b;$&;g; - s;\blocal_destination_concurrency_limit\b;$&;g; - s;\blocal_destination_recip[-]*\n* *[]*ient_limit\b;$&;g; + s;\blocal_destina[-]*\n* *[]*tion_concurrency_limit\b;$&;g; + s;\blocal_destina[-]*\n* *[]*tion_recip[-]*\n* *[]*ient_limit\b;$&;g; s;\blocal_recip[-]*\n* *[]*ient_maps\b;$&;g; s;\blocal_transport\b;$&;g; s;\bluser_relay\b;$&;g; - s;\blocal_header_rewrite_clients\b;$&;g; + s;\blocal_header_re[-]*\n* *[]*write_clients\b;$&;g; s;\bmail_name\b;$&;g; s;\bmail_owner\b;$&;g; s;\bmail_release_date\b;$&;g; @@ -327,9 +327,9 @@ while (<>) { s;\bmanpage_directory\b;$&;g; s;\bmaps_rbl_domains\b;$&;g; s;\bmaps_rbl_reject_code\b;$&;g; - s;\bmasquerade_classes\b;$&;g; - s;\bmasquerade_domains\b;$&;g; - s;\bmasquerade_exceptions\b;$&;g; + s;\bmasquer[-]*\n* *[]*ade_classes\b;$&;g; + s;\bmasquer[-]*\n* *[]*ade_domains\b;$&;g; + s;\bmasquer[-]*\n* *[]*ade_exceptions\b;$&;g; s;\bmaster_service_disable\b;$&;g; s;\bmax_idle\b;$&;g; s;\bmax_use\b;$&;g; @@ -358,9 +358,9 @@ while (<>) { s;\bpermit_mx_backup_networks\b;$&;g; s;\bpickup_service_name\b;$&;g; s;\bplaintext_reject_code\b;$&;g; - s;\bpostmulti_start_commands\b;$&;g; - s;\bpostmulti_stop_commands\b;$&;g; - s;\bpostmulti_con[-]*\n* *[]*trol_commands\b;$&;g; + s;\bpost[-]*\n* *[]*multi_start_commands\b;$&;g; + s;\bpost[-]*\n* *[]*multi_stop_commands\b;$&;g; + s;\bpost[-]*\n* *[]*multi_con[-]*\n* *[]*trol_com[-]*\n* *[]*mands\b;$&;g; s;\bprepend_delivered_header\b;$&;g; s;\bprocess_id\b;$&;g; s;\bprocess_id_directory\b;$&;g; @@ -381,9 +381,9 @@ while (<>) { s;\bqmgr_ipc_timeout\b;$&;g; s;\bqmqpd_authorized_clients\b;$&;g; - s;\bdefault_destination_concur[-]*\n* *[]*rency_negative_feedback\b;$&;g; - s;\bdefault_destination_concur[-]*\n* *[]*rency_positive_feedback\b;$&;g; - s;\bdefault_destination_con[-]*\n* *[]*currency_failed_cohort_limit\b;$&;g; + s;\bdefault_desti[-]*\n* *[]*na[-]*\n* *[]*tion_concur[-]*\n* *[]*rency_negative_feedback\b;$&;g; + s;\bdefault_desti[-]*\n* *[]*na[-]*\n* *[]*tion_concur[-]*\n* *[]*rency_positive_feedback\b;$&;g; + s;\bdefault_desti[-]*\n* *[]*na[-]*\n* *[]*tion_con[-]*\n* *[]*currency_failed_cohort_limit\b;$&;g; s;\bdestination_concurrency_feedback_debug\b;$&;g; s;\bdefault_destina[-]*\n* *[]*tion_rate_delay\b;$&;g; @@ -398,15 +398,15 @@ while (<>) { s;\brbl_reply_maps\b;$&;g; s;\breadme_directory\b;$&;g; s;\breceive_override_options\b;$&;g; - s;\bremote_header_rewrite_domain\b;$&;g; + s;\bremote_header_re[-]*\n* *[]*write_domain\b;$&;g; s;\bno_unknown_recip[-]*\n* *[]*ient_checks\b;$&;g; s;\bno_address_mappings\b;$&;g; s;\bno_header_body_checks\b;$&;g; s;\bno_milters\b;$&;g; - s;\brecip[-]*\n* *[]*ient_bcc_maps\b;$&;g; - s;\brecip[-]*\n* *[]*ient_canoni[-]*\n* *[]*cal_classes\b;$&;g; - s;\brecip[-]*\n* *[]*ient_canoni[-]*\n* *[]*cal_maps\b;$&;g; - s;\brecip[-]*\n* *[]*ient_delim[-]*\n* *[]*iter\b;$&<\/a>;g; + s;\brecip[-]*\n* *[]*i[-]*\n* *[]*ent_bcc_maps\b;$&;g; + s;\brecip[-]*\n* *[]*i[-]*\n* *[]*ent_canoni[-]*\n* *[]*cal_classes\b;$&;g; + s;\brecip[-]*\n* *[]*i[-]*\n* *[]*ent_canoni[-]*\n* *[]*cal_maps\b;$&;g; + s;\brecip[-]*\n* *[]*i[-]*\n* *[]*ent_delim[-]*\n* *[]*iter\b;$&<\/a>;g; s;\breject_code\b;$&;g; s;\breject_temp[-]*\n* *[]*fail_action\b;$&;g; s;\brelay_clientcerts\b;$&;g; @@ -425,7 +425,7 @@ while (<>) { s;\bsender_bcc_maps\b;$&;g; s;\bsender_canonical_classes\b;$&;g; s;\bsender_canonical_maps\b;$&;g; - s;\bsender_de[-]*\n* *[]*pendent_relay[-]*\n*[ ]*host_maps\b;$&;g; + s;\bsender_de[-]*\n* *[]*pen[-]*\n* *[]*dent_relay[-]*\n*[ ]*host_maps\b;$&;g; s;\bempty_address_relayhost_maps_lookup_key\b;$&;g; s;\bsendmail_path\b;$&;g; s;\bsendmail_fix_line_endings\b;$&;g; @@ -506,9 +506,9 @@ while (<>) { s;\bsmtpd_autho[-]*\n*[ ]*rized_xclient_hosts\b;$&;g; s;\bsmtpd_autho[-]*\n*[ ]*rized_xforward_hosts\b;$&;g; s;\bsmtpd_ban[-]*\n*[ ]*ner\b;$&;g; - s;\bsmtpd_client_connection_count_limit\b;$&;g; + s;\bsmtpd_client_connec[-]*\n*[ ]*tion_count_limit\b;$&;g; s;\bsmtpd_client_event_limit_exceptions\b;$&;g; - s;\bsmtpd_client_connection_rate_limit\b;$&;g; + s;\bsmtpd_client_connec[-]*\n*[ ]*tion_rate_limit\b;$&;g; s;\bsmtpd_client_message_rate_limit\b;$&;g; s;\bsmtpd_client_port_logging\b;$&;g; s;\bsmtpd_client_recipient_rate_limit\b;$&;g; @@ -643,7 +643,7 @@ while (<>) { s;\bsmtp_tls_secure_cert_match\b;$&;g; s;\bsmtp_tls_trust_anchor_file\b;$&;g; s;\bsmtp_tls_scert_verifydepth\b;$&;g; - s;\bsmtp_tls_security_level\b;$&;g; + s;\bsmtp_tls_secu[-]*\n* *[]*rity_level\b;$&;g; s;\bsmtp_tls_session_cache_database\b;$&;g; s;\bsmtp_tls_session_cache_timeout\b;$&;g; s;\bsmtp_tls_block_early_mail_reply\b;$&;g; @@ -660,7 +660,7 @@ while (<>) { s;\bsmtpd_enforce_tls\b;$&;g; s;\bsmtpd_sasl_tls_security_options\b;$&;g; s;\bsmtpd_sasl_type\b;$&;g; - s;\bsmtpd_starttls_timeout\b;$&;g; + s;\bsmtpd_start[-]*\n* *[]*tls_timeout\b;$&;g; s;\bsmtpd_tls_CAfile\b;$&;g; s;\bsmtpd_tls_CApath\b;$&;g; s;\bsmtpd_tls_ask_ccert\b;$&;g; @@ -689,7 +689,7 @@ while (<>) { s;\bsmtpd_tls_req_ccert\b;$&;g; s;\bsmtpd_tls_ses[-]*\n*[ ]*sion_cache_database\b;$&;g; s;\bsmtpd_tls_ses[-]*\n*[ ]*sion_cache_timeout\b;$&;g; - s;\bsmtpd_tls_always_issue_session_ids\b;$&;g; + s;\bsmtpd_tls_always_issue_ses[-]*\n*[ ]*sion_ids\b;$&;g; s;\bsmtpd_tls_wrappermode\b;$&;g; s;\bsmtpd_use_tls\b;$&;g; s;\bsmtpd_reject_footer\b;$&;g; @@ -757,7 +757,7 @@ while (<>) { s/[]*cleanup[<\/bB>]*\(8\)/$&<\/a>/g; s/[]*defer[<\/bB>]*\(8\)/$&<\/a>/g; s/[]*dis[-<\/bB>]*\n* *[]*card[<\/bB>]*\(8\)/$&<\/a>/g; - s/[]*dnsblog[<\/bB>]*\(8\)/$&<\/a>/g; + s/[]*dns[-<\/Bb>]*\n* *[]*blog[<\/bB>]*\(8\)/$&<\/a>/g; s/[]*error[<\/bB>]*\(8\)/$&<\/a>/g; s/[]*flush[<\/bB>]*\(8\)/$&<\/a>/g; s/[]*lmtp[<\/bB>]*\(8\)/$&<\/a>/g; @@ -791,7 +791,7 @@ while (<>) { s/[]*postmap[<\/bB>]*\(1\)/$&<\/a>/g; s/[]*postmulti[<\/bB>]*\(1\)/$&<\/a>/g; s/[]*postqueue[<\/bB>]*\(1\)/$&<\/a>/g; - s/[]*postsuper[<\/bB>]*\(1\)/$&<\/a>/g; + s/[]*post[-<\/bB>]*\n*[ ]*super[<\/bB>]*\(1\)/$&<\/a>/g; s/[]*post[-<\/bB>]*\n*[ ]*tls-finger[<\/bB>]*\(1\)/$&<\/a>/g; s/[]*send[-<\/bB>]*\n*[ ]*mail[<\/bB>]*\(1\)/$&<\/a>/g; s/[]*smtp-[<\/bB>]*\n* *[]*source[<\/bB>]*\(1\)/$&<\/a>/g; @@ -812,7 +812,7 @@ while (<>) { s/[]*nisplus[<\/bBiI>]*_[<\/iIbB>]*ta[-<\/bB>]*\n*[ ]*ble[<\/bB>]*\(5\)/$&<\/a>/g; s/[]*pcre[<\/bBiI>]*_[<\/iIbB>]*ta[-<\/bB>]*\n*[ ]*ble[<\/bB>]*\(5\)/$&<\/a>/g; s/[]*pgsql[<\/bBiI>]*_[<\/iIbB>]*ta[-<\/bB>]*\n*[ ]*ble[<\/bB>]*\(5\)/$&<\/a>/g; - s/[]*postconf[<\/bB>]*\(5\)/$&<\/a>/g; + s/[]*post[-<\/Bb>]*\n* *[]*conf[<\/bB>]*\(5\)/$&<\/a>/g; s/[]*postfix-wrapper[<\/bB>]*\(5\)/$&<\/a>/g; s/[]*prox[-<\/bB>]*\n*[ ]*ymap[<\/bB>]*\(8\)/$&<\/a>/g; s/[]*reg[-<\/bB>]*\n*[ ]*exp[<\/bBiI>]*_[<\/iIbB>]*ta[-<\/bB>]*\n*[ ]*ble[<\/bB>]*\(5\)/$&<\/a>/g; @@ -852,7 +852,7 @@ while (<>) { s;\bcheck_policy_service\b;$&;g; s;\bdefer_if_permit\b;$&;g; s;\bdefer_if_reject\b;$&;g; - s;\breject_multi_recip[-]*\n* *[]*ient_bounce\b;$&;g; + s;\breject_multi_recip[-]*\n* *[]*i[-]*\n* *[]*ent_bounce\b;$&;g; s;\breject_plaintext_session\b;$&;g; s;\breject_unauth_pipelining\b;$&;g; s;\bwarn_if_reject\b;$&;g; @@ -892,7 +892,7 @@ while (<>) { s;\breject_non_fqdn_helo_hostname\b;$&;g; s;\breject_non_fqdn_hostname\b;$&;g; s;\breject_rhsbl_helo\b;$&;g; - s;\breject_unknown_helo_hostname\b;$&;g; + s;\breject_unknown_helo_host[-]*\n* *[]*name\b;$&;g; s;\breject_unknown_hostname\b;$&;g; # Access restrictions - sender @@ -923,7 +923,7 @@ while (<>) { s;\bdefer_unauth_destination\b;$&;g; s;\breject_unknown_recipi[-]*\n*[ ]*ent_domain\b;$&;g; s;\breject_unlisted_recip[-]*\n* *[]*ient\b;$&;g; - s;\breject_unver[-]*\n*[ ]*ified_recip[-]*\n* *[]*ient\b;$&;g; + s;\breject_unver[-]*\n*[ ]*ified_recip[-]*\n* *[]*i[-]*\n* *[]*ent\b;$&;g; # Access restrictions - etrn @@ -950,7 +950,7 @@ while (<>) { # Multi-instance support s;\bmulti_instance_directo[-]*\n*[ ]*ries\b;$&;g; - s;\bmulti_instance_wrapper\b;$&;g; + s;\bmulti_instance_wrap[-]*\n* *[]*per\b;$&;g; s;\bmulti_instance_group\b;$&;g; s;\bmulti_instance_name\b;$&;g; s;\bmulti_instance_enable\b;$&;g; @@ -981,7 +981,7 @@ while (<>) { s;\bpostscreen_dnsbl_whitelist_thresh[-]*\n* *[]*old\b;$&;g; s;\bpostscreen_dnsbl_action\b;$&;g; s;\bpostscreen_dnsbl_ttl\b;$&;g; - s;\bpostscreen_for[-]*\n*[ ]*bidden_commands\b;$&;g; + s;\bpostscreen_for[-]*\n*[ ]*bid[-]*\n* *[]*den_commands\b;$&;g; s;\bpostscreen_helo_required\b;$&;g; s;\bpostscreen_non_smtp_command_enable\b;$&;g; s;\bpostscreen_non_smtp_command_action\b;$&;g; diff --git a/postfix/proto/FORWARD_SECRECY_README.html b/postfix/proto/FORWARD_SECRECY_README.html index 9fdf607f5..de0a0155c 100644 --- a/postfix/proto/FORWARD_SECRECY_README.html +++ b/postfix/proto/FORWARD_SECRECY_README.html @@ -55,6 +55,13 @@ all past traffic is generally infeasible, and even recovery of individual sessions may be infeasible given a sufficiently-strong key agreement method.

+

Forward secrecy protects network communication in the absence +of active attacks, i.e. no forged DNS replies, and no forged TLS +server certificates. If active attacks are a concern, then you will +need to authenticate the remote SMTP server in a secure manner. +For example, by the fingerprint of the public key or certificate. +Conventional PKI relies on too many trusted parties.

+

Topics covered in this document:

@@ -271,12 +280,12 @@ sent to all SMTP clients in the clear. Mode 0644 is fine. 

- main.cf:
-   # Postfix ≥ 2.6
-   smtpd_tls_eecdh_grade = strong
-   # All versions of Postfix:
-   smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
-   smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem
+/etc/postfix/main.cf:
+    # Postfix ≥ 2.6
+    smtpd_tls_eecdh_grade = strong
+    # All versions of Postfix:
+    smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
+    smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem
@@ -285,14 +294,76 @@ need to adjust the submission entry in master.cf accordingly: 

-master.cf:
-  submission inet n       -       n       -       -       smtpd
-    # Some submission clients may not yet do 2048-bit EDH, if such
-    # clients use your MSA, configure 1024-bit EDH instead:
-    -o smtpd_tls_dh1024_param_file=${config_directory}/dh1024.pem
-    -o smtpd_tls_security_level=encrypt
-    -o smtpd_sasl_auth_enable=yes
-    ...
+/etc/postfix/master.cf:
+    submission inet n       -       n       -       -       smtpd
+	# Some submission clients may not yet do 2048-bit EDH, if such
+	# clients use your MSA, configure 1024-bit EDH instead:
+	-o smtpd_tls_dh1024_param_file=${config_directory}/dh1024.pem
+	-o smtpd_tls_security_level=encrypt
+	-o smtpd_sasl_auth_enable=yes
+	...
+
+
+ +

How do I know that it works?

+ +

Postfix reports TLS connection information in several ways:

+ +
    + +

  • With "smtp_tls_loglevel = 1" and "smtpd_tls_loglevel = 1", +the Postfix SMTP client and server will log information about, among +others, the remote peer certificate or public-key verification +status, the negotiated cipher, and key lengths. The general logfile +format is:

    + +
    +
    +postfix/smtp[xxx]: Trusted TLS connection established to host.example.com[192.168.0.2]:25: TLSv1 with cipher XXX (YYY/ZZZ bits)
+
+postfix/smtpd[xxx]: Untrusted TLS connection established from host.example.com[192.168.0.2]: TLSv1 with cipher XXX (YYY/ZZZ bits)
+
    +
    + +

  • With "smtpd_tls_received_header = yes", the Postfix SMTP +server will record similar information in the Received: header in +the form of comments (text inside parentheses). The general format +is:

    + +
    +
    +Received: from host.example.com (host.example.com [192.168.0.2])
+        (using TLSv1 with cipher XXX (YYY/ZZZ bits))
+        (Client CN "host.example.com", Issuer "Wietse Venema" (not verified))
+
    +
    + +
+ +

There are dozens of ciphers that support forward secrecy. What +follows is the beginning of a list of 51 ciphers available with +OpenSSL 1.0.1e:

+ +
+
+$ openssl ciphers -v \
+        'aNULL:-aNULL:kEECDH:kEDH:+RC4:!eNULL:!EXPORT:!LOW:@STRENGTH' | 
+    awk '{printf "%-32s %s\n", $1, $3}'
+AECDH-AES256-SHA                 Kx=ECDH
+ECDHE-RSA-AES256-GCM-SHA384      Kx=ECDH
+ECDHE-ECDSA-AES256-GCM-SHA384    Kx=ECDH
+ECDHE-RSA-AES256-SHA384          Kx=ECDH
+ECDHE-ECDSA-AES256-SHA384        Kx=ECDH
+ECDHE-RSA-AES256-SHA             Kx=ECDH
+ECDHE-ECDSA-AES256-SHA           Kx=ECDH
+ADH-AES256-GCM-SHA384            Kx=DH
+ADH-AES256-SHA256                Kx=DH
+ADH-AES256-SHA                   Kx=DH
+ADH-CAMELLIA256-SHA              Kx=DH
+DHE-DSS-AES256-GCM-SHA384        Kx=DH
+DHE-RSA-AES256-GCM-SHA384        Kx=DH
+DHE-RSA-AES256-SHA256            Kx=DH
+...
diff --git a/postfix/proto/stop b/postfix/proto/stop index dde1a5227..7c9860793 100644 --- a/postfix/proto/stop +++ b/postfix/proto/stop @@ -1269,3 +1269,16 @@ XP cron dhparam inadvisably +ADH +AECDH +CN +DSS +ECDHE +GCM +Jnicke's +Kx +PKI +XXX +YYY +ZZZ +kEECDH diff --git a/postfix/src/global/dict_ldap.c b/postfix/src/global/dict_ldap.c index 6ce691588..ba603a604 100644 --- a/postfix/src/global/dict_ldap.c +++ b/postfix/src/global/dict_ldap.c @@ -152,7 +152,7 @@ /* Wietse Venema /* IBM T.J. Watson Research /* P.O. Box 704 -/* Yorktown Heights, NY 10532, USA +/* Yorktown Heights, NY 10598, USA /* /* John Hensley /* john@sunislelodge.com diff --git a/postfix/src/global/dict_ldap.h b/postfix/src/global/dict_ldap.h index 902896351..465766f04 100644 --- a/postfix/src/global/dict_ldap.h +++ b/postfix/src/global/dict_ldap.h @@ -27,7 +27,7 @@ extern DICT *dict_ldap_open(const char *, int, int); /* Wietse Venema /* IBM T.J. Watson Research /* P.O. Box 704 -/* Yorktown Heights, NY 10532, USA +/* Yorktown Heights, NY 10598, USA /*--*/ #endif diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index d0810b98f..730615784 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20131220" +#define MAIL_RELEASE_DATE "20131221" #define MAIL_VERSION_NUMBER "2.11" #ifdef SNAPSHOT diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c index 60cd52ccb..df8ab4d45 100644 --- a/postfix/src/postconf/postconf.c +++ b/postfix/src/postconf/postconf.c @@ -7,63 +7,63 @@ /* .fi /* \fBManaging main.cf:\fR /* -/* \fBpostconf\fR [\fB-dfhnopvx\fR] [\fB-c \fIconf_dir\fR] +/* \fBpostconf\fR [\fB-dfhnopvx\fR] [\fB-c \fIconfig_dir\fR] /* [\fB-C \fIclass,...\fR] [\fIparameter ...\fR] /* -/* \fBpostconf\fR [\fB-epv\fR] [\fB-c \fIconf_dir\fR] +/* \fBpostconf\fR [\fB-epv\fR] [\fB-c \fIconfig_dir\fR] /* \fIparameter\fB=\fIvalue ...\fR /* -/* \fBpostconf\fR \fB-#\fR [\fB-pv\fR] [\fB-c \fIconf_dir\fR] +/* \fBpostconf\fR \fB-#\fR [\fB-pv\fR] [\fB-c \fIconfig_dir\fR] /* \fIparameter ...\fR /* -/* \fBpostconf\fR \fB-X\fR [\fB-pv\fR] [\fB-c \fIconf_dir\fR] +/* \fBpostconf\fR \fB-X\fR [\fB-pv\fR] [\fB-c \fIconfig_dir\fR] /* \fIparameter ...\fR /* /* \fBManaging master.cf service entries:\fR /* -/* \fBpostconf\fR \fB-M\fR [\fB-fovx\fR] [\fB-c \fIconf_dir\fR] +/* \fBpostconf\fR \fB-M\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR] /* [\fIservice\fR[\fB/\fItype\fR]\fI ...\fR] /* -/* \fBpostconf\fR \fB-M\fR [\fB-ev\fR] [\fB-c \fIconf_dir\fR] +/* \fBpostconf\fR \fB-M\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR] /* \fIservice\fB/\fItype\fB=\fIvalue ...\fR /* -/* \fBpostconf\fR \fB-M#\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR] +/* \fBpostconf\fR \fB-M#\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] /* \fIservice\fB/\fItype ...\fR /* -/* \fBpostconf\fR \fB-MX\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR] +/* \fBpostconf\fR \fB-MX\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] /* \fIservice\fB/\fItype ...\fR /* /* \fBManaging master.cf service fields:\fR /* -/* \fBpostconf\fR \fB-F\fR [\fB-fovx\fR] [\fB-c \fIconf_dir\fR] +/* \fBpostconf\fR \fB-F\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR] /* [\fIservice\fR[\fB/\fItype\fR[\fB/\fIfield\fR]]\fI ...\fR] /* -/* \fBpostconf\fR \fB-F\fR [\fB-ev\fR] [\fB-c \fIconf_dir\fR] +/* \fBpostconf\fR \fB-F\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR] /* \fIservice\fB/\fItype\fB/\fIfield\fB=\fIvalue ...\fR /* /* \fBManaging master.cf service parameters:\fR /* -/* \fBpostconf\fR \fB-P\fR [\fB-fovx\fR] [\fB-c \fIconf_dir\fR] +/* \fBpostconf\fR \fB-P\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR] /* [\fIservice\fR[\fB/\fItype\fR[\fB/\fIparameter\fR]]\fI ...\fR] /* -/* \fBpostconf\fR \fB-P\fR [\fB-ev\fR] [\fB-c \fIconf_dir\fR] +/* \fBpostconf\fR \fB-P\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR] /* \fIservice\fB/\fItype\fB/\fIparameter\fB=\fIvalue ...\fR /* -/* \fBpostconf\fR \fB-PX\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR] +/* \fBpostconf\fR \fB-PX\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] /* \fIservice\fB/\fItype\fB/\fIparameter ...\fR /* /* \fBManaging bounce message templates:\fR /* -/* \fBpostconf\fR \fB-b\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR] +/* \fBpostconf\fR \fB-b\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] /* [\fItemplate_file\fR] /* -/* \fBpostconf\fR \fB-t\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR] +/* \fBpostconf\fR \fB-t\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] /* [\fItemplate_file\fR] /* /* \fBManaging other configuration:\fR /* /* \fBpostconf\fR \fB-a\fR|\fB-A\fR|\fB-l\fR|\fB-m\fR [\fB-v\fR] -/* [\fB-c \fIconf_dir\fR] +/* [\fB-c \fIconfig_dir\fR] /* DESCRIPTION /* By default, the \fBpostconf\fR(1) command displays the /* values of \fBmain.cf\fR configuration parameters, and warns @@ -117,7 +117,7 @@ /* line (in shell language: ""). /* /* This feature is available with Postfix 2.3 and later. -/* .IP "\fB-c \fIconf_dir\fR" +/* .IP "\fB-c \fIconfig_dir\fR" /* The \fBmain.cf\fR configuration file is in the named directory /* instead of the default configuration directory. /* .IP "\fB-C \fIclass,...\fR" diff --git a/postfix/src/postmulti/postmulti.c b/postfix/src/postmulti/postmulti.c index fcf66008c..14cd1933f 100644 --- a/postfix/src/postmulti/postmulti.c +++ b/postfix/src/postmulti/postmulti.c @@ -360,8 +360,12 @@ /* postfix(1), Postfix control program /* postfix-wrapper(5), Postfix multi-instance API /* README FILES +/* .ad +/* .fi /* Use "\fBpostconf readme_directory\fR" or "\fBpostconf /* html_directory\fR" to locate this information. +/* .nf +/* .na /* MULTI_INSTANCE_README, Postfix multi-instance management /* HISTORY /* .ad diff --git a/postfix/src/tls/Makefile.in b/postfix/src/tls/Makefile.in index 3e452c10d..26e5d5a45 100644 --- a/postfix/src/tls/Makefile.in +++ b/postfix/src/tls/Makefile.in @@ -17,9 +17,9 @@ DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE) CFLAGS = $(DEBUG) $(OPT) $(DEFS) INCL = LIB = libtls.a -TESTPROG= tls_dh tls_mgr tls_rsa +TESTPROG= tls_dh tls_mgr tls_rsa tls_dane -LIBS = ../../lib/libglobal.a ../../lib/libutil.a +LIBS = ../../lib/libglobal.a ../../lib/libutil.a ../../lib/libdns.a LIB_DIR = ../../lib INC_DIR = ../../include MAKES = @@ -86,6 +86,11 @@ tls_rsa: $(LIB) $(LIBS) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS) mv junk $@.o +tls_dane: $(LIB) $(LIBS) + mv $@.o junk + $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS) + mv junk $@.o + depend: $(MAKES) (sed '1,/^# do not edit/!d' Makefile.in; \ set -e; for i in [a-z][a-z0-9]*.c; do \ diff --git a/postfix/src/tls/tls_dane.c b/postfix/src/tls/tls_dane.c index 527028213..9824828e4 100644 --- a/postfix/src/tls/tls_dane.c +++ b/postfix/src/tls/tls_dane.c @@ -1812,4 +1812,382 @@ void tls_dane_set_callback(SSL_CTX *ctx, TLS_SESS_STATE *TLScontext) SSL_CTX_set_cert_verify_callback(ctx, 0, 0); } +#ifdef TEST + +#include +#include + +#include +#include +#include + +/* Cut/paste from OpenSSL 1.0.1: ssl/ssl_cert.c */ + +static int ssl_verify_cert_chain(SSL *s, x509_stack_t *sk) +{ + X509 *x; + int i; + X509_STORE_CTX ctx; + + if ((sk == NULL) || (sk_X509_num(sk) == 0)) + return (0); + + x = sk_X509_value(sk, 0); + if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) { + SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB); + return (0); + } + X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s); + X509_STORE_CTX_set_default(&ctx, s->server ? "ssl_client" : "ssl_server"); + X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param); + + if (s->verify_callback) + X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); + + if (s->ctx->app_verify_callback != NULL) + i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); + else + i = X509_verify_cert(&ctx); + + s->verify_result = ctx.error; + X509_STORE_CTX_cleanup(&ctx); + + return (i); +} + +static void add_tlsa(TLS_DANE *dane, char *argv[]) +{ + char *digest; + X509 *cert = 0; + BIO *bp; + unsigned char *buf; + unsigned char *buf2; + int len; + uint8_t u = atoi(argv[1]); + uint8_t s = atoi(argv[2]); + const char *mdname = argv[3]; + EVP_PKEY *pkey; + + if ((bp = BIO_new_file(argv[4], "r")) == NULL) + msg_fatal("error opening %s: %m", argv[4]); + if (!PEM_read_bio_X509(bp, &cert, 0, 0)) { + tls_print_errors(); + msg_fatal("error loading certificate from %s: %m", argv[4]); + } + BIO_free(bp); + + /* + * Extract ASN.1 DER form of certificate or public key. + */ + switch (s) { + case DNS_TLSA_SELECTOR_FULL_CERTIFICATE: + len = i2d_X509(cert, NULL); + buf2 = buf = (unsigned char *) mymalloc(len); + i2d_X509(cert, &buf2); + if (!*mdname) + ta_cert_insert(dane, cert); + break; + case DNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO: + pkey = X509_get_pubkey(cert); + len = i2d_PUBKEY(pkey, NULL); + buf2 = buf = (unsigned char *) mymalloc(len); + i2d_PUBKEY(pkey, &buf2); + if (!*mdname) + ta_pkey_insert(dane, pkey); + EVP_PKEY_free(pkey); + break; + } + OPENSSL_assert(buf2 - buf == len); + + digest = tls_data_fprint((char *) buf, len, *mdname ? mdname : signalg); + dane_add(dane, u, s, *mdname ? mdname : signalg, digest); + myfree((char *) digest); + myfree((char *) buf); +} + +static x509_stack_t *load_chain(const char *chainfile) +{ + BIO *bp; + char *name = 0; + char *header = 0; + unsigned char *data = 0; + long len; + int count; + char *errtype = 0; /* if error: cert or pkey? */ + x509_stack_t *chain; + typedef X509 *(*d2i_X509_t) (X509 **, const unsigned char **, long); + + if ((chain = sk_X509_new_null()) == 0) { + perror("malloc"); + exit(1); + } + + /* + * On each call, PEM_read() wraps a stdio file in a BIO_NOCLOSE bio, + * calls PEM_read_bio() and then frees the bio. It is just as easy to + * open a BIO as a stdio file, so we use BIOs and call PEM_read_bio() + * directly. + */ + if ((bp = BIO_new_file(chainfile, "r")) == NULL) { + fprintf(stderr, "error opening chainfile: %s: %m\n", chainfile); + exit(1); + } + /* Don't report old news */ + ERR_clear_error(); + + for (count = 0; + errtype == 0 && PEM_read_bio(bp, &name, &header, &data, &len); + ++count) { + const unsigned char *p = data; + + if (strcmp(name, PEM_STRING_X509) == 0 + || strcmp(name, PEM_STRING_X509_TRUSTED) == 0 + || strcmp(name, PEM_STRING_X509_OLD) == 0) { + d2i_X509_t d; + X509 *cert; + + d = strcmp(name, PEM_STRING_X509_TRUSTED) ? d2i_X509_AUX : d2i_X509; + if ((cert = d(0, &p, len)) == 0 || (p - data) != len) + errtype = "certificate"; + else if (sk_X509_push(chain, cert) == 0) { + perror("malloc"); + exit(1); + } + } else { + fprintf(stderr, "unexpected chain file object: %s\n", name); + exit(1); + } + + /* + * If any of these were null, PEM_read() would have failed. + */ + OPENSSL_free(name); + OPENSSL_free(header); + OPENSSL_free(data); + } + BIO_free(bp); + + if (errtype) { + tls_print_errors(); + fprintf(stderr, "error reading: %s: malformed %s", chainfile, errtype); + exit(1); + } + if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) { + /* Reached end of PEM file */ + ERR_clear_error(); + if (count > 0) + return chain; + fprintf(stderr, "no certificates found in: %s\n", chainfile); + exit(1); + } + /* Some other PEM read error */ + tls_print_errors(); + fprintf(stderr, "error reading: %s\n", chainfile); + exit(1); +} + +static void usage(const char *progname) +{ + fprintf(stderr, "Usage: %s certificate-usage selector matching-type" + " certfile \\\n\t\tCAfile chainfile hostname [certname ...]\n", + progname); + fprintf(stderr, " where, certificate-usage = TLSA certificate usage,\n"); + fprintf(stderr, "\t selector = TLSA selector,\n"); + fprintf(stderr, "\t matching-type = empty string or OpenSSL digest algorithm name,\n"); + fprintf(stderr, "\t PEM certfile provides certificate association data,\n"); + fprintf(stderr, "\t PEM CAfile contains any usage 0/1 trusted roots,\n"); + fprintf(stderr, "\t PEM chainfile = server chain file to verify\n"); + fprintf(stderr, "\t hostname = destination hostname,\n"); + fprintf(stderr, "\t each certname augments the hostname for name checks.\n"); + exit(1); +} + +/* match_servername - match servername against pattern */ + +static int match_servername(const char *certid, ARGV *margv) +{ + const char *domain; + const char *parent; + int match_subdomain; + int i; + int idlen; + int domlen; + + /* + * Match the certid against each pattern until we find a match. + */ + for (i = 0; i < margv->argc; ++i) { + match_subdomain = 0; + domain = margv->argv[i]; + if (*domain == '.' && domain[1] != '\0') { + ++domain; + match_subdomain = 1; + } + + /* + * Sub-domain match: certid is any sub-domain of hostname. + */ + if (match_subdomain) { + if ((idlen = strlen(certid)) > (domlen = strlen(domain)) + 1 + && certid[idlen - domlen - 1] == '.' + && !strcasecmp(certid + (idlen - domlen), domain)) + return (1); + else + continue; + } + + /* + * Exact match and initial "*" match. The initial "*" in a certid + * matches one (if var_tls_multi_label is false) or more hostname + * components under the condition that the certid contains multiple + * hostname components. + */ + if (!strcasecmp(certid, domain) + || (certid[0] == '*' && certid[1] == '.' && certid[2] != 0 + && (parent = strchr(domain, '.')) != 0 + && (idlen = strlen(certid + 1)) <= (domlen = strlen(parent)) + && strcasecmp(var_tls_multi_wildcard == 0 ? parent : + parent + domlen - idlen, + certid + 1) == 0)) + return (1); + } + return (0); +} + +static void check_name(TLS_SESS_STATE *tctx, X509 *cert, ARGV *margs) +{ + char *cn; + int matched = 0; + general_name_stack_t *gens; + + if (SSL_get_verify_result(tctx->con) != X509_V_OK) + return; + + tctx->peer_status |= TLS_CERT_FLAG_TRUSTED; + + gens = X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0); + if (gens) { + int has_dnsname = 0; + int num_gens = sk_GENERAL_NAME_num(gens); + int i; + + for (i = 0; !matched && i < num_gens; ++i) { + const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i); + const char *dnsname; + + if (gn->type != GEN_DNS) + continue; + has_dnsname = 1; + tctx->peer_status |= TLS_CERT_FLAG_ALTNAME; + dnsname = tls_dns_name(gn, tctx); + if (dnsname && *dnsname + && (matched = match_servername(dnsname, margs)) != 0) + tctx->peer_status |= TLS_CERT_FLAG_MATCHED; + } + sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); + if (has_dnsname) + return; + } + cn = tls_peer_CN(cert, tctx); + if (match_servername(cn, margs)) + tctx->peer_status |= TLS_CERT_FLAG_MATCHED; + myfree(cn); +} + +static void check_print(TLS_SESS_STATE *tctx, X509 *cert) +{ + if (TLS_DANE_HASEE(tctx->dane) + && tls_dane_match(tctx, TLS_DANE_EE, cert, 0)) + tctx->peer_status |= TLS_CERT_FLAG_TRUSTED | TLS_CERT_FLAG_MATCHED; +} + +static void check_peer(TLS_SESS_STATE *tctx, X509 *cert, int argc, char **argv) +{ + ARGV match; + + tctx->peer_status |= TLS_CERT_FLAG_PRESENT; + check_print(tctx, cert); + if (!TLS_CERT_IS_MATCHED(tctx)) { + match.argc = argc; + match.argv = argv; + check_name(tctx, cert, &match); + } +} + +static SSL_CTX *ctx_init(const char *CAfile) +{ + SSL_CTX *client_ctx; + + tls_param_init(); + tls_check_version(); + + SSL_load_error_strings(); + SSL_library_init(); + + if (!tls_validate_digest(LN_sha1)) + msg_fatal("%s digest algorithm not available", LN_sha1); + + if (TLScontext_index < 0) + if ((TLScontext_index = SSL_get_ex_new_index(0, 0, 0, 0, 0)) < 0) + msg_fatal("Cannot allocate SSL application data index"); + + ERR_clear_error(); + if ((client_ctx = SSL_CTX_new(SSLv23_client_method())) == 0) + msg_fatal("cannot allocate client SSL_CTX"); + SSL_CTX_set_verify_depth(client_ctx, 5); + + if (tls_set_ca_certificate_info(client_ctx, CAfile, "") < 0) { + tls_print_errors(); + msg_fatal("cannot load CAfile: %s", CAfile); + } + SSL_CTX_set_verify(client_ctx, SSL_VERIFY_NONE, + tls_verify_certificate_callback); + return (client_ctx); +} + +int main(int argc, char *argv[]) +{ + SSL_CTX *ssl_ctx; + TLS_SESS_STATE *tctx; + x509_stack_t *chain; + + var_procname = mystrdup(basename(argv[0])); + set_mail_conf_str(VAR_PROCNAME, var_procname); + msg_vstream_init(var_procname, VSTREAM_OUT); + + if (argc < 8) + usage(argv[0]); + + ssl_ctx = ctx_init(argv[5]); + if (!tls_dane_avail()) + msg_fatal("DANE TLSA support not available"); + + tctx = tls_alloc_sess_context(TLS_LOG_NONE, argv[7]); + tctx->namaddr = argv[7]; + tctx->mdalg = LN_sha1; + tctx->dane = tls_dane_alloc(); + + if ((tctx->con = SSL_new(ssl_ctx)) == 0 + || !SSL_set_ex_data(tctx->con, TLScontext_index, tctx)) { + tls_print_errors(); + msg_fatal("Error allocating SSL connection"); + } + SSL_set_connect_state(tctx->con); + add_tlsa((TLS_DANE *) tctx->dane, argv); + tls_dane_set_callback(ssl_ctx, tctx); + + /* Verify saved server chain */ + chain = load_chain(argv[6]); + ssl_verify_cert_chain(tctx->con, chain); + check_peer(tctx, sk_X509_value(chain, 0), argc - 7, argv + 7); + tls_print_errors(); + + msg_info("%s %s", TLS_CERT_IS_MATCHED(tctx) ? "Verified" : + TLS_CERT_IS_TRUSTED(tctx) ? "Trusted" : "Untrusted", argv[7]); + + return (TLS_CERT_IS_MATCHED(tctx) ? 0 : 1); +} + +#endif /* TEST */ + #endif /* USE_TLS */ diff --git a/postfix/src/tls/tls_dane.sh b/postfix/src/tls/tls_dane.sh new file mode 100644 index 000000000..7afc4a1de --- /dev/null +++ b/postfix/src/tls/tls_dane.sh @@ -0,0 +1,211 @@ +#! /bin/bash + +set -e + +DOMAIN=example.com +HOST=mail.${DOMAIN} +TEST=./tls_dane + +key() { + local key=$1; shift + + if [ ! -f "${key}.pem" ]; then + openssl genpkey 2>/dev/null \ + -paramfile <(openssl ecparam -name prime256v1) \ + -out "${key}.pem" + fi +} + +req() { + local cn=$1; shift + + openssl req -new -sha256 -key "${key}.pem" 2>/dev/null \ + -config <(printf "[req]\n%s\n%s\n[dn]\nCN=%s\n" \ + "prompt = no" "distinguished_name = dn" "${cn}") +} + +req_nocn() { + openssl req -new -sha256 -subj / -key "${key}.pem" 2>/dev/null \ + -config <(printf "[req]\n%s\n[dn]\nCN_default =\n" \ + "distinguished_name = dn") +} + +cert() { + local cert=$1; shift + local exts=$1; shift + + openssl x509 -req -sha256 -out "${cert}.pem" 2>/dev/null \ + -extfile <(printf "%s\n" "$exts") "$@" +} + +genroot() { + local cn=$1; shift + local key=$1; shift + local cert=$1; shift + local skid=$1; shift + local akid=$1; shift + + exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = CA:true") + key "$key" + req "$cn" | + cert "$cert" "$exts" -signkey "${key}.pem" -set_serial 1 -days 30 +} + +genca() { + local cn=$1; shift + local key=$1; shift + local cert=$1; shift + local skid=$1; shift + local akid=$1; shift + local ca=$1; shift + local cakey=$1; shift + + exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = CA:true") + key "$key" + req "$cn" | + cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ + -set_serial 2 -days 30 "$@" +} + +genee() { + local cn=$1; shift + local key=$1; shift + local cert=$1; shift + local ca=$1; shift + local cakey=$1; shift + + exts=$(printf "%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \ + "subjectKeyIdentifier = hash" \ + "authorityKeyIdentifier = keyid, issuer" \ + "basicConstraints = CA:false" \ + "extendedKeyUsage = serverAuth" \ + "subjectAltName = @alts" "DNS=${cn}") + key "$key" + req "$cn" | + cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ + -set_serial 2 -days 30 "$@" +} + +genss() { + local cn=$1; shift + local key=$1; shift + local cert=$1; shift + + exts=$(printf "%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \ + "subjectKeyIdentifier = hash" \ + "authorityKeyIdentifier = keyid, issuer" \ + "basicConstraints = CA:true" \ + "extendedKeyUsage = serverAuth" \ + "subjectAltName = @alts" "DNS=${cn}") + key "$key" + req "$cn" | + cert "$cert" "$exts" -set_serial 1 -days 30 -signkey "${key}.pem" "$@" +} + +gennocn() { + local key=$1; shift + local cert=$1; shift + + key "$key" + req_nocn | + cert "$cert" "" -signkey "${key}.pem" -set_serial 1 -days -1 "$@" +} + +runtest() { + local desc=$1; shift + local usage=$1; shift + local selector=$1; shift + local mtype=$1; shift + local tlsa=$1; shift + local ca=$1; shift + local chain=$1; shift + local digest + + case $mtype in + 0) digest="";; + 1) digest=sha256;; + 2) digest=sha512;; + *) echo "bad mtype: $mtype"; exit 1;; + esac + + printf "%d %d %d %-24s %s: " "$usage" "$selector" "$mtype" "$tlsa" "$desc" + + if [ -n "$ca" ]; then ca="$ca.pem"; fi + "$TEST" "$usage" "$selector" "$digest" "$tlsa.pem" "$ca" "$chain.pem" \ + "$@" > /dev/null +} + +checkpass() { runtest "$@" && { echo pass; } || { echo fail; exit 1; }; } +checkfail() { runtest "$@" && { echo fail; exit 1; } || { echo pass; }; } + +#--------- + +genss "$HOST" sskey sscert +gennocn akey acert + +# Tests that might depend on akid/skid chaining +# +for rakid in "" \ + "authorityKeyIdentifier = keyid,issuer" \ + "authorityKeyIdentifier = issuer" \ + "authorityKeyIdentifier = keyid" +do +for cakid in "" \ + "authorityKeyIdentifier = keyid,issuer" \ + "authorityKeyIdentifier = issuer" \ + "authorityKeyIdentifier = keyid" +do +for rskid in "" "subjectKeyIdentifier = hash" +do +for caskid in "" "subjectKeyIdentifier = hash" +do + +genroot "Root CA" rootkey rootcert "$rskid" "$rakid" +genca "CA 1" cakey1 cacert1 "$caskid" "$cakid" rootcert rootkey +genca "CA 2" cakey2 cacert2 "$caskid" "$cakid" cacert1 cakey1 +genee "$HOST" eekey eecert cacert2 cakey2 +cat eecert.pem cacert2.pem cacert1.pem rootcert.pem > chain.pem +cat eecert.pem cacert2.pem cacert1.pem > chain1.pem + +for s in 0 1 +do + checkpass "OOB root TA" 2 "$s" 0 rootcert "" chain1 "$HOST" + checkpass "OOB TA" 2 "$s" 0 cacert2 "" eecert "$HOST" + checkpass "in-chain root TA" 2 "$s" 1 rootcert "" chain "$HOST" + + for m in 0 1 2 + do + checkpass "valid TA" 2 "$s" "$m" rootcert "" chain "$HOST" + for ca in "cacert1" "cacert2"; do + checkpass "valid TA" 2 "$s" "$m" "$ca" "" chain "$HOST" + checkpass "valid TA" 2 "$s" "$m" "$ca" "" chain1 "$HOST" + checkpass "valid TA+CA" 2 "$s" "$m" "$ca" rootcert chain1 "$HOST" + checkpass "sub-domain" 2 "$s" "$m" "$ca" "" chain1 whatever ".$DOMAIN" + checkfail "wrong name" 2 "$s" "$m" "$ca" "" chain1 "whatever" + done + done +done + +done +done +done +done + +# These tests don't depend in the akid/skid chaining: +# +for s in 0 1 +do + checkfail "missing TA" 2 "$s" 1 rootcert "" chain1 "$HOST" + for m in 0 1 2 + do + checkpass "depth 0 TA" 2 "$s" "$m" sscert "" sscert "$HOST" + checkfail "non-TA" 2 "$s" "$m" eecert rootcert chain "$HOST" + checkfail "depth 0 TA namecheck" 2 "$s" "$m" sscert sscert sscert whatever + + checkpass "valid EE" 3 "$s" "$m" eecert "" chain whatever + checkpass "key-only EE" 3 "$s" "$m" acert "" acert whatever + checkfail "wrong EE" 3 "$s" "$m" cacert2 "" chain whatever + done +done + +rm -f *.pem diff --git a/postfix/src/tls/tls_mgr.c b/postfix/src/tls/tls_mgr.c index 683f36734..702aeee7c 100644 --- a/postfix/src/tls/tls_mgr.c +++ b/postfix/src/tls/tls_mgr.c @@ -10,9 +10,10 @@ /* VSTRING *buf; /* int len; /* -/* int tls_mgr_policy(cache_type, cachable) +/* int tls_mgr_policy(cache_type, cachable, timeout) /* const char *cache_type; /* int *cachable; +/* int *timeout; /* /* int tls_mgr_update(cache_type, cache_id, buf, len) /* const char *cache_type; @@ -62,6 +63,8 @@ /* .IP cachable /* Pointer to int, set non-zero if the requested cache_type /* is enabled. +/* .IP timeout +/* Pointer to int, returns the cache entry timeout. /* .IP cache_id /* The session cache lookup key. /* .IP buf @@ -418,9 +421,11 @@ int main(int unused_ac, char **av) if (COMMAND(argv, "policy", 2)) { int cachable; + int timeout; - status = tls_mgr_policy(argv->argv[1], &cachable); - vstream_printf("status=%d cachable=%d\n", status, cachable); + status = tls_mgr_policy(argv->argv[1], &cachable, &timeout); + vstream_printf("status=%d cachable=%d timeout=%d\n", + status, cachable, timeout); } else if (COMMAND(argv, "seed", 2)) { VSTRING *buf = vstring_alloc(10); VSTRING *hex = vstring_alloc(10);