From: Wietse Venema Date: Thu, 29 Jan 2015 05:00:00 +0000 (-0500) Subject: postfix-3.0-20150129 X-Git-Tag: v3.0.0-RC1~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f65d68d9764c006f37ed44889f11c95e5effb7ff;p=thirdparty%2Fpostfix.git postfix-3.0-20150129 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index dbcab057f..ff3f19756 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -20249,7 +20249,7 @@ Apologies for any names omitted. First general release with SMTPUTF8 support; see RELEASE_NOTES for an initial writeup. The last pre-SMTPUTF8 release is - postfix-2.12-20140713. + snapshot 20140713. 20140716 @@ -21183,7 +21183,7 @@ Apologies for any names omitted. typechecks for non-protocol attribute-value APIs. This transformation and its verification are mechanical. - Bugfix (introduced: Postfix 1.1, but latent before 2.12): + Bugfix (introduced: Postfix 1.1, but latent before 3.0): "postfix-install: daemon_directory: not found" error with an ancient Solaris shell. Fixed by ALSO resetting IFS after the end of a ``while IFS=foo command'' loop; counter to @@ -21444,7 +21444,7 @@ Apologies for any names omitted. memory leaks in check_mumble_access() callers. Files: smtpd/smtpd_check.c, smtpd/smtpd_error.ref. -20140122 +20150122 Cleanup: miscellaneous cruft, typos, comments, error messages. proto/COMPATIBILITY_README.html, global/addr_match_list.c, @@ -21452,3 +21452,115 @@ Apologies for any names omitted. global/user_acl.c, postalias/postalias.c, postmap/postmap.c, tls/tls_client.c, util/dict_alloc.c, util/dict_open.c, util/match_list.c. + +20150214 + + Workaround: nroff has been improved so that "-" comes out as + some non-ASCII character, unlike HTML where it comes out + as itself. Andreas Schulze. This requires jumping a few + hops to generate HTML and nroff input from the same source + text. Files; mantools/srctoman, mantools/postconf2man. + +20150524 + + Cleanup: UTF-8 support in masquerade_domains. File: + cleanup/cleanup_masquerade.c. + +20150525 + + Cleanup: simplified the casefold() API: no input-dependent + failure modes. Files: cleanup/cleanup_masquerade.c, + util/casefold.c, util/dict_utf8.c, util/match_list.c, + util/strcasecmp_utf8.c, util/stringops.h. + + Cleanup: replaced str*casecmp() calls with UTF8-enabled + versions. Files: bounce/bounce.c, bounce/bounce_append_service.c, + bounce/bounce_notify_service.c, bounce/bounce_notify_verp.c, + bounce/bounce_one_service.c, bounce/bounce_trace_service.c, + bounce/bounce_warn_service.c, cleanup/cleanup_addr.c, + cleanup/cleanup_map11.c, cleanup/cleanup_map1n.c, + global/log_adhoc.c, global/mail_addr_find.c, global/mail_params.c, + global/split_addr.c, global/verify.c, global/verify_sender_addr.c, + local/alias.c, local/recipient.c, oqmgr/qmgr_message.c, + qmgr/qmgr_message.c, smtp/smtp_tls_policy.c, smtpd/smtpd_check.c, + smtpd/smtpd_milter.c, trivial-rewrite/resolve.c, + util/strcasecmp_utf8.c, util/stringops.h. + +20150126 + + Portability: added missing #ifdef STRCASECMP_IN_STRINGS_H + for platforms that require it. Files: dns/dns_rr_filter.c, + milter/milter8.c, posttls-finger/posttls-finger.c, + tls/tls_dane.c, tlsproxy/tlsproxy.c, util/dict_test.c. + + Cleanup: replaced lowercase() calls with UTF-8-enabled + versions. Files: flush/flush.c, global/been_here.c, + global/delivered_hdr.c, global/fold_addr.c, global/fold_addr.h, + local/forward.c, local/recipient.c, pipe/pipe.c, + smtpd/smtpd_resolve.c, util/casefold.c, util/stringops.h, + virtual/recipient.c. + +20150127 + + Cleanup: simplified the 20150525 and 20150126 APIs, replacing + the most-common use cases with convenience macros that have + fewer arguments. Files: anything that implements or invokes + casefold*() or str*casecmp(). + + Documentation: missing words and typos. Matthew Selsky. Files: + proto/SMTPUTF8_README.html, util/dict_open.c, util/vstream.c. + +20150128 + + Bugfix: the ICU casemapping API can report success, while + producing output that is not null-terminated. But we can + deal with that. File: util/casefold.c. + + Cleanup: unnecessary buffers. File: util/strcasecmp_utf8.c. + + Cleanup: whitespace in source-code documentation has gotten + damaged through the years. Files: util/iostuff.h, + util/msg_vstream.h, util/msg_syslog.h, util/msg_output.h, + util/msg.h, util/inet_proto.c, trivial-rewrite/trivial-rewrite.c, + tls/tls.h, postconf/postconf.c, master/multi_server.c, + master/event_server.c, global/memcache_proto.h, + global/dict_mysql.c, global/dict_ldap.c, discard/discard.c, + error/error.c, global/dict_proxy.c, global/mail_conf_int.c, + global/match_parent_style.c, global/scache.c, global/scache.h, + qmgr/qmgr_entry.c, qmgr/qmgr_peer.c, smtp/smtp_rcpt.c, + smtpd/smtpd_peer.c, tls/tls_mgr.c, util/attr_scan0.c, + util/dict_tcp.c, util/hex_code.c, util/valid_hostname.c. + + Cleanup: typos. Files: proto/socketmap_table, proto/mysql_table, + global/dict_mysql.c, proto/lmdb_table, smtpstone/smtp-sink.c, + posttls-finger/posttls-finger.c. + + Bugfix: restart the Postfix SMTP server SASL client after + XCLIENT may have changed the client IP address. Matthew + Via. File: smtpd/smtpd.c. + +20150129 + + More whitespace in source-code comment regressions. Viktor + (mostly) and Wietse. smtpd/smtpd_proxy.c, util/format_tv.c, + util/line_wrap.c, util/slmdb.c, qmgr/qmgr_peer.c, + smtp/smtp_rcpt.c, smtpd/smtpd_peer.c, tls/tls_mgr.c, + trivial-rewrite/trivial-rewrite.c, util/attr_scan0.c, + util/dict_tcp.c, util/hex_code.c, util/valid_hostname.c, + discard/discard.c, error/error.c, global/dict_proxy.c, + global/mail_conf_int.c, global/match_parent_style.c, + global/scache.c, qmgr/qmgr_entry.c, global/dict_ldap.c, + global/dict_mysql.c, posttls-finger/posttls-finger.c, + smtp/smtp.c, tls/tls_certkey.c. + + Cleanup: avoid hidden buffer allocation in casefold(). + Files: local/forward.c, local/recipient.c, virtual/recipient.c. + + Cleanup: HTML validator errors. Files: proto/postconf.proto, + proto/TLS_README.html, proto/MILTER_README.html. + + Great rename from 2.12 to 3.0. Lots of files, 99% mechanical. + + Cleanup: HTML entities in *roff manpage source. File: + mantools/fixman, proto/postconf.proto, smtpd/smtpd.c, + trivial-rewrite/trivial-rewrite.c. diff --git a/postfix/INSTALL b/postfix/INSTALL index f90492ade..c8f0ca823 100644 --- a/postfix/INSTALL +++ b/postfix/INSTALL @@ -149,7 +149,7 @@ compiler. Here are a few examples: and so on. In some cases, optimization is turned off automatically. 4.3 - Building with Postfix shared libraries and database plugins (Postfix >= -2.12) +3.0) Postfix shared-library and database plugin support exists for recent versions of Linux, FreeBSD and MacOS X. Shared-library builds may become the default at @@ -197,7 +197,7 @@ support to upgrade a running mail system safely. Additionally, Postfix can be built to support dynamic loading of Postfix database clients (database plugins) with the Debian-style dynamicmaps feature. -Postfix 2.12 supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, +Postfix 3.0 supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Dynamic loading is useful when you distribute or install pre-compiled Postfix packages. @@ -217,9 +217,9 @@ postfix), and installs database plugins in $shlib_directory (see above). Database plugins are named postfix-type.so where the type is a database type such as "cdb" or "ldap". - NOTE: The Postfix 2.12 build procedure expects that you specify database + NOTE: The Postfix 3.0 build procedure expects that you specify database library dependencies with variables named AUXLIBS_CDB, AUXLIBS_LDAP, etc. - With Postfix 2.12 and later, the old AUXLIBS variable still supports + With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded database client, but only the new AUXLIBS_CDB etc. variables support building a dynamically-loaded or statically-loaded CDB etc. database client. See CDB_README, LDAP_README, etc. for details. @@ -373,7 +373,7 @@ have IPv6 support. See the IPV6_README file for details. 4.5 - Overriding built-in parameter default settings -4.5.1 - Postfix 2.12 and later +4.5.1 - Postfix 3.0 and later All Postfix configuration parameters can be changed by editing a Postfix configuration file, except for one: the parameter that specifies the location @@ -487,7 +487,7 @@ The following is an extensive list of names and values. |Name/Value |Description | |______________________________|______________________________________________| | |Specifies one or more non-default object | -| |libraries. Postfix 2.12 and later specify some| +| |libraries. Postfix 3.0 and later specify some | | |of their database library dependencies with | |AUXLIBS="object_library..." |AUXLIBS_CDB, AUXLIBS_LDAP, AUXLIBS_LMDB, | | |AUXLIBS_MYSQL, AUXLIBS_PCRE, AUXLIBS_PGSQL, | diff --git a/postfix/README_FILES/ADDRESS_VERIFICATION_README b/postfix/README_FILES/ADDRESS_VERIFICATION_README index fb99af30f..1374a8a28 100644 --- a/postfix/README_FILES/ADDRESS_VERIFICATION_README +++ b/postfix/README_FILES/ADDRESS_VERIFICATION_README @@ -84,7 +84,7 @@ LLiimmiittaattiioonnss ooff aaddddrreessss vveerriiffi * Postfix assumes that a remote SMTP server will reject unknown addresses in reply to the RCPT TO command. However, some sites report this in reply to the DATA command. For such sites you may configure a workaround with the - smtp_address_verify_target parameter (Postfix 2.12 and later). + smtp_address_verify_target parameter (Postfix 3.0 and later). * When verifying a remote address, Postfix probes the preferred MTAs for that address, without actually delivering mail. If a preferred MTA accepts the diff --git a/postfix/README_FILES/CDB_README b/postfix/README_FILES/CDB_README index 0dbb675ec..0f06d4753 100644 --- a/postfix/README_FILES/CDB_README +++ b/postfix/README_FILES/CDB_README @@ -54,8 +54,8 @@ Alternatively, for the D.J.B. version of CDB: byte.a" % make -Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_CDB. With Postfix -2.12 and later, the old AUXLIBS variable still supports building a statically- +Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_CDB. With Postfix +3.0 and later, the old AUXLIBS variable still supports building a statically- loaded CDB database client, but only the new AUXLIBS_CDB variable supports building a dynamically-loaded or statically-loaded CDB database client. diff --git a/postfix/README_FILES/COMPATIBILITY_README b/postfix/README_FILES/COMPATIBILITY_README index fd76e916d..44d32a5b6 100644 --- a/postfix/README_FILES/COMPATIBILITY_README +++ b/postfix/README_FILES/COMPATIBILITY_README @@ -4,7 +4,7 @@ PPoossttffiixx BBaacckkwwaarrddss--CCoommppaattiibbiil PPuurrppoossee ooff tthhiiss ddooccuummeenntt -Postfix 2.12 introduces a safety net that runs Postfix programs with backwards- +Postfix 3.0 introduces a safety net that runs Postfix programs with backwards- compatible default settings after an upgrade. The safety net will log a warning whenever a "new" default setting could have an negative effect on your mail flow. diff --git a/postfix/README_FILES/INSTALL b/postfix/README_FILES/INSTALL index 09e1c6211..38dbdd037 100644 --- a/postfix/README_FILES/INSTALL +++ b/postfix/README_FILES/INSTALL @@ -149,7 +149,7 @@ compiler. Here are a few examples: and so on. In some cases, optimization is turned off automatically. 44..33 -- BBuuiillddiinngg wwiitthh PPoossttffiixx sshhaarreedd lliibbrraarriieess aanndd ddaattaabbaassee pplluuggiinnss ((PPoossttffiixx >>== -22..1122)) +33..00)) Postfix shared-library and database plugin support exists for recent versions of Linux, FreeBSD and MacOS X. Shared-library builds may become the default at @@ -197,7 +197,7 @@ support to upgrade a running mail system safely. Additionally, Postfix can be built to support dynamic loading of Postfix database clients (database plugins) with the Debian-style dynamicmaps feature. -Postfix 2.12 supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, +Postfix 3.0 supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Dynamic loading is useful when you distribute or install pre-compiled Postfix packages. @@ -217,9 +217,9 @@ postfix), and installs database plugins in $shlib_directory (see above). Database plugins are named postfix-type.so where the type is a database type such as "cdb" or "ldap". - NOTE: The Postfix 2.12 build procedure expects that you specify database + NOTE: The Postfix 3.0 build procedure expects that you specify database library dependencies with variables named AUXLIBS_CDB, AUXLIBS_LDAP, etc. - With Postfix 2.12 and later, the old AUXLIBS variable still supports + With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded database client, but only the new AUXLIBS_CDB etc. variables support building a dynamically-loaded or statically-loaded CDB etc. database client. See CDB_README, LDAP_README, etc. for details. @@ -373,7 +373,7 @@ have IPv6 support. See the IPV6_README file for details. 44..55 -- OOvveerrrriiddiinngg bbuuiilltt--iinn ppaarraammeetteerr ddeeffaauulltt sseettttiinnggss -44..55..11 -- PPoossttffiixx 22..1122 aanndd llaatteerr +44..55..11 -- PPoossttffiixx 33..00 aanndd llaatteerr All Postfix configuration parameters can be changed by editing a Postfix configuration file, except for one: the parameter that specifies the location @@ -487,7 +487,7 @@ The following is an extensive list of names and values. |NNaammee//VVaalluuee |DDeessccrriippttiioonn | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | | |Specifies one or more non-default object | -| |libraries. Postfix 2.12 and later specify some| +| |libraries. Postfix 3.0 and later specify some | | |of their database library dependencies with | |AUXLIBS="object_library..." |AUXLIBS_CDB, AUXLIBS_LDAP, AUXLIBS_LMDB, | | |AUXLIBS_MYSQL, AUXLIBS_PCRE, AUXLIBS_PGSQL, | diff --git a/postfix/README_FILES/LDAP_README b/postfix/README_FILES/LDAP_README index c70acd4f0..672335636 100644 --- a/postfix/README_FILES/LDAP_README +++ b/postfix/README_FILES/LDAP_README @@ -54,8 +54,8 @@ this in the top level of your Postfix source tree should work: % make makefiles CCARGS="-I/usr/local/include -DHAS_LDAP" \ AUXLIBS_LDAP="-L/usr/local/lib -lldap -L/usr/local/lib -llber" -Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_LDAP. With Postfix -2.12 and later, the old AUXLIBS variable still supports building a statically- +Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_LDAP. With Postfix +3.0 and later, the old AUXLIBS variable still supports building a statically- loaded LDAP database client, but only the new AUXLIBS_LDAP variable supports building a dynamically-loaded or statically-loaded LDAP database client. diff --git a/postfix/README_FILES/LMDB_README b/postfix/README_FILES/LMDB_README index d891da9a0..e63640f51 100644 --- a/postfix/README_FILES/LMDB_README +++ b/postfix/README_FILES/LMDB_README @@ -31,8 +31,8 @@ support, use something like: AUXLIBS_LMDB="-L/usr/local/lib -llmdb" % make -Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_LMDB. With Postfix -2.12 and later, the old AUXLIBS variable still supports building a statically- +Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_LMDB. With Postfix +3.0 and later, the old AUXLIBS variable still supports building a statically- loaded LMDB database client, but only the new AUXLIBS_LMDB variable supports building a dynamically-loaded or statically-loaded LMDB database client. diff --git a/postfix/README_FILES/MILTER_README b/postfix/README_FILES/MILTER_README index 6f8f7c9f9..e816dba89 100644 --- a/postfix/README_FILES/MILTER_README +++ b/postfix/README_FILES/MILTER_README @@ -143,7 +143,7 @@ CCoonnffiigguurriinngg PPoossttffiixx Like Sendmail, Postfix has a lot of configuration options that control how it talks to Milter applications. Besides global options that apply to all Milter -applications, Postfix 2.12 and later support per-Milter timeouts, per-Milter +applications, Postfix 3.0 and later support per-Milter timeouts, per-Milter error handling, etc. Information in this section: @@ -349,7 +349,7 @@ The previous sections list a number of Postfix main.cf parameters that control time limits and other settings for all Postfix Milter clients. This is sufficient for simple configurations. With more complex configurations it becomes desirable to have different settings for different Milter clients. This -is supported with Postfix 2.12 and later. +is supported with Postfix 3.0 and later. The following example shows a "non-critical" Milter client with a short connect timeout, and with "accept" as default action when the service is unvailable. diff --git a/postfix/README_FILES/MYSQL_README b/postfix/README_FILES/MYSQL_README index 32e77dcf9..169705178 100644 --- a/postfix/README_FILES/MYSQL_README +++ b/postfix/README_FILES/MYSQL_README @@ -39,8 +39,8 @@ mysqlclient library (and libm) to AUXLIBS_MYSQL, for example: 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include' \ 'AUXLIBS_MYSQL=-L/usr/local/mysql/lib -lmysqlclient -lz -lm' -Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_MYSQL. With Postfix -2.12 and later, the old AUXLIBS variable still supports building a statically- +Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_MYSQL. With Postfix +3.0 and later, the old AUXLIBS variable still supports building a statically- loaded MySQL database client, but only the new AUXLIBS_MYSQL variable supports building a dynamically-loaded or statically-loaded MySQL database client. diff --git a/postfix/README_FILES/PACKAGE_README b/postfix/README_FILES/PACKAGE_README index 898ec95f0..c64604b1f 100644 --- a/postfix/README_FILES/PACKAGE_README +++ b/postfix/README_FILES/PACKAGE_README @@ -57,7 +57,7 @@ installation parameters on the command line: With Postfix versions before 2.2 you must invoke the post-install script directly (% sshh ppoosstt--iinnssttaallll --nnoonn--iinntteerraaccttiivvee iinnssttaallll__rroooott......). -With Postfix 2.12 and later, the command "make package name=value ..." will +With Postfix 3.0 and later, the command "make package name=value ..." will replace the string MAIL_VERSION in a configuration parameter value with the Postfix release version. Do not try to specify something like $mail_version on this command line. This produces inconsistent results with different versions diff --git a/postfix/README_FILES/PCRE_README b/postfix/README_FILES/PCRE_README index 806a4e09d..788859a5e 100644 --- a/postfix/README_FILES/PCRE_README +++ b/postfix/README_FILES/PCRE_README @@ -42,8 +42,8 @@ library to AUXLIBS_PCRE, for example: "CCARGS=-DHAS_PCRE `pcre-config --cflags`" \ "AUXLIBS_PCRE=`pcre-config --libs`" -Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_PCRE. With Postfix -2.12 and later, the old AUXLIBS variable still supports building a statically- +Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_PCRE. With Postfix +3.0 and later, the old AUXLIBS variable still supports building a statically- loaded PCRE database client, but only the new AUXLIBS_PCRE variable supports building a dynamically-loaded or statically-loaded PCRE database client. diff --git a/postfix/README_FILES/PGSQL_README b/postfix/README_FILES/PGSQL_README index 0f3b84e02..7f6323a54 100644 --- a/postfix/README_FILES/PGSQL_README +++ b/postfix/README_FILES/PGSQL_README @@ -36,8 +36,8 @@ For example: 'CCARGS=-DHAS_PGSQL -I/usr/local/include/pgsql' \ 'AUXLIBS_PGSQL=-L/usr/local/lib -lpq' -Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_PGSQL. With Postfix -2.12 and later, the old AUXLIBS variable still supports building a statically- +Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_PGSQL. With Postfix +3.0 and later, the old AUXLIBS variable still supports building a statically- loaded PostgreSQL database client, but only the new AUXLIBS_PGSQL variable supports building a dynamically-loaded or statically-loaded PostgreSQL database client. diff --git a/postfix/README_FILES/POSTSCREEN_README b/postfix/README_FILES/POSTSCREEN_README index ce14068c0..e8d56621d 100644 --- a/postfix/README_FILES/POSTSCREEN_README +++ b/postfix/README_FILES/POSTSCREEN_README @@ -704,14 +704,17 @@ more of: disconnect. When the good client comes back in a later session, it is allowed to talk - directly to a Postfix SMTP server. See "after_220 Tests after the 220 SMTP - server greeting above for limitations with AUTH and other features that - clients may need. + directly to a Postfix SMTP server. See "Tests after the 220 SMTP server + greeting" above for limitations with AUTH and other features that clients + may need. An unexpected benefit from "deep protocol tests" is that some "good" clients don't return after the 4XX reply; these clients were not so good - after all. Wietse enables "deep protocol tests" on his own internet-facing - mail server. + after all. + + Unfortunately, some senders will retry requests from different IP + addresses, and may never get whitelisted. For this reason, Wietse stopped + using "deep protocol tests" on his own internet-facing mail server. * There is also support for permanent blacklisting and whitelisting; see the description of the postscreen_access_list parameter for details. diff --git a/postfix/README_FILES/SMTPD_POLICY_README b/postfix/README_FILES/SMTPD_POLICY_README index d2b02e016..6f2ed97f0 100644 --- a/postfix/README_FILES/SMTPD_POLICY_README +++ b/postfix/README_FILES/SMTPD_POLICY_README @@ -74,7 +74,7 @@ a delegated SMTPD access policy request: stress= PPoossttffiixx vveerrssiioonn 22..99 aanndd llaatteerr:: ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40 - PPoossttffiixx vveerrssiioonn 22..1122 aanndd llaatteerr:: + PPoossttffiixx vveerrssiioonn 33..00 aanndd llaatteerr:: client_port=1234 [empty line] @@ -253,7 +253,7 @@ protocol: * smtpd_policy_service_default_action (default: 451 4.3.5 Server configuration problem): The default action when an SMTPD policy service - request fails. Available with Postfix 2.12 and later. + request fails. Available with Postfix 3.0 and later. * smtpd_policy_service_max_idle (default: 300s): The amount of time before the Postfix SMTP server closes an unused policy client connection. @@ -263,18 +263,18 @@ protocol: * smtpd_policy_service_request_limit (default: 0): The maximal number of requests per policy connection, or zero (no limit). Available with Postfix - 2.12 and later. + 3.0 and later. * smtpd_policy_service_timeout (default: 100s): The time limit to connect to, send to or receive from a policy server. * smtpd_policy_service_try_limit (default: 2): The maximal number of attempts to send an SMTPD policy service request before giving up. Available with - Postfix 2.12 and later. + Postfix 3.0 and later. * smtpd_policy_service_retry_delay (default: 1s): The delay between attempts - to resend a failed SMTPD policy service request. Available with Postfix - 2.12 and later. + to resend a failed SMTPD policy service request. Available with Postfix 3.0 + and later. Configuration parameters that control the server side of the policy delegation protocol: @@ -289,7 +289,7 @@ AAddvvaanncceedd ppoolliiccyy cclliieenntt ccoonnffiig The previous section lists a number of Postfix main.cf parameters that control time limits and other settings for all policy clients. This is sufficient for simple configurations. With more complex configurations it becomes desirable to -have different settings per policy client. This is supported with Postfix 2.12 +have different settings per policy client. This is supported with Postfix 3.0 and later. The following example shows a "non-critical" policy service with a short diff --git a/postfix/README_FILES/SMTPUTF8_README b/postfix/README_FILES/SMTPUTF8_README index dcc13a189..4fd9f8b0b 100644 --- a/postfix/README_FILES/SMTPUTF8_README +++ b/postfix/README_FILES/SMTPUTF8_README @@ -7,7 +7,7 @@ OOvveerrvviieeww This document describes Postfix support for Email Address Internationalization (EAI) as defined in RFC 6531 (SMTPUTF8 extension), RFC 6532 (Internationalized email headers) and RFC 6533 (Internationalized delivery status notifications). -Introduced with Postfix version 2.12, this fully supports UTF-8 email addresses +Introduced with Postfix version 3.0, this fully supports UTF-8 email addresses and UTF-8 message header values. Topics covered in this document: @@ -52,7 +52,7 @@ content filters (Amavisd), LMTP servers (Dovecot), and down-stream SMTP servers. Postfix SMTPUTF8 support is enabled by default, but it may be disabled as part -of a backwards-compatibility safety net (see the Postfix 2.12 RELEASE_NOTES +of a backwards-compatibility safety net (see the Postfix 3.0 RELEASE_NOTES file). SMTPUTF8 support is enabled by setting the smtputf8_enable parameter in @@ -130,8 +130,8 @@ SMTP (or LMTP) server announces SMTPUTF8 support. is the default, see autodetection below). Specifically, the Postfix SMTP server does not accept UTF-8 in the envelope sender domain name or envelope recipient domain name, and the Postfix SMTP client does not issue the - SMTPUTF8 request when delivering that message an SMTP or LMTP server that - announces SMTPUTF8 support (again, that is the default). Postfix will + SMTPUTF8 request when delivering that message to an SMTP or LMTP server + that announces SMTPUTF8 support (again, that is the default). Postfix will accept UTF-8 in message header values and in the localpart of envelope sender and recipient addresses, because it has always done that. @@ -202,21 +202,23 @@ being removed. The text below describes the situation at one point in time. NNoo aauuttoommaattiicc ccoonnvveerrssiioonnss bbeettwweeeenn AASSCCIIII aanndd UUTTFF--88 ddoommaaiinn nnaammeess.. -Some background: According to RFC 6530 and related documents, -"Internationalized" domain names can appear in two forms: the UTF-8 form, and -the ASCII (xn--mumble) form. "Internationalized" address localparts must be -encoded in UTF-8; the RFCs do not define an ASCII form for the same -information. +Some background: According to RFC 6530 and related documents, an +internationalized domain name can appear in two forms: the UTF-8 form, and the +ASCII (xn--mumble) form. An internationalized address localpart must be encoded +in UTF-8; the RFCs do not define an ASCII alternative form. Postfix currently does not convert internationalized domain names from UTF- 8 into ASCII (or from ASCII into UTF-8) before using domain names in SMTP -commands and responses, before looking up domain names in mydestination, -relay_domains, access tables, etc., before using domain names in a policy -daemon or Milter request, or before logging domain names. +commands and responses, before looking up domain names in lists such as +mydestination, relay_domains or in lookup tables such as access tables, etc., +before using domain names in a policy daemon or Milter request, or before +logging events. Postfix does, however, casefold domain names and email addresses before matching them against a Postfix configuration parameter or lookup table. +In order to use Postfix SMTPUTF8 support: + * The Postfix parameters myhostname and mydomain must be in ASCII form. One is a substring of the other, and the myhostname value is used in SMTP commands and responses that require ASCII. The parameter myorigin (added to diff --git a/postfix/README_FILES/SQLITE_README b/postfix/README_FILES/SQLITE_README index fdb92f9ef..324b30588 100644 --- a/postfix/README_FILES/SQLITE_README +++ b/postfix/README_FILES/SQLITE_README @@ -26,11 +26,11 @@ For example: 'CCARGS=-DHAS_SQLITE -I/usr/local/include' \ 'AUXLIBS_SQLITE=-L/usr/local/lib -lsqlite3 -lpthread' -Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_SQLITE. With -Postfix 2.12 and later, the old AUXLIBS variable still supports building a -statically-loaded SQLite database client, but only the new AUXLIBS_SQLITE -variable supports building a dynamically-loaded or statically-loaded SQLite -database client. +Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_SQLITE. With Postfix +3.0 and later, the old AUXLIBS variable still supports building a statically- +loaded SQLite database client, but only the new AUXLIBS_SQLITE variable +supports building a dynamically-loaded or statically-loaded SQLite database +client. Failure to use the AUXLIBS_SQLITE variable will defeat the purpose of dynamic database client loading. Every Postfix executable file will have diff --git a/postfix/README_FILES/TLS_LEGACY_README b/postfix/README_FILES/TLS_LEGACY_README index 1f82652a2..e9f36fdcc 100644 --- a/postfix/README_FILES/TLS_LEGACY_README +++ b/postfix/README_FILES/TLS_LEGACY_README @@ -178,7 +178,7 @@ Their DSA counterparts: smtpd_tls_dkey_file = $smtpd_tls_dcert_file To verify a remote SMTP client certificate, the Postfix SMTP server needs to -trust the certificates of the issuing certification authorities. These +trust the certificates of the issuing Certification Authorities. These certificates in "pem" format can be stored in a single $smtpd_tls_CAfile or in multiple files, one CA per file in the $smtpd_tls_CApath directory. If you use a directory, don't forget to create the necessary "hash" links with: @@ -565,7 +565,7 @@ Their DSA counterparts: smtp_tls_dkey_file = $smtp_tls_dcert_file To verify a remote SMTP server certificate, the Postfix SMTP client needs to -trust the certificates of the issuing certification authorities. These +trust the certificates of the issuing Certification Authorities. These certificates in "pem" format can be stored in a single $smtp_tls_CAfile or in multiple files, one CA per file in the $smtp_tls_CApath directory. If you use a directory, don't forget to create the necessary "hash" links with: @@ -700,8 +700,8 @@ Despite the potential for eliminating "man-in-the-middle" and other attacks, mandatory certificate/peername verification is not viable as a default Internet mail delivery policy at this time. A significant fraction of TLS enabled MTAs uses self-signed certificates, or certificates that are signed by a private -certificate authority. On a machine that delivers mail to the Internet, if you -set smtp_enforce_tls = yes, you should probably also set +Certification Authority. On a machine that delivers mail to the Internet, if +you set smtp_enforce_tls = yes, you should probably also set smtp_tls_enforce_peername = no. You can use the per-site TLS policies (see below) to enable full peer verification for specific destinations that are known to have verifiable TLS server certificates. @@ -956,16 +956,16 @@ The following steps will get you started quickly. Because you sign your own Postfix public key certificate, you get TLS encryption but no TLS authentication. This is sufficient for testing, and for exchanging email with sites that you have no trust relationship with. For real authentication, your -Postfix public key certificate needs to be signed by a recognized Certificate +Postfix public key certificate needs to be signed by a recognized Certification Authority, and Postfix needs to be configured with a list of public key -certificates of Certificate Authorities, so that Postfix can verify the public -key certificates of remote hosts. +certificates of Certification Authorities, so that Postfix can verify the +public key certificates of remote hosts. In the examples below, user input is shown in bboolldd font, and a "#" prompt indicates a super-user shell. - * Become your own Certificate Authority, so that you can sign your own public - keys. This example uses the CA.pl script that ships with OpenSSL. By + * Become your own Certification Authority, so that you can sign your own + public keys. This example uses the CA.pl script that ships with OpenSSL. By default, OpenSSL installs this as /usr/local/ssl/misc/CA.pl, but your mileage may vary. The script creates a private key in ./demoCA/private/ cakey.pem and a public key in ./demoCA/cacert.pem. diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index 06ab19129..6aad4d322 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -1,5 +1,3 @@ --//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> - PPoossttffiixx TTLLSS SSuuppppoorrtt ------------------------------------------------------------------------------- @@ -205,7 +203,7 @@ capable clients: smtpd_tls_cert_file = none To verify a remote SMTP client certificate, the Postfix SMTP server needs to -trust the certificates of the issuing certification authorities. These +trust the certificates of the issuing Certification Authorities. These certificates in "PEM" format can be stored in a single $smtpd_tls_CAfile or in multiple files, one CA per file in the $smtpd_tls_CApath directory. If you use a directory, don't forget to create the necessary "hash" links with: @@ -223,8 +221,8 @@ $smtpd_tls_CApath directory needs to be accessible inside the optional chroot jail. When you configure the Postfix SMTP server to request client certificates, the -DNs of certificate authorities in $smtpd_tls_CAfile are sent to the client, in -order to allow it to choose an identity signed by a CA you trust. If no +DNs of Certification Authorities in $smtpd_tls_CAfile are sent to the client, +in order to allow it to choose an identity signed by a CA you trust. If no $smtpd_tls_CAfile is specified, no preferred CA list is sent, and the client is free to choose an identity signed by any CA. Many clients use a fixed identity regardless of the preferred CA list and you may be able to reduce TLS @@ -1062,8 +1060,8 @@ default. This is the recommended configuration for early adopters. CCeerrttiiffiiccaattee ffiinnggeerrpprriinntt vveerriiffiiccaattiioonn -At the fingerprint security level, no trusted certificate authorities are used -or required. The certificate trust chain, expiration date, etc., are not +At the fingerprint security level, no trusted Certification Authorities are +used or required. The certificate trust chain, expiration date, etc., are not checked. Instead, the smtp_tls_fingerprint_cert_match parameter or the "match" attribute in the policy table lists the remote SMTP server certificate fingerprint or public key fingerprint. Certificate fingerprint verification is @@ -1149,7 +1147,7 @@ MMaannddaattoorryy sseerrvveerr cceerrttiiffiiccaattee At the verify TLS security level, messages are sent only over TLS encrypted sessions if the remote SMTP server certificate is valid (not expired or -revoked, and signed by a trusted certificate authority) and where the server +revoked, and signed by a trusted Certification Authority) and where the server certificate name matches a known pattern. Mandatory server certificate verification can be configured by setting "smtp_tls_security_level = verify". The smtp_tls_verify_cert_match parameter can override the default "hostname" @@ -1178,8 +1176,8 @@ Despite the potential for eliminating "man-in-the-middle" and other attacks, mandatory certificate trust chain and subject name verification is not viable as a default Internet mail delivery policy. Most MX hosts do not support TLS at all, and a significant portion of TLS enabled MTAs use self-signed -certificates, or certificates that are signed by a private certificate -authority. On a machine that delivers mail to the Internet, you should not +certificates, or certificates that are signed by a private Certification +Authority. On a machine that delivers mail to the Internet, you should not configure mandatory server certificate verification as a default policy. Mandatory server certificate verification as a default security level may be @@ -1239,7 +1237,7 @@ Despite the potential for eliminating "man-in-the-middle" and other attacks, mandatory secure server certificate verification is not viable as a default Internet mail delivery policy. Most MX hosts do not support TLS at all, and a significant portion of TLS enabled MTAs use self-signed certificates, or -certificates that are signed by a private certificate authority. On a machine +certificates that are signed by a private Certification Authority. On a machine that delivers mail to the Internet, you should not configure secure TLS verification as a default policy. @@ -1423,7 +1421,7 @@ Their ECDSA counterparts (Postfix >= 2.6 + OpenSSL >= 1.0.0): smtp_tls_eckey_file = $smtp_tls_eccert_file To verify a remote SMTP server certificate, the Postfix SMTP client needs to -trust the certificates of the issuing certification authorities. These +trust the certificates of the issuing Certification Authorities. These certificates in "pem" format can be stored in a single $smtp_tls_CAfile or in multiple files, one CA per file in the $smtp_tls_CApath directory. If you use a directory, don't forget to create the necessary "hash" links with: @@ -1645,7 +1643,7 @@ ddaannee--oonnllyy available with Postfix 2.11 and later. ffiinnggeerrpprriinntt Certificate fingerprint verification. Available with Postfix 2.5 and later. - At this security level, there are no trusted certificate authorities. The + At this security level, there are no trusted Certification Authorities. The certificate trust chain, expiration date, ... are not checked. Instead, the optional mmaattcchh attribute, or else the main.cf ssmmttpp__ttllss__ffiinnggeerrpprriinntt__cceerrtt__mmaattcchh parameter, lists the server certificate @@ -1659,8 +1657,8 @@ ffiinnggeerrpprriinntt vveerriiffyy Mandatory server certificate verification. Mail is delivered only if the TLS handshake succeeds, if the remote SMTP server certificate can be - validated (not expired or revoked, and signed by a trusted certificate - authority), and if the server certificate name matches the optional "match" + validated (not expired or revoked, and signed by a trusted Certification + Authority), and if the server certificate name matches the optional "match" attribute (or the main.cf smtp_tls_verify_cert_match parameter value when no optional "match" attribute is specified). With Postfix >= 2.11 the "tafile" attribute optionally modifies trust chain verification in the same @@ -1670,7 +1668,7 @@ vveerriiffyy sseeccuurree Secure certificate verification. Mail is delivered only if the TLS handshake succeeds, if the remote SMTP server certificate can be validated - (not expired or revoked, and signed by a trusted certificate authority), + (not expired or revoked, and signed by a trusted Certification Authority), and if the server certificate name matches the optional "match" attribute (or the main.cf smtp_tls_secure_cert_match parameter value when no optional "match" attribute is specified). With Postfix >= 2.11 the "tafile" @@ -1817,13 +1815,13 @@ These sections show how to send mail to a server that does not support STARTTLS, but that provides the deprecated SMTPS service on TCP port 465. Depending on the Postfix version, some additional tooling may be required. -PPoossttffiixx >>== 22..1122 +PPoossttffiixx >>== 33..00 -The Postfix SMTP client has SMTPS support built-in as of version 2.12. Use one +The Postfix SMTP client has SMTPS support built-in as of version 3.0. Use one of the following examples, to send all remote mail, or to send only some remote mail, to an SMTPS server. -PPoossttffiixx >>== 22..1122:: SSeennddiinngg aallll rreemmoottee mmaaiill ttoo aann SSMMTTPPSS sseerrvveerr +PPoossttffiixx >>== 33..00:: SSeennddiinngg aallll rreemmoottee mmaaiill ttoo aann SSMMTTPPSS sseerrvveerr The first example will send all remote mail over SMTPS through a provider's server called "mail.example.com": @@ -1839,7 +1837,7 @@ Use "postfix reload" to make the change effective. See SOHO_README for additional information about SASL authentication. -PPoossttffiixx >>== 22..1122:: SSeennddiinngg oonnllyy mmaaiill ffoorr aa ssppeecciiffiicc ddeessttiinnaattiioonn vviiaa SSMMTTPPSS +PPoossttffiixx >>== 33..00:: SSeennddiinngg oonnllyy mmaaiill ffoorr aa ssppeecciiffiicc ddeessttiinnaattiioonn vviiaa SSMMTTPPSS The second example will send only mail for "example.com" via SMTPS. This time, Postfix uses a transport map to deliver only mail for "example.com" via SMTPS: @@ -1861,14 +1859,14 @@ change effective. See SOHO_README for additional information about SASL authentication. -PPoossttffiixx << 22..1122 +PPoossttffiixx << 33..00 Although older Postfix SMTP client versions do not support TLS wrapper mode, it is relatively easy to forward a connection through the stunnel program if Postfix needs to deliver mail to some legacy system that doesn't support STARTTLS. -PPoossttffiixx << 22..1122:: SSeennddiinngg aallll rreemmoottee mmaaiill ttoo aann SSMMTTPPSS sseerrvveerr +PPoossttffiixx << 33..00:: SSeennddiinngg aallll rreemmoottee mmaaiill ttoo aann SSMMTTPPSS sseerrvveerr The first example uses SMTPS to send all remote mail to a provider's mail server called "mail.example.com". @@ -1900,7 +1898,7 @@ Use "postfix reload" to make the change effective. See SOHO_README for additional information about SASL authentication. -PPoossttffiixx << 22..1122:: SSeennddiinngg oonnllyy mmaaiill ffoorr aa ssppeecciiffiicc ddeessttiinnaattiioonn vviiaa SSMMTTPPSS +PPoossttffiixx << 33..00:: SSeennddiinngg oonnllyy mmaaiill ffoorr aa ssppeecciiffiicc ddeessttiinnaattiioonn vviiaa SSMMTTPPSS The second example will use SMTPS to send only mail for "example.com" via SMTPS. It uses the same stunnel configuration file as the first example, so it @@ -2054,17 +2052,17 @@ The following steps will get you started quickly. Because you sign your own Postfix public key certificate, you get TLS encryption but no TLS authentication. This is sufficient for testing, and for exchanging email with sites that you have no trust relationship with. For real authentication, your -Postfix public key certificate needs to be signed by a recognized Certificate +Postfix public key certificate needs to be signed by a recognized Certification Authority, and Postfix needs to be configured with a list of public key -certificates of Certificate Authorities, so that Postfix can verify the public -key certificates of remote hosts. +certificates of Certification Authorities, so that Postfix can verify the +public key certificates of remote hosts. In the examples below, user input is shown in bboolldd font, and a "#" prompt indicates a super-user shell. * Self-signed server certificate. - * Private Certificate Authority. + * Private Certification Authority. SSeellff--ssiiggnneedd sseerrvveerr cceerrttiiffiiccaattee @@ -2102,9 +2100,9 @@ Postfix SMTP client. With Postfix >= 2.10, the SMTP server does not need an explicit session cache since session reuse is better handled via RFC 5077 TLS session tickets. -PPrriivvaattee CCeerrttiiffiiccaattee AAuutthhoorriittyy +PPrriivvaattee CCeerrttiiffiiccaattiioonn AAuutthhoorriittyy - * Become your own Certificate Authority, so that you can sign your own + * Become your own Certification Authority, so that you can sign your own certificates, and so that your own systems can authenticate certificates from your own CA. This example uses the CA.pl script that ships with OpenSSL. On some systems, OpenSSL installs this as /usr/local/openssl/misc/ diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index f2abd42ba..ddc3d5b2a 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -1,4 +1,4 @@ -This is the Postfix 2.12 (experimental) release. +This is the Postfix 3.0 (experimental) release. The stable Postfix release is called postfix-2.11.x where 2=major release number, 11=minor release number, x=patchlevel. The stable @@ -6,7 +6,7 @@ release never changes except for patches that address bugs or emergencies. Patches change the patchlevel and the release date. New features are developed in snapshot releases. These are called -postfix-2.12-yyyymmdd where yyyymmdd is the release date (yyyy=year, +postfix-3.0-yyyymmdd where yyyymmdd is the release date (yyyy=year, mm=month, dd=day). Patches are never issued for snapshot releases; instead, a new snapshot is released. @@ -28,7 +28,7 @@ example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting (if any). -Several Postfix default settings have changed with Postfix 2.12. +Several Postfix default settings have changed with Postfix 3.0. To avoid massive breakage, Postfix comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the @@ -451,9 +451,9 @@ to load the list of lookup tables, one per line, from a textfile. Incompatible changes with snapshot 20140530 =========================================== -The Postfix 2.12 build procedure expects that you specify database +The Postfix 3.0 build procedure expects that you specify database library dependencies with variables named AUXLIBS_CDB, AUXLIBS_LDAP, -etc. With Postfix 2.12 and later, the old AUXLIBS variable still +etc. With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded CDB etc. database client, but only the new AUXLIBS_CDB etc. variables support building a dynamically-loaded or statically-loaded CDB etc. database client. @@ -471,7 +471,7 @@ Support to build Postfix with Postfix shared libraries, and with dynamically-loadable database clients. Postfix shared libraries introduce minor runtime overhead and result in smaller Postfix executable files. Dynamically-loadable database clients are useful -when you distribute or install pre-compiled packages. Postfix 2.12 +when you distribute or install pre-compiled packages. Postfix 3.0 supports dynamic loading for CDB, LDAP, LMDB, MYSQL, PCRE, PGSQL, SDBM, and SQLITE database clients. @@ -504,12 +504,12 @@ database clients (files named postfix-*.so), use: % make makefiles dynamicmaps=yes ...other arguments... This implicitly enables support for Postfix shared libraries. Postfix -2.12 supports dynamic loading for CDB, LDAP, LMDB, MYSQL, PCRE, +3.0 supports dynamic loading for CDB, LDAP, LMDB, MYSQL, PCRE, PGSQL, SDBM, and SQLITE database clients. -NOTE: The Postfix 2.12 build procedure expects that you specify +NOTE: The Postfix 3.0 build procedure expects that you specify database library dependencies with variables named AUXLIBS_CDB, -AUXLIBS_LDAP, etc. With Postfix 2.12 and later, the old AUXLIBS +AUXLIBS_LDAP, etc. With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded database client, but only the new AUXLIBS_CDB etc. variables support building a dynamically-loaded or statically-loaded CDB etc. database client. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 222532303..401eaea3b 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -8,21 +8,17 @@ Wish list: Things to do after the stable release: + MAINTAINER_README (with shared lib build guidance) + Update smtpd command count when rejecting input before command-table lookup. - postconf -P: emit '{ name = value }' when editing/adding a - parameter whose new value contains whitespace. - - Fix the ad-hoc lowercase() calls that silently assume an - adress or localpart is ASCII: smtpd/smtpd_resolve.c, - local/forward.c, local/recipient.c, ... Are we supposed to - throw an error when casefold() fails? How do we know that - an error is permanent or just a shortage of resources? - In release-notes add commands=x/y logging to the command statistics. + Automatically do the equivalent of syslog_name=postfix/mumble + when basename(mumble) differs from basename(program file). + UTF8 DNS[BW]L domain name. Consolidate maps flags in mail_params.h instead of having diff --git a/postfix/conf/access b/postfix/conf/access index e3a94de15..71741592f 100644 --- a/postfix/conf/access +++ b/postfix/conf/access @@ -29,12 +29,12 @@ # LDAP or SQL, the same lookups are done as for ordinary # indexed files. # -# Alternatively, the table can be provided as a regular- -# expression map where patterns are given as regular expres- -# sions, or lookups can be directed to TCP-based server. In -# those cases, the lookups are done in a slightly different -# way as described below under "REGULAR EXPRESSION TABLES" -# or "TCP-BASED TABLES". +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions, or lookups can be directed to TCP-based +# server. In those cases, the lookups are done in a slightly +# different way as described below under "REGULAR EXPRESSION +# TABLES" or "TCP-BASED TABLES". # # CASE FOLDING # The search string is folded to lowercase before database @@ -202,11 +202,11 @@ # 421 text (Postfix 2.3 and later) # # 521 text (Postfix 2.6 and later) -# After responding with the numerical three- -# digit code and text, disconnect immediately -# from the SMTP client. This frees up SMTP -# server resources so that they can be made -# available to another SMTP client. +# After responding with the numerical +# three-digit code and text, disconnect imme- +# diately from the SMTP client. This frees up +# SMTP server resources so that they can be +# made available to another SMTP client. # # Note: The "521" response should be used only # with botnets and other malware where inter- @@ -369,8 +369,7 @@ # with helo, sender, recipient and protocol informa- # tion. # -# This feature is available in Postfix 2.12 and -# later. +# This feature is available in Postfix 3.0 and later. # # WARN optional text... # Log a warning with the optional text, together with diff --git a/postfix/conf/header_checks b/postfix/conf/header_checks index cf1e36021..90fd45421 100644 --- a/postfix/conf/header_checks +++ b/postfix/conf/header_checks @@ -190,8 +190,7 @@ # Note 2: this ignores duplicate addresses (with the # same delivery status notification options). # -# This feature is available in Postfix 2.12 and -# later. +# This feature is available in Postfix 3.0 and later. # # This feature is not supported with smtp header/body # checks. @@ -314,8 +313,8 @@ # line, the prepended text must begin with a # valid message header label. # -# o This action cannot be used to prepend multi- -# line text. +# o This action cannot be used to prepend +# multi-line text. # # This feature is available in Postfix 2.1 and later. # diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf index 1eda7b501..3b1f1e2a0 100644 --- a/postfix/conf/master.cf +++ b/postfix/conf/master.cf @@ -52,6 +52,7 @@ proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp + -o syslog_name=postfix/relay # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error diff --git a/postfix/html/ADDRESS_VERIFICATION_README.html b/postfix/html/ADDRESS_VERIFICATION_README.html index 14648f472..c1b431cf5 100644 --- a/postfix/html/ADDRESS_VERIFICATION_README.html +++ b/postfix/html/ADDRESS_VERIFICATION_README.html @@ -202,7 +202,7 @@ details.

unknown addresses in reply to the RCPT TO command. However, some sites report this in reply to the DATA command. For such sites you may configure a workaround with the smtp_address_verify_target -parameter (Postfix 2.12 and later).

+parameter (Postfix 3.0 and later).

  • When verifying a remote address, Postfix probes the preferred MTAs for that address, without actually delivering mail. If diff --git a/postfix/html/CDB_README.html b/postfix/html/CDB_README.html index 8919c34ca..6997a1407 100644 --- a/postfix/html/CDB_README.html +++ b/postfix/html/CDB_README.html @@ -84,8 +84,8 @@ like:

    -

    Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_CDB. -With Postfix 2.12 and later, the old AUXLIBS variable still supports +

    Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_CDB. +With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded CDB database client, but only the new AUXLIBS_CDB variable supports building a dynamically-loaded or statically-loaded CDB database client.

    diff --git a/postfix/html/COMPATIBILITY_README.html b/postfix/html/COMPATIBILITY_README.html index 88c26be23..18378f14d 100644 --- a/postfix/html/COMPATIBILITY_README.html +++ b/postfix/html/COMPATIBILITY_README.html @@ -20,7 +20,7 @@ Backwards-Compatibility Safety Net

    Purpose of this document

    -

    Postfix 2.12 introduces a safety net that runs Postfix programs +

    Postfix 3.0 introduces a safety net that runs Postfix programs with backwards-compatible default settings after an upgrade. The safety net will log a warning whenever a "new" default setting could have an negative effect on your mail flow.

    diff --git a/postfix/html/INSTALL.html b/postfix/html/INSTALL.html index 2c9e2f7a7..8dd561578 100644 --- a/postfix/html/INSTALL.html +++ b/postfix/html/INSTALL.html @@ -230,7 +230,7 @@ $ make

    and so on. In some cases, optimization is turned off automatically.

    4.3 - Building with Postfix shared libraries and database plugins -(Postfix ≥ 2.12)

    +(Postfix ≥ 3.0)

    Postfix shared-library and database plugin support exists for recent versions of Linux, FreeBSD and MacOS X. Shared-library builds @@ -298,7 +298,7 @@ database-plugin support

    Additionally, Postfix can be built to support dynamic loading of Postfix database clients (database plugins) with the Debian-style -dynamicmaps feature. Postfix 2.12 supports dynamic loading of cdb:, +dynamicmaps feature. Postfix 3.0 supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Dynamic loading is useful when you distribute or install pre-compiled Postfix packages.

    @@ -327,9 +327,9 @@ such as "cdb" or "ldap".

    -

    NOTE: The Postfix 2.12 build procedure expects that you specify +

    NOTE: The Postfix 3.0 build procedure expects that you specify database library dependencies with variables named AUXLIBS_CDB, -AUXLIBS_LDAP, etc. With Postfix 2.12 and later, the old AUXLIBS +AUXLIBS_LDAP, etc. With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded database client, but only the new AUXLIBS_CDB etc. variables support building a dynamically-loaded or statically-loaded CDB etc. database client. @@ -545,7 +545,7 @@ systems that have IPv6 support. See the IPV6_README4.5 - Overriding built-in parameter default settings -

    4.5.1 - Postfix 2.12 and later

    +

    4.5.1 - Postfix 3.0 and later

    All Postfix configuration parameters can be changed by editing a Postfix configuration file, except for one: the parameter that @@ -701,7 +701,7 @@ $ make Name/Value Description AUXLIBS="object_library..." Specifies -one or more non-default object libraries. Postfix 2.12 and later +one or more non-default object libraries. Postfix 3.0 and later specify some of their database library dependencies with AUXLIBS_CDB, AUXLIBS_LDAP, AUXLIBS_LMDB, AUXLIBS_MYSQL, AUXLIBS_PCRE, AUXLIBS_PGSQL, AUXLIBS_SDBM, and AUXLIBS_SQLITE, respectively. diff --git a/postfix/html/LDAP_README.html b/postfix/html/LDAP_README.html index 3d3d61cb5..5178b29b8 100644 --- a/postfix/html/LDAP_README.html +++ b/postfix/html/LDAP_README.html @@ -96,8 +96,8 @@ your Postfix source tree should work:

    -

    Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_LDAP. -With Postfix 2.12 and later, the old AUXLIBS variable still supports +

    Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_LDAP. +With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded LDAP database client, but only the new AUXLIBS_LDAP variable supports building a dynamically-loaded or statically-loaded LDAP database client.

    diff --git a/postfix/html/LMDB_README.html b/postfix/html/LMDB_README.html index d15eb4a82..6a598ed0e 100644 --- a/postfix/html/LMDB_README.html +++ b/postfix/html/LMDB_README.html @@ -55,8 +55,8 @@ build Postfix with LMDB support, use something like:

    -

    Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_LMDB. -With Postfix 2.12 and later, the old AUXLIBS variable still supports +

    Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_LMDB. +With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded LMDB database client, but only the new AUXLIBS_LMDB variable supports building a dynamically-loaded or statically-loaded LMDB database client.

    diff --git a/postfix/html/MILTER_README.html b/postfix/html/MILTER_README.html index 2bbc43b0b..b6b6f6478 100644 --- a/postfix/html/MILTER_README.html +++ b/postfix/html/MILTER_README.html @@ -286,7 +286,7 @@ applications (not "postfix", not "www", etc.).

    Like Sendmail, Postfix has a lot of configuration options that control how it talks to Milter applications. Besides global options -that apply to all Milter applications, Postfix 2.12 and later +that apply to all Milter applications, Postfix 3.0 and later support per-Milter timeouts, per-Milter error handling, etc.

    Information in this section:

    @@ -430,7 +430,7 @@ will stay in the queue.

    Signing internally-generated bounce messages

    -

  • Postfix normally does not apply content filters to mail +

    Postfix normally does not apply content filters to mail that is generated internally such as bounces or Postmaster notifications. Filtering internally-generated bounces would result in loss of mail when a filter rejects a message, as the resulting @@ -571,7 +571,7 @@ that control time limits and other settings for all Postfix Milter clients. This is sufficient for simple configurations. With more complex configurations it becomes desirable to have different settings for different Milter clients. This is supported with Postfix -2.12 and later.

    +3.0 and later.

    The following example shows a "non-critical" Milter client with a short connect timeout, and with "accept" as default action when diff --git a/postfix/html/MYSQL_README.html b/postfix/html/MYSQL_README.html index 9cfa3b1c4..5506f4820 100644 --- a/postfix/html/MYSQL_README.html +++ b/postfix/html/MYSQL_README.html @@ -62,8 +62,8 @@ make -f Makefile.init makefiles \ -

    Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_MYSQL. -With Postfix 2.12 and later, the old AUXLIBS variable still supports +

    Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_MYSQL. +With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded MySQL database client, but only the new AUXLIBS_MYSQL variable supports building a dynamically-loaded or statically-loaded MySQL database client.

    diff --git a/postfix/html/PACKAGE_README.html b/postfix/html/PACKAGE_README.html index 30c738045..c1f6ea840 100644 --- a/postfix/html/PACKAGE_README.html +++ b/postfix/html/PACKAGE_README.html @@ -85,7 +85,7 @@ non-default installation parameters on the command line:

    script directly (% sh post-install -non-interactive install_root...).

    -

    With Postfix 2.12 and later, the command "make package name=value +

    With Postfix 3.0 and later, the command "make package name=value ..." will replace the string MAIL_VERSION in a configuration parameter value with the Postfix release version. Do not try to specify something like $mail_version on this command line. This produces diff --git a/postfix/html/PCRE_README.html b/postfix/html/PCRE_README.html index 80ec7ee03..817bbb892 100644 --- a/postfix/html/PCRE_README.html +++ b/postfix/html/PCRE_README.html @@ -66,8 +66,8 @@ make -f Makefile.init makefiles \ -

    Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_PCRE. -With Postfix 2.12 and later, the old AUXLIBS variable still supports +

    Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_PCRE. +With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded PCRE database client, but only the new AUXLIBS_PCRE variable supports building a dynamically-loaded or statically-loaded PCRE database client.

    diff --git a/postfix/html/PGSQL_README.html b/postfix/html/PGSQL_README.html index 7aa4a254e..b0a66b792 100644 --- a/postfix/html/PGSQL_README.html +++ b/postfix/html/PGSQL_README.html @@ -57,8 +57,8 @@ the location of the libpq library file.

    -

    Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_PGSQL. -With Postfix 2.12 and later, the old AUXLIBS variable still supports +

    Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_PGSQL. +With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded PostgreSQL database client, but only the new AUXLIBS_PGSQL variable supports building a dynamically-loaded or statically-loaded PostgreSQL database client.

    diff --git a/postfix/html/POSTSCREEN_README.html b/postfix/html/POSTSCREEN_README.html index 1d1963273..81c432d7b 100644 --- a/postfix/html/POSTSCREEN_README.html +++ b/postfix/html/POSTSCREEN_README.html @@ -982,16 +982,18 @@ helo/sender/recipient information, and waits for the client to disconnect.

    When the good client comes back in a later session, it is allowed -to talk directly to a Postfix SMTP server. See "after_220 Tests after the 220 SMTP server greeting above -for limitations with AUTH and other features that clients may need. -

    +to talk directly to a Postfix SMTP server. See "Tests +after the 220 SMTP server greeting" above for limitations with +AUTH and other features that clients may need.

    An unexpected benefit from "deep protocol tests" is that some "good" clients don't return after the 4XX -reply; these clients were not so good after all. Wietse enables -"deep protocol tests" on his own internet-facing -mail server.

    +reply; these clients were not so good after all.

    + +

    Unfortunately, some senders will retry requests from different +IP addresses, and may never get whitelisted. For this reason, +Wietse stopped using "deep protocol tests" +on his own internet-facing mail server.

  • There is also support for permanent blacklisting and whitelisting; see the description of the postscreen_access_list diff --git a/postfix/html/SMTPD_POLICY_README.html b/postfix/html/SMTPD_POLICY_README.html index 14f9fa030..6f3ae0b62 100644 --- a/postfix/html/SMTPD_POLICY_README.html +++ b/postfix/html/SMTPD_POLICY_README.html @@ -106,7 +106,7 @@ etrn_domain= stress= Postfix version 2.9 and later: ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40 -Postfix version 2.12 and later: +Postfix version 3.0 and later: client_port=1234 [empty line] @@ -341,7 +341,7 @@ policy delegation protocol:

  • smtpd_policy_service_default_action (default: 451 4.3.5 Server configuration problem): The default action when an SMTPD -policy service request fails. Available with Postfix 2.12 and +policy service request fails. Available with Postfix 3.0 and later.

  • smtpd_policy_service_max_idle (default: 300s): The amount @@ -354,18 +354,18 @@ client connection.

  • smtpd_policy_service_request_limit (default: 0): The maximal number of requests per policy connection, or zero (no limit). -Available with Postfix 2.12 and later.

    +Available with Postfix 3.0 and later.

  • smtpd_policy_service_timeout (default: 100s): The time limit to connect to, send to or receive from a policy server.

  • smtpd_policy_service_try_limit (default: 2): The maximal number of attempts to send an SMTPD policy service request before -giving up. Available with Postfix 2.12 and later.

    +giving up. Available with Postfix 3.0 and later.

  • smtpd_policy_service_retry_delay (default: 1s): The delay between attempts to resend a failed SMTPD policy service request. -Available with Postfix 2.12 and later.

    +Available with Postfix 3.0 and later.

    @@ -388,7 +388,7 @@ examples, the service name is "policy" or "127.0.0.1:9998".

    that control time limits and other settings for all policy clients. This is sufficient for simple configurations. With more complex configurations it becomes desirable to have different settings per -policy client. This is supported with Postfix 2.12 and later.

    +policy client. This is supported with Postfix 3.0 and later.

    The following example shows a "non-critical" policy service with a short timeout, and with "DUNNO" as default action when the diff --git a/postfix/html/SMTPUTF8_README.html b/postfix/html/SMTPUTF8_README.html index e64f83e9e..018bf8a04 100644 --- a/postfix/html/SMTPUTF8_README.html +++ b/postfix/html/SMTPUTF8_README.html @@ -25,7 +25,7 @@ Postfix SMTPUTF8 support Internationalization (EAI) as defined in RFC 6531 (SMTPUTF8 extension), RFC 6532 (Internationalized email headers) and RFC 6533 (Internationalized delivery status notifications). Introduced with Postfix version -2.12, this fully supports UTF-8 email addresses and UTF-8 message +3.0, this fully supports UTF-8 email addresses and UTF-8 message header values.

    Topics covered in this document:

    @@ -92,7 +92,7 @@ servers (Dovecot), and down-stream SMTP servers.

    Postfix SMTPUTF8 support is enabled by default, but it may be disabled as part of a backwards-compatibility safety net (see the -Postfix 2.12 RELEASE_NOTES file).

    +Postfix 3.0 RELEASE_NOTES file).

    SMTPUTF8 support is enabled by setting the smtputf8_enable parameter in main.cf:

    @@ -188,7 +188,7 @@ done (at least that is the default, see autodetection below). Specifically, the Postfix SMTP server does not accept UTF-8 in the envelope sender domain name or envelope recipient domain name, and the Postfix SMTP client does not issue the SMTPUTF8 request when -delivering that message an SMTP or LMTP server that announces +delivering that message to an SMTP or LMTP server that announces SMTPUTF8 support (again, that is the default). Postfix will accept UTF-8 in message header values and in the localpart of envelope sender and recipient addresses, because it has always done that. @@ -283,22 +283,25 @@ at one point in time.

    No automatic conversions between ASCII and UTF-8 domain names.

    Some background: According to RFC 6530 and related documents, -"Internationalized" domain names can appear in two forms: the UTF-8 -form, and the ASCII (xn--mumble) form. "Internationalized" address -localparts must be encoded in UTF-8; the RFCs do not define an ASCII -form for the same information.

    +an internationalized domain name can appear in two forms: the UTF-8 +form, and the ASCII (xn--mumble) form. An internationalized address +localpart must be encoded in UTF-8; the RFCs do not define an ASCII +alternative form.

    Postfix currently does not convert internationalized domain names from UTF-8 into ASCII (or from ASCII into UTF-8) before using -domain names in SMTP commands and responses, before looking up -domain names in mydestination, relay_domains, access tables, etc., -before using domain names in a policy daemon or Milter request, -or before logging domain names.

    +domain names in SMTP commands and responses, before looking up +domain names in lists such as mydestination, relay_domains or in +lookup tables such as access tables, etc., before using domain names +in a policy daemon or Milter request, or before logging events. +

    Postfix does, however, casefold domain names and email addresses -before matching them against a Postfix configuration parameter or +before matching them against a Postfix configuration parameter or lookup table.

    +

    In order to use Postfix SMTPUTF8 support:

    + -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    @@ -9903,14 +9903,14 @@ SMTP servers that reject recipients after the DATA command. Use -o     smtp_address_verify_target=data lmtp-data-target unix - - n - - lmtp -o lmtp_address_verify_target=data -
    -
    +
    +

    Unselective use of the "data" target does no harm, but will result in unnecessary "lost connection after DATA" events at remote SMTP/LMTP servers.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    @@ -10429,7 +10429,7 @@ with valid PTR etc. records.

    /^\S+\.google\.com\.\s+\S+\s+\S+\s+AAAA\s+/ IGNORE -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    @@ -11489,7 +11489,7 @@ but it is best to include all the required certificates directly in $smtp_tls_cert_file.

    Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use -ONLY the system-supplied default certificate authority certificates. +ONLY the system-supplied default Certification Authority certificates.

    Specify "tls_append_default_CA = no" to prevent Postfix from @@ -11510,7 +11510,7 @@ certificates.

    smtp_tls_CApath (default: empty)
    -

    Directory with PEM format certificate authority certificates +

    Directory with PEM format Certification Authority certificates that the Postfix SMTP client uses to verify a remote SMTP server certificate. Don't forget to create the necessary "hash" links with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". @@ -11520,7 +11520,7 @@ with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". must be inside the chroot jail.

    Specify "smtp_tls_CApath = /path/to/system_CA_directory" to -use ONLY the system-supplied default certificate authority certificates. +use ONLY the system-supplied default Certification Authority certificates.

    Specify "tls_append_default_CA = no" to prevent Postfix from @@ -11796,7 +11796,7 @@ key exchange with RSA authentication.

    List of acceptable remote SMTP server certificate fingerprints for the "fingerprint" TLS security level (smtp_tls_security_level = -fingerprint). At this security level, certificate authorities are not +fingerprint). At this security level, Certification Authorities are not used, and certificate expiration times are ignored. Instead, server certificates are verified directly via their certificate fingerprint or public key fingerprint (Postfix 2.9 and later). The fingerprint @@ -12369,7 +12369,7 @@ and later.

    fingerprint
    Certificate fingerprint verification. Available with Postfix 2.5 and later. At this security -level, there are no trusted certificate authorities. The certificate +level, there are no trusted Certification Authorities. The certificate trust chain, expiration date, ... are not checked. Instead, the optional match attribute, or else the main.cf smtp_tls_fingerprint_cert_match parameter, lists the certificate @@ -12638,7 +12638,7 @@ TLSA authentication is required. There is no fallback to "may" or
    fingerprint
    Certificate fingerprint verification. -At this security level, there are no trusted certificate authorities. +At this security level, there are no trusted Certification Authorities. The certificate trust chain, expiration date, etc., are not checked. Instead, the smtp_tls_fingerprint_cert_match parameter lists the certificate fingerprint or public key fingerprint @@ -12942,7 +12942,7 @@ stronger.

    More examples are in TLS_README, including examples for older Postfix versions.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    @@ -13208,7 +13208,7 @@ contain the ":" character, and would otherwise be confused with a

    Pattern matching of domain names is controlled by the presence or absence of "smtpd_client_event_limit_exceptions" in the -parent_domain_matches_subdomains parameter value (postfix 2.12 and +parent_domain_matches_subdomains parameter value (postfix 3.0 and later).

    @@ -13400,7 +13400,7 @@ least significant octets. See the access(5) manual p client hostname, and execute the corresponding action. Note: a result of "OK" is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. This feature is available -in Postfix 2.12 and later. +in Postfix 3.0 and later.

    check_client_mx_access type:table
    @@ -13434,7 +13434,7 @@ and later. unverified reverse client hostname, and execute the corresponding action. Note: a result of "OK" is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later.
    check_reverse_client_hostname_mx_access type:table
    @@ -13972,7 +13972,7 @@ to discard EHLO keywords selectively.

    See smtp_dns_reply_filter for details including an example.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    @@ -14215,7 +14215,7 @@ use DUNNO in order to exclude specific hosts from blacklists. Note 2: specify "smtpd_helo_required = yes" to fully enforce this restriction (without "smtpd_helo_required = yes", a client can simply skip check_helo_a_access by not sending HELO or EHLO). This -feature is available in Postfix 2.12 and later. +feature is available in Postfix 3.0 and later.
    check_helo_mx_access type:table
    @@ -14484,7 +14484,7 @@ request, that request will have the built-in default action.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    @@ -14531,7 +14531,7 @@ with policy servers that cannot maintain a persistent connection.

    -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later.

    @@ -14543,7 +14543,7 @@ This feature is available in Postfix 2.12 and later.

    The delay between attempts to resend a failed SMTPD policy service request. Specify a value greater than zero.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    @@ -14569,7 +14569,7 @@ This feature is available in Postfix 2.1 and later.

    The maximal number of attempts to send an SMTPD policy service request before giving up. Specify a value greater than zero.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    @@ -14756,7 +14756,7 @@ corresponding action. the RCPT TO domain, and execute the corresponding action. Note: a result of "OK" is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. This -feature is available in Postfix 2.12 and later. +feature is available in Postfix 3.0 and later.
    check_recipient_mx_access type:table
    @@ -14872,7 +14872,7 @@ record or 2) a malformed MX record such as a record with a zero-length MX hostname (Postfix version 2.3 and later).
    The reply is specified with the unknown_address_reject_code parameter (default: 450), unknown_address_tempfail_action (default: -defer_if_permit), or 556 (nullmx, Postfix 2.12 and +defer_if_permit), or 556 (nullmx, Postfix 3.0 and later). See the respective parameter descriptions for details. @@ -15540,7 +15540,7 @@ corresponding action. the MAIL FROM domain, and execute the corresponding action. Note: a result of "OK" is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. This -feature is available in Postfix 2.12 and later. +feature is available in Postfix 3.0 and later.
    check_sender_mx_access type:table
    @@ -15616,7 +15616,7 @@ record, or 2) a malformed MX record such as a record with a zero-length MX hostname (Postfix version 2.3 and later).
    The reply is specified with the unknown_address_reject_code parameter (default: 450), unknown_address_tempfail_action (default: -defer_if_permit), or 550 (nullmx, Postfix 2.12 and +defer_if_permit), or 550 (nullmx, Postfix 3.0 and later). See the respective parameter descriptions for details. @@ -15763,7 +15763,7 @@ but it is best to include all the required certificates directly in the server certificate file.

    Specify "smtpd_tls_CAfile = /path/to/system_CA_file" to use ONLY -the system-supplied default certificate authority certificates. +the system-supplied default Certification Authority certificates.

    Specify "tls_append_default_CA = no" to prevent Postfix from @@ -15772,10 +15772,10 @@ certificates.

    By default (see smtpd_tls_ask_ccert), client certificates are not requested, and smtpd_tls_CAfile should remain empty. If you do make use -of client certificates, the distinguished names (DNs) of the certificate -authorities listed in smtpd_tls_CAfile are sent to the remote SMTP client +of client certificates, the distinguished names (DNs) of the Certification +Authorities listed in smtpd_tls_CAfile are sent to the remote SMTP client in the client certificate request message. MUAs with multiple client -certificates may use the list of preferred certificate authorities +certificates may use the list of preferred Certification Authorities to select the correct client certificate. You may want to put your "preferred" CA or CAs in this file, and install other trusted CAs in $smtpd_tls_CApath.

    @@ -15802,7 +15802,7 @@ for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use inside the chroot jail.

    Specify "smtpd_tls_CApath = /path/to/system_CA_directory" to -use ONLY the system-supplied default certificate authority certificates. +use ONLY the system-supplied default Certification Authority certificates.

    Specify "tls_append_default_CA = no" to prevent Postfix from @@ -15811,10 +15811,10 @@ certificates.

    By default (see smtpd_tls_ask_ccert), client certificates are not requested, and smtpd_tls_CApath should remain empty. In contrast -to smtpd_tls_CAfile, DNs of certificate authorities installed +to smtpd_tls_CAfile, DNs of Certification Authorities installed in $smtpd_tls_CApath are not included in the client certificate request message. MUAs with multiple client certificates may use the -list of preferred certificate authorities to select the correct +list of preferred Certification Authorities to select the correct client certificate. You may want to put your "preferred" CA or CAs in $smtpd_tls_CAfile, and install the remaining trusted CAs in $smtpd_tls_CApath.

    @@ -16808,7 +16808,7 @@ mail. -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    @@ -16816,11 +16816,11 @@ mail.
    smtputf8_enable (default: yes)
    -

    Enable experimental SMTPUTF8 support for the protocols described +

    Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531..6533. This requires that Postfix is built to support these protocols.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    @@ -17004,7 +17004,7 @@ FROM and RCPT TO addresses. SMTP server accepts UTF8 sender or recipient addresses only when the client requests an SMTPUTF8 mail transaction.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    @@ -17137,7 +17137,7 @@ connections. Next, you enable Postfix TCP servers with the updated
    tls_append_default_CA (default: no)
    -

    Append the system-supplied default certificate authority +

    Append the system-supplied default Certification Authority certificates to the ones specified with *_tls_CApath or *_tls_CAfile. The default is "no"; this prevents Postfix from trusting third-party certificates and giving them relay permission with @@ -17679,7 +17679,7 @@ gives timeout errors.

    tls_session_ticket_cipher -(default: Postfix ≥ 2.12: aes-256-cbc, postfix < 2.12: aes-128-cbc)
    +(default: Postfix ≥ 3.0: aes-256-cbc, Postfix < 3.0: aes-128-cbc)

    Algorithm used to encrypt RFC5077 TLS session tickets. This algorithm must use CBC mode, have a 128-bit block size, and must @@ -17691,7 +17691,7 @@ is discouraged.

    in the Postfix SMTP server. Another way to disable session ticket support is via the tls_ssl_options parameter.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    @@ -18910,7 +18910,7 @@ exponentially.

    -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later.

    @@ -19044,7 +19044,7 @@ This feature is available in Postfix 2.1 and later. delivery status code or explanatory text of successful or unsuccessful deliveries. See default_delivery_status_filter for details.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    diff --git a/postfix/html/postfix-wrapper.5.html b/postfix/html/postfix-wrapper.5.html index 4b53b974d..7a2edad85 100644 --- a/postfix/html/postfix-wrapper.5.html +++ b/postfix/html/postfix-wrapper.5.html @@ -42,8 +42,8 @@ POSTFIX-WRAPPER(5) POSTFIX-WRAPPER(5) # postfix status - This enumerates the status of all Postfix instances within a multi- - instance configuration. + This enumerates the status of all Postfix instances within a + multi-instance configuration. MANAGING AN INDIVIDUAL POSTFIX INSTANCE To manage a specific Postfix instance, specify its configuration direc- @@ -173,10 +173,10 @@ POSTFIX-WRAPPER(5) POSTFIX-WRAPPER(5) -c option is specified, or when MAIL_CONFIG is present in the process environment. This is necessary to terminate recursion. - Otherwise, when the multi_instance_directories parameter value is non- - empty, the postfix(1) command executes the command specified with the - multi_instance_wrapper parameter, instead of executing the commands in - postfix-script. + Otherwise, when the multi_instance_directories parameter value is + non-empty, the postfix(1) command executes the command specified with + the multi_instance_wrapper parameter, instead of executing the commands + in postfix-script. The multi-instance manager skips commands such as "stop" or "reload" that require a running Postfix instance, when an instance does not have diff --git a/postfix/html/postfix.1.html b/postfix/html/postfix.1.html index 0453a284c..4a10c09c5 100644 --- a/postfix/html/postfix.1.html +++ b/postfix/html/postfix.1.html @@ -70,8 +70,8 @@ POSTFIX(1) POSTFIX(1) Postfix system. This feature is available in Postfix 2.1 and later. With Post- - fix 2.0 and earlier, use "$config_directory/post-install set- - permissions". + fix 2.0 and earlier, use "$config_directory/post-install + set-permissions". upgrade-configuration [name=value ...] Update the main.cf and master.cf files with information that @@ -168,8 +168,8 @@ POSTFIX(1) POSTFIX(1) the Postfix sendmail(1) command. setgid_group (postdrop) - The group ownership of set-gid Postfix commands and of group- - writable Postfix directories. + The group ownership of set-gid Postfix commands and of + group-writable Postfix directories. Available in Postfix version 2.5 and later: @@ -177,7 +177,7 @@ POSTFIX(1) POSTFIX(1) The directory with Postfix-writable data files (for example: caches, pseudo-random numbers). - Available in Postfix version 2.12 and later: + Available in Postfix version 3.0 and later: meta_directory (see 'postconf -d' output) The location of non-executable files that are shared among mul- diff --git a/postfix/html/postmap.1.html b/postfix/html/postmap.1.html index 9822a2dd1..21212d800 100644 --- a/postfix/html/postmap.1.html +++ b/postfix/html/postmap.1.html @@ -62,9 +62,9 @@ POSTMAP(1) POSTMAP(1) By default, the -b option starts generating lookup keys at the first non-header line, and stops when the end of the message is reached. To simulate body_checks(5) processing, enable MIME - parsing with -m. With this, the -b option generates no body- - style lookup keys for attachment MIME headers and for attached - message/* headers. + parsing with -m. With this, the -b option generates no + body-style lookup keys for attachment MIME headers and for + attached message/* headers. NOTE: with "smtputf8_enable = yes", the -b option option dis- ables UTF-8 syntax checks on query keys and lookup results. @@ -245,7 +245,7 @@ POSTMAP(1) POSTMAP(1) and postmap(1) commands. smtputf8_enable (yes) - Enable experimental SMTPUTF8 support for the protocols described + Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531..6533. syslog_facility (mail) diff --git a/postfix/html/postmulti.1.html b/postfix/html/postmulti.1.html index e647f355a..a9fe5017e 100644 --- a/postfix/html/postmulti.1.html +++ b/postfix/html/postmulti.1.html @@ -356,7 +356,7 @@ POSTMULTI(1) POSTMULTI(1) syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". - Available in Postfix 2.12 and later: + Available in Postfix 3.0 and later: meta_directory (see 'postconf -d' output) The location of non-executable files that are shared among mul- diff --git a/postfix/html/postscreen.8.html b/postfix/html/postscreen.8.html index 13460cb49..18ac222e8 100644 --- a/postfix/html/postscreen.8.html +++ b/postfix/html/postscreen.8.html @@ -138,8 +138,8 @@ POSTSCREEN(8) POSTSCREEN(8) Available in Postfix version 2.10 and later: postscreen_upstream_proxy_protocol (empty) - The name of the proxy protocol used by an optional before- - postscreen proxy agent. + The name of the proxy protocol used by an optional + before-postscreen proxy agent. postscreen_upstream_proxy_timeout (5s) The time limit for the proxy protocol specified with the @@ -167,9 +167,9 @@ POSTSCREEN(8) POSTSCREEN(8) introduce a common point of failure. postscreen_whitelist_interfaces (static:all) - A list of local postscreen(8) server IP addresses where a non- - whitelisted remote SMTP client can obtain postscreen(8)'s tempo- - rary whitelist status. + A list of local postscreen(8) server IP addresses where a + non-whitelisted remote SMTP client can obtain postscreen(8)'s + temporary whitelist status. BEFORE 220 GREETING TESTS These tests are executed before the remote SMTP client receives the diff --git a/postfix/html/posttls-finger.1.html b/postfix/html/posttls-finger.1.html index 5a8528657..5ef23d31e 100644 --- a/postfix/html/posttls-finger.1.html +++ b/postfix/html/posttls-finger.1.html @@ -39,11 +39,12 @@ POSTTLS-FINGER(1) POSTTLS-FINGER(1) If TLS negotiation succeeds, the TLS protocol and cipher details are reported. The server certificate is then verified in accordance with - the policy at the chosen (or default) security level. With public CA- - based trust, when the -L option includes certmatch, (true by default) - name matching is performed even if the certificate chain is not - trusted. This logs the names found in the remote SMTP server certifi- - cate and which if any would match, were the certificate chain trusted. + the policy at the chosen (or default) security level. With public + CA-based trust, when the -L option includes certmatch, (true by + default) name matching is performed even if the certificate chain is + not trusted. This logs the names found in the remote SMTP server cer- + tificate and which if any would match, were the certificate chain + trusted. Note: posttls-finger(1) does not perform any table lookups, so the TLS policy table and obsolete per-site tables are not consulted. It does @@ -56,7 +57,7 @@ POSTTLS-FINGER(1) POSTTLS-FINGER(1) after the specified delay, and posttls-finger(1) then reports whether the cached TLS session was re-used. - When the destination is a load-balancer, it may be distributing load + When the destination is a load balancer, it may be distributing load between multiple server caches. Typically, each server returns its unique name in its EHLO response. If, upon reconnecting with -r, a new server name is detected, another session is cached for the new server, @@ -64,8 +65,8 @@ POSTTLS-FINGER(1) POSTTLS-FINGER(1) 5) that can be specified via the -m option. The choice of SMTP or LMTP (-S option) determines the syntax of the - destination argument. With SMTP, one can specify a service on a non- - default port as host:service, and disable MX (mail exchanger) DNS + destination argument. With SMTP, one can specify a service on a + non-default port as host:service, and disable MX (mail exchanger) DNS lookups with [host] or [host]:port. The [] form is required when you specify an IP address instead of a hostname. An IPv6 address takes the form [ipv6:address]. The default port for SMTP is taken from the @@ -162,8 +163,8 @@ POSTTLS-FINGER(1) POSTTLS-FINGER(1) and verbose. 3, ssl-expert - These synonymous values combine debug with ssl-handshake- - packet-dump. For experts only. + These synonymous values combine debug with ssl-hand- + shake-packet-dump. For experts only. 4, ssl-developer These synonymous values combine ssl-expert with ssl-ses- @@ -186,7 +187,7 @@ POSTTLS-FINGER(1) POSTTLS-FINGER(1) untrusted Logs trust chain verification problems. This is turned on automatically at security levels that use peer names - signed by certificate authorities to validate certifi- + signed by Certification Authorities to validate certifi- cates. So while this setting is recognized, you should never need to set it explicitly. @@ -197,8 +198,8 @@ POSTTLS-FINGER(1) POSTTLS-FINGER(1) certmatch This logs remote SMTP server certificate matching, show- ing the CN and each subjectAltName and which name - matched. With DANE, logs matching of TLSA record trust- - anchor and end-entity certificates. + matched. With DANE, logs matching of TLSA record + trust-anchor and end-entity certificates. cache This logs session cache operations, showing whether ses- sion caching is effective with the remote SMTP server. @@ -216,7 +217,7 @@ POSTTLS-FINGER(1) POSTTLS-FINGER(1) -m count (default: 5) When the -r delay option is specified, the -m option determines the maximum number of reconnect attempts to use with a server - behind a load-balacer, to see whether connection caching is + behind a load balancer, to see whether connection caching is likely to be effective for this destination. Some MTAs don't expose the underlying server identity in their EHLO response; with these servers there will never be more than 1 reconnection @@ -238,7 +239,7 @@ POSTTLS-FINGER(1) POSTTLS-FINGER(1) ath is used and no public CAs are trusted. -r delay - With a cachable TLS session, disconnect and reconnect after + With a cacheable TLS session, disconnect and reconnect after delay seconds. Report whether the session is re-used. Retry if a new server is encountered, up to 5 times or as specified with the -m option. By default reconnection is disabled, specify a @@ -256,7 +257,7 @@ POSTTLS-FINGER(1) POSTTLS-FINGER(1) -T timeout (default: 30) The SMTP/LMTP command timeout for EHLO/LHLO, STARTTLS and QUIT. - -v Enable verose Postfix logging. Specify more than once to + -v Enable verbose Postfix logging. Specify more than once to increase the level of verbose logging. -w Enable outgoing TLS wrapper mode, or SMTPS support. This is diff --git a/postfix/html/qmgr.8.html b/postfix/html/qmgr.8.html index d28d7e504..6225c559d 100644 --- a/postfix/html/qmgr.8.html +++ b/postfix/html/qmgr.8.html @@ -400,7 +400,7 @@ QMGR(8) QMGR(8) syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". - Available in Postfix version 2.12 and later: + Available in Postfix version 3.0 and later: confirm_delay_cleared (no) After sending a "your message is delayed" notification, inform diff --git a/postfix/html/qmqp-sink.1.html b/postfix/html/qmqp-sink.1.html index 3a0a8a4bb..9c4bbaa88 100644 --- a/postfix/html/qmqp-sink.1.html +++ b/postfix/html/qmqp-sink.1.html @@ -19,8 +19,8 @@ QMQP-SINK(1) QMQP-SINK(1) messages from the network and throws them away. The purpose is to mea- sure QMQP client performance, not protocol compliance. Connections can be accepted on IPv4 or IPv6 endpoints, or on UNIX-domain sockets. IPv4 - and IPv6 are the default. This program is the complement of the qmqp- - source(1) program. + and IPv6 are the default. This program is the complement of the + qmqp-source(1) program. Note: this is an unsupported test program. No attempt is made to main- tain compatibility between successive versions. diff --git a/postfix/html/qmqp-source.1.html b/postfix/html/qmqp-source.1.html index f4302a4d5..2bdffcd77 100644 --- a/postfix/html/qmqp-source.1.html +++ b/postfix/html/qmqp-source.1.html @@ -17,8 +17,8 @@ QMQP-SOURCE(1) QMQP-SOURCE(1) DESCRIPTION qmqp-source connects to the named host and TCP port (default 628) and sends one or more messages to it, either sequentially or in parallel. - The program speaks the QMQP protocol. Connections can be made to UNIX- - domain and IPv4 or IPv6 servers. IPv4 and IPv6 are the default. + The program speaks the QMQP protocol. Connections can be made to + UNIX-domain and IPv4 or IPv6 servers. IPv4 and IPv6 are the default. Note: this is an unsupported test program. No attempt is made to main- tain compatibility between successive versions. diff --git a/postfix/html/qmqpd.8.html b/postfix/html/qmqpd.8.html index ce358b571..dda801a65 100644 --- a/postfix/html/qmqpd.8.html +++ b/postfix/html/qmqpd.8.html @@ -56,15 +56,19 @@ QMQPD(8) QMQPD(8) ing, or address mapping. SMTPUTF8 CONTROLS - Preliminary SMTPUTF8 support is introduced with Postfix 2.12. + Preliminary SMTPUTF8 support is introduced with Postfix 3.0. + + smtputf8_enable (yes) + Enable preliminary SMTPUTF8 support for the protocols described + in RFC 6531..6533. smtputf8_autodetect_classes (sendmail, verify) - Detect that a message requires SMTPUTF8 support for the speci- + Detect that a message requires SMTPUTF8 support for the speci- fied mail origin classes. RESOURCE AND RATE CONTROLS line_length_limit (2048) - Upon input, long lines are chopped up into pieces of at most + Upon input, long lines are chopped up into pieces of at most this length; upon delivery, long lines are reconstructed. hopcount_limit (50) @@ -72,47 +76,47 @@ QMQPD(8) QMQPD(8) in the primary message headers. message_size_limit (10240000) - The maximal size in bytes of a message, including envelope + The maximal size in bytes of a message, including envelope information. qmqpd_timeout (300s) - The time limit for sending or receiving information over the + The time limit for sending or receiving information over the network. TROUBLE SHOOTING CONTROLS debug_peer_level (2) - The increment in verbose logging level when a remote client or + The increment in verbose logging level when a remote client or server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname or network + Optional list of remote client or server hostname or network address patterns that cause the verbose logging level to increase by the amount specified in $debug_peer_level. soft_bounce (no) - Safety net to keep mail queued that would otherwise be returned + Safety net to keep mail queued that would otherwise be returned to the sender. TARPIT CONTROLS qmqpd_error_delay (1s) - How long the Postfix QMQP server will pause before sending a + How long the Postfix QMQP server will pause before sending a negative reply to the remote QMQP client. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -126,7 +130,7 @@ QMQPD(8) QMQPD(8) The process name of a Postfix command or daemon process. qmqpd_authorized_clients (empty) - What remote QMQP clients are allowed to connect to the Postfix + What remote QMQP clients are allowed to connect to the Postfix QMQP server port. queue_directory (see 'postconf -d' output) @@ -136,12 +140,12 @@ QMQPD(8) QMQPD(8) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the process name in - syslog records, so that "smtpd" becomes, for example, "post- + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter characters on + The characters Postfix accepts as VERP delimiter characters on the Postfix sendmail(1) command line and in SMTP commands. Available in Postfix version 2.5 and later: diff --git a/postfix/html/regexp_table.5.html b/postfix/html/regexp_table.5.html index 50cec3c63..21f6a6baf 100644 --- a/postfix/html/regexp_table.5.html +++ b/postfix/html/regexp_table.5.html @@ -138,7 +138,7 @@ REGEXP_TABLE(5) REGEXP_TABLE(5) # Protect your outgoing majordomo exploders if !/^owner-/ - /^(.*)-outgoing@(.*)$/ 550 Use ${1}@${2} instead + /^(.*)-outgoing@(.*)$/ 550 Use ${1}@${2} instead endif EXAMPLE HEADER FILTER MAP diff --git a/postfix/html/sendmail.1.html b/postfix/html/sendmail.1.html index 5a981c838..29242c0df 100644 --- a/postfix/html/sendmail.1.html +++ b/postfix/html/sendmail.1.html @@ -156,11 +156,11 @@ SENDMAIL(1) SENDMAIL(1) Backwards compatibility. -N dsn (default: 'delay, failure') - Delivery status notification control. Specify either a comma- - separated list with one or more of failure (send notification - when delivery fails), delay (send notification when delivery is - delayed), or success (send notification when the message is - delivered); or specify never (don't send any notifications at + Delivery status notification control. Specify either a + comma-separated list with one or more of failure (send notifica- + tion when delivery fails), delay (send notification when deliv- + ery is delayed), or success (send notification when the message + is delivered); or specify never (don't send any notifications at all). This feature is available in Postfix 2.3 and later. @@ -255,10 +255,10 @@ SENDMAIL(1) SENDMAIL(1) of the form owner-listname@origin, each recipient user@domain receives mail with a personalized envelope sender address. - By default, the personalized envelope sender address is owner- - listname+user=domain@origin. The default + and = characters are - configurable with the default_verp_delimiters configuration - parameter. + By default, the personalized envelope sender address is + owner-listname+user=domain@origin. The default + and = charac- + ters are configurable with the default_verp_delimiters configu- + ration parameter. -XVxy (Postfix 2.2 and earlier: -Vxy) As -XV, but uses x and y as the VERP delimiter characters, diff --git a/postfix/html/smtp-sink.1.html b/postfix/html/smtp-sink.1.html index ed27fd63e..cb8b0162f 100644 --- a/postfix/html/smtp-sink.1.html +++ b/postfix/html/smtp-sink.1.html @@ -24,9 +24,9 @@ SMTP-SINK(1) SMTP-SINK(1) delays, this mode of operation can reduce the maximal performance by several orders of magnitude. - Connections can be accepted on IPv4 or IPv6 endpoints, or on UNIX- - domain sockets. IPv4 and IPv6 are the default. This program is the - complement of the smtp-source(1) program. + Connections can be accepted on IPv4 or IPv6 endpoints, or on + UNIX-domain sockets. IPv4 and IPv6 are the default. This program is + the complement of the smtp-source(1) program. Note: this is an unsupported test program. No attempt is made to main- tain compatibility between successive versions. @@ -173,7 +173,7 @@ SMTP-SINK(1) SMTP-SINK(1) An optional string that is prepended to each message that is written to a dump file (see the dump file format description below). The following C escape sequences are supported: \a - (bell), \b (backslace), \f (formfeed), \n (newline), \r (car- + (bell), \b (backspace), \f (formfeed), \n (newline), \r (car- riage return), \t (horizontal tab), \v (vertical tab), \ddd (up to three octal digits) and \\ (the backslash character). diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index 705c5ab22..236b03ba3 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -292,7 +292,7 @@ SMTP(8) SMTP(8) smtp_dns_support_level (empty) Level of DNS support in the Postfix SMTP client. - Available in Postfix version 2.12 and later: + Available in Postfix version 3.0 and later: smtp_delivery_status_filter ($default_delivery_status_filter) Optional filter for the smtp(8) delivery agent to change the @@ -404,7 +404,7 @@ SMTP(8) SMTP(8) tificates. smtp_tls_CApath (empty) - Directory with PEM format certificate authority certificates + Directory with PEM format Certification Authority certificates that the Postfix SMTP client uses to verify a remote SMTP server certificate. @@ -555,7 +555,7 @@ SMTP(8) SMTP(8) tlsmgr_service_name (tlsmgr) The name of the tlsmgr(8) service entry in master.cf. - Available in Postfix version 2.12 and later: + Available in Postfix version 3.0 and later: smtp_tls_wrappermode (no) Request that the Postfix SMTP client connects using the legacy @@ -702,10 +702,10 @@ SMTP(8) SMTP(8) (no limit). SMTPUTF8 CONTROLS - Preliminary SMTPUTF8 support is introduced with Postfix 2.12. + Preliminary SMTPUTF8 support is introduced with Postfix 3.0. smtputf8_enable (yes) - Enable experimental SMTPUTF8 support for the protocols described + Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531..6533. smtputf8_autodetect_classes (sendmail, verify) @@ -728,9 +728,9 @@ SMTP(8) SMTP(8) col errors. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are subject to before- - queue content inspection by non_smtpd_milters, header_checks and - body_checks. + What categories of Postfix-generated mail are subject to + before-queue content inspection by non_smtpd_milters, + header_checks and body_checks. notify_classes (resource, software) The list of error classes that are reported to the postmaster. @@ -839,7 +839,7 @@ SMTP(8) SMTP(8) Optional list of relay hosts for SMTP destinations that can't be found or that are unreachable. - Available with Postfix 2.12 and later: + Available with Postfix 3.0 and later: smtp_address_verify_target (rcpt) In the context of email address verification, the SMTP protocol diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index fffa1f2f9..c4b69df50 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -152,7 +152,7 @@ SMTPD(8) SMTPD(8) record (an SMTP command line, SMTP response line, SMTP message content line, or TLS protocol message). - Available in Postfix version 2.12 and later: + Available in Postfix version 3.0 and later: smtpd_dns_reply_filter (empty) Optional filter for Postfix SMTP server DNS lookup results. @@ -495,34 +495,35 @@ SMTPD(8) SMTPD(8) Available in Postfix version 2.5 and later: smtpd_tls_fingerprint_digest (md5) - The message digest algorithm to construct remote SMTP client- - certificate fingerprints or public key fingerprints (Postfix 2.9 - and later) for check_ccert_access and permit_tls_clientcerts. + The message digest algorithm to construct remote SMTP + client-certificate fingerprints or public key fingerprints + (Postfix 2.9 and later) for check_ccert_access and per- + mit_tls_clientcerts. Available in Postfix version 2.6 and later: smtpd_tls_protocols (empty) - List of TLS protocols that the Postfix SMTP server will exclude + List of TLS protocols that the Postfix SMTP server will exclude or include with opportunistic TLS encryption. smtpd_tls_ciphers (export) - The minimum TLS cipher grade that the Postfix SMTP server will + The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption. smtpd_tls_eccert_file (empty) - File with the Postfix SMTP server ECDSA certificate in PEM for- + File with the Postfix SMTP server ECDSA certificate in PEM for- mat. smtpd_tls_eckey_file ($smtpd_tls_eccert_file) - File with the Postfix SMTP server ECDSA private key in PEM for- + File with the Postfix SMTP server ECDSA private key in PEM for- mat. smtpd_tls_eecdh_grade (see 'postconf -d' output) - The Postfix SMTP server security grade for ephemeral elliptic- - curve Diffie-Hellman (EECDH) key exchange. + The Postfix SMTP server security grade for ephemeral ellip- + tic-curve Diffie-Hellman (EECDH) key exchange. tls_eecdh_strong_curve (prime256v1) - The elliptic curve used by the Postfix SMTP server for sensibly + The elliptic curve used by the Postfix SMTP server for sensibly strong ephemeral ECDH key exchange. tls_eecdh_ultra_curve (secp384r1) @@ -533,7 +534,7 @@ SMTPD(8) SMTPD(8) tls_preempt_cipherlist (no) With SSLv3 and later, use the Postfix SMTP server's cipher pref- - erence order instead of the remote client's cipher preference + erence order instead of the remote client's cipher preference order. tls_disable_workarounds (see 'postconf -d' output) @@ -544,19 +545,19 @@ SMTPD(8) SMTPD(8) tlsmgr_service_name (tlsmgr) The name of the tlsmgr(8) service entry in master.cf. - Available in Postfix version 2.12 and later: + Available in Postfix version 3.0 and later: - tls_session_ticket_cipher (Postfix &ge; 2.12: aes-256-cbc, postfix &lt - 2.12: aes-128-cbc) + tls_session_ticket_cipher (Postfix >= 3.0: aes-256-cbc, Postfix < 3.0: + aes-128-cbc) Algorithm used to encrypt RFC5077 TLS session tickets. OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compatibility with - Postfix versions before 2.3. Support for these will be removed in a + The following configuration parameters exist for compatibility with + Postfix versions before 2.3. Support for these will be removed in a future release. smtpd_use_tls (no) - Opportunistic TLS: announce STARTTLS support to remote SMTP + Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption. smtpd_enforce_tls (no) @@ -564,85 +565,85 @@ SMTPD(8) SMTPD(8) and require that clients use TLS encryption. smtpd_tls_cipherlist (empty) - Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS + Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS cipher list. SMTPUTF8 CONTROLS - Preliminary SMTPUTF8 support is introduced with Postfix 2.12. + Preliminary SMTPUTF8 support is introduced with Postfix 3.0. smtputf8_enable (yes) - Enable experimental SMTPUTF8 support for the protocols described + Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531..6533. strict_smtputf8 (no) Enable stricter enforcement of the SMTPUTF8 protocol. smtputf8_autodetect_classes (sendmail, verify) - Detect that a message requires SMTPUTF8 support for the speci- + Detect that a message requires SMTPUTF8 support for the speci- fied mail origin classes. VERP SUPPORT CONTROLS - With VERP style delivery, each recipient of a message receives a cus- - tomized copy of the message with his/her own recipient address encoded + With VERP style delivery, each recipient of a message receives a cus- + tomized copy of the message with his/her own recipient address encoded in the envelope sender address. The VERP_README file describes config- - uration and operation details of Postfix support for variable envelope - return path addresses. VERP style delivery is requested with the SMTP - XVERP command or with the "sendmail -V" command-line option and is + uration and operation details of Postfix support for variable envelope + return path addresses. VERP style delivery is requested with the SMTP + XVERP command or with the "sendmail -V" command-line option and is available in Postfix version 1.1 and later. default_verp_delimiters (+=) The two default VERP delimiter characters. verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter characters on + The characters Postfix accepts as VERP delimiter characters on the Postfix sendmail(1) command line and in SMTP commands. Available in Postfix version 1.1 and 2.0: authorized_verp_clients ($mynetworks) - What remote SMTP clients are allowed to specify the XVERP com- + What remote SMTP clients are allowed to specify the XVERP com- mand. Available in Postfix version 2.1 and later: smtpd_authorized_verp_clients ($authorized_verp_clients) - What remote SMTP clients are allowed to specify the XVERP com- + What remote SMTP clients are allowed to specify the XVERP com- mand. TROUBLE SHOOTING CONTROLS - The DEBUG_README document describes how to debug parts of the Postfix - mail system. The methods vary from making the software log a lot of + The DEBUG_README document describes how to debug parts of the Postfix + mail system. The methods vary from making the software log a lot of detail, to running some daemon processes under control of a call tracer or debugger. debug_peer_level (2) - The increment in verbose logging level when a remote client or + The increment in verbose logging level when a remote client or server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname or network + Optional list of remote client or server hostname or network address patterns that cause the verbose logging level to increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about mail delivery + The recipient of postmaster notifications about mail delivery problems that are caused by policy, resource, software or proto- col errors. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are subject to before- - queue content inspection by non_smtpd_milters, header_checks and - body_checks. + What categories of Postfix-generated mail are subject to + before-queue content inspection by non_smtpd_milters, + header_checks and body_checks. notify_classes (resource, software) The list of error classes that are reported to the postmaster. smtpd_reject_footer (empty) - Optional information that is appended after each Postfix SMTP + Optional information that is appended after each Postfix SMTP server 4XX or 5XX response. soft_bounce (no) - Safety net to keep mail queued that would otherwise be returned + Safety net to keep mail queued that would otherwise be returned to the sender. Available in Postfix version 2.1 and later: @@ -653,106 +654,105 @@ SMTPD(8) SMTPD(8) Available in Postfix version 2.10 and later: smtpd_log_access_permit_actions (empty) - Enable logging of the named "permit" actions in SMTP server - access lists (by default, the SMTP server logs "reject" actions + Enable logging of the named "permit" actions in SMTP server + access lists (by default, the SMTP server logs "reject" actions but not "permit" actions). KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS - As of Postfix version 2.0, the SMTP server rejects mail for unknown + As of Postfix version 2.0, the SMTP server rejects mail for unknown recipients. This prevents the mail queue from clogging up with undeliv- - erable MAILER-DAEMON messages. Additional information on this topic is + erable MAILER-DAEMON messages. Additional information on this topic is in the LOCAL_RECIPIENT_README and ADDRESS_CLASS_README documents. show_user_unknown_table_name (yes) - Display the name of the recipient table in the "User unknown" + Display the name of the recipient table in the "User unknown" responses. canonical_maps (empty) - Optional address mapping lookup tables for message headers and + Optional address mapping lookup tables for message headers and envelopes. recipient_canonical_maps (empty) - Optional address mapping lookup tables for envelope and header + Optional address mapping lookup tables for envelope and header recipient addresses. Parameters concerning known/unknown local recipients: mydestination ($myhostname, localhost.$mydomain, localhost) - The list of domains that are delivered via the $local_transport + The list of domains that are delivered via the $local_transport mail delivery transport. inet_interfaces (all) - The network interface addresses that this mail system receives + The network interface addresses that this mail system receives mail on. proxy_interfaces (empty) - The network interface addresses that this mail system receives + The network interface addresses that this mail system receives mail on by way of a proxy or network address translation unit. inet_protocols (all) - The Internet protocols Postfix will attempt to use when making + The Internet protocols Postfix will attempt to use when making or accepting connections. local_recipient_maps (proxy:unix:passwd.byname $alias_maps) Lookup tables with all names or addresses of local recipients: a - recipient address is local when its domain matches $mydestina- + recipient address is local when its domain matches $mydestina- tion, $inet_interfaces or $proxy_interfaces. unknown_local_recipient_reject_code (550) The numerical Postfix SMTP server response code when a recipient - address is local, and $local_recipient_maps specifies a list of + address is local, and $local_recipient_maps specifies a list of lookup tables that does not match the recipient. Parameters concerning known/unknown recipients of relay destinations: - relay_domains (Postfix &ge; 2.12: empty, Postfix < 2.12: $mydestina- - tion) - What destination domains (and subdomains thereof) this system + relay_domains (Postfix >= 3.0: empty, Postfix < 3.0: $mydestination) + What destination domains (and subdomains thereof) this system will relay mail to. relay_recipient_maps (empty) - Optional lookup tables with all valid addresses in the domains + Optional lookup tables with all valid addresses in the domains that match $relay_domains. unknown_relay_recipient_reject_code (550) - The numerical Postfix SMTP server reply code when a recipient - address matches $relay_domains, and relay_recipient_maps speci- - fies a list of lookup tables that does not match the recipient + The numerical Postfix SMTP server reply code when a recipient + address matches $relay_domains, and relay_recipient_maps speci- + fies a list of lookup tables that does not match the recipient address. - Parameters concerning known/unknown recipients in virtual alias + Parameters concerning known/unknown recipients in virtual alias domains: virtual_alias_domains ($virtual_alias_maps) - Postfix is final destination for the specified list of virtual - alias domains, that is, domains for which all addresses are + Postfix is final destination for the specified list of virtual + alias domains, that is, domains for which all addresses are aliased to addresses in other local or remote domains. virtual_alias_maps ($virtual_maps) - Optional lookup tables that alias specific mail addresses or + Optional lookup tables that alias specific mail addresses or domains to other local or remote address. unknown_virtual_alias_reject_code (550) - The Postfix SMTP server reply code when a recipient address - matches $virtual_alias_domains, and $virtual_alias_maps speci- - fies a list of lookup tables that does not match the recipient + The Postfix SMTP server reply code when a recipient address + matches $virtual_alias_domains, and $virtual_alias_maps speci- + fies a list of lookup tables that does not match the recipient address. Parameters concerning known/unknown recipients in virtual mailbox domains: virtual_mailbox_domains ($virtual_mailbox_maps) - Postfix is final destination for the specified list of domains; - mail is delivered via the $virtual_transport mail delivery + Postfix is final destination for the specified list of domains; + mail is delivered via the $virtual_transport mail delivery transport. virtual_mailbox_maps (empty) - Optional lookup tables with all valid addresses in the domains + Optional lookup tables with all valid addresses in the domains that match $virtual_mailbox_domains. unknown_virtual_mailbox_reject_code (550) - The Postfix SMTP server reply code when a recipient address - matches $virtual_mailbox_domains, and $virtual_mailbox_maps + The Postfix SMTP server reply code when a recipient address + matches $virtual_mailbox_domains, and $virtual_mailbox_maps specifies a list of lookup tables that does not match the recip- ient address. @@ -761,7 +761,7 @@ SMTPD(8) SMTPD(8) control client request rates. line_length_limit (2048) - Upon input, long lines are chopped up into pieces of at most + Upon input, long lines are chopped up into pieces of at most this length; upon delivery, long lines are reconstructed. queue_minfree (0) @@ -769,58 +769,58 @@ SMTPD(8) SMTPD(8) tem that is needed to receive mail. message_size_limit (10240000) - The maximal size in bytes of a message, including envelope + The maximal size in bytes of a message, including envelope information. smtpd_recipient_limit (1000) - The maximal number of recipients that the Postfix SMTP server + The maximal number of recipients that the Postfix SMTP server accepts per message delivery request. smtpd_timeout (normal: 300s, overload: 10s) - The time limit for sending a Postfix SMTP server response and + The time limit for sending a Postfix SMTP server response and for receiving a remote SMTP client request. smtpd_history_flush_threshold (100) - The maximal number of lines in the Postfix SMTP server command - history before it is flushed upon receipt of EHLO, RSET, or end + The maximal number of lines in the Postfix SMTP server command + history before it is flushed upon receipt of EHLO, RSET, or end of DATA. Available in Postfix version 2.3 and later: smtpd_peername_lookup (yes) - Attempt to look up the remote SMTP client hostname, and verify + Attempt to look up the remote SMTP client hostname, and verify that the name matches the client IP address. The per SMTP client connection count and request rate limits are imple- - mented in co-operation with the anvil(8) service, and are available in + mented in co-operation with the anvil(8) service, and are available in Postfix version 2.2 and later. smtpd_client_connection_count_limit (50) - How many simultaneous connections any client is allowed to make + How many simultaneous connections any client is allowed to make to this service. smtpd_client_connection_rate_limit (0) - The maximal number of connection attempts any client is allowed + The maximal number of connection attempts any client is allowed to make to this service per time unit. smtpd_client_message_rate_limit (0) - The maximal number of message delivery requests that any client - is allowed to make to this service per time unit, regardless of + The maximal number of message delivery requests that any client + is allowed to make to this service per time unit, regardless of whether or not Postfix actually accepts those messages. smtpd_client_recipient_rate_limit (0) - The maximal number of recipient addresses that any client is - allowed to send to this service per time unit, regardless of + The maximal number of recipient addresses that any client is + allowed to send to this service per time unit, regardless of whether or not Postfix actually accepts those recipients. smtpd_client_event_limit_exceptions ($mynetworks) - Clients that are excluded from smtpd_client_*_count/rate_limit + Clients that are excluded from smtpd_client_*_count/rate_limit restrictions. Available in Postfix version 2.3 and later: smtpd_client_new_tls_session_rate_limit (0) - The maximal number of new (i.e., uncached) TLS sessions that a + The maximal number of new (i.e., uncached) TLS sessions that a remote SMTP client is allowed to negotiate with this service per time unit. @@ -828,137 +828,137 @@ SMTPD(8) SMTPD(8) smtpd_per_record_deadline (normal: no, overload: yes) Change the behavior of the smtpd_timeout and smtpd_start- - tls_timeout time limits, from a time limit per read or write - system call, to a time limit to send or receive a complete - record (an SMTP command line, SMTP response line, SMTP message + tls_timeout time limits, from a time limit per read or write + system call, to a time limit to send or receive a complete + record (an SMTP command line, SMTP response line, SMTP message content line, or TLS protocol message). TARPIT CONTROLS - When a remote SMTP client makes errors, the Postfix SMTP server can - insert delays before responding. This can help to slow down run-away - software. The behavior is controlled by an error counter that counts + When a remote SMTP client makes errors, the Postfix SMTP server can + insert delays before responding. This can help to slow down run-away + software. The behavior is controlled by an error counter that counts the number of errors within an SMTP session that a client makes without delivering mail. smtpd_error_sleep_time (1s) - With Postfix version 2.1 and later: the SMTP server response - delay after a client has made more than $smtpd_soft_error_limit - errors, and fewer than $smtpd_hard_error_limit errors, without + With Postfix version 2.1 and later: the SMTP server response + delay after a client has made more than $smtpd_soft_error_limit + errors, and fewer than $smtpd_hard_error_limit errors, without delivering mail. smtpd_soft_error_limit (10) - The number of errors a remote SMTP client is allowed to make - without delivering mail before the Postfix SMTP server slows + The number of errors a remote SMTP client is allowed to make + without delivering mail before the Postfix SMTP server slows down all its responses. smtpd_hard_error_limit (normal: 20, overload: 1) - The maximal number of errors a remote SMTP client is allowed to + The maximal number of errors a remote SMTP client is allowed to make without delivering mail. smtpd_junk_command_limit (normal: 100, overload: 1) - The number of junk commands (NOOP, VRFY, ETRN or RSET) that a - remote SMTP client can send before the Postfix SMTP server + The number of junk commands (NOOP, VRFY, ETRN or RSET) that a + remote SMTP client can send before the Postfix SMTP server starts to increment the error counter with each junk command. Available in Postfix version 2.1 and later: smtpd_recipient_overshoot_limit (1000) - The number of recipients that a remote SMTP client can send in + The number of recipients that a remote SMTP client can send in excess of the limit specified with $smtpd_recipient_limit, - before the Postfix SMTP server increments the per-session error + before the Postfix SMTP server increments the per-session error count for each excess recipient. ACCESS POLICY DELEGATION CONTROLS - As of version 2.1, Postfix can be configured to delegate access policy - decisions to an external server that runs outside Postfix. See the + As of version 2.1, Postfix can be configured to delegate access policy + decisions to an external server that runs outside Postfix. See the file SMTPD_POLICY_README for more information. smtpd_policy_service_max_idle (300s) - The time after which an idle SMTPD policy service connection is + The time after which an idle SMTPD policy service connection is closed. smtpd_policy_service_max_ttl (1000s) - The time after which an active SMTPD policy service connection + The time after which an active SMTPD policy service connection is closed. smtpd_policy_service_timeout (100s) - The time limit for connecting to, writing to, or receiving from + The time limit for connecting to, writing to, or receiving from a delegated SMTPD policy server. - Available in Postfix version 2.12 and later: + Available in Postfix version 3.0 and later: smtpd_policy_service_default_action (451 4.3.5 Server configuration problem) The default action when an SMTPD policy service request fails. smtpd_policy_service_request_limit (0) - The maximal number of requests per SMTPD policy service connec- + The maximal number of requests per SMTPD policy service connec- tion, or zero (no limit). smtpd_policy_service_try_limit (2) - The maximal number of attempts to send an SMTPD policy service + The maximal number of attempts to send an SMTPD policy service request before giving up. smtpd_policy_service_retry_delay (1s) - The delay between attempts to resend a failed SMTPD policy ser- + The delay between attempts to resend a failed SMTPD policy ser- vice request. ACCESS CONTROLS - The SMTPD_ACCESS_README document gives an introduction to all the SMTP + The SMTPD_ACCESS_README document gives an introduction to all the SMTP server access control features. smtpd_delay_reject (yes) - Wait until the RCPT TO command before evaluating + Wait until the RCPT TO command before evaluating $smtpd_client_restrictions, $smtpd_helo_restrictions and $smtpd_sender_restrictions, or wait until the ETRN command - before evaluating $smtpd_client_restrictions and + before evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions. parent_domain_matches_subdomains (see 'postconf -d' output) - A list of Postfix features where the pattern "example.com" also - matches subdomains of example.com, instead of requiring an + A list of Postfix features where the pattern "example.com" also + matches subdomains of example.com, instead of requiring an explicit ".example.com" pattern. smtpd_client_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client connection request. smtpd_helo_required (no) - Require that a remote SMTP client introduces itself with the - HELO or EHLO command before sending the MAIL command or other + Require that a remote SMTP client introduces itself with the + HELO or EHLO command before sending the MAIL command or other commands that require EHLO negotiation. smtpd_helo_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client HELO command. smtpd_sender_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client MAIL FROM command. smtpd_recipient_restrictions (see 'postconf -d' output) - Optional restrictions that the Postfix SMTP server applies in - the context of a client RCPT TO command, after + Optional restrictions that the Postfix SMTP server applies in + the context of a client RCPT TO command, after smtpd_relay_restrictions. smtpd_etrn_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client ETRN command. allow_untrusted_routing (no) - Forward mail with sender-specified routing - (user[@%!]remote[@%!]site) from untrusted clients to destina- + Forward mail with sender-specified routing + (user[@%!]remote[@%!]site) from untrusted clients to destina- tions matching $relay_domains. smtpd_restriction_classes (empty) User-defined aliases for groups of access restrictions. smtpd_null_access_lookup_key (<>) - The lookup key to be used in SMTP access(5) tables instead of + The lookup key to be used in SMTP access(5) tables instead of the null sender address. permit_mx_backup_networks (empty) - Restrict the use of the permit_mx_backup SMTP access feature to + Restrict the use of the permit_mx_backup SMTP access feature to only domains whose primary MX hosts match the listed networks. Available in Postfix version 2.0 and later: @@ -968,19 +968,19 @@ SMTPD(8) SMTPD(8) applies in the context of the SMTP DATA command. smtpd_expansion_filter (see 'postconf -d' output) - What characters are allowed in $name expansions of RBL reply + What characters are allowed in $name expansions of RBL reply templates. Available in Postfix version 2.1 and later: smtpd_reject_unlisted_sender (no) - Request that the Postfix SMTP server rejects mail from unknown - sender addresses, even when no explicit reject_unlisted_sender + Request that the Postfix SMTP server rejects mail from unknown + sender addresses, even when no explicit reject_unlisted_sender access restriction is specified. smtpd_reject_unlisted_recipient (yes) - Request that the Postfix SMTP server rejects mail for unknown - recipient addresses, even when no explicit + Request that the Postfix SMTP server rejects mail for unknown + recipient addresses, even when no explicit reject_unlisted_recipient access restriction is specified. Available in Postfix version 2.2 and later: @@ -994,17 +994,17 @@ SMTPD(8) SMTPD(8) smtpd_relay_restrictions (permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination) Access restrictions for mail relay control that the Postfix SMTP - server applies in the context of the RCPT TO command, before + server applies in the context of the RCPT TO command, before smtpd_recipient_restrictions. SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS - Postfix version 2.1 introduces sender and recipient address verifica- + Postfix version 2.1 introduces sender and recipient address verifica- tion. This feature is implemented by sending probe email messages that are not actually delivered. This feature is requested via the - reject_unverified_sender and reject_unverified_recipient access - restrictions. The status of verification probes is maintained by the - verify(8) server. See the file ADDRESS_VERIFICATION_README for infor- - mation about how to configure and operate the Postfix sender/recipient + reject_unverified_sender and reject_unverified_recipient access + restrictions. The status of verification probes is maintained by the + verify(8) server. See the file ADDRESS_VERIFICATION_README for infor- + mation about how to configure and operate the Postfix sender/recipient address verification service. address_verify_poll_count (normal: 3, overload: 1) @@ -1016,7 +1016,7 @@ SMTPD(8) SMTPD(8) fication request in progress. address_verify_sender ($double_bounce_sender) - The sender address to use in address verification probes; prior + The sender address to use in address verification probes; prior to Postfix 2.5 the default was "postmaster". unverified_sender_reject_code (450) @@ -1024,18 +1024,18 @@ SMTPD(8) SMTPD(8) address is rejected by the reject_unverified_sender restriction. unverified_recipient_reject_code (450) - The numerical Postfix SMTP server response when a recipient - address is rejected by the reject_unverified_recipient restric- + The numerical Postfix SMTP server response when a recipient + address is rejected by the reject_unverified_recipient restric- tion. Available in Postfix version 2.6 and later: unverified_sender_defer_code (450) - The numerical Postfix SMTP server response code when a sender + The numerical Postfix SMTP server response code when a sender address probe fails due to a temporary error condition. unverified_recipient_defer_code (450) - The numerical Postfix SMTP server response when a recipient + The numerical Postfix SMTP server response when a recipient address probe fails due to a temporary error condition. unverified_sender_reject_reason (empty) @@ -1047,17 +1047,17 @@ SMTPD(8) SMTPD(8) reject_unverified_recipient. unverified_sender_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unverified_sender + The Postfix SMTP server's action when reject_unverified_sender fails due to a temporary error condition. unverified_recipient_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unverified_recipi- + The Postfix SMTP server's action when reject_unverified_recipi- ent fails due to a temporary error condition. Available with Postfix 2.9 and later: address_verify_sender_ttl (0s) - The time between changes in the time-dependent portion of + The time between changes in the time-dependent portion of address verification probe sender addresses. ACCESS CONTROL RESPONSES @@ -1069,36 +1069,36 @@ SMTPD(8) SMTPD(8) map "reject" action. defer_code (450) - The numerical Postfix SMTP server response code when a remote + The numerical Postfix SMTP server response code when a remote SMTP client request is rejected by the "defer" restriction. invalid_hostname_reject_code (501) - The numerical Postfix SMTP server response code when the client - HELO or EHLO command parameter is rejected by the + The numerical Postfix SMTP server response code when the client + HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname restriction. maps_rbl_reject_code (554) - The numerical Postfix SMTP server response code when a remote - SMTP client request is blocked by the reject_rbl_client, + The numerical Postfix SMTP server response code when a remote + SMTP client request is blocked by the reject_rbl_client, reject_rhsbl_client, reject_rhsbl_reverse_client, reject_rhsbl_sender or reject_rhsbl_recipient restriction. non_fqdn_reject_code (504) - The numerical Postfix SMTP server reply code when a client - request is rejected by the reject_non_fqdn_helo_hostname, + The numerical Postfix SMTP server reply code when a client + request is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender or reject_non_fqdn_recipient restriction. plaintext_reject_code (450) - The numerical Postfix SMTP server response code when a request + The numerical Postfix SMTP server response code when a request is rejected by the reject_plaintext_session restriction. reject_code (554) - The numerical Postfix SMTP server response code when a remote + The numerical Postfix SMTP server response code when a remote SMTP client request is rejected by the "reject" restriction. relay_domains_reject_code (554) - The numerical Postfix SMTP server response code when a client - request is rejected by the reject_unauth_destination recipient + The numerical Postfix SMTP server response code when a client + request is rejected by the reject_unauth_destination recipient restriction. unknown_address_reject_code (450) @@ -1106,24 +1106,24 @@ SMTPD(8) SMTPD(8) a sender or recipient address because its domain is unknown. unknown_client_reject_code (450) - The numerical Postfix SMTP server response code when a client - without valid address <=> name mapping is rejected by the + The numerical Postfix SMTP server response code when a client + without valid address <=> name mapping is rejected by the reject_unknown_client_hostname restriction. unknown_hostname_reject_code (450) - The numerical Postfix SMTP server response code when the host- - name specified with the HELO or EHLO command is rejected by the + The numerical Postfix SMTP server response code when the host- + name specified with the HELO or EHLO command is rejected by the reject_unknown_helo_hostname restriction. Available in Postfix version 2.0 and later: default_rbl_reply (see 'postconf -d' output) - The default Postfix SMTP server response template for a request + The default Postfix SMTP server response template for a request that is rejected by an RBL-based restriction. multi_recipient_bounce_reject_code (550) - The numerical Postfix SMTP server response code when a remote - SMTP client request is blocked by the reject_multi_recipi- + The numerical Postfix SMTP server response code when a remote + SMTP client request is blocked by the reject_multi_recipi- ent_bounce restriction. rbl_reply_maps (empty) @@ -1133,52 +1133,52 @@ SMTPD(8) SMTPD(8) access_map_defer_code (450) The numerical Postfix SMTP server response code for an access(5) - map "defer" action, including "defer_if_permit" or + map "defer" action, including "defer_if_permit" or "defer_if_reject". reject_tempfail_action (defer_if_permit) - The Postfix SMTP server's action when a reject-type restriction + The Postfix SMTP server's action when a reject-type restriction fails due to a temporary error condition. unknown_helo_hostname_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unknown_helo_host- + The Postfix SMTP server's action when reject_unknown_helo_host- name fails due to an temporary error condition. unknown_address_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when - reject_unknown_sender_domain or reject_unknown_recipient_domain + The Postfix SMTP server's action when + reject_unknown_sender_domain or reject_unknown_recipient_domain fail due to a temporary error condition. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. command_directory (see 'postconf -d' output) The location of all postfix administrative commands. double_bounce_sender (double-bounce) - The sender address of postmaster notifications that are gener- + The sender address of postmaster notifications that are gener- ated by the mail system. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. mail_name (Postfix) - The mail system name that is displayed in Received: headers, in + The mail system name that is displayed in Received: headers, in the SMTP greeting banner, and in bounced mail. mail_owner (postfix) - The UNIX system account that owns the Postfix queue and most + The UNIX system account that owns the Postfix queue and most Postfix daemon processes. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -1189,11 +1189,11 @@ SMTPD(8) SMTPD(8) The internet hostname of this mail system. mynetworks (see 'postconf -d' output) - The list of "trusted" remote SMTP clients that have more privi- + The list of "trusted" remote SMTP clients that have more privi- leges than "strangers". myorigin ($myhostname) - The domain name that locally-posted mail appears to come from, + The domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. process_id (read-only) @@ -1206,26 +1206,26 @@ SMTPD(8) SMTPD(8) The location of the Postfix top-level queue directory. recipient_delimiter (empty) - The set of characters that can separate a user name from its - extension (example: user+foo), or a .forward file name from its + The set of characters that can separate a user name from its + extension (example: user+foo), or a .forward file name from its extension (example: .forward+foo). smtpd_banner ($myhostname ESMTP $mail_name) - The text that follows the 220 status code in the SMTP greeting + The text that follows the 220 status code in the SMTP greeting banner. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the process name in - syslog records, so that "smtpd" becomes, for example, "post- + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". Available in Postfix version 2.2 and later: smtpd_forbidden_commands (CONNECT, GET, POST) - List of commands that cause the Postfix SMTP server to immedi- + List of commands that cause the Postfix SMTP server to immedi- ately terminate the session with a 221 code. Available in Postfix version 2.5 and later: diff --git a/postfix/html/socketmap_table.5.html b/postfix/html/socketmap_table.5.html index 72582acd2..5fa003c5f 100644 --- a/postfix/html/socketmap_table.5.html +++ b/postfix/html/socketmap_table.5.html @@ -21,7 +21,7 @@ SOCKETMAP_TABLE(5) SOCKETMAP_TABLE(5) mail routing or policy lookup. The Postfix socketmap client expects TCP endpoint names of the form - inet:host:port:name, or UNIX-domain endponts of the form unix:path- + inet:host:port:name, or UNIX-domain endpoints of the form unix:path- name:name. In both cases, name specifies the name field in a socketmap client request (see "REQUEST FORMAT" below). diff --git a/postfix/html/spawn.8.html b/postfix/html/spawn.8.html index f2f905b1f..40910a331 100644 --- a/postfix/html/spawn.8.html +++ b/postfix/html/spawn.8.html @@ -16,9 +16,10 @@ SPAWN(8) SPAWN(8) The spawn(8) daemon provides the Postfix equivalent of inetd. It lis- tens on a port as specified in the Postfix master.cf file and spawns an external command whenever a connection is established. The connection - can be made over local IPC (such as UNIX-domain sockets) or over non- - local IPC (such as TCP sockets). The command's standard input, output - and error streams are connected directly to the communication endpoint. + can be made over local IPC (such as UNIX-domain sockets) or over + non-local IPC (such as TCP sockets). The command's standard input, + output and error streams are connected directly to the communication + endpoint. This daemon expects to be run from the master(8) process manager. diff --git a/postfix/html/sqlite_table.5.html b/postfix/html/sqlite_table.5.html index f396aaa50..44f5678df 100644 --- a/postfix/html/sqlite_table.5.html +++ b/postfix/html/sqlite_table.5.html @@ -107,8 +107,8 @@ SQLITE_TABLE(5) SQLITE_TABLE(5) pressed and returns no results. The domain parameter described below limits the input keys to - addresses in matching domains. When the domain parameter is non- - empty, SQL queries for unqualified addresses or addresses in + addresses in matching domains. When the domain parameter is + non-empty, SQL queries for unqualified addresses or addresses in non-matching domains are suppressed and return no results. This parameter is available with Postfix 2.2. In prior releases @@ -173,11 +173,11 @@ SQLITE_TABLE(5) SQLITE_TABLE(5) domain (default: no domain list) This is a list of domain names, paths to files, or dictionaries. - When specified, only fully qualified search keys with a *non- - empty* localpart and a matching domain are eligible for lookup: - 'user' lookups, bare domain lookups and "@domain" lookups are - not performed. This can significantly reduce the query load on - the SQLite server. + When specified, only fully qualified search keys with a + *non-empty* localpart and a matching domain are eligible for + lookup: 'user' lookups, bare domain lookups and "@domain" + lookups are not performed. This can significantly reduce the + query load on the SQLite server. domain = postfix.org, hash:/etc/postfix/searchdomains It is best not to use SQL to store the domains eligible for SQL diff --git a/postfix/html/tlsproxy.8.html b/postfix/html/tlsproxy.8.html index dfd6e6867..9a5c10bd6 100644 --- a/postfix/html/tlsproxy.8.html +++ b/postfix/html/tlsproxy.8.html @@ -117,8 +117,8 @@ TLSPROXY(8) TLSPROXY(8) server cipher list at all TLS security levels. tlsproxy_tls_fingerprint_digest ($smtpd_tls_fingerprint_digest) - The message digest algorithm to construct remote SMTP client- - certificate fingerprints. + The message digest algorithm to construct remote SMTP + client-certificate fingerprints. tlsproxy_tls_key_file ($smtpd_tls_key_file) File with the Postfix tlsproxy(8) server RSA private key in PEM diff --git a/postfix/html/trace.8.html b/postfix/html/trace.8.html index 19402070a..a7fe671af 100644 --- a/postfix/html/trace.8.html +++ b/postfix/html/trace.8.html @@ -33,10 +33,10 @@ BOUNCE(8) BOUNCE(8) tion is sent even when the log file or the original message cannot be read. - Optionally, a bounce (defer, trace) client can request that the per- - message log file be deleted when the requested operation fails. This - is used by clients that cannot retry transactions by themselves, and - that depend on retry logic in their own client. + Optionally, a bounce (defer, trace) client can request that the + per-message log file be deleted when the requested operation fails. + This is used by clients that cannot retry transactions by themselves, + and that depend on retry logic in their own client. STANDARDS RFC 822 (ARPA Internet Text Messages) @@ -107,9 +107,9 @@ BOUNCE(8) BOUNCE(8) internal communication channel. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are subject to before- - queue content inspection by non_smtpd_milters, header_checks and - body_checks. + What categories of Postfix-generated mail are subject to + before-queue content inspection by non_smtpd_milters, + header_checks and body_checks. mail_name (Postfix) The mail system name that is displayed in Received: headers, in @@ -143,7 +143,7 @@ BOUNCE(8) BOUNCE(8) syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". - Available in Postfix 2.12 and later: + Available in Postfix 3.0 and later: smtputf8_autodetect_classes (sendmail, verify) Detect that a message requires SMTPUTF8 support for the speci- diff --git a/postfix/html/trivial-rewrite.8.html b/postfix/html/trivial-rewrite.8.html index 578f29429..7350c6472 100644 --- a/postfix/html/trivial-rewrite.8.html +++ b/postfix/html/trivial-rewrite.8.html @@ -119,7 +119,7 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) With locally submitted mail, append the string "@$myorigin" to mail addresses without domain information. - append_dot_mydomain (Postfix &ge; 2.12: no, Postfix < 2.12: yes) + append_dot_mydomain (Postfix >= 3.0: no, Postfix < 3.0: yes) With locally submitted mail, append the string ".$mydomain" to addresses that have no ".domain" information. diff --git a/postfix/html/verify.8.html b/postfix/html/verify.8.html index 5ae80c147..c8b87ebef 100644 --- a/postfix/html/verify.8.html +++ b/postfix/html/verify.8.html @@ -62,8 +62,8 @@ VERIFY(8) VERIFY(8) BUGS Address verification probe messages add additional traffic to the mail - queue. Recipient verification may cause an increased load on down- - stream servers in the case of a dictionary attack or a flood of + queue. Recipient verification may cause an increased load on + down-stream servers in the case of a dictionary attack or a flood of backscatter bounces. Sender address verification may cause your site to be blacklisted by some providers. @@ -163,7 +163,7 @@ VERIFY(8) VERIFY(8) setting for address verification probes. SMTPUTF8 CONTROLS - Preliminary SMTPUTF8 support is introduced with Postfix 2.12. + Preliminary SMTPUTF8 support is introduced with Postfix 3.0. smtputf8_autodetect_classes (sendmail, verify) Detect that a message requires SMTPUTF8 support for the speci- diff --git a/postfix/html/virtual.5.html b/postfix/html/virtual.5.html index e3619766b..57abafece 100644 --- a/postfix/html/virtual.5.html +++ b/postfix/html/virtual.5.html @@ -100,9 +100,9 @@ VIRTUAL(5) VIRTUAL(5) Note: @domain is a wild-card. With this form, the Postfix SMTP server accepts mail for any recipient in domain, regardless of whether that recipient exists. This may turn your mail system - into a backscatter source: Postfix first accepts mail for non- - existent recipients and then tries to return that mail as "unde- - liverable" to the often forged sender address. + into a backscatter source: Postfix first accepts mail for + non-existent recipients and then tries to return that mail as + "undeliverable" to the often forged sender address. RESULT ADDRESS REWRITING The lookup result is subject to address rewriting: @@ -150,10 +150,10 @@ VIRTUAL(5) VIRTUAL(5) from "postconf -m" for available database types. /etc/postfix/virtual: - virtual-alias.domain anything (right-hand content does not matter) - postmaster@virtual-alias.domain postmaster - user1@virtual-alias.domain address1 - user2@virtual-alias.domain address2, address3 + virtual-alias.domain anything (right-hand content does not matter) + postmaster@virtual-alias.domain postmaster + user1@virtual-alias.domain address1 + user2@virtual-alias.domain address2, address3 The virtual-alias.domain anything entry is required for a virtual alias domain. Without this entry, mail is rejected with "relay access diff --git a/postfix/html/virtual.8.html b/postfix/html/virtual.8.html index 4b0635432..1f814b831 100644 --- a/postfix/html/virtual.8.html +++ b/postfix/html/virtual.8.html @@ -261,7 +261,7 @@ VIRTUAL(8) VIRTUAL(8) syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". - Available in Postfix version 2.12 and later: + Available in Postfix version 3.0 and later: virtual_delivery_status_filter ($default_delivery_status_filter) Optional filter for the virtual(8) delivery agent to change the diff --git a/postfix/makedefs b/postfix/makedefs index d17621da7..066448424 100644 --- a/postfix/makedefs +++ b/postfix/makedefs @@ -94,7 +94,7 @@ # Enable (disable) Postfix builds with shared libraries # typically named $shlib_directory/libpostfix-*.so.*. # -# This feature was introduced with Postfix 2.12. +# This feature was introduced with Postfix 3.0. # .IP \fBdynamicmaps=yes\fR # .IP \fBdynamicmaps=no\fR # Enable (disable) Postfix builds with the configuration file @@ -102,7 +102,7 @@ # database plugins typically named postfix-*.so.*. The setting # "dynamicmaps=yes" implicitly enables Postfix shared libraries. # -# This feature was introduced with Postfix 2.12. +# This feature was introduced with Postfix 3.0. # .IP \fIinstallation_parameter\fB=\fIvalue\fR... # Override the compiled-in default value of the specified # installation parameter(s). The following parameters are @@ -117,7 +117,7 @@ # See the postconf(5) manpage for a description of these # parameters. # -# This feature was introduced with Postfix 2.12. +# This feature was introduced with Postfix 3.0. # .IP \fBWARN=\fIwarning_flags\fR # Specifies non-default gcc compiler warning options for use when # "make" is invoked in a source subdirectory only. diff --git a/postfix/man/man1/postalias.1 b/postfix/man/man1/postalias.1 index 4a8b0f47e..979916986 100644 --- a/postfix/man/man1/postalias.1 +++ b/postfix/man/man1/postalias.1 @@ -9,8 +9,8 @@ Postfix alias database maintenance .na .nf .fi -\fBpostalias\fR [\fB-Nfinoprsuvw\fR] [\fB-c \fIconfig_dir\fR] -[\fB-d \fIkey\fR] [\fB-q \fIkey\fR] +\fBpostalias\fR [\fB\-Nfinoprsuvw\fR] [\fB\-c \fIconfig_dir\fR] +[\fB\-d \fIkey\fR] [\fB\-q \fIkey\fR] [\fIfile_type\fR:]\fIfile_name\fR ... .SH DESCRIPTION .ad @@ -34,86 +34,86 @@ The format of Postfix alias input files is described in By default the lookup key is mapped to lowercase to make the lookups case insensitive; as of Postfix 2.3 this case folding happens only with tables whose lookup keys are -fixed-case strings such as btree:, dbm: or hash:. With +fixed\-case strings such as btree:, dbm: or hash:. With earlier versions, the lookup key is folded even with tables where a lookup field can match both upper and lower case text, such as regexp: and pcre:. This resulted in loss of information with $\fInumber\fR substitutions. Options: -.IP "\fB-c \fIconfig_dir\fR" +.IP "\fB\-c \fIconfig_dir\fR" Read the \fBmain.cf\fR configuration file in the named directory instead of the default configuration directory. -.IP "\fB-d \fIkey\fR" +.IP "\fB\-d \fIkey\fR" Search the specified maps for \fIkey\fR and remove one entry per map. The exit status is zero when the requested information was found. -If a key value of \fB-\fR is specified, the program reads key +If a key value of \fB\-\fR is specified, the program reads key values from the standard input stream. The exit status is zero when at least one of the requested keys was found. -.IP \fB-f\fR +.IP \fB\-f\fR Do not fold the lookup key to lower case while creating or querying a table. With Postfix version 2.3 and later, this option has no effect for regular expression tables. There, case folding is controlled by appending a flag to a pattern. -.IP \fB-i\fR +.IP \fB\-i\fR Incremental mode. Read entries from standard input and do not truncate an existing database. By default, \fBpostalias\fR(1) creates a new database from the entries in \fIfile_name\fR. -.IP \fB-N\fR +.IP \fB\-N\fR Include the terminating null character that terminates lookup keys and values. By default, \fBpostalias\fR(1) does whatever is the default for the host operating system. -.IP \fB-n\fR +.IP \fB\-n\fR Don't include the terminating null character that terminates lookup keys and values. By default, \fBpostalias\fR(1) does whatever is the default for the host operating system. -.IP \fB-o\fR -Do not release root privileges when processing a non-root +.IP \fB\-o\fR +Do not release root privileges when processing a non\-root input file. By default, \fBpostalias\fR(1) drops root privileges and runs as the source file owner instead. -.IP \fB-p\fR +.IP \fB\-p\fR Do not inherit the file access permissions from the input file when creating a new file. Instead, create a new file with default access permissions (mode 0644). -.IP "\fB-q \fIkey\fR" +.IP "\fB\-q \fIkey\fR" Search the specified maps for \fIkey\fR and write the first value found to the standard output stream. The exit status is zero when the requested information was found. -If a key value of \fB-\fR is specified, the program reads key +If a key value of \fB\-\fR is specified, the program reads key values from the standard input stream and writes one line of \fIkey: value\fR output for each key that was found. The exit status is zero when at least one of the requested keys was found. -.IP \fB-r\fR +.IP \fB\-r\fR When updating a table, do not complain about attempts to update existing entries, and make those updates anyway. -.IP \fB-s\fR +.IP \fB\-s\fR Retrieve all database elements, and write one line of \fIkey: value\fR output for each element. The elements are printed in database order, which is not necessarily the same as the original input order. This feature is available in Postfix version 2.2 and later, and is not available for all database types. -.IP \fB-u\fR -Disable UTF-8 support. UTF-8 support is enabled by default +.IP \fB\-u\fR +Disable UTF\-8 support. UTF\-8 support is enabled by default when "smtputf8_enable = yes". It requires that keys and -values are valid UTF-8 strings. -.IP \fB-v\fR -Enable verbose logging for debugging purposes. Multiple \fB-v\fR +values are valid UTF\-8 strings. +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR options make the software increasingly verbose. -.IP \fB-w\fR +.IP \fB\-w\fR When updating a table, do not complain about attempts to update existing entries, and ignore those attempts. .PP Arguments: .IP \fIfile_type\fR The database type. To find out what types are supported, use -the "\fBpostconf -m\fR" command. +the "\fBpostconf \-m\fR" command. The \fBpostalias\fR(1) command can query any supported file type, but it can create only the following file types: @@ -156,8 +156,8 @@ no problems were detected. Duplicate entries are skipped and are flagged with a warning. \fBpostalias\fR(1) terminates with zero exit status in case of success -(including successful "\fBpostalias -q\fR" lookup) and terminates -with non-zero exit status in case of failure. +(including successful "\fBpostalias \-q\fR" lookup) and terminates +with non\-zero exit status in case of failure. .SH "ENVIRONMENT" .na .nf @@ -179,21 +179,21 @@ The text below provides only a parameter summary. See \fBpostconf\fR(5) for more details including examples. .IP "\fBalias_database (see 'postconf -d' output)\fR" The alias databases for \fBlocal\fR(8) delivery that are updated with -"\fBnewaliases\fR" or with "\fBsendmail -bi\fR". +"\fBnewaliases\fR" or with "\fBsendmail \-bi\fR". .IP "\fBconfig_directory (see 'postconf -d' output)\fR" The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBberkeley_db_create_buffer_size (16777216)\fR" -The per-table I/O buffer size for programs that create Berkeley DB +The per\-table I/O buffer size for programs that create Berkeley DB hash or btree tables. .IP "\fBberkeley_db_read_buffer_size (131072)\fR" -The per-table I/O buffer size for programs that read Berkeley DB +The per\-table I/O buffer size for programs that read Berkeley DB hash or btree tables. .IP "\fBdefault_database_type (see 'postconf -d' output)\fR" The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1) and \fBpostmap\fR(1) commands. .IP "\fBsmtputf8_enable (yes)\fR" -Enable experimental SMTPUTF8 support for the protocols described +Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531..6533. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. diff --git a/postfix/man/man1/postcat.1 b/postfix/man/man1/postcat.1 index bf01c06c4..f00dc191a 100644 --- a/postfix/man/man1/postcat.1 +++ b/postfix/man/man1/postcat.1 @@ -8,52 +8,52 @@ show Postfix queue file contents .SH "SYNOPSIS" .na .nf -\fBpostcat\fR [\fB-bdehnoqv\fR] [\fB-c \fIconfig_dir\fR] [\fIfiles\fR...] +\fBpostcat\fR [\fB\-bdehnoqv\fR] [\fB\-c \fIconfig_dir\fR] [\fIfiles\fR...] .SH DESCRIPTION .ad .fi The \fBpostcat\fR(1) command prints the contents of the -named \fIfiles\fR in human-readable form. The files are +named \fIfiles\fR in human\-readable form. The files are expected to be in Postfix queue file format. If no \fIfiles\fR are specified on the command line, the program reads from standard input. By default, \fBpostcat\fR(1) shows the envelope and message -content, as if the options \fB-beh\fR were specified. To -view message content only, specify \fB-bh\fR (Postfix 2.7 +content, as if the options \fB\-beh\fR were specified. To +view message content only, specify \fB\-bh\fR (Postfix 2.7 and later). Options: -.IP \fB-b\fR -Show body content. The \fB-b\fR option starts producing -output at the first non-header line, and stops when the end +.IP \fB\-b\fR +Show body content. The \fB\-b\fR option starts producing +output at the first non\-header line, and stops when the end of the message is reached. .sp This feature is available in Postfix 2.7 and later. -.IP "\fB-c \fIconfig_dir\fR" +.IP "\fB\-c \fIconfig_dir\fR" The \fBmain.cf\fR configuration file is in the named directory instead of the default configuration directory. -.IP \fB-d\fR +.IP \fB\-d\fR Print the decimal type of each record. -.IP \fB-e\fR +.IP \fB\-e\fR Show message envelope content. .sp This feature is available in Postfix 2.7 and later. -.IP \fB-h\fR -Show message header content. The \fB-h\fR option produces +.IP \fB\-h\fR +Show message header content. The \fB\-h\fR option produces output from the beginning of the message up to, but not -including, the first non-header line. +including, the first non\-header line. .sp This feature is available in Postfix 2.7 and later. -.IP \fB-o\fR +.IP \fB\-o\fR Print the queue file offset of each record. -.IP \fB-q\fR +.IP \fB\-q\fR Search the Postfix queue for the named \fIfiles\fR instead of taking the names literally. This feature is available in Postfix 2.0 and later. -.IP \fB-v\fR -Enable verbose logging for debugging purposes. Multiple \fB-v\fR +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR options make the software increasingly verbose. .SH DIAGNOSTICS .ad @@ -80,7 +80,7 @@ The text below provides only a parameter summary. See The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .SH "FILES" .na .nf diff --git a/postfix/man/man1/postconf.1 b/postfix/man/man1/postconf.1 index 442bcfc6d..f8c24d8ed 100644 --- a/postfix/man/man1/postconf.1 +++ b/postfix/man/man1/postconf.1 @@ -11,156 +11,156 @@ Postfix configuration utility .fi \fBManaging main.cf:\fR -\fBpostconf\fR [\fB-dfhnopvx\fR] [\fB-c \fIconfig_dir\fR] -[\fB-C \fIclass,...\fR] [\fIparameter ...\fR] +\fBpostconf\fR [\fB\-dfhnopvx\fR] [\fB\-c \fIconfig_dir\fR] +[\fB\-C \fIclass,...\fR] [\fIparameter ...\fR] -\fBpostconf\fR [\fB-epv\fR] [\fB-c \fIconfig_dir\fR] +\fBpostconf\fR [\fB\-epv\fR] [\fB\-c \fIconfig_dir\fR] \fIparameter\fB=\fIvalue ...\fR -\fBpostconf\fR \fB-#\fR [\fB-pv\fR] [\fB-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-#\fR [\fB\-pv\fR] [\fB\-c \fIconfig_dir\fR] \fIparameter ...\fR -\fBpostconf\fR \fB-X\fR [\fB-pv\fR] [\fB-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-X\fR [\fB\-pv\fR] [\fB\-c \fIconfig_dir\fR] \fIparameter ...\fR \fBManaging master.cf service entries:\fR -\fBpostconf\fR \fB-M\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-M\fR [\fB\-fovx\fR] [\fB\-c \fIconfig_dir\fR] [\fIservice\fR[\fB/\fItype\fR]\fI ...\fR] -\fBpostconf\fR \fB-M\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-M\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR] \fIservice\fB/\fItype\fB=\fIvalue ...\fR -\fBpostconf\fR \fB-M#\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-M#\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fIservice\fB/\fItype ...\fR -\fBpostconf\fR \fB-MX\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-MX\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fIservice\fB/\fItype ...\fR \fBManaging master.cf service fields:\fR -\fBpostconf\fR \fB-F\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-F\fR [\fB\-fovx\fR] [\fB\-c \fIconfig_dir\fR] [\fIservice\fR[\fB/\fItype\fR[\fB/\fIfield\fR]]\fI ...\fR] -\fBpostconf\fR \fB-F\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-F\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR] \fIservice\fB/\fItype\fB/\fIfield\fB=\fIvalue ...\fR \fBManaging master.cf service parameters:\fR -\fBpostconf\fR \fB-P\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-P\fR [\fB\-fovx\fR] [\fB\-c \fIconfig_dir\fR] [\fIservice\fR[\fB/\fItype\fR[\fB/\fIparameter\fR]]\fI ...\fR] -\fBpostconf\fR \fB-P\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-P\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR] \fIservice\fB/\fItype\fB/\fIparameter\fB=\fIvalue ...\fR -\fBpostconf\fR \fB-PX\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-PX\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fIservice\fB/\fItype\fB/\fIparameter ...\fR \fBManaging bounce message templates:\fR -\fBpostconf\fR \fB-b\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-b\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] [\fItemplate_file\fR] -\fBpostconf\fR \fB-t\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-t\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] [\fItemplate_file\fR] \fBManaging other configuration:\fR -\fBpostconf\fR \fB-a\fR|\fB-A\fR|\fB-l\fR|\fB-m\fR [\fB-v\fR] -[\fB-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-a\fR|\fB\-A\fR|\fB\-l\fR|\fB\-m\fR [\fB\-v\fR] +[\fB\-c \fIconfig_dir\fR] .SH DESCRIPTION .ad .fi By default, the \fBpostconf\fR(1) command displays the values of \fBmain.cf\fR configuration parameters, and warns -about possible mis-typed parameter names (Postfix 2.9 and later). +about possible mis\-typed parameter names (Postfix 2.9 and later). It can also change \fBmain.cf\fR configuration parameter values, or display other configuration information about the Postfix mail system. Options: -.IP \fB-a\fR -List the available SASL server plug-in types. The SASL -plug-in type is selected with the \fBsmtpd_sasl_type\fR +.IP \fB\-a\fR +List the available SASL server plug\-in types. The SASL +plug\-in type is selected with the \fBsmtpd_sasl_type\fR configuration parameter by specifying one of the names listed below. .RS .IP \fBcyrus\fR -This server plug-in is available when Postfix is built with +This server plug\-in is available when Postfix is built with Cyrus SASL support. .IP \fBdovecot\fR -This server plug-in uses the Dovecot authentication server, +This server plug\-in uses the Dovecot authentication server, and is available when Postfix is built with any form of SASL support. .RE .IP This feature is available with Postfix 2.3 and later. -.IP \fB-A\fR -List the available SASL client plug-in types. The SASL -plug-in type is selected with the \fBsmtp_sasl_type\fR or +.IP \fB\-A\fR +List the available SASL client plug\-in types. The SASL +plug\-in type is selected with the \fBsmtp_sasl_type\fR or \fBlmtp_sasl_type\fR configuration parameters by specifying one of the names listed below. .RS .IP \fBcyrus\fR -This client plug-in is available when Postfix is built with +This client plug\-in is available when Postfix is built with Cyrus SASL support. .RE .IP This feature is available with Postfix 2.3 and later. -.IP "\fB-b\fR [\fItemplate_file\fR]" +.IP "\fB\-b\fR [\fItemplate_file\fR]" Display the message text that appears at the beginning of delivery status notification (DSN) messages, replacing $\fBname\fR expressions with actual values as described in \fBbounce\fR(5). -To override the built-in templates, specify a template file +To override the built\-in templates, specify a template file name at the end of the \fBpostconf\fR(1) command line, or specify a file name in \fBmain.cf\fR with the \fBbounce_template_file\fR parameter. -To force selection of the built-in templates, specify an +To force selection of the built\-in templates, specify an empty template file name on the \fBpostconf\fR(1) command line (in shell language: ""). This feature is available with Postfix 2.3 and later. -.IP "\fB-c \fIconfig_dir\fR" +.IP "\fB\-c \fIconfig_dir\fR" The \fBmain.cf\fR configuration file is in the named directory instead of the default configuration directory. -.IP "\fB-C \fIclass,...\fR" +.IP "\fB\-C \fIclass,...\fR" When displaying \fBmain.cf\fR parameters, select only parameters from the specified class(es): .RS .IP \fBbuiltin\fR -Parameters with built-in names. +Parameters with built\-in names. .IP \fBservice\fR -Parameters with service-defined names (the first field of -a \fBmaster.cf\fR entry plus a Postfix-defined suffix). +Parameters with service\-defined names (the first field of +a \fBmaster.cf\fR entry plus a Postfix\-defined suffix). .IP \fBuser\fR -Parameters with user-defined names. +Parameters with user\-defined names. .IP \fBall\fR All the above classes. .RE .IP -The default is as if "\fB-C all\fR" is +The default is as if "\fB\-C all\fR" is specified. This feature is available with Postfix 2.9 and later. -.IP \fB-d\fR +.IP \fB\-d\fR Print \fBmain.cf\fR default parameter settings instead of actual settings. -Specify \fB-df\fR to fold long lines for human readability +Specify \fB\-df\fR to fold long lines for human readability (Postfix 2.9 and later). -.IP \fB-e\fR +.IP \fB\-e\fR Edit the \fBmain.cf\fR configuration file, and update parameter settings with the "\fIname=value\fR" pairs on the \fBpostconf\fR(1) command line. -With \fB-M\fR, edit the \fBmaster.cf\fR configuration file, +With \fB\-M\fR, edit the \fBmaster.cf\fR configuration file, and replace one or more service entries with new values as specified with "\fIservice/type=value\fR" on the \fBpostconf\fR(1) command line. -With \fB-F\fR, edit the \fBmaster.cf\fR configuration file, +With \fB\-F\fR, edit the \fBmaster.cf\fR configuration file, and replace one or more service fields with new values as specied with "\fIservice/type/field=value\fR" on the \fBpostconf\fR(1) command line. Currently, the "command" @@ -169,9 +169,9 @@ may change in the near future, so that the "command" field contains only the command name, and a new "arguments" pseudofield contains the command arguments. -With \fB-P\fR, edit the \fBmaster.cf\fR configuration file, +With \fB\-P\fR, edit the \fBmaster.cf\fR configuration file, and add or update one or more service parameter settings -(-o parameter=value settings) with new values as specied +(\-o parameter=value settings) with new values as specied with "\fIservice/type/parameter=value\fR" on the \fBpostconf\fR(1) command line. @@ -180,17 +180,17 @@ renamed into place. Specify quotes to protect special characters and whitespace on the \fBpostconf\fR(1) command line. -The \fB-e\fR option is no longer needed with Postfix version +The \fB\-e\fR option is no longer needed with Postfix version 2.8 and later. -.IP \fB-f\fR +.IP \fB\-f\fR Fold long lines when printing \fBmain.cf\fR or \fBmaster.cf\fR configuration file entries, for human readability. This feature is available with Postfix 2.9 and later. -.IP \fB-F\fR -Show \fBmaster.cf\fR per-entry field settings (by default +.IP \fB\-F\fR +Show \fBmaster.cf\fR per\-entry field settings (by default all services and all fields), formatted as one -"\fIservice/type/field=value\fR" per line. Specify \fB-Ff\fR +"\fIservice/type/field=value\fR" per line. Specify \fB\-Ff\fR to fold long lines. Specify one or more "\fIservice/type/field\fR" instances @@ -200,28 +200,28 @@ type fields that are omitted will be handled as "*" wildcard fields. This feature is available with Postfix 2.11 and later. -.IP \fB-h\fR +.IP \fB\-h\fR Show parameter or attribute values without the "\fIname\fR = " label that normally precedes the value. -.IP \fB-l\fR +.IP \fB\-l\fR List the names of all supported mailbox locking methods. Postfix supports the following methods: .RS .IP \fBflock\fR -A kernel-based advisory locking method for local files only. +A kernel\-based advisory locking method for local files only. This locking method is available on systems with a BSD compatible library. .IP \fBfcntl\fR -A kernel-based advisory locking method for local and remote +A kernel\-based advisory locking method for local and remote files. .IP \fBdotlock\fR -An application-level locking method. An application locks +An application\-level locking method. An application locks a file named \fIfilename\fR by creating a file named \fIfilename\fB.lock\fR. The application is expected to remove its own lock file, as well as stale lock files that were left behind after abnormal program termination. .RE -.IP \fB-m\fR +.IP \fB\-m\fR List the names of all supported lookup table types. In Postfix configuration files, lookup tables are specified as \fItype\fB:\fIname\fR, where \fItype\fR is one of the @@ -233,10 +233,10 @@ document. A sorted, balanced tree structure. Available on systems with support for Berkeley DB databases. .IP \fBcdb\fR -A read-optimized structure with no support for incremental +A read\-optimized structure with no support for incremental updates. Available on systems with support for CDB databases. .IP \fBcidr\fR -A table that associates values with Classless Inter-Domain +A table that associates values with Classless Inter\-Domain Routing (CIDR) patterns. This is described in \fBcidr_table\fR(5). .IP \fBdbm\fR An indexed file type based on hashing. Available on systems @@ -252,36 +252,36 @@ Postfix error tests. .IP \fBhash\fR An indexed file type based on hashing. Available on systems with support for Berkeley DB databases. -.IP "\fBinline\fR (read-only)" -A non-shared, in-memory lookup table. Example: "\fBinline:{ +.IP "\fBinline\fR (read\-only)" +A non\-shared, in\-memory lookup table. Example: "\fBinline:{ \fIkey\fB=\fIvalue\fB, { \fIkey\fB = \fItext with whitespace -or comma\fB }}\fR". Key-value pairs are separated by +or comma\fB }}\fR". Key\-value pairs are separated by whitespace or comma; whitespace after "{" and before "}" is ignored. Inline tables eliminate the need to create a database file for just a few fixed elements. See also the \fIstatic:\fR map type. .IP \fBinternal\fR -A non-shared, in-memory hash table. Its content are lost +A non\-shared, in\-memory hash table. Its content are lost when a process terminates. .IP "\fBlmdb\fR" -OpenLDAP LMDB database (a memory-mapped, persistent file). +OpenLDAP LMDB database (a memory\-mapped, persistent file). Available on systems with support for LMDB databases. This is described in \fBlmdb_table\fR(5). -.IP "\fBldap\fR (read-only)" +.IP "\fBldap\fR (read\-only)" LDAP database client. This is described in \fBldap_table\fR(5). .IP "\fBmemcache\fR" Memcache database client. This is described in \fBmemcache_table\fR(5). -.IP "\fBmysql\fR (read-only)" +.IP "\fBmysql\fR (read\-only)" MySQL database client. Available on systems with support for MySQL databases. This is described in \fBmysql_table\fR(5). -.IP "\fBpcre\fR (read-only)" +.IP "\fBpcre\fR (read\-only)" A lookup table based on Perl Compatible Regular Expressions. The file format is described in \fBpcre_table\fR(5). -.IP "\fBpgsql\fR (read-only)" +.IP "\fBpgsql\fR (read\-only)" PostgreSQL database client. This is described in \fBpgsql_table\fR(5). -.IP "\fBpipemap\fR (read-only)" +.IP "\fBpipemap\fR (read\-only)" A lookup table that constructs a pipeline of tables. Example: "\fBpipemap:{\fItype_1:name_1, ..., type_n:name_n\fB}\fR". Each "pipemap:" query is given to the first table. Each @@ -295,45 +295,45 @@ whitespace. .IP "\fBproxy\fR" Postfix \fBproxymap\fR(8) client for shared access to Postfix databases. The table name syntax is \fItype\fB:\fIname\fR. -.IP "\fBrandmap\fR (read-only)" -An in-memory table that performs random selection. Example: +.IP "\fBrandmap\fR (read\-only)" +An in\-memory table that performs random selection. Example: "\fBrandmap:{\fIresult_1, ..., result_n\fB}\fR". Each table query returns a random choice from the specified results. The first and last characters of the "randmap:" table name must be "\fB{\fR" and "\fB}\fR". Within these, individual maps are separated with comma or whitespace. -.IP "\fBregexp\fR (read-only)" +.IP "\fBregexp\fR (read\-only)" A lookup table based on regular expressions. The file format is described in \fBregexp_table\fR(5). .IP \fBsdbm\fR An indexed file type based on hashing. Available on systems with support for SDBM databases. -.IP "\fBsocketmap\fR (read-only)" -Sendmail-style socketmap client. The table name is +.IP "\fBsocketmap\fR (read\-only)" +Sendmail\-style socketmap client. The table name is \fBinet\fR:\fIhost\fR:\fIport\fR:\fIname\fR for a TCP/IP server, or \fBunix\fR:\fIpathname\fR:\fIname\fR for a -UNIX-domain server. This is described in \fBsocketmap_table\fR(5). -.IP "\fBsqlite\fR (read-only)" +UNIX\-domain server. This is described in \fBsocketmap_table\fR(5). +.IP "\fBsqlite\fR (read\-only)" SQLite database. This is described in \fBsqlite_table\fR(5). -.IP "\fBstatic\fR (read-only)" +.IP "\fBstatic\fR (read\-only)" A table that always returns its name as lookup result. For example, \fBstatic:foobar\fR always returns the string \fBfoobar\fR as lookup result. Specify "\fBstatic:{ \fItext with whitespace\fB }\fR" when the result contains whitespace; this form ignores whitespace after "{" and before "}". See also the \fIinline:\fR map. -.IP "\fBtcp\fR (read-only)" +.IP "\fBtcp\fR (read\-only)" TCP/IP client. The protocol is described in \fBtcp_table\fR(5). -.IP "\fBtexthash\fR (read-only)" +.IP "\fBtexthash\fR (read\-only)" Produces similar results as hash: files, except that you don't need to run the \fBpostmap\fR(1) command before you can use the file, and that it does not detect changes after the file is read. -.IP "\fBunionmap\fR (read-only)" +.IP "\fBunionmap\fR (read\-only)" A table that sends each query to multiple lookup tables and that concatenates all found results, separated by comma. The table name syntax is the same as for \fBpipemap\fR. -.IP "\fBunix\fR (read-only)" +.IP "\fBunix\fR (read\-only)" A limited view of the UNIX authentication database. The following tables are implemented: .RS @@ -350,20 +350,20 @@ format. .IP Other table types may exist depending on how Postfix was built. -.IP \fB-M\fR +.IP \fB\-M\fR Show \fBmaster.cf\fR file contents instead of \fBmain.cf\fR -file contents. Specify \fB-Mf\fR to fold long lines for +file contents. Specify \fB\-Mf\fR to fold long lines for human readability. -Specify zero or more arguments, each with a \fIservice-name\fR -or \fIservice-name/service-type\fR pair, where \fIservice-name\fR -is the first field of a master.cf entry and \fIservice-type\fR +Specify zero or more arguments, each with a \fIservice\-name\fR +or \fIservice\-name/service\-type\fR pair, where \fIservice\-name\fR +is the first field of a master.cf entry and \fIservice\-type\fR is one of (\fBinet\fR, \fBunix\fR, \fBfifo\fR, or \fBpass\fR). -If \fIservice-name\fR or \fIservice-name/service-type\fR +If \fIservice\-name\fR or \fIservice\-name/service\-type\fR is specified, only the matching master.cf entries will be -output. For example, "\fBpostconf -Mf smtp\fR" will output -all services named "smtp", and "\fBpostconf -Mf smtp/inet\fR" +output. For example, "\fBpostconf \-Mf smtp\fR" will output +all services named "smtp", and "\fBpostconf \-Mf smtp/inet\fR" will output only the smtp service that listens on the network. Trailing service type fields that are omitted will be handled as "*" wildcard fields. @@ -371,24 +371,24 @@ will be handled as "*" wildcard fields. This feature is available with Postfix 2.9 and later. The syntax was changed from "\fIname.type\fR" to "\fIname/type\fR", and "*" wildcard support was added with Postfix 2.11. -.IP \fB-n\fR +.IP \fB\-n\fR Show only configuration parameters that have explicit -\fIname=value\fR settings in \fBmain.cf\fR. Specify \fB-nf\fR +\fIname=value\fR settings in \fBmain.cf\fR. Specify \fB\-nf\fR to fold long lines for human readability (Postfix 2.9 and later). -.IP "\fB-o \fIname=value\fR" +.IP "\fB\-o \fIname=value\fR" Override \fBmain.cf\fR parameter settings. This feature is available with Postfix 2.10 and later. -.IP \fB-p\fR +.IP \fB\-p\fR Show \fBmain.cf\fR parameter settings. This is the default. This feature is available with Postfix 2.11 and later. -.IP \fB-P\fR +.IP \fB\-P\fR Show \fBmaster.cf\fR service parameter settings (by default all services and all parameters). formatted as one "\fIservice/type/parameter=value\fR" per line. Specify -\fB-Pf\fR to fold long lines. +\fB\-Pf\fR to fold long lines. Specify one or more "\fIservice/type/parameter\fR" instances on the \fBpostconf\fR(1) command line to limit the output @@ -397,41 +397,41 @@ service type fields that are omitted will be handled as "*" wildcard fields. This feature is available with Postfix 2.11 and later. -.IP "\fB-t\fR [\fItemplate_file\fR]" +.IP "\fB\-t\fR [\fItemplate_file\fR]" Display the templates for text that appears at the beginning of delivery status notification (DSN) messages, without expanding $\fBname\fR expressions. -To override the built-in templates, specify a template file +To override the built\-in templates, specify a template file name at the end of the \fBpostconf\fR(1) command line, or specify a file name in \fBmain.cf\fR with the \fBbounce_template_file\fR parameter. -To force selection of the built-in templates, specify an +To force selection of the built\-in templates, specify an empty template file name on the \fBpostconf\fR(1) command line (in shell language: ""). This feature is available with Postfix 2.3 and later. -.IP \fB-v\fR +.IP \fB\-v\fR Enable verbose logging for debugging purposes. Multiple -\fB-v\fR options make the software increasingly verbose. -.IP \fB-x\fR +\fB\-v\fR options make the software increasingly verbose. +.IP \fB\-x\fR Expand \fI$name\fR in \fBmain.cf\fR or \fBmaster.cf\fR parameter values. The expansion is recursive. This feature is available with Postfix 2.10 and later. -.IP \fB-X\fR +.IP \fB\-X\fR Edit the \fBmain.cf\fR configuration file, and remove the parameters named on the \fBpostconf\fR(1) command line. Specify a list of parameter names, not "\fIname=value\fR" pairs. -With \fB-M\fR, edit the \fBmaster.cf\fR configuration file, +With \fB\-M\fR, edit the \fBmaster.cf\fR configuration file, and remove one or more service entries as specified with "\fIservice/type\fR" on the \fBpostconf\fR(1) command line. -With \fB-P\fR, edit the \fBmaster.cf\fR configuration file, -and remove one or more service parameter settings (-o +With \fB\-P\fR, edit the \fBmaster.cf\fR configuration file, +and remove one or more service parameter settings (\-o parameter=value settings) as specied with "\fIservice/type/parameter\fR" on the \fBpostconf\fR(1) command line. @@ -444,15 +444,15 @@ There is no \fBpostconf\fR(1) command to perform the reverse operation. This feature is available with Postfix 2.10 and later. -Support for -M and -P was added with Postfix 2.11. -.IP \fB-#\fR +Support for \-M and \-P was added with Postfix 2.11. +.IP \fB\-#\fR Edit the \fBmain.cf\fR configuration file, and comment out the parameters named on the \fBpostconf\fR(1) command line, so that those parameters revert to their default values. Specify a list of parameter names, not "\fIname=value\fR" pairs. -With \fB-M\fR, edit the \fBmaster.cf\fR configuration file, +With \fB\-M\fR, edit the \fBmaster.cf\fR configuration file, and comment out one or more service entries as specified with "\fIservice/type\fR" on the \fBpostconf\fR(1) command line. @@ -465,7 +465,7 @@ There is no \fBpostconf\fR(1) command to perform the reverse operation. This feature is available with Postfix 2.6 and later. Support -for -M was added with Postfix 2.11. +for \-M was added with Postfix 2.11. .SH DIAGNOSTICS .ad .fi diff --git a/postfix/man/man1/postdrop.1 b/postfix/man/man1/postdrop.1 index 76c257518..45cbbd3fe 100644 --- a/postfix/man/man1/postdrop.1 +++ b/postfix/man/man1/postdrop.1 @@ -8,7 +8,7 @@ Postfix mail posting utility .SH "SYNOPSIS" .na .nf -\fBpostdrop\fR [\fB-rv\fR] [\fB-c \fIconfig_dir\fR] +\fBpostdrop\fR [\fB\-rv\fR] [\fB\-c \fIconfig_dir\fR] .SH DESCRIPTION .ad .fi @@ -16,24 +16,24 @@ The \fBpostdrop\fR(1) command creates a file in the \fBmaildrop\fR directory and copies its standard input to the file. Options: -.IP "\fB-c \fIconfig_dir\fR" +.IP "\fB\-c \fIconfig_dir\fR" The \fBmain.cf\fR configuration file is in the named directory instead of the default configuration directory. See also the MAIL_CONFIG environment setting below. -.IP \fB-r\fR -Use a Postfix-internal protocol for reading the message from +.IP \fB\-r\fR +Use a Postfix\-internal protocol for reading the message from standard input, and for reporting status information on standard output. This is currently the only supported method. -.IP \fB-v\fR -Enable verbose logging for debugging purposes. Multiple \fB-v\fR +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR options make the software increasingly verbose. As of Postfix 2.3, -this option is available for the super-user only. +this option is available for the super\-user only. .SH "SECURITY" .na .nf .ad .fi -The command is designed to run with set-group ID privileges, so +The command is designed to run with set\-group ID privileges, so that it can write to the \fBmaildrop\fR queue directory and so that it can connect to Postfix daemon processes. .SH DIAGNOSTICS @@ -50,14 +50,14 @@ INT, QUIT or TERM signal, the queue file is deleted. .fi .IP MAIL_CONFIG Directory with the \fBmain.cf\fR file. In order to avoid exploitation -of set-group ID privileges, a non-standard directory is allowed only +of set\-group ID privileges, a non\-standard directory is allowed only if: .RS .IP \(bu The name is listed in the standard \fBmain.cf\fR file with the \fBalternate_config_directories\fR configuration parameter. .IP \(bu -The command is invoked by the super-user. +The command is invoked by the super\-user. .RE .SH "CONFIGURATION PARAMETERS" .na @@ -69,17 +69,17 @@ this program. The text below provides only a parameter summary. See \fBpostconf\fR(5) for more details including examples. .IP "\fBalternate_config_directories (empty)\fR" -A list of non-default Postfix configuration directories that may -be specified with "-c config_directory" on the command line, or +A list of non\-default Postfix configuration directories that may +be specified with "\-c config_directory" on the command line, or via the MAIL_CONFIG environment parameter. .IP "\fBconfig_directory (see 'postconf -d' output)\fR" The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBimport_environment (see 'postconf -d' output)\fR" The list of environment parameters that a Postfix process will -import from a non-Postfix parent process. +import from a non\-Postfix parent process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" diff --git a/postfix/man/man1/postfix.1 b/postfix/man/man1/postfix.1 index 5a62e7d71..4a8a6c815 100644 --- a/postfix/man/man1/postfix.1 +++ b/postfix/man/man1/postfix.1 @@ -9,7 +9,7 @@ Postfix control program .na .nf .fi -\fBpostfix\fR [\fB-Dv\fR] [\fB-c \fIconfig_dir\fR] \fIcommand\fR +\fBpostfix\fR [\fB\-Dv\fR] [\fB\-c \fIconfig_dir\fR] \fIcommand\fR .SH DESCRIPTION .ad .fi @@ -21,7 +21,7 @@ mail system: start or stop the \fBmaster\fR(8) daemon, do a health check, and other maintenance. By default, the \fBpostfix\fR(1) command sets up a standardized -environment and runs the \fBpostfix-script\fR shell script +environment and runs the \fBpostfix\-script\fR shell script to do the actual work. However, when support for multiple Postfix instances is @@ -56,13 +56,13 @@ regular intervals, the interval doubling after each failed attempt. Warning: flushing undeliverable mail frequently will result in poor delivery performance of all other mail. .IP \fBreload\fR -Re-read configuration files. Running processes terminate at their +Re\-read configuration files. Running processes terminate at their earliest convenience. .IP \fBstatus\fR Indicate if the Postfix mail system is currently running. -.IP "\fBset-permissions\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR +.IP "\fBset\-permissions\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR Set the ownership and permissions of Postfix related files and -directories, as specified in the \fBpostfix-files\fR file. +directories, as specified in the \fBpostfix\-files\fR file. .sp Specify \fIname\fR=\fIvalue\fR to override and update specific main.cf configuration parameters. Use this, for example, to @@ -70,9 +70,9 @@ change the \fBmail_owner\fR or \fBsetgid_group\fR setting for an already installed Postfix system. .sp This feature is available in Postfix 2.1 and later. With -Postfix 2.0 and earlier, use "\fB$config_directory/post-install -set-permissions\fR". -.IP "\fBupgrade-configuration\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR +Postfix 2.0 and earlier, use "\fB$config_directory/post\-install +set\-permissions\fR". +.IP "\fBupgrade\-configuration\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR Update the \fBmain.cf\fR and \fBmaster.cf\fR files with information that Postfix needs in order to run: add or update services, and add or update configuration parameter settings. @@ -81,11 +81,11 @@ Specify \fIname\fR=\fIvalue\fR to override and update specific main.cf configuration parameters. .sp This feature is available in Postfix 2.1 and later. With -Postfix 2.0 and earlier, use "\fB$config_directory/post-install -upgrade-configuration\fR". +Postfix 2.0 and earlier, use "\fB$config_directory/post\-install +upgrade\-configuration\fR". .PP The following options are implemented: -.IP "\fB-c \fIconfig_dir\fR" +.IP "\fB\-c \fIconfig_dir\fR" Read the \fBmain.cf\fR and \fBmaster.cf\fR configuration files in the named directory instead of the default configuration directory. Use this to distinguish between multiple Postfix instances on the @@ -95,11 +95,11 @@ With Postfix 2.6 and later, this option forces the postfix(1) command to operate on the specified Postfix instance only. This behavior is inherited by postfix(1) commands that run as a descendant of the current process. -.IP "\fB-D\fR (with \fBpostfix start\fR only)" +.IP "\fB\-D\fR (with \fBpostfix start\fR only)" Run each Postfix daemon under control of a debugger as specified via the \fBdebugger_command\fR configuration parameter. -.IP \fB-v\fR -Enable verbose logging for debugging purposes. Multiple \fB-v\fR +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR options make the software increasingly verbose. .SH "ENVIRONMENT" .na @@ -107,18 +107,18 @@ options make the software increasingly verbose. .ad .fi The \fBpostfix\fR(1) command exports the following environment -variables before executing the \fBpostfix-script\fR file: +variables before executing the \fBpostfix\-script\fR file: .IP \fBMAIL_CONFIG\fR -This is set when the -c command-line option is present. +This is set when the \-c command\-line option is present. With Postfix 2.6 and later, this environment variable forces the postfix(1) command to operate on the specified Postfix instance only. This behavior is inherited by postfix(1) commands that run as a descendant of the current process. .IP \fBMAIL_VERBOSE\fR -This is set when the -v command-line option is present. +This is set when the \-v command\-line option is present. .IP \fBMAIL_DEBUG\fR -This is set when the -D command-line option is present. +This is set when the \-D command\-line option is present. .SH "CONFIGURATION PARAMETERS" .na .nf @@ -148,7 +148,7 @@ Where the Postfix manual pages are installed. Sendmail compatibility feature that specifies the location of the \fBnewaliases\fR(1) command. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBreadme_directory (see 'postconf -d' output)\fR" The location of Postfix README files that describe how to build, configure or operate a specific Postfix subsystem or feature. @@ -156,28 +156,28 @@ configure or operate a specific Postfix subsystem or feature. A Sendmail compatibility feature that specifies the location of the Postfix \fBsendmail\fR(1) command. .IP "\fBsetgid_group (postdrop)\fR" -The group ownership of set-gid Postfix commands and of group-writable +The group ownership of set\-gid Postfix commands and of group\-writable Postfix directories. .PP Available in Postfix version 2.5 and later: .IP "\fBdata_directory (see 'postconf -d' output)\fR" -The directory with Postfix-writable data files (for example: -caches, pseudo-random numbers). +The directory with Postfix\-writable data files (for example: +caches, pseudo\-random numbers). .PP -Available in Postfix version 2.12 and later: +Available in Postfix version 3.0 and later: .IP "\fBmeta_directory (see 'postconf -d' output)\fR" -The location of non-executable files that are shared among -multiple Postfix instances, such as postfix-files, dynamicmaps.cf, -and the multi-instance template files main.cf.proto and master.cf.proto. +The location of non\-executable files that are shared among +multiple Postfix instances, such as postfix\-files, dynamicmaps.cf, +and the multi\-instance template files main.cf.proto and master.cf.proto. .IP "\fBshlib_directory (see 'postconf -d' output)\fR" -The location of Postfix shared libraries (libpostfix-*.so), -and the default location of Postfix database plugins (libpostfix-*.so) +The location of Postfix shared libraries (libpostfix\-*.so), +and the default location of Postfix database plugins (libpostfix\-*.so) that have a relative pathname in the dynamicmaps.cf file. .PP Other configuration parameters: .IP "\fBimport_environment (see 'postconf -d' output)\fR" The list of environment parameters that a Postfix process will -import from a non-Postfix parent process. +import from a non\-Postfix parent process. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" @@ -186,22 +186,22 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd". .PP Available in Postfix version 2.6 and later: .IP "\fBmulti_instance_directories (empty)\fR" -An optional list of non-default Postfix configuration directories; +An optional list of non\-default Postfix configuration directories; these directories belong to additional Postfix instances that share the Postfix executable files and documentation with the default Postfix instance, and that are started, stopped, etc., together with the default Postfix instance. .IP "\fBmulti_instance_wrapper (empty)\fR" -The pathname of a multi-instance manager command that the +The pathname of a multi\-instance manager command that the \fBpostfix\fR(1) command invokes when the multi_instance_directories -parameter value is non-empty. +parameter value is non\-empty. .IP "\fBmulti_instance_group (empty)\fR" The optional instance group name of this Postfix instance. .IP "\fBmulti_instance_name (empty)\fR" The optional instance name of this Postfix instance. .IP "\fBmulti_instance_enable (no)\fR" Allow this Postfix instance to be started, stopped, etc., by a -multi-instance manager. +multi\-instance manager. .SH "FILES" .na .nf @@ -220,10 +220,10 @@ into their actual values. $config_directory/main.cf, Postfix configuration parameters $config_directory/master.cf, Postfix daemon processes -$daemon_directory/postfix-files, file/directory permissions -$daemon_directory/postfix-script, administrative commands -$daemon_directory/post-install, post-installation configuration -$daemon_directory/dynamicmaps.cf, plug-in database clients +$daemon_directory/postfix\-files, file/directory permissions +$daemon_directory/postfix\-script, administrative commands +$daemon_directory/post\-install, post\-installation configuration +$daemon_directory/dynamicmaps.cf, plug\-in database clients .SH "SEE ALSO" .na .nf @@ -233,10 +233,10 @@ postcat(1), examine Postfix queue file postconf(1), Postfix configuration utility postfix(1), Postfix control program postkick(1), trigger Postfix daemon -postlock(1), Postfix-compatible locking -postlog(1), Postfix-compatible logging +postlock(1), Postfix\-compatible locking +postlog(1), Postfix\-compatible logging postmap(1), Postfix lookup table manager -postmulti(1), Postfix multi-instance manager +postmulti(1), Postfix multi\-instance manager postqueue(1), Postfix mail queue control postsuper(1), Postfix housekeeping mailq(1), Sendmail compatibility interface @@ -247,9 +247,9 @@ Postfix configuration: bounce(5), Postfix bounce message templates master(5), Postfix master.cf file syntax postconf(5), Postfix main.cf file syntax -postfix-wrapper(5), Postfix multi-instance API +postfix\-wrapper(5), Postfix multi\-instance API -Table-driven mechanisms: +Table\-driven mechanisms: access(5), Postfix SMTP access control table aliases(5), Postfix alias database canonical(5), Postfix input address rewriting @@ -271,7 +271,7 @@ pgsql_table(5), Postfix PostgreSQL client regexp_table(5), Associate POSIX regexp pattern with value socketmap_table(5), Postfix socketmap client sqlite_table(5), Postfix SQLite database driver -tcp_table(5), Postfix client-server table lookup +tcp_table(5), Postfix client\-server table lookup Daemon processes: anvil(8), Postfix connection/rate limiting @@ -285,7 +285,7 @@ local(8), Postfix local delivery agent master(8), Postfix master daemon oqmgr(8), old Postfix queue manager pickup(8), Postfix local mail pickup -pipe(8), deliver mail to non-Postfix command +pipe(8), deliver mail to non\-Postfix command postscreen(8), Postfix zombie blocker proxymap(8), Postfix lookup table proxy server qmgr(8), Postfix queue manager @@ -294,10 +294,10 @@ scache(8), Postfix connection cache manager showq(8), list Postfix mail queue smtp(8), lmtp(8), Postfix SMTP+LMTP client smtpd(8), Postfix SMTP server -spawn(8), run non-Postfix server +spawn(8), run non\-Postfix server tlsmgr(8), Postfix TLS cache and randomness manager tlsproxy(8), Postfix TLS proxy server -trivial-rewrite(8), Postfix address rewriting +trivial\-rewrite(8), Postfix address rewriting verify(8), Postfix address verification virtual(8), Postfix virtual delivery agent @@ -357,6 +357,6 @@ Richardson, TX 75083, USA IPv6 support originally by: Mark Huizer, Eindhoven University, The Netherlands -Jun-ichiro 'itojun' Hagino, KAME project, Japan +Jun\-ichiro 'itojun' Hagino, KAME project, Japan The Linux PLD project Dean Strik, Eindhoven University, The Netherlands diff --git a/postfix/man/man1/postkick.1 b/postfix/man/man1/postkick.1 index 64bdda7a3..3356fcc10 100644 --- a/postfix/man/man1/postkick.1 +++ b/postfix/man/man1/postkick.1 @@ -9,7 +9,7 @@ kick a Postfix service .na .nf .fi -\fBpostkick\fR [\fB-c \fIconfig_dir\fR] [\fB-v\fR] +\fBpostkick\fR [\fB\-c \fIconfig_dir\fR] [\fB\-v\fR] \fIclass service request\fR .SH DESCRIPTION .ad @@ -20,11 +20,11 @@ This command makes Postfix private IPC accessible for use in, for example, shell scripts. Options: -.IP "\fB-c\fR \fIconfig_dir\fR" +.IP "\fB\-c\fR \fIconfig_dir\fR" Read the \fBmain.cf\fR configuration file in the named directory instead of the default configuration directory. -.IP \fB-v\fR -Enable verbose logging for debugging purposes. Multiple \fB-v\fR +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR options make the software increasingly verbose. .PP Arguments: @@ -35,7 +35,7 @@ either \fBpublic\fR (accessible by any local user) or .IP \fIservice\fR The name of a local transport endpoint within the named class. .IP \fIrequest\fR -A string. The list of valid requests is service-specific. +A string. The list of valid requests is service\-specific. .SH DIAGNOSTICS .ad .fi @@ -66,7 +66,7 @@ configuration files. How long the \fBpostkick\fR(1) command waits for a request to enter the Postfix daemon process input buffer before giving up. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .SH "FILES" .na .nf diff --git a/postfix/man/man1/postlock.1 b/postfix/man/man1/postlock.1 index 18eacd3cf..6dc0e688e 100644 --- a/postfix/man/man1/postlock.1 +++ b/postfix/man/man1/postlock.1 @@ -9,24 +9,24 @@ lock mail folder and execute command .na .nf .fi -\fBpostlock\fR [\fB-c \fIconfig_dir\fB] [\fB-l \fIlock_style\fB] - [\fB-v\fR] \fIfile command...\fR +\fBpostlock\fR [\fB\-c \fIconfig_dir\fB] [\fB\-l \fIlock_style\fB] + [\fB\-v\fR] \fIfile command...\fR .SH DESCRIPTION .ad .fi The \fBpostlock\fR(1) command locks \fIfile\fR for exclusive access, and executes \fIcommand\fR. The locking method is -compatible with the Postfix UNIX-style local delivery agent. +compatible with the Postfix UNIX\-style local delivery agent. Options: -.IP "\fB-c \fIconfig_dir\fR" +.IP "\fB\-c \fIconfig_dir\fR" Read the \fBmain.cf\fR configuration file in the named directory instead of the default configuration directory. -.IP "\fB-l \fIlock_style\fR" +.IP "\fB\-l \fIlock_style\fR" Override the locking method specified via the \fBmailbox_delivery_lock\fR configuration parameter (see below). -.IP \fB-v\fR -Enable verbose logging for debugging purposes. Multiple \fB-v\fR +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR options make the software increasingly verbose. .PP Arguments: @@ -80,7 +80,7 @@ file or \fBbounce\fR(8) logfile. .IP "\fBstale_lock_time (500s)\fR" The time after which a stale exclusive mailbox lockfile is removed. .IP "\fBmailbox_delivery_lock (see 'postconf -d' output)\fR" -How to lock a UNIX-style \fBlocal\fR(8) mailbox before attempting delivery. +How to lock a UNIX\-style \fBlocal\fR(8) mailbox before attempting delivery. .SH "RESOURCE AND RATE CONTROLS" .na .nf diff --git a/postfix/man/man1/postlog.1 b/postfix/man/man1/postlog.1 index 6a9989803..b1fc21822 100644 --- a/postfix/man/man1/postlog.1 +++ b/postfix/man/man1/postlog.1 @@ -4,18 +4,18 @@ .SH NAME postlog \- -Postfix-compatible logging utility +Postfix\-compatible logging utility .SH "SYNOPSIS" .na .nf .fi .ad -\fBpostlog\fR [\fB-iv\fR] [\fB-c \fIconfig_dir\fR] -[\fB-p \fIpriority\fB] [\fB-t \fItag\fR] [\fItext...\fR] +\fBpostlog\fR [\fB\-iv\fR] [\fB\-c \fIconfig_dir\fR] +[\fB\-p \fIpriority\fB] [\fB\-t \fItag\fR] [\fItext...\fR] .SH DESCRIPTION .ad .fi -The \fBpostlog\fR(1) command implements a Postfix-compatible logging +The \fBpostlog\fR(1) command implements a Postfix\-compatible logging interface for use in, for example, shell scripts. By default, \fBpostlog\fR(1) logs the \fItext\fR given on the command @@ -27,20 +27,20 @@ Logging is sent to \fBsyslogd\fR(8); when the standard error stream is connected to a terminal, logging is sent there as well. The following options are implemented: -.IP "\fB-c \fIconfig_dir\fR" +.IP "\fB\-c \fIconfig_dir\fR" Read the \fBmain.cf\fR configuration file in the named directory instead of the default configuration directory. -.IP \fB-i\fR +.IP \fB\-i\fR Include the process ID in the logging tag. -.IP "\fB-p \fIpriority\fR" +.IP "\fB\-p \fIpriority\fR" Specifies the logging severity: \fBinfo\fR (default), \fBwarn\fR, \fBerror\fR, \fBfatal\fR, or \fBpanic\fR. -.IP "\fB-t \fItag\fR" +.IP "\fB\-t \fItag\fR" Specifies the logging tag, that is, the identifying name that appears at the beginning of each logging record. A default tag is used when none is specified. -.IP \fB-v\fR -Enable verbose logging for debugging purposes. Multiple \fB-v\fR +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR options make the software increasingly verbose. .SH "ENVIRONMENT" .na diff --git a/postfix/man/man1/postmap.1 b/postfix/man/man1/postmap.1 index 6acadd528..fce088cc3 100644 --- a/postfix/man/man1/postmap.1 +++ b/postfix/man/man1/postmap.1 @@ -9,8 +9,8 @@ Postfix lookup table management .na .nf .fi -\fBpostmap\fR [\fB-NbfhimnoprsuUvw\fR] [\fB-c \fIconfig_dir\fR] -[\fB-d \fIkey\fR] [\fB-q \fIkey\fR] +\fBpostmap\fR [\fB\-NbfhimnoprsuUvw\fR] [\fB\-c \fIconfig_dir\fR] +[\fB\-d \fIkey\fR] [\fB\-q \fIkey\fR] [\fIfile_type\fR:]\fIfile_name\fR ... .SH DESCRIPTION .ad @@ -43,10 +43,10 @@ A table entry has the form \fIkey\fR whitespace \fIvalue\fR .fi .IP \(bu -Empty lines and whitespace-only lines are ignored, as -are lines whose first non-whitespace character is a `#'. +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. .IP \(bu -A logical line starts with non-whitespace text. A line that +A logical line starts with non\-whitespace text. A line that starts with whitespace continues a logical line. .PP The \fIkey\fR and \fIvalue\fR are processed as is, except that @@ -57,7 +57,7 @@ special characters such as `#' or whitespace. By default the lookup key is mapped to lowercase to make the lookups case insensitive; as of Postfix 2.3 this case folding happens only with tables whose lookup keys are -fixed-case strings such as btree:, dbm: or hash:. With +fixed\-case strings such as btree:, dbm: or hash:. With earlier versions, the lookup key is folded even with tables where a lookup field can match both upper and lower case text, such as regexp: and pcre:. This resulted in loss of @@ -67,103 +67,103 @@ information with $\fInumber\fR substitutions. .nf .ad .fi -.IP \fB-b\fR +.IP \fB\-b\fR Enable message body query mode. When reading lookup keys -from standard input with "\fB-q -\fR", process the input +from standard input with "\fB\-q \-\fR", process the input as if it is an email message in RFC 2822 format. Each line of body content becomes one lookup key. .sp -By default, the \fB-b\fR option starts generating lookup -keys at the first non-header line, and stops when the end +By default, the \fB\-b\fR option starts generating lookup +keys at the first non\-header line, and stops when the end of the message is reached. To simulate \fBbody_checks\fR(5) processing, enable MIME -parsing with \fB-m\fR. With this, the \fB-b\fR option -generates no body-style lookup keys for attachment MIME +parsing with \fB\-m\fR. With this, the \fB\-b\fR option +generates no body\-style lookup keys for attachment MIME headers and for attached message/* headers. .sp -NOTE: with "smtputf8_enable = yes", the \fB-b\fR option -option disables UTF-8 syntax checks on query keys and -lookup results. Specify the \fB-U\fR option to force UTF-8 +NOTE: with "smtputf8_enable = yes", the \fB\-b\fR option +option disables UTF\-8 syntax checks on query keys and +lookup results. Specify the \fB\-U\fR option to force UTF\-8 syntax checks anyway. .sp This feature is available in Postfix version 2.6 and later. -.IP "\fB-c \fIconfig_dir\fR" +.IP "\fB\-c \fIconfig_dir\fR" Read the \fBmain.cf\fR configuration file in the named directory instead of the default configuration directory. -.IP "\fB-d \fIkey\fR" +.IP "\fB\-d \fIkey\fR" Search the specified maps for \fIkey\fR and remove one entry per map. The exit status is zero when the requested information was found. -If a key value of \fB-\fR is specified, the program reads key +If a key value of \fB\-\fR is specified, the program reads key values from the standard input stream. The exit status is zero when at least one of the requested keys was found. -.IP \fB-f\fR +.IP \fB\-f\fR Do not fold the lookup key to lower case while creating or querying a table. With Postfix version 2.3 and later, this option has no effect for regular expression tables. There, case folding is controlled by appending a flag to a pattern. -.IP \fB-h\fR +.IP \fB\-h\fR Enable message header query mode. When reading lookup keys -from standard input with "\fB-q -\fR", process the input +from standard input with "\fB\-q \-\fR", process the input as if it is an email message in RFC 2822 format. Each -logical header line becomes one lookup key. A multi-line +logical header line becomes one lookup key. A multi\-line header becomes one lookup key with one or more embedded newline characters. .sp -By default, the \fB-h\fR option generates lookup keys until -the first non-header line is reached. +By default, the \fB\-h\fR option generates lookup keys until +the first non\-header line is reached. To simulate \fBheader_checks\fR(5) processing, enable MIME -parsing with \fB-m\fR. With this, the \fB-h\fR option also -generates header-style lookup keys for attachment MIME +parsing with \fB\-m\fR. With this, the \fB\-h\fR option also +generates header\-style lookup keys for attachment MIME headers and for attached message/* headers. .sp -NOTE: with "smtputf8_enable = yes", the \fB-b\fR option -option disables UTF-8 syntax checks on query keys and -lookup results. Specify the \fB-U\fR option to force UTF-8 +NOTE: with "smtputf8_enable = yes", the \fB\-b\fR option +option disables UTF\-8 syntax checks on query keys and +lookup results. Specify the \fB\-U\fR option to force UTF\-8 syntax checks anyway. .sp This feature is available in Postfix version 2.6 and later. -.IP \fB-i\fR +.IP \fB\-i\fR Incremental mode. Read entries from standard input and do not truncate an existing database. By default, \fBpostmap\fR(1) creates a new database from the entries in \fBfile_name\fR. -.IP \fB-m\fR -Enable MIME parsing with "\fB-b\fR" and "\fB-h\fR". +.IP \fB\-m\fR +Enable MIME parsing with "\fB\-b\fR" and "\fB\-h\fR". .sp This feature is available in Postfix version 2.6 and later. -.IP \fB-N\fR +.IP \fB\-N\fR Include the terminating null character that terminates lookup keys and values. By default, \fBpostmap\fR(1) does whatever is the default for the host operating system. -.IP \fB-n\fR +.IP \fB\-n\fR Don't include the terminating null character that terminates lookup keys and values. By default, \fBpostmap\fR(1) does whatever is the default for the host operating system. -.IP \fB-o\fR -Do not release root privileges when processing a non-root +.IP \fB\-o\fR +Do not release root privileges when processing a non\-root input file. By default, \fBpostmap\fR(1) drops root privileges and runs as the source file owner instead. -.IP \fB-p\fR +.IP \fB\-p\fR Do not inherit the file access permissions from the input file when creating a new file. Instead, create a new file with default access permissions (mode 0644). -.IP "\fB-q \fIkey\fR" +.IP "\fB\-q \fIkey\fR" Search the specified maps for \fIkey\fR and write the first value found to the standard output stream. The exit status is zero when the requested information was found. -If a key value of \fB-\fR is specified, the program reads key +If a key value of \fB\-\fR is specified, the program reads key values from the standard input stream and writes one line of \fIkey value\fR output for each key that was found. The exit status is zero when at least one of the requested keys was found. -.IP \fB-r\fR +.IP \fB\-r\fR When updating a table, do not complain about attempts to update existing entries, and make those updates anyway. -.IP \fB-s\fR +.IP \fB\-s\fR Retrieve all database elements, and write one line of \fIkey value\fR output for each element. The elements are printed in database order, which is not necessarily the same @@ -171,24 +171,24 @@ as the original input order. .sp This feature is available in Postfix version 2.2 and later, and is not available for all database types. -.IP \fB-u\fR -Disable UTF-8 support. UTF-8 support is enabled by default +.IP \fB\-u\fR +Disable UTF\-8 support. UTF\-8 support is enabled by default when "smtputf8_enable = yes". It requires that keys and -values are valid UTF-8 strings. -.IP \fB-U\fR -With "smtputf8_enable = yes", force UTF-8 syntax checks -with the \fB-b\fR and \fB-h\fR options. -.IP \fB-v\fR -Enable verbose logging for debugging purposes. Multiple \fB-v\fR +values are valid UTF\-8 strings. +.IP \fB\-U\fR +With "smtputf8_enable = yes", force UTF\-8 syntax checks +with the \fB\-b\fR and \fB\-h\fR options. +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR options make the software increasingly verbose. -.IP \fB-w\fR +.IP \fB\-w\fR When updating a table, do not complain about attempts to update existing entries, and ignore those attempts. .PP Arguments: .IP \fIfile_type\fR The database type. To find out what types are supported, use -the "\fBpostconf -m\fR" command. +the "\fBpostconf \-m\fR" command. The \fBpostmap\fR(1) command can query any supported file type, but it can create only the following file types: @@ -230,8 +230,8 @@ No output means that no problems were detected. Duplicate entries are skipped and are flagged with a warning. \fBpostmap\fR(1) terminates with zero exit status in case of success -(including successful "\fBpostmap -q\fR" lookup) and terminates -with non-zero exit status in case of failure. +(including successful "\fBpostmap \-q\fR" lookup) and terminates +with non\-zero exit status in case of failure. .SH "ENVIRONMENT" .na .nf @@ -251,10 +251,10 @@ this program. The text below provides only a parameter summary. See \fBpostconf\fR(5) for more details including examples. .IP "\fBberkeley_db_create_buffer_size (16777216)\fR" -The per-table I/O buffer size for programs that create Berkeley DB +The per\-table I/O buffer size for programs that create Berkeley DB hash or btree tables. .IP "\fBberkeley_db_read_buffer_size (131072)\fR" -The per-table I/O buffer size for programs that read Berkeley DB +The per\-table I/O buffer size for programs that read Berkeley DB hash or btree tables. .IP "\fBconfig_directory (see 'postconf -d' output)\fR" The default location of the Postfix main.cf and master.cf @@ -263,7 +263,7 @@ configuration files. The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1) and \fBpostmap\fR(1) commands. .IP "\fBsmtputf8_enable (yes)\fR" -Enable experimental SMTPUTF8 support for the protocols described +Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531..6533. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. diff --git a/postfix/man/man1/postmulti.1 b/postfix/man/man1/postmulti.1 index 6512fb598..2820fa94f 100644 --- a/postfix/man/man1/postmulti.1 +++ b/postfix/man/man1/postmulti.1 @@ -4,46 +4,46 @@ .SH NAME postmulti \- -Postfix multi-instance manager +Postfix multi\-instance manager .SH "SYNOPSIS" .na .nf .fi -\fBENABLING MULTI-INSTANCE MANAGEMENT:\fR +\fBENABLING MULTI\-INSTANCE MANAGEMENT:\fR -\fBpostmulti\fR \fB-e init\fR [\fB-v\fR] +\fBpostmulti\fR \fB\-e init\fR [\fB\-v\fR] \fBITERATOR MODE:\fR -\fBpostmulti\fR \fB-l\fR [\fB-aRv\fR] [\fB-g \fIgroup\fR] -[\fB-i \fIname\fR] +\fBpostmulti\fR \fB\-l\fR [\fB\-aRv\fR] [\fB\-g \fIgroup\fR] +[\fB\-i \fIname\fR] -\fBpostmulti\fR \fB-p\fR [\fB-av\fR] [\fB-g \fIgroup\fR] -[\fB-i \fIname\fR] \fIcommand...\fR +\fBpostmulti\fR \fB\-p\fR [\fB\-av\fR] [\fB\-g \fIgroup\fR] +[\fB\-i \fIname\fR] \fIcommand...\fR -\fBpostmulti\fR \fB-x\fR [\fB-aRv\fR] [\fB-g \fIgroup\fR] -[\fB-i \fIname\fR] \fIcommand...\fR +\fBpostmulti\fR \fB\-x\fR [\fB\-aRv\fR] [\fB\-g \fIgroup\fR] +[\fB\-i \fIname\fR] \fIcommand...\fR -\fBLIFE-CYCLE MANAGEMENT:\fR +\fBLIFE\-CYCLE MANAGEMENT:\fR -\fBpostmulti\fR \fB-e create\fR [\fB-av\fR] -[\fB-g \fIgroup\fR] [\fB-i \fIname\fR] [\fB-G \fIgroup\fR] -[\fB-I \fIname\fR] [\fIparam=value\fR ...] +\fBpostmulti\fR \fB\-e create\fR [\fB\-av\fR] +[\fB\-g \fIgroup\fR] [\fB\-i \fIname\fR] [\fB\-G \fIgroup\fR] +[\fB\-I \fIname\fR] [\fIparam=value\fR ...] -\fBpostmulti\fR \fB-e import\fR [\fB-av\fR] -[\fB-g \fIgroup\fR] [\fB-i \fIname\fR] [\fB-G \fIgroup\fR] -[\fB-I \fIname\fR] [\fBconfig_directory=\fI/path\fR] +\fBpostmulti\fR \fB\-e import\fR [\fB\-av\fR] +[\fB\-g \fIgroup\fR] [\fB\-i \fIname\fR] [\fB\-G \fIgroup\fR] +[\fB\-I \fIname\fR] [\fBconfig_directory=\fI/path\fR] -\fBpostmulti\fR \fB-e destroy\fR [\fB-v\fR] \fB-i \fIname\fR +\fBpostmulti\fR \fB\-e destroy\fR [\fB\-v\fR] \fB\-i \fIname\fR -\fBpostmulti\fR \fB-e deport\fR [\fB-v\fR] \fB-i \fIname\fR +\fBpostmulti\fR \fB\-e deport\fR [\fB\-v\fR] \fB\-i \fIname\fR -\fBpostmulti\fR \fB-e enable\fR [\fB-v\fR] \fB-i \fIname\fR +\fBpostmulti\fR \fB\-e enable\fR [\fB\-v\fR] \fB\-i \fIname\fR -\fBpostmulti\fR \fB-e disable\fR [\fB-v\fR] \fB-i \fIname\fR +\fBpostmulti\fR \fB\-e disable\fR [\fB\-v\fR] \fB\-i \fIname\fR -\fBpostmulti\fR \fB-e assign\fR [\fB-v\fR] \fB-i \fIname\fR -[\fB-I \fIname\fR] [-G \fIgroup\fR] +\fBpostmulti\fR \fB\-e assign\fR [\fB\-v\fR] \fB\-i \fIname\fR +[\fB\-I \fIname\fR] [\-G \fIgroup\fR] .SH DESCRIPTION .ad .fi @@ -52,9 +52,9 @@ to manage multiple Postfix instances on a single host. \fBpostmulti\fR(1) implements two fundamental modes of operation. In \fBiterator\fR mode, it executes the same -command for multiple Postfix instances. In \fBlife-cycle +command for multiple Postfix instances. In \fBlife\-cycle management\fR mode, it adds or deletes one instance, or -changes the multi-instance status of one instance. +changes the multi\-instance status of one instance. Each mode of operation has its own command syntax. For this reason, each mode is documented in separate sections below. @@ -63,7 +63,7 @@ reason, each mode is documented in separate sections below. .nf .ad .fi -A multi-instance configuration consists of one primary +A multi\-instance configuration consists of one primary Postfix instance, and one or more secondary instances whose configuration directory pathnames are recorded in the primary instance's main.cf file. Postfix instances share program @@ -71,14 +71,14 @@ files and documentation, but have their own configuration, queue and data directories. Currently, only the default Postfix instance can be used -as primary instance in a multi-instance configuration. The -\fBpostmulti\fR(1) command does not currently support a \fB-c\fR +as primary instance in a multi\-instance configuration. The +\fBpostmulti\fR(1) command does not currently support a \fB\-c\fR option to select an alternative primary instance, and exits with a fatal error if the \fBMAIL_CONFIG\fR environment -variable is set to a non-default configuration directory. +variable is set to a non\-default configuration directory. See the MULTI_INSTANCE_README tutorial for a more detailed -discussion of multi-instance management with \fBpostmulti\fR(1). +discussion of multi\-instance management with \fBpostmulti\fR(1). .SH "ITERATOR MODE" .na .nf @@ -87,41 +87,41 @@ discussion of multi-instance management with \fBpostmulti\fR(1). In iterator mode, \fBpostmulti\fR performs the same operation on all Postfix instances in turn. -If multi-instance support is not enabled, the requested +If multi\-instance support is not enabled, the requested command is performed just for the primary instance. .PP Iterator mode implements the following command options: .SH "Instance selection" -.IP \fB-a\fR +.IP \fB\-a\fR Perform the operation on all instances. This is the default. -.IP "\fB-g \fIgroup\fR" +.IP "\fB\-g \fIgroup\fR" Perform the operation only for members of the named \fIgroup\fR. -.IP "\fB-i \fIname\fR" +.IP "\fB\-i \fIname\fR" Perform the operation only for the instance with the specified \fIname\fR. You can specify either the instance name or the absolute pathname of the instance's configuration -directory. Specify "-" to select the primary Postfix instance. -.IP \fB-R\fR +directory. Specify "\-" to select the primary Postfix instance. +.IP \fB\-R\fR Reverse the iteration order. This may be appropriate when -updating a multi-instance system, where "sink" instances +updating a multi\-instance system, where "sink" instances are started before "source" instances. .sp -This option cannot be used with \fB-p\fR. +This option cannot be used with \fB\-p\fR. .SH "List mode" -.IP \fB-l\fR +.IP \fB\-l\fR List Postfix instances with their instance name, instance group name, enable/disable status and configuration directory. -.SH "Postfix-wrapper mode" -.IP \fB-p\fR +.SH "Postfix\-wrapper mode" +.IP \fB\-p\fR Invoke \fBpostfix(1)\fR to execute the specified \fIcommand\fR. -This option implements the \fBpostfix-wrapper\fR(5) interface. +This option implements the \fBpostfix\-wrapper\fR(5) interface. .RS .IP \(bu -With "start"-like commands, "postfix check" is executed for +With "start"\-like commands, "postfix check" is executed for instances that are not enabled. The full list of commands is specified with the postmulti_start_commands parameter. .IP \(bu -With "stop"-like commands, the iteration order is reversed, +With "stop"\-like commands, the iteration order is reversed, and disabled instances are skipped. The full list of commands is specified with the postmulti_stop_commands parameter. .IP \(bu @@ -134,16 +134,16 @@ With "status" and other commands that don't require a started instance, the command is executed for all instances. .RE .IP -The \fB-p\fR option can also be used interactively to +The \fB\-p\fR option can also be used interactively to start/stop/etc. a named instance or instance group. For example, to start just the instances in the group "msa", invoke \fBpostmulti\fR(1) as follows: .RS .IP -# postmulti -g msa -p start +# postmulti \-g msa \-p start .RE .SH "Command mode" -.IP \fB-x\fR +.IP \fB\-x\fR Execute the specified \fIcommand\fR for all Postfix instances. The command runs with appropriate environment settings for MAIL_CONFIG, command_directory, daemon_directory, @@ -151,59 +151,59 @@ config_directory, queue_directory, data_directory, multi_instance_name, multi_instance_group and multi_instance_enable. .SH "Other options" -.IP \fB-v\fR +.IP \fB\-v\fR Enable verbose logging for debugging purposes. Multiple -\fB-v\fR options make the software increasingly verbose. +\fB\-v\fR options make the software increasingly verbose. .SH "LIFE-CYCLE MANAGEMENT MODE" .na .nf .ad .fi -With the \fB-e\fR option \fBpostmulti\fR(1) can be used to +With the \fB\-e\fR option \fBpostmulti\fR(1) can be used to add or delete a Postfix instance, and to manage the -multi-instance status of an existing instance. +multi\-instance status of an existing instance. .PP The following options are implemented: .SH "Existing instance selection" -.IP \fB-a\fR +.IP \fB\-a\fR When creating or importing an instance, place the new instance at the front of the secondary instance list. -.IP "\fB-g \fIgroup\fR" +.IP "\fB\-g \fIgroup\fR" When creating or importing an instance, place the new instance before the first secondary instance that is a member of the specified group. -.IP "\fB-i \fIname\fR" +.IP "\fB\-i \fIname\fR" When creating or importing an instance, place the new instance before the matching secondary instance. .sp -With other life-cycle operations, apply the operation to -the named existing instance. Specify "-" to select the +With other life\-cycle operations, apply the operation to +the named existing instance. Specify "\-" to select the primary Postfix instance. .SH "New or existing instance name assignment" -.IP "\fB-I \fIname\fR" +.IP "\fB\-I \fIname\fR" Assign the specified instance \fIname\fR to an existing -instance, newly-created instance, or imported instance. +instance, newly\-created instance, or imported instance. Instance -names other than "-" (which makes the instance "nameless") -must start with "postfix-". This restriction reduces the +names other than "\-" (which makes the instance "nameless") +must start with "postfix\-". This restriction reduces the likelihood of name collisions with system files. -.IP "\fB-G \fIgroup\fR" +.IP "\fB\-G \fIgroup\fR" Assign the specified \fIgroup\fR name to an existing instance or to a newly created or imported instance. .SH "Instance creation/deletion/status change" -.IP "\fB-e \fIaction\fR" +.IP "\fB\-e \fIaction\fR" "Edit" managed instances. The following actions are supported: .RS .IP \fBinit\fR This command is required before \fBpostmulti\fR(1) can be -used to manage Postfix instances. The "postmulti -e init" +used to manage Postfix instances. The "postmulti \-e init" command updates the primary instance's main.cf file by setting: .RS .IP .nf multi_instance_wrapper = - ${command_directory}/postmulti -p -- + ${command_directory}/postmulti \-p \-\- multi_instance_enable = yes .fi .RE @@ -212,10 +212,10 @@ You can set these by other means if you prefer. .IP \fBcreate\fR Create a new Postfix instance and add it to the multi_instance_directories parameter of the primary instance. -The "\fB-I \fIname\fR" option is recommended to give the +The "\fB\-I \fIname\fR" option is recommended to give the instance a short name that is used to construct default values for the private directories of the new instance. The -"\fB-G \fIgroup\fR" option may be specified to assign the +"\fB\-G \fIgroup\fR" option may be specified to assign the instance to a group, otherwise, the new instance is not a member of any groups. .sp @@ -223,9 +223,9 @@ The new instance main.cf is the stock main.cf with the parameters that specify the locations of shared files cloned from the primary instance. For "nameless" instances, you should manually adjust "syslog_name" to yield a unique -"logtag" starting with "postfix-" that will uniquely identify +"logtag" starting with "postfix\-" that will uniquely identify the instance in the mail logs. It is simpler to assign the -instance a short name with the "\fB-I \fIname\fR" option. +instance a short name with the "\fB\-I \fIname\fR" option. .sp Optional "name=value" arguments specify the instance config_directory, queue_directory and data_directory. @@ -233,8 +233,8 @@ For example: .RS .IP .nf -# postmulti -I postfix-mumble \e - -G mygroup -e create \e +# postmulti \-I postfix\-mumble \e + \-G mygroup \-e create \e config_directory=/my/config/dir \e queue_directory=/my/queue/dir \e data_directory=/my/data/dir @@ -244,23 +244,23 @@ For example: If any of these pathnames is not supplied, the program attempts to generate the pathname by taking the corresponding primary instance pathname, and by replacing the last pathname -component by the value of the \fB-I\fR option. +component by the value of the \fB\-I\fR option. .sp If the instance configuration directory already exists, and contains both a main.cf and master.cf file, \fBcreate\fR -will "import" the instance as-is. For existing instances, +will "import" the instance as\-is. For existing instances, \fBcreate\fR and \fBimport\fR are identical. .IP \fBimport\fR Import an existing instance into the list of instances -managed by the \fBpostmulti\fR(1) multi-instance manager. +managed by the \fBpostmulti\fR(1) multi\-instance manager. This adds the instance to the multi_instance_directories -list of the primary instance. If the "\fB-I \fIname\fR" +list of the primary instance. If the "\fB\-I \fIname\fR" option is provided it specifies the new name for the instance and is used to define a default location for the instance configuration directory (as with \fBcreate\fR above). The -"\fB-G \fIgroup\fR" option may be used to assign the instance +"\fB\-G \fIgroup\fR" option may be used to assign the instance to a group. Add a "\fBconfig_directory=\fI/path\fR" argument -to override a default pathname based on "\fB-I \fIname\fR". +to override a default pathname based on "\fB\-I \fIname\fR". .IP \fBdestroy\fR Destroy a secondary Postfix instance. To be a candidate for destruction an instance must be disabled, stopped and its @@ -298,8 +298,8 @@ from the primary instance's multi_instance_directories list, but does not remove any files or directories. .IP \fBassign\fR Assign a new instance name or a new group name to the -selected instance. Use "\fB-G -\fR" to specify "no group" -and "\fB-I -\fR" to specify "no name". If you choose to +selected instance. Use "\fB\-G \-\fR" to specify "no group" +and "\fB\-I \-\fR" to specify "no name". If you choose to make an instance "nameless", set a suitable syslog_name in the corresponding main.cf file. .IP \fBenable\fR @@ -309,12 +309,12 @@ main.cf file. .IP \fBdisable\fR Mark the selected instance as disabled. This means that the instance will not be started etc. with "postfix start", -"postmulti -p start" and so on. The instance can still be -started etc. with "postfix -c config-directory start". +"postmulti \-p start" and so on. The instance can still be +started etc. with "postfix \-c config\-directory start". .SH "Other options" -.IP \fB-v\fR +.IP \fB\-v\fR Enable verbose logging for debugging purposes. Multiple -\fB-v\fR options make the software increasingly verbose. +\fB\-v\fR options make the software increasingly verbose. .RE .SH "ENVIRONMENT" .na @@ -325,7 +325,7 @@ The \fBpostmulti\fR(1) command exports the following environment variables before executing the requested \fIcommand\fR for a given instance: .IP \fBMAIL_VERBOSE\fR -This is set when the -v command-line option is present. +This is set when the \-v command\-line option is present. .IP \fBMAIL_CONFIG\fR The location of the configuration directory of the instance. .SH "CONFIGURATION PARAMETERS" @@ -340,9 +340,9 @@ configuration files. The directory with Postfix support programs and daemon programs. .IP "\fBimport_environment (see 'postconf -d' output)\fR" The list of environment parameters that a Postfix process will -import from a non-Postfix parent process. +import from a non\-Postfix parent process. .IP "\fBmulti_instance_directories (empty)\fR" -An optional list of non-default Postfix configuration directories; +An optional list of non\-default Postfix configuration directories; these directories belong to additional Postfix instances that share the Postfix executable files and documentation with the default Postfix instance, and that are started, stopped, etc., together @@ -353,7 +353,7 @@ The optional instance group name of this Postfix instance. The optional instance name of this Postfix instance. .IP "\fBmulti_instance_enable (no)\fR" Allow this Postfix instance to be started, stopped, etc., by a -multi-instance manager. +multi\-instance manager. .IP "\fBpostmulti_start_commands (start)\fR" The \fBpostfix\fR(1) commands that the \fBpostmulti\fR(1) instance manager treats as "start" commands. @@ -369,26 +369,26 @@ The syslog facility of Postfix logging. The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .PP -Available in Postfix 2.12 and later: +Available in Postfix 3.0 and later: .IP "\fBmeta_directory (see 'postconf -d' output)\fR" -The location of non-executable files that are shared among -multiple Postfix instances, such as postfix-files, dynamicmaps.cf, -and the multi-instance template files main.cf.proto and master.cf.proto. +The location of non\-executable files that are shared among +multiple Postfix instances, such as postfix\-files, dynamicmaps.cf, +and the multi\-instance template files main.cf.proto and master.cf.proto. .IP "\fBshlib_directory (see 'postconf -d' output)\fR" -The location of Postfix shared libraries (libpostfix-*.so), -and the default location of Postfix database plugins (libpostfix-*.so) +The location of Postfix shared libraries (libpostfix\-*.so), +and the default location of Postfix database plugins (libpostfix\-*.so) that have a relative pathname in the dynamicmaps.cf file. .SH "FILES" .na .nf $meta_directory/main.cf.proto, stock configuration file $meta_directory/master.cf.proto, stock configuration file -$daemon_directory/postmulti-script, life-cycle helper program +$daemon_directory/postmulti\-script, life\-cycle helper program .SH "SEE ALSO" .na .nf postfix(1), Postfix control program -postfix-wrapper(5), Postfix multi-instance API +postfix\-wrapper(5), Postfix multi\-instance API .SH "README FILES" .na .nf @@ -398,7 +398,7 @@ Use "\fBpostconf readme_directory\fR" or "\fBpostconf html_directory\fR" to locate this information. .nf .na -MULTI_INSTANCE_README, Postfix multi-instance management +MULTI_INSTANCE_README, Postfix multi\-instance management .SH "HISTORY" .na .nf diff --git a/postfix/man/man1/postqueue.1 b/postfix/man/man1/postqueue.1 index 13ea11822..58d780060 100644 --- a/postfix/man/man1/postqueue.1 +++ b/postfix/man/man1/postqueue.1 @@ -8,13 +8,13 @@ Postfix queue control .SH "SYNOPSIS" .na .nf -\fBpostqueue\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] \fB-f\fR +\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-f\fR .br -\fBpostqueue\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] \fB-i \fIqueue_id\fR +\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-i \fIqueue_id\fR .br -\fBpostqueue\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] \fB-p\fR +\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-p\fR .br -\fBpostqueue\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] \fB-s \fIsite\fR +\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-s \fIsite\fR .SH DESCRIPTION .ad .fi @@ -22,32 +22,32 @@ The \fBpostqueue\fR(1) command implements the Postfix user interface for queue management. It implements operations that are traditionally available via the \fBsendmail\fR(1) command. See the \fBpostsuper\fR(1) command for queue operations -that require super-user privileges such as deleting a message +that require super\-user privileges such as deleting a message from the queue or changing the status of a message. The following options are recognized: -.IP "\fB-c \fIconfig_dir\fR" +.IP "\fB\-c \fIconfig_dir\fR" The \fBmain.cf\fR configuration file is in the named directory instead of the default configuration directory. See also the MAIL_CONFIG environment setting below. -.IP \fB-f\fR +.IP \fB\-f\fR Flush the queue: attempt to deliver all queued mail. -This option implements the traditional "\fBsendmail -q\fR" command, +This option implements the traditional "\fBsendmail \-q\fR" command, by contacting the Postfix \fBqmgr\fR(8) daemon. Warning: flushing undeliverable mail frequently will result in poor delivery performance of all other mail. -.IP "\fB-i \fIqueue_id\fR" +.IP "\fB\-i \fIqueue_id\fR" Schedule immediate delivery of deferred mail with the specified queue ID. -This option implements the traditional \fBsendmail -qI\fR +This option implements the traditional \fBsendmail \-qI\fR command, by contacting the \fBflush\fR(8) server. This feature is available with Postfix version 2.4 and later. -.IP \fB-p\fR -Produce a traditional sendmail-style queue listing. +.IP \fB\-p\fR +Produce a traditional sendmail\-style queue listing. This option implements the traditional \fBmailq\fR command, by contacting the Postfix \fBshowq\fR(8) daemon. @@ -64,7 +64,7 @@ selected for delivery. The message is in the \fBhold\fR queue, i.e. no further delivery attempt will be made until the mail is taken off hold. .RE -.IP "\fB-s \fIsite\fR" +.IP "\fB\-s \fIsite\fR" Schedule immediate delivery of all mail that is queued for the named \fIsite\fR. A numerical site must be specified as a valid RFC 5321 address literal enclosed in [], just like in email addresses. @@ -72,18 +72,18 @@ The site must be eligible for the "fast flush" service. See \fBflush\fR(8) for more information about the "fast flush" service. -This option implements the traditional "\fBsendmail -qR\fIsite\fR" +This option implements the traditional "\fBsendmail \-qR\fIsite\fR" command, by contacting the Postfix \fBflush\fR(8) daemon. -.IP \fB-v\fR -Enable verbose logging for debugging purposes. Multiple \fB-v\fR +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR options make the software increasingly verbose. As of Postfix 2.3, -this option is available for the super-user only. +this option is available for the super\-user only. .SH "SECURITY" .na .nf .ad .fi -This program is designed to run with set-group ID privileges, so +This program is designed to run with set\-group ID privileges, so that it can connect to Postfix daemon processes. .SH DIAGNOSTICS .ad @@ -97,14 +97,14 @@ stream. .fi .IP MAIL_CONFIG Directory with the \fBmain.cf\fR file. In order to avoid exploitation -of set-group ID privileges, a non-standard directory is allowed only +of set\-group ID privileges, a non\-standard directory is allowed only if: .RS .IP \(bu The name is listed in the standard \fBmain.cf\fR file with the \fBalternate_config_directories\fR configuration parameter. .IP \(bu -The command is invoked by the super-user. +The command is invoked by the super\-user. .RE .SH "CONFIGURATION PARAMETERS" .na @@ -116,8 +116,8 @@ this program. The text below provides only a parameter summary. See \fBpostconf\fR(5) for more details including examples. .IP "\fBalternate_config_directories (empty)\fR" -A list of non-default Postfix configuration directories that may -be specified with "-c config_directory" on the command line, or +A list of non\-default Postfix configuration directories that may +be specified with "\-c config_directory" on the command line, or via the MAIL_CONFIG environment parameter. .IP "\fBconfig_directory (see 'postconf -d' output)\fR" The default location of the Postfix main.cf and master.cf @@ -125,13 +125,13 @@ configuration files. .IP "\fBcommand_directory (see 'postconf -d' output)\fR" The location of all postfix administrative commands. .IP "\fBfast_flush_domains ($relay_domains)\fR" -Optional list of destinations that are eligible for per-destination +Optional list of destinations that are eligible for per\-destination logfiles with mail that is queued to those destinations. .IP "\fBimport_environment (see 'postconf -d' output)\fR" The list of environment parameters that a Postfix process will -import from a non-Postfix parent process. +import from a non\-Postfix parent process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" @@ -156,7 +156,7 @@ List of users who are authorized to view the queue. qmgr(8), queue manager showq(8), list mail queue flush(8), fast flush service -sendmail(1), Sendmail-compatible user interface +sendmail(1), Sendmail\-compatible user interface postsuper(1), privileged queue operations .SH "README FILES" .na diff --git a/postfix/man/man1/postsuper.1 b/postfix/man/man1/postsuper.1 index 861c0d885..bcff49e7e 100644 --- a/postfix/man/man1/postsuper.1 +++ b/postfix/man/man1/postsuper.1 @@ -9,10 +9,10 @@ Postfix superintendent .na .nf .fi -\fBpostsuper\fR [\fB-psSv\fR] -[\fB-c \fIconfig_dir\fR] [\fB-d \fIqueue_id\fR] - [\fB-h \fIqueue_id\fR] [\fB-H \fIqueue_id\fR] - [\fB-r \fIqueue_id\fR] [\fIdirectory ...\fR] +\fBpostsuper\fR [\fB\-psSv\fR] +[\fB\-c \fIconfig_dir\fR] [\fB\-d \fIqueue_id\fR] + [\fB\-h \fIqueue_id\fR] [\fB\-H \fIqueue_id\fR] + [\fB\-r \fIqueue_id\fR] [\fIdirectory ...\fR] .SH DESCRIPTION .ad .fi @@ -23,35 +23,35 @@ such as listing or flushing the mail queue. By default, \fBpostsuper\fR(1) performs the operations requested with the -\fB-s\fR and \fB-p\fR command-line options on all Postfix queue -directories - this includes the \fBincoming\fR, \fBactive\fR and +\fB\-s\fR and \fB\-p\fR command\-line options on all Postfix queue +directories \- this includes the \fBincoming\fR, \fBactive\fR and \fBdeferred\fR directories with mail files and the \fBbounce\fR, \fBdefer\fR, \fBtrace\fR and \fBflush\fR directories with log files. Options: -.IP "\fB-c \fIconfig_dir\fR" +.IP "\fB\-c \fIconfig_dir\fR" The \fBmain.cf\fR configuration file is in the named directory instead of the default configuration directory. See also the MAIL_CONFIG environment setting below. -.IP "\fB-d \fIqueue_id\fR" +.IP "\fB\-d \fIqueue_id\fR" Delete one message with the named queue ID from the named mail queue(s) (default: \fBhold\fR, \fBincoming\fR, \fBactive\fR and \fBdeferred\fR). -If a \fIqueue_id\fR of \fB-\fR is specified, the program reads +If a \fIqueue_id\fR of \fB\-\fR is specified, the program reads queue IDs from standard input. For example, to delete all mail with exactly one recipient \fBuser@example.com\fR: .sp .nf -mailq | tail +2 | grep -v '^ *(' | awk \'BEGIN { RS = "" } +mailq | tail +2 | grep \-v '^ *(' | awk \'BEGIN { RS = "" } # $7=sender, $8=recipient1, $9=recipient2 { if ($8 == "user@example.com" && $9 == "") print $1 } -\' | tr -d '*!' | postsuper -d - +\' | tr \-d '*!' | postsuper \-d \- .fi .sp -Specify "\fB-d ALL\fR" to remove all messages; for example, specify -"\fB-d ALL deferred\fR" to delete all mail in the \fBdeferred\fR queue. +Specify "\fB\-d ALL\fR" to remove all messages; for example, specify +"\fB\-d ALL deferred\fR" to delete all mail in the \fBdeferred\fR queue. As a safety measure, the word \fBALL\fR must be specified in upper case. .sp @@ -77,17 +77,17 @@ can distinguish within a second). \fBpostsuper\fR(1) deletes the new message, instead of the old message that it should have deleted. .RE -.IP "\fB-h \fIqueue_id\fR" +.IP "\fB\-h \fIqueue_id\fR" Put mail "on hold" so that no attempt is made to deliver it. Move one message with the named queue ID from the named mail queue(s) (default: \fBincoming\fR, \fBactive\fR and \fBdeferred\fR) to the \fBhold\fR queue. -If a \fIqueue_id\fR of \fB-\fR is specified, the program reads +If a \fIqueue_id\fR of \fB\-\fR is specified, the program reads queue IDs from standard input. .sp -Specify "\fB-h ALL\fR" to hold all messages; for example, specify -"\fB-h ALL deferred\fR" to hold all mail in the \fBdeferred\fR queue. +Specify "\fB\-h ALL\fR" to hold all messages; for example, specify +"\fB\-h ALL deferred\fR" to hold all mail in the \fBdeferred\fR queue. As a safety measure, the word \fBALL\fR must be specified in upper case. .sp @@ -97,37 +97,37 @@ or \fBbounce_queue_lifetime\fR setting. It becomes subject to expiration after it is released from "hold". .sp This feature is available in Postfix 2.0 and later. -.IP "\fB-H \fIqueue_id\fR" +.IP "\fB\-H \fIqueue_id\fR" Release mail that was put "on hold". Move one message with the named queue ID from the named mail queue(s) (default: \fBhold\fR) to the \fBdeferred\fR queue. -If a \fIqueue_id\fR of \fB-\fR is specified, the program reads +If a \fIqueue_id\fR of \fB\-\fR is specified, the program reads queue IDs from standard input. .sp -Note: specify "\fBpostsuper -r\fR" to release mail that was kept on +Note: specify "\fBpostsuper \-r\fR" to release mail that was kept on hold for a significant fraction of \fB$maximal_queue_lifetime\fR or \fB$bounce_queue_lifetime\fR, or longer. .sp -Specify "\fB-H ALL\fR" to release all mail that is "on hold". +Specify "\fB\-H ALL\fR" to release all mail that is "on hold". As a safety measure, the word \fBALL\fR must be specified in upper case. .sp This feature is available in Postfix 2.0 and later. -.IP \fB-p\fR +.IP \fB\-p\fR Purge old temporary files that are left over after system or software crashes. -.IP "\fB-r \fIqueue_id\fR" +.IP "\fB\-r \fIqueue_id\fR" Requeue the message with the named queue ID from the named mail queue(s) (default: \fBhold\fR, \fBincoming\fR, \fBactive\fR and \fBdeferred\fR). -To requeue multiple messages, specify multiple \fB-r\fR -command-line options. +To requeue multiple messages, specify multiple \fB\-r\fR +command\-line options. -Alternatively, if a \fIqueue_id\fR of \fB-\fR is specified, +Alternatively, if a \fIqueue_id\fR of \fB\-\fR is specified, the program reads queue IDs from standard input. .sp -Specify "\fB-r ALL\fR" to requeue all messages. As a safety +Specify "\fB\-r ALL\fR" to requeue all messages. As a safety measure, the word \fBALL\fR must be specified in upper case. .sp A requeued message is moved to the \fBmaildrop\fR queue, @@ -162,7 +162,7 @@ the wrong message file when it is executed while the Postfix mail system is running, but no harm should be done. .sp This feature is available in Postfix 1.1 and later. -.IP \fB-s\fR +.IP \fB\-s\fR Structure check and structure repair. This should be done once before Postfix startup. .RS @@ -194,13 +194,13 @@ procedure is as follows: Run \fBpostsuper\fR(1) repeatedly until it stops reporting file name changes. .RE -.IP \fB-S\fR -A redundant version of \fB-s\fR that requires that long +.IP \fB\-S\fR +A redundant version of \fB\-s\fR that requires that long file names also match the message file inode number. This option exists for testing purposes, and is available with Postfix 2.9 and later. -.IP \fB-v\fR -Enable verbose logging for debugging purposes. Multiple \fB-v\fR +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR options make the software increasingly verbose. .SH DIAGNOSTICS .ad @@ -208,9 +208,9 @@ options make the software increasingly verbose. Problems are reported to the standard error stream and to \fBsyslogd\fR(8). -\fBpostsuper\fR(1) reports the number of messages deleted with \fB-d\fR, -the number of messages requeued with \fB-r\fR, and the number of -messages whose queue file name was fixed with \fB-s\fR. The report +\fBpostsuper\fR(1) reports the number of messages deleted with \fB\-d\fR, +the number of messages requeued with \fB\-r\fR, and the number of +messages whose queue file name was fixed with \fB\-s\fR. The report is written to the standard error stream and to \fBsyslogd\fR(8). .SH "ENVIRONMENT" .na @@ -243,7 +243,7 @@ the hash_queue_names parameter. The names of queue directories that are split across multiple subdirectory levels. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" @@ -252,11 +252,11 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd". .PP Available in Postfix version 2.9 and later: .IP "\fBenable_long_queue_ids (no)\fR" -Enable long, non-repeating, queue IDs (queue file names). +Enable long, non\-repeating, queue IDs (queue file names). .SH "SEE ALSO" .na .nf -sendmail(1), Sendmail-compatible user interface +sendmail(1), Sendmail\-compatible user interface postqueue(1), unprivileged queue operations .SH "LICENSE" .na diff --git a/postfix/man/man1/posttls-finger.1 b/postfix/man/man1/posttls-finger.1 index 88e4bd4e0..de02894a7 100644 --- a/postfix/man/man1/posttls-finger.1 +++ b/postfix/man/man1/posttls-finger.1 @@ -8,19 +8,19 @@ Probe the TLS properties of an ESMTP or LMTP server. .SH "SYNOPSIS" .na .nf -\fBposttls-finger\fR [\fIoptions\fR] [\fBinet:\fR]\fIdomain\fR[:\fIport\fR] [\fImatch ...\fR] +\fBposttls\-finger\fR [\fIoptions\fR] [\fBinet:\fR]\fIdomain\fR[:\fIport\fR] [\fImatch ...\fR] .br -\fBposttls-finger\fR -S [\fIoptions\fR] \fBunix:\fIpathname\fR [\fImatch ...\fR] +\fBposttls\-finger\fR \-S [\fIoptions\fR] \fBunix:\fIpathname\fR [\fImatch ...\fR] .SH DESCRIPTION .ad .fi -\fBposttls-finger\fR(1) connects to the specified destination -and reports TLS-related information about the server. With SMTP, the +\fBposttls\-finger\fR(1) connects to the specified destination +and reports TLS\-related information about the server. With SMTP, the destination is a domainname; with LMTP it is either a domainname prefixed with \fBinet:\fR or a pathname prefixed with \fBunix:\fR. If -Postfix is built without TLS support, the resulting posttls-finger -program has very limited functionality, and only the \fB-a\fR, \fB-c\fR, -\fB-h\fR, \fB-o\fR, \fB-S\fR, \fB-t\fR, \fB-T\fR and \fB-v\fR options +Postfix is built without TLS support, the resulting posttls\-finger +program has very limited functionality, and only the \fB\-a\fR, \fB\-c\fR, +\fB\-h\fR, \fB\-o\fR, \fB\-S\fR, \fB\-t\fR, \fB\-T\fR and \fB\-v\fR options are available. Note: this is an unsupported test program. No attempt is made @@ -30,45 +30,45 @@ For SMTP servers that don't support ESMTP, only the greeting banner and the negative EHLO response are reported. Otherwise, the reported EHLO response details further server capabilities. -If TLS support is enabled when \fBposttls-finger\fR(1) is compiled, and +If TLS support is enabled when \fBposttls\-finger\fR(1) is compiled, and the server supports \fBSTARTTLS\fR, a TLS handshake is attempted. If DNSSEC support is available, the connection TLS security level -(\fB-l\fR option) defaults to \fBdane\fR; see TLS_README for +(\fB\-l\fR option) defaults to \fBdane\fR; see TLS_README for details. Otherwise, it defaults to \fBsecure\fR. This setting determines the certificate matching policy. If TLS negotiation succeeds, the TLS protocol and cipher details are reported. The server certificate is then verified in accordance with the policy at the chosen (or default) security level. With public -CA-based trust, when the \fB-L\fR option includes \fBcertmatch\fR, +CA\-based trust, when the \fB\-L\fR option includes \fBcertmatch\fR, (true by default) name matching is performed even if the certificate chain is not trusted. This logs the names found in the remote SMTP server certificate and which if any would match, were the certificate chain trusted. -Note: \fBposttls-finger\fR(1) does not perform any table lookups, so -the TLS policy table and obsolete per-site tables are not consulted. +Note: \fBposttls\-finger\fR(1) does not perform any table lookups, so +the TLS policy table and obsolete per\-site tables are not consulted. It does not communicate with the \fBtlsmgr\fR(8) daemon (or any other Postfix daemons); its TLS session cache is held in private memory, and disappears when the process exits. -With the \fB-r \fIdelay\fR option, if the server assigns a TLS +With the \fB\-r \fIdelay\fR option, if the server assigns a TLS session id, the TLS session is cached. The connection is then closed -and re-opened after the specified delay, and \fBposttls-finger\fR(1) -then reports whether the cached TLS session was re-used. +and re\-opened after the specified delay, and \fBposttls\-finger\fR(1) +then reports whether the cached TLS session was re\-used. -When the destination is a load-balancer, it may be distributing +When the destination is a load balancer, it may be distributing load between multiple server caches. Typically, each server returns its unique name in its EHLO response. If, upon reconnecting with -\fB-r\fR, a new server name is detected, another session is cached +\fB\-r\fR, a new server name is detected, another session is cached for the new server, and the reconnect is repeated up to a maximum -number of times (default 5) that can be specified via the \fB-m\fR +number of times (default 5) that can be specified via the \fB\-m\fR option. -The choice of SMTP or LMTP (\fB-S\fR option) determines the syntax of +The choice of SMTP or LMTP (\fB\-S\fR option) determines the syntax of the destination argument. With SMTP, one can specify a service on a -non-default port as \fIhost\fR:\fIservice\fR, and disable MX (mail +non\-default port as \fIhost\fR:\fIservice\fR, and disable MX (mail exchanger) DNS lookups with [\fIhost\fR] or [\fIhost\fR]:\fIport\fR. The [] form is required when you specify an IP address instead of a hostname. An IPv6 address takes the form [\fBipv6:\fIaddress\fR]. @@ -76,70 +76,70 @@ The default port for SMTP is taken from the \fBsmtp/tcp\fR entry in /etc/services, defaulting to 25 if the entry is not found. With LMTP, specify \fBunix:\fIpathname\fR to connect to a local server -listening on a unix-domain socket bound to the specified pathname; +listening on a unix\-domain socket bound to the specified pathname; otherwise, specify an optional \fBinet:\fR prefix followed by a \fIdomain\fR and an optional port, with the same syntax as for SMTP. The default TCP port for LMTP is 24. Arguments: -.IP "\fB-a\fR \fIfamily\fR (default: \fBany\fR)" +.IP "\fB\-a\fR \fIfamily\fR (default: \fBany\fR)" Address family preference: \fBipv4\fR, \fBipv6\fR or \fBany\fR. When -using \fBany\fR, posttls-finger will randomly select one of the two as +using \fBany\fR, posttls\-finger will randomly select one of the two as the more preferred, and exhaust all MX preferences for the first address family before trying any addresses for the other. -.IP "\fB-A\fR \fItrust-anchor.pem\fR (default: none)" -A list of PEM trust-anchor files that overrides CAfile and CApath +.IP "\fB\-A\fR \fItrust\-anchor.pem\fR (default: none)" +A list of PEM trust\-anchor files that overrides CAfile and CApath trust chain verification. Specify the option multiple times to specify multiple files. See the main.cf documentation for smtp_tls_trust_anchor_file for details. -.IP "\fB-c\fR" -Disable SMTP chat logging; only TLS-related information is logged. -.IP "\fB-C\fR" +.IP "\fB\-c\fR" +Disable SMTP chat logging; only TLS\-related information is logged. +.IP "\fB\-C\fR" Print the remote SMTP server certificate trust chain in PEM format. The issuer DN, subject DN, certificate and public key fingerprints -(see \fB-d \fImdalg\fR option below) are printed above each PEM -certificate block. If you specify \fB-F \fICAfile\fR or -\fB-P \fICApath\fR, the OpenSSL library may augment the chain with +(see \fB\-d \fImdalg\fR option below) are printed above each PEM +certificate block. If you specify \fB\-F \fICAfile\fR or +\fB\-P \fICApath\fR, the OpenSSL library may augment the chain with missing issuer certificates. To see the actual chain sent by the remote SMTP server leave \fICAfile\fR and \fICApath\fR unset. -.IP "\fB-d \fImdalg\fR (default: \fBsha1\fR)" +.IP "\fB\-d \fImdalg\fR (default: \fBsha1\fR)" The message digest algorithm to use for reporting remote SMTP server fingerprints and matching against user provided certificate fingerprints (with DANE TLSA records the algorithm is specified in the DNS). -.IP "\fB-f\fR" +.IP "\fB\-f\fR" Lookup the associated DANE TLSA RRset even when a hostname is not an alias and its address records lie in an unsigned zone. See smtp_tls_force_insecure_host_tlsa_lookup for details. -.IP "\fB-F \fICAfile.pem\fR (default: none)" +.IP "\fB\-F \fICAfile.pem\fR (default: none)" The PEM formatted CAfile for remote SMTP server certificate verification. By default no CAfile is used and no public CAs are trusted. -.IP "\fB-g \fIgrade\fR (default: medium)" -The minimum TLS cipher grade used by posttls-finger. See +.IP "\fB\-g \fIgrade\fR (default: medium)" +The minimum TLS cipher grade used by posttls\-finger. See smtp_tls_mandatory_ciphers for details. -.IP "\fB-h \fIhost_lookup\fR (default: \fBdns\fR)" +.IP "\fB\-h \fIhost_lookup\fR (default: \fBdns\fR)" The hostname lookup methods used for the connection. See the documentation of smtp_host_lookup for syntax and semantics. -.IP "\fB-l \fIlevel\fR (default: \fBdane\fR or \fBsecure\fR)" +.IP "\fB\-l \fIlevel\fR (default: \fBdane\fR or \fBsecure\fR)" The security level for the connection, default \fBdane\fR or \fBsecure\fR depending on whether DNSSEC is available. For syntax and semantics, see the documentation of smtp_tls_security_level. -When \fBdane\fR or \fBdane-only\fR is supported and selected, if no +When \fBdane\fR or \fBdane\-only\fR is supported and selected, if no TLSA records are found, or all the records found are unusable, the \fIsecure\fR level will be used instead. The \fBfingerprint\fR -security level allows you to test certificate or public-key +security level allows you to test certificate or public\-key fingerprint matches before you deploy them in the policy table. .IP -Note, since \fBposttls-finger\fR does not actually deliver any email, +Note, since \fBposttls\-finger\fR does not actually deliver any email, the \fBnone\fR, \fBmay\fR and \fBencrypt\fR security levels are not very useful. Since \fBmay\fR and \fBencrypt\fR don't require peer certificates, they will often negotiate anonymous TLS ciphersuites, so you won't learn much about the remote SMTP server's certificates at these levels if it also supports anonymous TLS (though you may learn that the server supports anonymous TLS). -.IP "\fB-L \fIlogopts\fR (default: \fBroutine,certmatch\fR)" -Fine-grained TLS logging options. To tune the TLS features logged +.IP "\fB\-L \fIlogopts\fR (default: \fBroutine,certmatch\fR)" +Fine\-grained TLS logging options. To tune the TLS features logged during the TLS handshake, specify one or more of: .RS .IP "\fB0, none\fR" @@ -148,31 +148,31 @@ is handy if you just want the trust chain: .RS .ad .nf -$ posttls-finger -cC -L none destination +$ posttls\-finger \-cC \-L none destination .fi .RE .IP "\fB1, routine, summary\fR" -These synonymous values yield a normal one-line summary of the TLS +These synonymous values yield a normal one\-line summary of the TLS connection. .IP "\fB2, debug\fR" -These synonymous values combine routine, ssl-debug, cache and verbose. -.IP "\fB3, ssl-expert\fR" -These synonymous values combine debug with ssl-handshake-packet-dump. +These synonymous values combine routine, ssl\-debug, cache and verbose. +.IP "\fB3, ssl\-expert\fR" +These synonymous values combine debug with ssl\-handshake\-packet\-dump. For experts only. -.IP "\fB4, ssl-developer\fR" -These synonymous values combine ssl-expert with ssl-session-packet-dump. +.IP "\fB4, ssl\-developer\fR" +These synonymous values combine ssl\-expert with ssl\-session\-packet\-dump. For experts only, and in most cases, use wireshark instead. -.IP "\fBssl-debug\fR" +.IP "\fBssl\-debug\fR" Turn on OpenSSL logging of the progress of the SSL handshake. -.IP "\fBssl-handshake-packet-dump\fR" +.IP "\fBssl\-handshake\-packet\-dump\fR" Log hexadecimal packet dumps of the SSL handshake; for experts only. -.IP "\fBssl-session-packet-dump\fR" +.IP "\fBssl\-session\-packet\-dump\fR" Log hexadecimal packet dumps of the entire SSL session; only useful to those who can debug SSL protocol problems from hex dumps. .IP "\fBuntrusted\fR" Logs trust chain verification problems. This is turned on automatically at security levels that use peer names signed -by certificate authorities to validate certificates. So while +by Certification Authorities to validate certificates. So while this setting is recognized, you should never need to set it explicitly. .IP "\fBpeercert\fR" @@ -181,11 +181,11 @@ subject, issuer, and fingerprints. .IP "\fBcertmatch\fR" This logs remote SMTP server certificate matching, showing the CN and each subjectAltName and which name matched. With DANE, logs -matching of TLSA record trust-anchor and end-entity certificates. +matching of TLSA record trust\-anchor and end\-entity certificates. .IP "\fBcache\fR" This logs session cache operations, showing whether session caching is effective with the remote SMTP server. Automatically used when -reconnecting with the \fB-r\fR option; rarely needs to be set +reconnecting with the \fB\-r\fR option; rarely needs to be set explicitly. .IP "\fBverbose\fR" Enables verbose logging in the Postfix TLS driver; includes all of @@ -195,48 +195,48 @@ peercert..cache and more. The default is \fBroutine,certmatch\fR. After a reconnect, \fBpeercert\fR, \fBcertmatch\fR and \fBverbose\fR are automatically disabled while \fBcache\fR and \fBsummary\fR are enabled. -.IP "\fB-m \fIcount\fR (default: \fB5\fR)" -When the \fB-r \fIdelay\fR option is specified, the \fB-m\fR option +.IP "\fB\-m \fIcount\fR (default: \fB5\fR)" +When the \fB\-r \fIdelay\fR option is specified, the \fB\-m\fR option determines the maximum number of reconnect attempts to use with -a server behind a load-balacer, to see whether connection caching +a server behind a load balancer, to see whether connection caching is likely to be effective for this destination. Some MTAs don't expose the underlying server identity in their EHLO response; with these servers there will never be more than 1 reconnection attempt. -.IP "\fB-o \fIname=value\fR" +.IP "\fB\-o \fIname=value\fR" Specify zero or more times to override the value of the main.cf -parameter \fIname\fR with \fIvalue\fR. Possible use-cases include +parameter \fIname\fR with \fIvalue\fR. Possible use\-cases include overriding the values of TLS library parameters, or "myhostname" to configure the SMTP EHLO name sent to the remote server. -.IP "\fB-p \fIprotocols\fR (default: !SSLv2)" -List of TLS protocols that posttls-finger will exclude or include. See +.IP "\fB\-p \fIprotocols\fR (default: !SSLv2)" +List of TLS protocols that posttls\-finger will exclude or include. See smtp_tls_mandatory_protocols for details. -.IP "\fB-P \fICApath/\fR (default: none)" +.IP "\fB\-P \fICApath/\fR (default: none)" The OpenSSL CApath/ directory (indexed via c_rehash(1)) for remote SMTP server certificate verification. By default no CApath is used and no public CAs are trusted. -.IP "\fB-r \fIdelay\fR" -With a cachable TLS session, disconnect and reconnect after \fIdelay\fR -seconds. Report whether the session is re-used. Retry if a new server -is encountered, up to 5 times or as specified with the \fB-m\fR option. +.IP "\fB\-r \fIdelay\fR" +With a cacheable TLS session, disconnect and reconnect after \fIdelay\fR +seconds. Report whether the session is re\-used. Retry if a new server +is encountered, up to 5 times or as specified with the \fB\-m\fR option. By default reconnection is disabled, specify a positive delay to enable this behavior. -.IP "\fB-S\fR" +.IP "\fB\-S\fR" Disable SMTP; that is, connect to an LMTP server. The default port for LMTP over TCP is 24. Alternative ports can specified by appending "\fI:servicename\fR" or ":\fIportnumber\fR" to the destination argument. -.IP "\fB-t \fItimeout\fR (default: \fB30\fR)" +.IP "\fB\-t \fItimeout\fR (default: \fB30\fR)" The TCP connection timeout to use. This is also the timeout for reading the remote server's 220 banner. -.IP "\fB-T \fItimeout\fR (default: \fB30\fR)" +.IP "\fB\-T \fItimeout\fR (default: \fB30\fR)" The SMTP/LMTP command timeout for EHLO/LHLO, STARTTLS and QUIT. -.IP "\fB-v\fR" -Enable verose Postfix logging. Specify more than once to increase +.IP "\fB\-v\fR" +Enable verbose Postfix logging. Specify more than once to increase the level of verbose logging. -.IP "\fB-w\fR" +.IP "\fB\-w\fR" Enable outgoing TLS wrapper mode, or SMTPS support. This is typically -provided on port 465 by servers that are compatible with the ad-hoc +provided on port 465 by servers that are compatible with the ad\-hoc SMTP in SSL protocol, rather than the standard STARTTLS protocol. The destination \fIdomain\fR:\fIport\fR should of course provide such a service. @@ -249,19 +249,19 @@ for instance \fImx1.example.com\fR, specify [\fImx1.example.com\fR] as the destination and \fIexample.com\fR as a \fBmatch\fR argument. When using DNS, the destination domain is assumed fully qualified and no default domain or search suffixes are applied; you must use -fully-qualified names or also enable \fBnative\fR host lookups -(these don't support \fBdane\fR or \fBdane-only\fR as no DNSSEC +fully\-qualified names or also enable \fBnative\fR host lookups +(these don't support \fBdane\fR or \fBdane\-only\fR as no DNSSEC validation information is available via \fBnative\fR lookups). .IP "\fBunix:\fIpathname\fR" -Connect to the UNIX-domain socket at \fIpathname\fR. LMTP only. +Connect to the UNIX\-domain socket at \fIpathname\fR. LMTP only. .IP "\fBmatch ...\fR" With no match arguments specified, certificate peername matching uses -the compiled-in default strategies for each security level. If you +the compiled\-in default strategies for each security level. If you specify one or more arguments, these will be used as the list of -certificate or public-key digests to match for the \fBfingerprint\fR +certificate or public\-key digests to match for the \fBfingerprint\fR level, or as the list of DNS names to match in the certificate at the \fBverify\fR and \fBsecure\fR levels. If the security level is -\fBdane\fR, or \fBdane-only\fR the match names are ignored, and +\fBdane\fR, or \fBdane\-only\fR the match names are ignored, and \fBhostname, nexthop\fR strategies are used. .ad .fi @@ -271,14 +271,14 @@ level, or as the list of DNS names to match in the certificate at the .ad .fi .IP \fBMAIL_CONFIG\fR -Read configuration parameters from a non-default location. +Read configuration parameters from a non\-default location. .IP \fBMAIL_VERBOSE\fR -Same as \fB-v\fR option. +Same as \fB\-v\fR option. .SH "SEE ALSO" .na .nf -smtp-source(1), SMTP/LMTP message source -smtp-sink(1), SMTP/LMTP message dump +smtp\-source(1), SMTP/LMTP message source +smtp\-sink(1), SMTP/LMTP message dump .SH "README FILES" .na diff --git a/postfix/man/man1/qmqp-sink.1 b/postfix/man/man1/qmqp-sink.1 index d169eaf36..d67a790ee 100644 --- a/postfix/man/man1/qmqp-sink.1 +++ b/postfix/man/man1/qmqp-sink.1 @@ -9,46 +9,46 @@ parallelized QMQP test server .na .nf .fi -\fBqmqp-sink\fR [\fB-46cv\fR] [\fB-x \fItime\fR] +\fBqmqp\-sink\fR [\fB\-46cv\fR] [\fB\-x \fItime\fR] [\fBinet:\fR][\fIhost\fR]:\fIport\fR \fIbacklog\fR -\fBqmqp-sink\fR [\fB-46cv\fR] [\fB-x \fItime\fR] +\fBqmqp\-sink\fR [\fB\-46cv\fR] [\fB\-x \fItime\fR] \fBunix:\fR\fIpathname\fR \fIbacklog\fR .SH DESCRIPTION .ad .fi -\fBqmqp-sink\fR listens on the named host (or address) and port. +\fBqmqp\-sink\fR listens on the named host (or address) and port. It receives messages from the network and throws them away. The purpose is to measure QMQP client performance, not protocol compliance. Connections can be accepted on IPv4 or IPv6 endpoints, or on -UNIX-domain sockets. +UNIX\-domain sockets. IPv4 and IPv6 are the default. -This program is the complement of the \fBqmqp-source\fR(1) program. +This program is the complement of the \fBqmqp\-source\fR(1) program. Note: this is an unsupported test program. No attempt is made to maintain compatibility between successive versions. Arguments: -.IP \fB-4\fR +.IP \fB\-4\fR Support IPv4 only. This option has no effect when Postfix is built without IPv6 support. -.IP \fB-6\fR +.IP \fB\-6\fR Support IPv6 only. This option is not available when Postfix is built without IPv6 support. -.IP \fB-c\fR +.IP \fB\-c\fR Display a running counter that is updated whenever a delivery is completed. -.IP \fB-v\fR -Increase verbosity. Specify \fB-v -v\fR to see some of the QMQP +.IP \fB\-v\fR +Increase verbosity. Specify \fB\-v \-v\fR to see some of the QMQP conversation. -.IP "\fB-x \fItime\fR +.IP "\fB\-x \fItime\fR Terminate after \fItime\fR seconds. This is to facilitate memory leak testing. .SH "SEE ALSO" .na .nf -qmqp-source(1), QMQP message generator +qmqp\-source(1), QMQP message generator .SH "LICENSE" .na .nf diff --git a/postfix/man/man1/qmqp-source.1 b/postfix/man/man1/qmqp-source.1 index 2463c5079..0aa50142d 100644 --- a/postfix/man/man1/qmqp-source.1 +++ b/postfix/man/man1/qmqp-source.1 @@ -9,67 +9,67 @@ parallelized QMQP test generator .na .nf .fi -\fBqmqp-source\fR [\fIoptions\fR] [\fBinet:\fR]\fIhost\fR[:\fIport\fR] +\fBqmqp\-source\fR [\fIoptions\fR] [\fBinet:\fR]\fIhost\fR[:\fIport\fR] -\fBqmqp-source\fR [\fIoptions\fR] \fBunix:\fIpathname\fR +\fBqmqp\-source\fR [\fIoptions\fR] \fBunix:\fIpathname\fR .SH DESCRIPTION .ad .fi -\fBqmqp-source\fR connects to the named host and TCP port (default 628) +\fBqmqp\-source\fR connects to the named host and TCP port (default 628) and sends one or more messages to it, either sequentially or in parallel. The program speaks the QMQP protocol. -Connections can be made to UNIX-domain and IPv4 or IPv6 servers. +Connections can be made to UNIX\-domain and IPv4 or IPv6 servers. IPv4 and IPv6 are the default. Note: this is an unsupported test program. No attempt is made to maintain compatibility between successive versions. Arguments: -.IP \fB-4\fR +.IP \fB\-4\fR Connect to the server with IPv4. This option has no effect when Postfix is built without IPv6 support. -.IP \fB-6\fR +.IP \fB\-6\fR Connect to the server with IPv6. This option is not available when Postfix is built without IPv6 support. -.IP \fB-c\fR +.IP \fB\-c\fR Display a running counter that is incremented each time a delivery completes. -.IP "\fB-C \fIcount\fR" +.IP "\fB\-C \fIcount\fR" When a host sends RESET instead of SYN|ACK, try \fIcount\fR times before giving up. The default count is 1. Specify a larger count in order to work around a problem with TCP/IP stacks that send RESET when the listen queue is full. -.IP "\fB-f \fIfrom\fR" +.IP "\fB\-f \fIfrom\fR" Use the specified sender address (default: ). -.IP "\fB-l \fIlength\fR" +.IP "\fB\-l \fIlength\fR" Send \fIlength\fR bytes as message payload. The length includes the message headers. -.IP "\fB-m \fImessage_count\fR" +.IP "\fB\-m \fImessage_count\fR" Send the specified number of messages (default: 1). -.IP "\fB-M \fImyhostname\fR" +.IP "\fB\-M \fImyhostname\fR" Use the specified hostname or [address] in the default sender and recipient addresses, instead of the machine hostname. -.IP "\fB-r \fIrecipient_count\fR" +.IP "\fB\-r \fIrecipient_count\fR" Send the specified number of recipients per transaction (default: 1). Recipient names are generated by prepending a number to the recipient address. -.IP "\fB-s \fIsession_count\fR" +.IP "\fB\-s \fIsession_count\fR" Run the specified number of QMQP sessions in parallel (default: 1). -.IP "\fB-t \fIto\fR" +.IP "\fB\-t \fIto\fR" Use the specified recipient address (default: ). -.IP "\fB-R \fIinterval\fR" +.IP "\fB\-R \fIinterval\fR" Wait for a random period of time 0 <= n <= interval between messages. Suspending one thread does not affect other delivery threads. -.IP \fB-v\fR +.IP \fB\-v\fR Make the program more verbose, for debugging purposes. -.IP "\fB-w \fIinterval\fR" +.IP "\fB\-w \fIinterval\fR" Wait a fixed time between messages. Suspending one thread does not affect other delivery threads. .SH "SEE ALSO" .na .nf -qmqp-sink(1), QMQP message dump +qmqp\-sink(1), QMQP message dump .SH "LICENSE" .na .nf diff --git a/postfix/man/man1/qshape.1 b/postfix/man/man1/qshape.1 index cd8b6350d..5a6352f0c 100644 --- a/postfix/man/man1/qshape.1 +++ b/postfix/man/man1/qshape.1 @@ -9,11 +9,11 @@ Print Postfix queue domain and age distribution .na .nf .fi -\fBqshape\fR [\fB-s\fR] [\fB-p\fR] [\fB-m \fImin_subdomains\fR] - [\fB-b \fIbucket_count\fR] [\fB-t \fIbucket_time\fR] - [\fB-l\fR] [\fB-w \fIterminal_width\fR] - [\fB-N \fIbatch_msg_count\fR] [\fB-n \fIbatch_top_domains\fR] - [\fB-c \fIconfig_directory\fR] [\fIqueue_name\fR ...] +\fBqshape\fR [\fB\-s\fR] [\fB\-p\fR] [\fB\-m \fImin_subdomains\fR] + [\fB\-b \fIbucket_count\fR] [\fB\-t \fIbucket_time\fR] + [\fB\-l\fR] [\fB\-w \fIterminal_width\fR] + [\fB\-N \fIbatch_msg_count\fR] [\fB\-n \fIbatch_top_domains\fR] + [\fB\-c \fIconfig_directory\fR] [\fIqueue_name\fR ...] .SH DESCRIPTION .ad .fi @@ -25,36 +25,36 @@ the \fBmail_owner\fR specified in \fBmain.cf\fR (typically \fBpostfix\fR). Options: -.IP \fB-s\fR +.IP \fB\-s\fR Display the sender domain distribution instead of the recipient domain distribution. By default the recipient distribution is displayed. There can be more recipients than messages, but as each message has only one sender, the sender distribution is a message distribution. -.IP \fB-p\fR +.IP \fB\-p\fR Generate aggregate statistics for parent domains. Top level domains are not shown, nor are domains with fewer than \fImin_subdomains\fR subdomains. The names of parent domains are shown with a leading dot, (e.g. \fI.example.com\fR). -.IP "\fB-m \fImin_subdomains\fR" -When used with the \fB-p\fR option, sets the minimum subdomain count +.IP "\fB\-m \fImin_subdomains\fR" +When used with the \fB\-p\fR option, sets the minimum subdomain count needed to show a separate line for a parent domain. The default is 5. -.IP "\fB-b \fIbucket_count\fR" +.IP "\fB\-b \fIbucket_count\fR" The age distribution is broken up into a sequence of geometrically increasing intervals. This option sets the number of intervals or "buckets". Each bucket has a maximum queue age that is twice as large as that of the previous bucket. The last bucket has no age limit. -.IP "\fB-t \fIbucket_time\fR" +.IP "\fB\-t \fIbucket_time\fR" The age limit in minutes for the first time bucket. The default value is 5, meaning that the first bucket counts messages between 0 and 5 minutes old. -.IP "\fB-l\fR" +.IP "\fB\-l\fR" Instead of using a geometric age sequence, use a linear age sequence, in other words simple multiples of \fBbucket_time\fR. This feature is available in Postfix 2.2 and later. -.IP "\fB-w \fIterminal_width\fR" +.IP "\fB\-w \fIterminal_width\fR" The output is right justified, with the counts for the last bucket shown on the 80th column, the \fIterminal_width\fR can be adjusted for wider screens allowing more buckets to be displayed @@ -65,16 +65,16 @@ are shown with the prefix replaced by a '+' character. Truncated parent domain rows are shown as '.+' followed by the last 16 bytes of the domain name. If this is still too narrow to show the domain name and all the counters, the terminal_width limit is violated. -.IP "\fB-N \fIbatch_msg_count\fR" +.IP "\fB\-N \fIbatch_msg_count\fR" When the output device is a terminal, intermediate results are shown each "batch_msg_count" messages. This produces usable results in a reasonable time even when the deferred queue is large. The default is to show intermediate results every 1000 messages. -.IP "\fB-n \fIbatch_top_domains\fR" +.IP "\fB\-n \fIbatch_top_domains\fR" When reporting intermediate or final results to a termainal, report only the top "batch_top_domains" domains. The default limit is 20 domains. -.IP "\fB-c \fIconfig_directory\fR" +.IP "\fB\-c \fIconfig_directory\fR" The \fBmain.cf\fR configuration file is in the named directory instead of the default configuration directory. .PP diff --git a/postfix/man/man1/sendmail.1 b/postfix/man/man1/sendmail.1 index 537f8340c..499b2acfb 100644 --- a/postfix/man/man1/sendmail.1 +++ b/postfix/man/man1/sendmail.1 @@ -11,17 +11,17 @@ Postfix to Sendmail compatibility interface \fBsendmail\fR [\fIoption ...\fR] [\fIrecipient ...\fR] \fBmailq\fR -\fBsendmail -bp\fR +\fBsendmail \-bp\fR \fBnewaliases\fR -\fBsendmail -I\fR +\fBsendmail \-I\fR .SH DESCRIPTION .ad .fi The Postfix \fBsendmail\fR(1) command implements the Postfix to Sendmail compatibility interface. For the sake of compatibility with existing applications, some -Sendmail command-line options are recognized but silently ignored. +Sendmail command\-line options are recognized but silently ignored. By default, Postfix \fBsendmail\fR(1) reads a message from standard input @@ -51,7 +51,7 @@ This mode of operation is implemented by executing the \fBpostqueue\fR(1) command. .IP \fBnewaliases\fR Initialize the alias database. If no input file is specified (with -the \fB-oA\fR option, see below), the program processes the file(s) +the \fB\-oA\fR option, see below), the program processes the file(s) specified with the \fBalias_database\fR configuration parameter. If no alias database type is specified, the program uses the type specified with the \fBdefault_database_type\fR configuration parameter. @@ -63,52 +63,52 @@ becomes visible. Use the "\fBpostfix reload\fR" command to eliminate this delay. .PP These and other features can be selected by specifying the -appropriate combination of command-line options. Some features are +appropriate combination of command\-line options. Some features are controlled by parameters in the \fBmain.cf\fR configuration file. The following options are recognized: -.IP "\fB-Am\fR (ignored)" -.IP "\fB-Ac\fR (ignored)" +.IP "\fB\-Am\fR (ignored)" +.IP "\fB\-Ac\fR (ignored)" Postfix sendmail uses the same configuration file regardless of whether or not a message is an initial submission. -.IP "\fB-B \fIbody_type\fR" +.IP "\fB\-B \fIbody_type\fR" The message body MIME type: \fB7BIT\fR or \fB8BITMIME\fR. -.IP \fB-bd\fR +.IP \fB\-bd\fR Go into daemon mode. This mode of operation is implemented by executing the "\fBpostfix start\fR" command. -.IP "\fB-bh\fR (ignored)" -.IP "\fB-bH\fR (ignored)" +.IP "\fB\-bh\fR (ignored)" +.IP "\fB\-bH\fR (ignored)" Postfix has no persistent host status database. -.IP \fB-bi\fR +.IP \fB\-bi\fR Initialize alias database. See the \fBnewaliases\fR command above. -.IP \fB-bl\fR +.IP \fB\-bl\fR Go into daemon mode. To accept only local connections as -with Sendmail\'s \fB-bl\fR option, specify "\fBinet_interfaces +with Sendmail\'s \fB\-bl\fR option, specify "\fBinet_interfaces = loopback\fR" in the Postfix \fBmain.cf\fR configuration file. -.IP \fB-bm\fR +.IP \fB\-bm\fR Read mail from standard input and arrange for delivery. This is the default mode of operation. -.IP \fB-bp\fR +.IP \fB\-bp\fR List the mail queue. See the \fBmailq\fR command above. -.IP \fB-bs\fR -Stand-alone SMTP server mode. Read SMTP commands from +.IP \fB\-bs\fR +Stand\-alone SMTP server mode. Read SMTP commands from standard input, and write responses to standard output. -In stand-alone SMTP server mode, mail relaying and other +In stand\-alone SMTP server mode, mail relaying and other access controls are disabled by default. To enable them, run the process as the \fBmail_owner\fR user. .sp This mode of operation is implemented by running the \fBsmtpd\fR(8) daemon. -.IP \fB-bv\fR +.IP \fB\-bv\fR Do not collect or deliver a message. Instead, send an email report after verifying each recipient address. This is useful for testing address rewriting and routing configurations. .sp This feature is available in Postfix version 2.1 and later. -.IP "\fB-C \fIconfig_file\fR" -.IP "\fB-C \fIconfig_dir\fR" +.IP "\fB\-C \fIconfig_file\fR" +.IP "\fB\-C \fIconfig_dir\fR" The path name of the Postfix \fBmain.cf\fR file, or of its parent directory. This information is ignored with Postfix versions before 2.3. @@ -116,136 +116,136 @@ versions before 2.3. With all Postfix versions, you can specify a directory pathname with the MAIL_CONFIG environment variable to override the location of configuration files. -.IP "\fB-F \fIfull_name\fR +.IP "\fB\-F \fIfull_name\fR Set the sender full name. This overrides the NAME environment variable, and is used only with messages that have no \fBFrom:\fR message header. -.IP "\fB-f \fIsender\fR" +.IP "\fB\-f \fIsender\fR" Set the envelope sender address. This is the address where delivery problems are sent to. With Postfix versions before 2.1, the -\fBErrors-To:\fR message header overrides the error return address. -.IP \fB-G\fR +\fBErrors\-To:\fR message header overrides the error return address. +.IP \fB\-G\fR Gateway (relay) submission, as opposed to initial user submission. Either do not rewrite addresses at all, or update incomplete addresses with the domain information specified with \fBremote_header_rewrite_domain\fR. This option is ignored before Postfix version 2.3. -.IP "\fB-h \fIhop_count\fR (ignored)" +.IP "\fB\-h \fIhop_count\fR (ignored)" Hop count limit. Use the \fBhopcount_limit\fR configuration parameter instead. -.IP \fB-I\fR +.IP \fB\-I\fR Initialize alias database. See the \fBnewaliases\fR command above. -.IP "\fB-i\fR" +.IP "\fB\-i\fR" When reading a message from standard input, don\'t treat a line with only a \fB.\fR character as the end of input. -.IP "\fB-L \fIlabel\fR (ignored)" +.IP "\fB\-L \fIlabel\fR (ignored)" The logging label. Use the \fBsyslog_name\fR configuration parameter instead. -.IP "\fB-m\fR (ignored)" +.IP "\fB\-m\fR (ignored)" Backwards compatibility. -.IP "\fB-N \fIdsn\fR (default: 'delay, failure')" +.IP "\fB\-N \fIdsn\fR (default: 'delay, failure')" Delivery status notification control. Specify either a -comma-separated list with one or more of \fBfailure\fR (send +comma\-separated list with one or more of \fBfailure\fR (send notification when delivery fails), \fBdelay\fR (send notification when delivery is delayed), or \fBsuccess\fR (send notification when the message is delivered); or specify \fBnever\fR (don't send any notifications at all). This feature is available in Postfix 2.3 and later. -.IP "\fB-n\fR (ignored)" +.IP "\fB\-n\fR (ignored)" Backwards compatibility. -.IP "\fB-oA\fIalias_database\fR" -Non-default alias database. Specify \fIpathname\fR or +.IP "\fB\-oA\fIalias_database\fR" +Non\-default alias database. Specify \fIpathname\fR or \fItype\fR:\fIpathname\fR. See \fBpostalias\fR(1) for details. -.IP "\fB-O \fIoption=value\fR (ignored)" +.IP "\fB\-O \fIoption=value\fR (ignored)" Set the named \fIoption\fR to \fIvalue\fR. Use the equivalent configuration parameter in \fBmain.cf\fR instead. -.IP "\fB-o7\fR (ignored)" -.IP "\fB-o8\fR (ignored)" -To send 8-bit or binary content, use an appropriate MIME encapsulation -and specify the appropriate \fB-B\fR command-line option. -.IP "\fB-oi\fR" +.IP "\fB\-o7\fR (ignored)" +.IP "\fB\-o8\fR (ignored)" +To send 8\-bit or binary content, use an appropriate MIME encapsulation +and specify the appropriate \fB\-B\fR command\-line option. +.IP "\fB\-oi\fR" When reading a message from standard input, don\'t treat a line with only a \fB.\fR character as the end of input. -.IP "\fB-om\fR (ignored)" +.IP "\fB\-om\fR (ignored)" The sender is never eliminated from alias etc. expansions. -.IP "\fB-o \fIx value\fR (ignored)" +.IP "\fB\-o \fIx value\fR (ignored)" Set option \fIx\fR to \fIvalue\fR. Use the equivalent configuration parameter in \fBmain.cf\fR instead. -.IP "\fB-r \fIsender\fR" +.IP "\fB\-r \fIsender\fR" Set the envelope sender address. This is the address where delivery problems are sent to. With Postfix versions before 2.1, the -\fBErrors-To:\fR message header overrides the error return address. -.IP "\fB-R \fIreturn\fR" +\fBErrors\-To:\fR message header overrides the error return address. +.IP "\fB\-R \fIreturn\fR" Delivery status notification control. Specify "hdrs" to return only the header when a message bounces, "full" to return a full copy (the default behavior). -The \fB-R\fR option specifies an upper bound; Postfix will +The \fB\-R\fR option specifies an upper bound; Postfix will return only the header, when a full copy would exceed the bounce_size_limit setting. This option is ignored before Postfix version 2.10. -.IP \fB-q\fR +.IP \fB\-q\fR Attempt to deliver all queued mail. This is implemented by executing the \fBpostqueue\fR(1) command. Warning: flushing undeliverable mail frequently will result in poor delivery performance of all other mail. -.IP "\fB-q\fIinterval\fR (ignored)" +.IP "\fB\-q\fIinterval\fR (ignored)" The interval between queue runs. Use the \fBqueue_run_delay\fR configuration parameter instead. -.IP \fB-qI\fIqueueid\fR +.IP \fB\-qI\fIqueueid\fR Schedule immediate delivery of mail with the specified queue ID. This option is implemented by executing the \fBpostqueue\fR(1) command, and is available with Postfix version 2.4 and later. -.IP \fB-qR\fIsite\fR +.IP \fB\-qR\fIsite\fR Schedule immediate delivery of all mail that is queued for the named \fIsite\fR. This option accepts only \fIsite\fR names that are eligible for the "fast flush" service, and is implemented by executing the \fBpostqueue\fR(1) command. See \fBflush\fR(8) for more information about the "fast flush" service. -.IP \fB-qS\fIsite\fR -This command is not implemented. Use the slower "\fBsendmail -q\fR" +.IP \fB\-qS\fIsite\fR +This command is not implemented. Use the slower "\fBsendmail \-q\fR" command instead. -.IP \fB-t\fR +.IP \fB\-t\fR Extract recipients from message headers. These are added to any recipients specified on the command line. With Postfix versions prior to 2.1, this option requires that no recipient addresses are specified on the command line. -.IP "\fB-U\fR (ignored)" +.IP "\fB\-U\fR (ignored)" Initial user submission. -.IP "\fB-V \fIenvid\fR" +.IP "\fB\-V \fIenvid\fR" Specify the envelope ID for notification by servers that support DSN. This feature is available in Postfix 2.3 and later. -.IP "\fB-XV\fR (Postfix 2.2 and earlier: \fB-V\fR)" +.IP "\fB\-XV\fR (Postfix 2.2 and earlier: \fB\-V\fR)" Variable Envelope Return Path. Given an envelope sender address -of the form \fIowner-listname\fR@\fIorigin\fR, each recipient +of the form \fIowner\-listname\fR@\fIorigin\fR, each recipient \fIuser\fR@\fIdomain\fR receives mail with a personalized envelope sender address. .sp By default, the personalized envelope sender address is -\fIowner-listname\fB+\fIuser\fB=\fIdomain\fR@\fIorigin\fR. The default +\fIowner\-listname\fB+\fIuser\fB=\fIdomain\fR@\fIorigin\fR. The default \fB+\fR and \fB=\fR characters are configurable with the \fBdefault_verp_delimiters\fR configuration parameter. -.IP "\fB-XV\fIxy\fR (Postfix 2.2 and earlier: \fB-V\fIxy\fR)" -As \fB-XV\fR, but uses \fIx\fR and \fIy\fR as the VERP delimiter +.IP "\fB\-XV\fIxy\fR (Postfix 2.2 and earlier: \fB\-V\fIxy\fR)" +As \fB\-XV\fR, but uses \fIx\fR and \fIy\fR as the VERP delimiter characters, instead of the characters specified with the \fBdefault_verp_delimiters\fR configuration parameter. -.IP \fB-v\fR +.IP \fB\-v\fR Send an email report of the first delivery attempt (Postfix versions 2.1 and later). Mail delivery -always happens in the background. When multiple \fB-v\fR +always happens in the background. When multiple \fB\-v\fR options are given, enable verbose logging for debugging purposes. -.IP "\fB-X \fIlog_file\fR (ignored)" +.IP "\fB\-X \fIlog_file\fR (ignored)" Log mailer traffic. Use the \fBdebug_peer_list\fR and \fBdebug_peer_level\fR configuration parameters instead. .SH "SECURITY" @@ -253,7 +253,7 @@ Log mailer traffic. Use the \fBdebug_peer_list\fR and .nf .ad .fi -By design, this program is not set-user (or group) id. However, +By design, this program is not set\-user (or group) id. However, it must handle data from untrusted, possibly remote, users. Thus, the usual precautions need to be taken against malicious inputs. @@ -276,7 +276,7 @@ Enable debugging with an external command, as specified with the \fBdebugger_command\fR configuration parameter. .IP \fBNAME\fR The sender full name. This is used only with messages that -have no \fBFrom:\fR message header. See also the \fB-F\fR +have no \fBFrom:\fR message header. See also the \fB\-F\fR option above. .SH "CONFIGURATION PARAMETERS" .na @@ -305,7 +305,7 @@ The DEBUG_README file gives examples of how to trouble shoot a Postfix system. .IP "\fBdebugger_command (empty)\fR" The external command to execute when a Postfix daemon program is -invoked with the -D option. +invoked with the \-D option. .IP "\fBdebug_peer_level (2)\fR" The increment in verbose logging level when a remote client or server matches a pattern in the debug_peer_list parameter. @@ -333,7 +333,7 @@ command (and with the privileged \fBpostdrop\fR(1) helper command). .fi .IP "\fBbounce_size_limit (50000)\fR" The maximal amount of original message text that is sent in a -non-delivery notification. +non\-delivery notification. .IP "\fBfork_attempts (5)\fR" The maximal number of attempts to fork() a child process. .IP "\fBfork_delay (1s)\fR" @@ -352,7 +352,7 @@ prior to Postfix 2.4 the default value was 1000s. The ETRN_README file describes configuration and operation details for the Postfix "fast flush" service. .IP "\fBfast_flush_domains ($relay_domains)\fR" -Optional list of destinations that are eligible for per-destination +Optional list of destinations that are eligible for per\-destination logfiles with mail that is queued to those destinations. .SH "VERP CONTROLS" .na @@ -364,7 +364,7 @@ details of Postfix support for variable envelope return path addresses. .IP "\fBdefault_verp_delimiters (+=)\fR" The two default VERP delimiter characters. -.IP "\fBverp_delimiter_filter (-=+)\fR" +.IP "\fBverp_delimiter_filter (\-=+)\fR" The characters Postfix accepts as VERP delimiter characters on the Postfix \fBsendmail\fR(1) command line and in SMTP commands. .SH "MISCELLANEOUS CONTROLS" @@ -374,7 +374,7 @@ Postfix \fBsendmail\fR(1) command line and in SMTP commands. .fi .IP "\fBalias_database (see 'postconf -d' output)\fR" The alias databases for \fBlocal\fR(8) delivery that are updated with -"\fBnewaliases\fR" or with "\fBsendmail -bi\fR". +"\fBnewaliases\fR" or with "\fBsendmail \-bi\fR". .IP "\fBcommand_directory (see 'postconf -d' output)\fR" The location of all postfix administrative commands. .IP "\fBconfig_directory (see 'postconf -d' output)\fR" @@ -392,7 +392,7 @@ headers of mail that is still queued. The UNIX system account that owns the Postfix queue and most Postfix daemon processes. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBremote_header_rewrite_domain (empty)\fR" Don't rewrite message headers from remote clients at all when this parameter is empty; otherwise, rewrite message headers and diff --git a/postfix/man/man1/smtp-sink.1 b/postfix/man/man1/smtp-sink.1 index e8adad790..71e6bc3d6 100644 --- a/postfix/man/man1/smtp-sink.1 +++ b/postfix/man/man1/smtp-sink.1 @@ -9,64 +9,64 @@ parallelized SMTP/LMTP test server .na .nf .fi -\fBsmtp-sink\fR [\fIoptions\fR] [\fBinet:\fR][\fIhost\fR]:\fIport\fR +\fBsmtp\-sink\fR [\fIoptions\fR] [\fBinet:\fR][\fIhost\fR]:\fIport\fR \fIbacklog\fR -\fBsmtp-sink\fR [\fIoptions\fR] \fBunix:\fR\fIpathname\fR \fIbacklog\fR +\fBsmtp\-sink\fR [\fIoptions\fR] \fBunix:\fR\fIpathname\fR \fIbacklog\fR .SH DESCRIPTION .ad .fi -\fBsmtp-sink\fR listens on the named host (or address) and port. +\fBsmtp\-sink\fR listens on the named host (or address) and port. It takes SMTP messages from the network and throws them away. The purpose is to measure client performance, not protocol compliance. -\fBsmtp-sink\fR may also be configured to capture each mail +\fBsmtp\-sink\fR may also be configured to capture each mail delivery transaction to file. Since disk latencies are large compared to network delays, this mode of operation can reduce the maximal performance by several orders of magnitude. Connections can be accepted on IPv4 or IPv6 endpoints, or on -UNIX-domain sockets. +UNIX\-domain sockets. IPv4 and IPv6 are the default. -This program is the complement of the \fBsmtp-source\fR(1) program. +This program is the complement of the \fBsmtp\-source\fR(1) program. Note: this is an unsupported test program. No attempt is made to maintain compatibility between successive versions. Arguments: -.IP \fB-4\fR +.IP \fB\-4\fR Support IPv4 only. This option has no effect when Postfix is built without IPv6 support. -.IP \fB-6\fR +.IP \fB\-6\fR Support IPv6 only. This option is not available when Postfix is built without IPv6 support. -.IP \fB-8\fR +.IP \fB\-8\fR Do not announce 8BITMIME support. -.IP \fB-a\fR +.IP \fB\-a\fR Do not announce SASL authentication support. -.IP "\fB-A \fIdelay\fR" +.IP "\fB\-A \fIdelay\fR" Wait \fIdelay\fR seconds after responding to DATA, then abort prematurely with a 550 reply status. Do not read further input from the client; this is an attempt to block the client before it sends ".". Specify a zero delay value to abort immediately. -.IP "\fB-b \fIsoft-bounce-reply\fR" -Use \fIsoft-bounce-reply\fR for soft reject responses. The +.IP "\fB\-b \fIsoft\-bounce\-reply\fR" +Use \fIsoft\-bounce\-reply\fR for soft reject responses. The default reply is "450 4.3.0 Error: command failed". -.IP "\fB-B \fIhard-bounce-reply\fR" -Use \fIhard-bounce-reply\fR for hard reject responses. The +.IP "\fB\-B \fIhard\-bounce\-reply\fR" +Use \fIhard\-bounce\-reply\fR for hard reject responses. The default reply is "500 5.3.0 Error: command failed". -.IP \fB-c\fR +.IP \fB\-c\fR Display running counters that are updated whenever an SMTP session ends, a QUIT command is executed, or when "." is received. -.IP \fB-C\fR +.IP \fB\-C\fR Disable XCLIENT support. -.IP "\fB-d \fIdump-template\fR" -Dump each mail transaction to a single-message file whose -name is created by expanding the \fIdump-template\fR via -strftime(3) and appending a pseudo-random hexadecimal number +.IP "\fB\-d \fIdump\-template\fR" +Dump each mail transaction to a single\-message file whose +name is created by expanding the \fIdump\-template\fR via +strftime(3) and appending a pseudo\-random hexadecimal number (example: "%Y%m%d%H/%M." expands into "2006081203/05.809a62e3"). If the template contains "/" characters, missing directories are created automatically. The message dump format is @@ -74,9 +74,9 @@ described below. .sp Note: this option keeps one capture file open for every mail transaction in progress. -.IP "\fB-D \fIdump-template\fR" -Append mail transactions to a multi-message dump file whose -name is created by expanding the \fIdump-template\fR via +.IP "\fB\-D \fIdump\-template\fR" +Append mail transactions to a multi\-message dump file whose +name is created by expanding the \fIdump\-template\fR via strftime(3). If the template contains "/" characters, missing directories are created automatically. The message dump format is @@ -84,108 +84,108 @@ described below. .sp Note: this option keeps one capture file open for every mail transaction in progress. -.IP \fB-e\fR +.IP \fB\-e\fR Do not announce ESMTP support. -.IP \fB-E\fR +.IP \fB\-E\fR Do not announce ENHANCEDSTATUSCODES support. -.IP "\fB-f \fIcommand,command,...\fR" +.IP "\fB\-f \fIcommand,command,...\fR" Reject the specified commands with a hard (5xx) error code. -This option implies \fB-p\fR. +This option implies \fB\-p\fR. .sp Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by white space or commas, and use quotes to protect white space -from the shell. Command names are case-insensitive. -.IP \fB-F\fR +from the shell. Command names are case\-insensitive. +.IP \fB\-F\fR Disable XFORWARD support. -.IP "\fB-h\fI hostname\fR" +.IP "\fB\-h\fI hostname\fR" Use \fIhostname\fR in the SMTP greeting, in the HELO response, -and in the EHLO response. The default hostname is "smtp-sink". -.IP "\fB-H\fI delay\fR" +and in the EHLO response. The default hostname is "smtp\-sink". +.IP "\fB\-H\fI delay\fR" Delay the first read operation after receiving DATA (time in seconds). Combine with a large test message and a small -TCP window size (see the \fB-T\fR option) to test the Postfix +TCP window size (see the \fB\-T\fR option) to test the Postfix client write_wait() implementation. -.IP \fB-L\fR +.IP \fB\-L\fR Enable LMTP instead of SMTP. -.IP "\fB-m \fIcount\fR (default: 256)" +.IP "\fB\-m \fIcount\fR (default: 256)" An upper bound on the maximal number of simultaneous -connections that \fBsmtp-sink\fR will handle. This prevents +connections that \fBsmtp\-sink\fR will handle. This prevents the process from running out of file descriptors. Excess connections will stay queued in the TCP/IP stack. -.IP "\fB-M \fIcount\fR" +.IP "\fB\-M \fIcount\fR" Terminate after receiving \fIcount\fR messages. -.IP "\fB-n \fIcount\fR" +.IP "\fB\-n \fIcount\fR" Terminate after \fIcount\fR sessions. -.IP \fB-N\fR +.IP \fB\-N\fR Do not announce support for DSN. -.IP \fB-p\fR +.IP \fB\-p\fR Do not announce support for ESMTP command pipelining. -.IP \fB-P\fR +.IP \fB\-P\fR Change the server greeting so that it appears to come through -a CISCO PIX system. Implies \fB-e\fR. -.IP "\fB-q \fIcommand,command,...\fR" +a CISCO PIX system. Implies \fB\-e\fR. +.IP "\fB\-q \fIcommand,command,...\fR" Disconnect (without replying) after receiving one of the specified commands. .sp Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by white space or commas, and use quotes to protect white space -from the shell. Command names are case-insensitive. -.IP "\fB-Q \fIcommand,command,...\fR" +from the shell. Command names are case\-insensitive. +.IP "\fB\-Q \fIcommand,command,...\fR" Send a 421 reply and disconnect after receiving one of the specified commands. .sp Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by white space or commas, and use quotes to protect white space -from the shell. Command names are case-insensitive. -.IP "\fB-r \fIcommand,command,...\fR" +from the shell. Command names are case\-insensitive. +.IP "\fB\-r \fIcommand,command,...\fR" Reject the specified commands with a soft (4xx) error code. -This option implies \fB-p\fR. +This option implies \fB\-p\fR. .sp Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by white space or commas, and use quotes to protect white space -from the shell. Command names are case-insensitive. -.IP "\fB-R \fIroot-directory\fR" +from the shell. Command names are case\-insensitive. +.IP "\fB\-R \fIroot\-directory\fR" Change the process root directory to the specified location. -This option requires super-user privileges. See also the -\fB-u\fR option. -.IP "\fB-s \fIcommand,command,...\fR" +This option requires super\-user privileges. See also the +\fB\-u\fR option. +.IP "\fB\-s \fIcommand,command,...\fR" Log the named commands to syslogd. .sp Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by white space or commas, and use quotes to protect white space -from the shell. Command names are case-insensitive. -.IP "\fB-S start-string\fR" +from the shell. Command names are case\-insensitive. +.IP "\fB\-S start\-string\fR" An optional string that is prepended to each message that is written to a dump file (see the dump file format description below). The following C escape sequences are supported: \ea -(bell), \eb (backslace), \ef (formfeed), \en (newline), \er +(bell), \eb (backspace), \ef (formfeed), \en (newline), \er (carriage return), \et (horizontal tab), \ev (vertical tab), \e\fIddd\fR (up to three octal digits) and \e\e (the backslash character). -.IP "\fB-t \fItimeout\fR (default: 100)" +.IP "\fB\-t \fItimeout\fR (default: 100)" Limit the time for receiving a command or sending a response. The time limit is specified in seconds. -.IP "\fB-T \fIwindowsize\fR" +.IP "\fB\-T \fIwindowsize\fR" Override the default TCP window size. To work around broken TCP window scaling implementations, specify a value > 0 and < 65536. -.IP "\fB-u \fIusername\fR" +.IP "\fB\-u \fIusername\fR" Switch to the specified user privileges after opening the network socket and optionally changing the process root directory. This option is required when the process runs -with super-user privileges. See also the \fB-R\fR option. -.IP \fB-v\fR +with super\-user privileges. See also the \fB\-R\fR option. +.IP \fB\-v\fR Show the SMTP conversations. -.IP "\fB-w \fIdelay\fR" +.IP "\fB\-w \fIdelay\fR" Wait \fIdelay\fR seconds before responding to a DATA command. -.IP "\fB-W \fIcommand:delay[:odds]\fR" +.IP "\fB\-W \fIcommand:delay[:odds]\fR" Wait \fIdelay\fR seconds before responding to \fIcommand\fR. -If \fIodds\fR is also specified (a number between 1-99 +If \fIodds\fR is also specified (a number between 1\-99 inclusive), wait for a random multiple of \fIdelay\fR. The random multiplier is equal to the number of times the program needs to roll a dice with a range of 0..99 inclusive, before @@ -195,7 +195,7 @@ Listen on network interface \fIhost\fR (default: any interface) TCP port \fIport\fR. Both \fIhost\fR and \fIport\fR may be specified in numeric or symbolic form. .IP \fBunix:\fR\fIpathname\fR -Listen on the UNIX-domain socket at \fIpathname\fR. +Listen on the UNIX\-domain socket at \fIpathname\fR. .IP \fIbacklog\fR The maximum length the queue of pending connections, as defined by the \fBlisten\fR(2) system call. @@ -208,54 +208,54 @@ Each dumped message contains a sequence of text lines, terminated with the newline character. The sequence of information is as follows: .IP \(bu -The optional string specified with the \fB-S\fR option. +The optional string specified with the \fB\-S\fR option. .IP \(bu -The \fBsmtp-sink\fR generated headers as documented below. +The \fBsmtp\-sink\fR generated headers as documented below. .IP \(bu The message header and body as received from the SMTP client. .IP \(bu An empty line. .PP -The format of the \fBsmtp-sink\fR generated headers is as +The format of the \fBsmtp\-sink\fR generated headers is as follows: -.IP "\fBX-Client-Addr: \fItext\fR" +.IP "\fBX\-Client\-Addr: \fItext\fR" The client IP address without enclosing []. An IPv6 address is prefixed with "ipv6:". This record is always present. -.IP "\fBX-Client-Proto: \fItext\fR" +.IP "\fBX\-Client\-Proto: \fItext\fR" The client protocol: SMTP, ESMTP or LMTP. This record is always present. -.IP "\fBX-Helo-Args: \fItext\fR" +.IP "\fBX\-Helo\-Args: \fItext\fR" The arguments of the last HELO or EHLO command before this mail delivery transaction. This record is present only if the client sent a recognizable HELO or EHLO command before the DATA command. -.IP "\fBX-Mail-Args: \fItext\fR" +.IP "\fBX\-Mail\-Args: \fItext\fR" The arguments of the MAIL command that started this mail delivery transaction. This record is present exactly once. -.IP "\fBX-Rcpt-Args: \fItext\fR" +.IP "\fBX\-Rcpt\-Args: \fItext\fR" The arguments of an RCPT command within this mail delivery transaction. There is one record for each RCPT command, and they are in the order as sent by the client. .IP "\fBReceived: \fItext\fR" A message header for compatibility with mail processing -software. This three-line header marks the end of the headers -provided by \fBsmtp-sink\fR, and is formatted as follows: +software. This three\-line header marks the end of the headers +provided by \fBsmtp\-sink\fR, and is formatted as follows: .RS .IP "\fBfrom \fIhelo\fB ([\fIaddr\fB])\fR" The HELO or EHLO command argument and client IP address. If the client did not send HELO or EHLO, the client IP address is used instead. -.IP "\fBby \fIhost\fB (smtp-sink) with \fIproto\fB id \fIrandom\fB;\fR" -The hostname specified with the \fB-h\fR option, the client -protocol (see \fBX-Client-Proto\fR above), and the pseudo-random -portion of the per-message capture file name. -.IP \fItime-stamp\fR +.IP "\fBby \fIhost\fB (smtp\-sink) with \fIproto\fB id \fIrandom\fB;\fR" +The hostname specified with the \fB\-h\fR option, the client +protocol (see \fBX\-Client\-Proto\fR above), and the pseudo\-random +portion of the per\-message capture file name. +.IP \fItime\-stamp\fR A time stamp as defined in RFC 2822. .RE .SH "SEE ALSO" .na .nf -smtp-source(1), SMTP/LMTP message generator +smtp\-source(1), SMTP/LMTP message generator .SH "LICENSE" .na .nf diff --git a/postfix/man/man1/smtp-source.1 b/postfix/man/man1/smtp-source.1 index 748328f7c..e936e875b 100644 --- a/postfix/man/man1/smtp-source.1 +++ b/postfix/man/man1/smtp-source.1 @@ -9,96 +9,96 @@ parallelized SMTP/LMTP test generator .na .nf .fi -\fBsmtp-source\fR [\fIoptions\fR] [\fBinet:\fR]\fIhost\fR[:\fIport\fR] +\fBsmtp\-source\fR [\fIoptions\fR] [\fBinet:\fR]\fIhost\fR[:\fIport\fR] -\fBsmtp-source\fR [\fIoptions\fR] \fBunix:\fIpathname\fR +\fBsmtp\-source\fR [\fIoptions\fR] \fBunix:\fIpathname\fR .SH DESCRIPTION .ad .fi -\fBsmtp-source\fR connects to the named \fIhost\fR and TCP \fIport\fR +\fBsmtp\-source\fR connects to the named \fIhost\fR and TCP \fIport\fR (default: port 25) and sends one or more messages to it, either sequentially or in parallel. The program speaks either SMTP (default) or LMTP. -Connections can be made to UNIX-domain and IPv4 or IPv6 servers. +Connections can be made to UNIX\-domain and IPv4 or IPv6 servers. IPv4 and IPv6 are the default. Note: this is an unsupported test program. No attempt is made to maintain compatibility between successive versions. Arguments: -.IP \fB-4\fR +.IP \fB\-4\fR Connect to the server with IPv4. This option has no effect when Postfix is built without IPv6 support. -.IP \fB-6\fR +.IP \fB\-6\fR Connect to the server with IPv6. This option is not available when Postfix is built without IPv6 support. -.IP "\fB-A\fR" +.IP "\fB\-A\fR" Don't abort when the server sends something other than the expected positive reply code. -.IP \fB-c\fR +.IP \fB\-c\fR Display a running counter that is incremented each time an SMTP DATA command completes. -.IP "\fB-C \fIcount\fR" +.IP "\fB\-C \fIcount\fR" When a host sends RESET instead of SYN|ACK, try \fIcount\fR times before giving up. The default count is 1. Specify a larger count in order to work around a problem with TCP/IP stacks that send RESET when the listen queue is full. -.IP \fB-d\fR +.IP \fB\-d\fR Don't disconnect after sending a message; send the next message over the same connection. -.IP "\fB-f \fIfrom\fR" +.IP "\fB\-f \fIfrom\fR" Use the specified sender address (default: ). -.IP "\fB-F \fIfile\fR" -Send the pre-formatted message header and body in the +.IP "\fB\-F \fIfile\fR" +Send the pre\-formatted message header and body in the specified \fIfile\fR, while prepending '.' before lines that begin with '.', and while appending CRLF after each line. -.IP "\fB-l \fIlength\fR" +.IP "\fB\-l \fIlength\fR" Send \fIlength\fR bytes as message payload. The length does not include message headers. -.IP \fB-L\fR +.IP \fB\-L\fR Speak LMTP rather than SMTP. -.IP "\fB-m \fImessage_count\fR" +.IP "\fB\-m \fImessage_count\fR" Send the specified number of messages (default: 1). -.IP "\fB-M \fImyhostname\fR" +.IP "\fB\-M \fImyhostname\fR" Use the specified hostname or [address] in the HELO command and in the default sender and recipient addresses, instead of the machine hostname. -.IP "\fB-N\fR" -Prepend a non-repeating sequence number to each recipient +.IP "\fB\-N\fR" +Prepend a non\-repeating sequence number to each recipient address. This avoids the artificial 100% hit rate in the resolve and rewrite client caches and exercises the -trivial-rewrite daemon, better approximating Postfix -performance under real-life work-loads. -.IP \fB-o\fR +trivial\-rewrite daemon, better approximating Postfix +performance under real\-life work\-loads. +.IP \fB\-o\fR Old mode: don't send HELO, and don't send message headers. -.IP "\fB-r \fIrecipient_count\fR" +.IP "\fB\-r \fIrecipient_count\fR" Send the specified number of recipients per transaction (default: 1). Recipient names are generated by prepending a number to the recipient address. -.IP "\fB-R \fIinterval\fR" +.IP "\fB\-R \fIinterval\fR" Wait for a random period of time 0 <= n <= interval between messages. Suspending one thread does not affect other delivery threads. -.IP "\fB-s \fIsession_count\fR" +.IP "\fB\-s \fIsession_count\fR" Run the specified number of SMTP sessions in parallel (default: 1). -.IP "\fB-S \fIsubject\fR" +.IP "\fB\-S \fIsubject\fR" Send mail with the named subject line (default: none). -.IP "\fB-t \fIto\fR" +.IP "\fB\-t \fIto\fR" Use the specified recipient address (default: ). -.IP "\fB-T \fIwindowsize\fR" +.IP "\fB\-T \fIwindowsize\fR" Override the default TCP window size. To work around broken TCP window scaling implementations, specify a value > 0 and < 65536. -.IP \fB-v\fR +.IP \fB\-v\fR Make the program more verbose, for debugging purposes. -.IP "\fB-w \fIinterval\fR" +.IP "\fB\-w \fIinterval\fR" Wait a fixed time between messages. Suspending one thread does not affect other delivery threads. .IP [\fBinet:\fR]\fIhost\fR[:\fIport\fR] Connect via TCP to host \fIhost\fR, port \fIport\fR. The default port is \fBsmtp\fR. .IP \fBunix:\fIpathname\fR -Connect to the UNIX-domain socket at \fIpathname\fR. +Connect to the UNIX\-domain socket at \fIpathname\fR. .SH BUGS .ad .fi @@ -106,7 +106,7 @@ No SMTP command pipelining support. .SH "SEE ALSO" .na .nf -smtp-sink(1), SMTP/LMTP message dump +smtp\-sink(1), SMTP/LMTP message dump .SH "LICENSE" .na .nf diff --git a/postfix/man/man5/access.5 b/postfix/man/man5/access.5 index 24eb89b6d..cca47d7ca 100644 --- a/postfix/man/man5/access.5 +++ b/postfix/man/man5/access.5 @@ -10,9 +10,9 @@ Postfix SMTP server access table .nf \fBpostmap /etc/postfix/access\fR -\fBpostmap -q "\fIstring\fB" /etc/postfix/access\fR +\fBpostmap \-q "\fIstring\fB" /etc/postfix/access\fR -\fBpostmap -q - /etc/postfix/access <\fIinputfile\fR +\fBpostmap \-q \- /etc/postfix/access <\fIinputfile\fR .SH DESCRIPTION .ad .fi @@ -33,11 +33,11 @@ indexed file after changing the corresponding text file. When the table is provided via other means such as NIS, LDAP or SQL, the same lookups are done as for ordinary indexed files. -Alternatively, the table can be provided as a regular-expression +Alternatively, the table can be provided as a regular\-expression map where patterns are given as regular expressions, or lookups -can be directed to TCP-based server. In those cases, the lookups +can be directed to TCP\-based server. In those cases, the lookups are done in a slightly different way as described below under -"REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES". +"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES". .SH "CASE FOLDING" .na .nf @@ -57,10 +57,10 @@ The input format for the \fBpostmap\fR(1) command is as follows: When \fIpattern\fR matches a mail address, domain or host address, perform the corresponding \fIaction\fR. .IP "blank lines and comments" -Empty lines and whitespace-only lines are ignored, as -are lines whose first non-whitespace character is a `#'. -.IP "multi-line text" -A logical line starts with non-whitespace text. A line that +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP "multi\-line text" +A logical line starts with non\-whitespace text. A line that starts with whitespace continues a logical line. .SH "EMAIL ADDRESS PATTERNS" .na @@ -168,10 +168,10 @@ IPv6 support is available in Postfix 2.2 and later. .fi .IP \fBOK\fR Accept the address etc. that matches the pattern. -.IP \fIall-numerical\fR -An all-numerical result is treated as OK. This format is -generated by address-based relay authorization schemes -such as pop-before-smtp. +.IP \fIall\-numerical\fR +An all\-numerical result is treated as OK. This format is +generated by address\-based relay authorization schemes +such as pop\-before\-smtp. .PP For other accept actions, see "OTHER ACTIONS" below. .SH "REJECT ACTIONS" @@ -188,7 +188,7 @@ defer actions. See "ENHANCED STATUS CODES" below. .IP "\fB4\fINN text\fR" .IP "\fB5\fINN text\fR" Reject the address etc. that matches the pattern, and respond with -the numerical three-digit code and text. \fB4\fINN\fR means "try +the numerical three\-digit code and text. \fB4\fINN\fR means "try again later", while \fB5\fINN\fR means "do not try again". The following responses have special meaning for the Postfix @@ -196,7 +196,7 @@ SMTP server: .RS .IP "\fB421 \fItext\fR (Postfix 2.3 and later)" .IP "\fB521 \fItext\fR (Postfix 2.6 and later)" -After responding with the numerical three-digit code and +After responding with the numerical three\-digit code and text, disconnect immediately from the SMTP client. This frees up SMTP server resources so that they can be made available to another SMTP client. @@ -276,7 +276,7 @@ This feature is available in Postfix 2.0 and later. After the message is queued, send the entire message through the specified external content filter. The \fItransport\fR name specifies the first field of a mail delivery agent -definition in master.cf; the syntax of the next-hop +definition in master.cf; the syntax of the next\-hop \fIdestination\fR is described in the manual page of the corresponding delivery agent. More information about external content filters is in the Postfix FILTER_README @@ -293,12 +293,12 @@ one is executed. .sp Note 3: the purpose of the FILTER command is to override message routing. To override the recipient's \fItransport\fR -but not the next-hop \fIdestination\fR, specify an empty +but not the next\-hop \fIdestination\fR, specify an empty filter \fIdestination\fR (Postfix 2.7 and later), or specify a \fItransport:destination\fR that delivers through a different Postfix instance (Postfix 2.6 and earlier). Other -options are using the recipient-dependent \fBtrans\%port\%_maps\fR -or the sen\%der-dependent +options are using the recipient\-dependent \fBtrans\%port\%_maps\fR +or the sen\%der\-dependent \fBsender\%_de\%pen\%dent\%_de\%fault\%_trans\%port\%_maps\fR features. .sp @@ -314,9 +314,9 @@ Mail that is placed on hold can be examined with the \fBpostcat\fR(1) command, and can be destroyed or released with the \fBpostsuper\fR(1) command. .sp -Note: use "\fBpostsuper -r\fR" to release mail that was kept on +Note: use "\fBpostsuper \-r\fR" to release mail that was kept on hold for a significant fraction of \fB$maximal_queue_lifetime\fR -or \fB$bounce_queue_lifetime\fR, or longer. Use "\fBpostsuper -H\fR" +or \fB$bounce_queue_lifetime\fR, or longer. Use "\fBpostsuper \-H\fR" only for mail that will not expire within a few delivery attempts. .sp Note: this action currently affects all recipients of the message. @@ -346,7 +346,7 @@ Log an informational record with the optional text, together with client information and if available, with helo, sender, recipient and protocol information. .sp -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .IP "\fBWARN \fIoptional text...\fR Log a warning with the optional text, together with client information and if available, with helo, sender, recipient and protocol information. @@ -368,13 +368,13 @@ FROM, RCPT TO or other SMTP command. .IP \(bu When a sender address matches a REJECT action, the Postfix SMTP server will transform a recipient DSN status (e.g., -4.1.1-4.1.6) into the corresponding sender DSN status, and +4.1.1\-4.1.6) into the corresponding sender DSN status, and vice versa. .IP \(bu -When non-address information matches a REJECT action (such +When non\-address information matches a REJECT action (such as the HELO command argument or the client hostname/address), the Postfix SMTP server will transform a sender or recipient -DSN status into a generic non-address DSN status (e.g., +DSN status into a generic non\-address DSN status (e.g., 4.0.0). .SH "REGULAR EXPRESSION TABLES" .na @@ -406,7 +406,7 @@ pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. .ad .fi This section describes how the table lookups change when lookups -are directed to a TCP-based server. For a description of the TCP +are directed to a TCP\-based server. For a description of the TCP client/server lookup protocol, see \fBtcp_table\fR(5). This feature is not available up to and including Postfix version 2.4. @@ -429,7 +429,7 @@ order of table entries does not matter. The example permits access by the client at address 1.2.3.4 but rejects all other clients in 1.2.3.0/24. Instead of \fBhash\fR lookup tables, some systems use \fBdbm\fR. Use the command -"\fBpostconf -m\fR" to find out what lookup tables Postfix +"\fBpostconf \-m\fR" to find out what lookup tables Postfix supports on your system. .nf @@ -466,7 +466,7 @@ Use "\fBpostconf readme_directory\fR" or "\fBpostconf html_directory\fR" to locate this information. .na .nf -SMTPD_ACCESS_README, built-in SMTP server access control +SMTPD_ACCESS_README, built\-in SMTP server access control DATABASE_README, Postfix lookup table overview .SH "LICENSE" .na diff --git a/postfix/man/man5/aliases.5 b/postfix/man/man5/aliases.5 index 431708e07..ee11ffe3e 100644 --- a/postfix/man/man5/aliases.5 +++ b/postfix/man/man5/aliases.5 @@ -13,7 +13,7 @@ Postfix local alias database format .SH DESCRIPTION .ad .fi -The \fBaliases\fR(5) table provides a system-wide mechanism to +The \fBaliases\fR(5) table provides a system\-wide mechanism to redirect mail for local recipients. The redirections are processed by the Postfix \fBlocal\fR(8) delivery agent. @@ -27,15 +27,15 @@ changing the Postfix alias database. When the table is provided via other means such as NIS, LDAP or SQL, the same lookups are done as for ordinary indexed files. -Alternatively, the table can be provided as a regular-expression +Alternatively, the table can be provided as a regular\-expression map where patterns are given as regular expressions. In this case, the lookups are done in a slightly different way as described below under "REGULAR EXPRESSION TABLES". Users can control delivery of their own mail by setting up \fB.forward\fR files in their home directory. -Lines in per-user \fB.forward\fR files have the same syntax -as the right-hand side of \fBaliases\fR(5) entries. +Lines in per\-user \fB.forward\fR files have the same syntax +as the right\-hand side of \fBaliases\fR(5) entries. The format of the alias database input file is as follows: .IP \(bu @@ -45,10 +45,10 @@ An alias definition has the form \fIname\fR: \fIvalue1\fR, \fIvalue2\fR, \fI...\fR .fi .IP \(bu -Empty lines and whitespace-only lines are ignored, as -are lines whose first non-whitespace character is a `#'. +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. .IP \(bu -A logical line starts with non-whitespace text. A line that +A logical line starts with non\-whitespace text. A line that starts with whitespace continues a logical line. .PP The \fIname\fR is a local address (no domain part). @@ -56,7 +56,7 @@ Use double quotes when the name contains any special characters such as whitespace, `#', `:', or `@'. The \fIname\fR is folded to lowercase, in order to make database lookups case insensitive. .PP -In addition, when an alias exists for \fBowner-\fIname\fR, delivery +In addition, when an alias exists for \fBowner\-\fIname\fR, delivery diagnostics are directed to that address, instead of to the originator of the message. This is typically used to direct delivery errors to the maintainer of @@ -85,7 +85,7 @@ defines the expected exit status codes. For example, use .IP \fB:include:\fI/file/name\fR Mail is sent to the destinations listed in the named file. Lines in \fB:include:\fR files have the same syntax -as the right-hand side of alias entries. +as the right\-hand side of alias entries. .sp A destination can be any destination that is described in this manual page. However, delivery to "|\fIcommand\fR" and @@ -165,9 +165,9 @@ Restrict the usage of mail delivery to external command. .IP \fBallow_mail_to_files\fR Restrict the usage of mail delivery to external file. .IP \fBexpand_owner_alias\fR -When delivering to an alias that has an \fBowner-\fR companion alias, -set the envelope sender address to the right-hand side of the -owner alias, instead using of the left-hand side address. +When delivering to an alias that has an \fBowner\-\fR companion alias, +set the envelope sender address to the right\-hand side of the +owner alias, instead using of the left\-hand side address. .IP \fBpropagate_unmatched_extensions\fR A list of address rewriting or forwarding mechanisms that propagate an address extension from the original address @@ -175,17 +175,17 @@ to the result. Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR, \fBforward\fR, \fBinclude\fR, or \fBgeneric\fR. .IP \fBowner_request_special\fR -Give special treatment to \fBowner-\fIlistname\fR and -\fIlistname\fB-request\fR +Give special treatment to \fBowner\-\fIlistname\fR and +\fIlistname\fB\-request\fR addresses. .IP \fBrecipient_delimiter\fR Delimiter that separates recipients from address extensions. .PP Available in Postfix version 2.3 and later: .IP \fBfrozen_delivered_to\fR -Update the local(8) delivery agent's Delivered-To: address +Update the local(8) delivery agent's Delivered\-To: address (see prepend_delivered_header) only once, at the start of -a delivery; do not update the Delivered-To: address while +a delivery; do not update the Delivered\-To: address while expanding aliases or .forward files. .SH "STANDARDS" .na diff --git a/postfix/man/man5/bounce.5 b/postfix/man/man5/bounce.5 index b8aa51bca..03d1df69d 100644 --- a/postfix/man/man5/bounce.5 +++ b/postfix/man/man5/bounce.5 @@ -10,7 +10,7 @@ Postfix bounce message template format .nf \fBbounce_template_file = /etc/postfix/bounce.cf\fR -\fBpostconf -b\fR [\fItemplate_file\fR] +\fBpostconf \-b\fR [\fItemplate_file\fR] .SH DESCRIPTION .ad .fi @@ -18,9 +18,9 @@ The Postfix \fBbounce\fR(8) server produces delivery status notification (DSN) messages for undeliverable mail, delayed mail, successful delivery or address verification requests. -By default, these notifications are generated from built-in +By default, these notifications are generated from built\-in templates with message headers and message text. Sites can -override the built-in information by specifying a bounce +override the built\-in information by specifying a bounce template file with the \fBbounce_template_file\fR configuration parameter. @@ -41,7 +41,7 @@ To preview the results of $\fIname\fR expansions in the template text, use the command .nf - \fBpostconf -b\fR \fItemporary_file\fR + \fBpostconf \-b\fR \fItemporary_file\fR .fi Errors in the template will be reported to the standard @@ -82,10 +82,10 @@ it in quotes as with the shell or with Perl (\fItemplate_name\fB # The failure template is used for undeliverable mail. failure_template = <= 2.12: n, Postfix <2.12: y)\fR" +.IP "\fBChroot (default: Postfix >= 3.0: n, Postfix <3.0: y)\fR" Whether or not the service runs chrooted to the mail queue directory (pathname is controlled by the \fBqueue_directory\fR configuration variable in the main.cf file). @@ -138,7 +138,7 @@ Although the most of the purpose of having that service in the first place. .sp -The files in the examples/chroot-setup subdirectory of the +The files in the examples/chroot\-setup subdirectory of the Postfix source archive show set up a Postfix chroot environment on a variety of systems. See also BASIC_CONFIGURATION_README for issues related to running daemons chrooted. @@ -146,7 +146,7 @@ for issues related to running daemons chrooted. Automatically wake up the named service after the specified number of seconds. The wake up is implemented by connecting to the service and sending a wake up request. A ? at the -end of the wake-up time field requests that no wake up +end of the wake\-up time field requests that no wake up events be sent before the first time a service is used. Specify 0 for no automatic wake up. .sp @@ -157,7 +157,7 @@ The maximum number of processes that may execute this service simultaneously. Specify 0 for no process count limit. .sp NOTE: Some Postfix services must be configured as a -single-process service (for example, \fBqmgr\fR(8)) and +single\-process service (for example, \fBqmgr\fR(8)) and some services must be configured with no process limit (for example, \fBcleanup\fR(8)). These limits must not be changed. @@ -175,15 +175,15 @@ configuration variable). The command argument syntax for specific commands is specified in the respective daemon manual page. .sp -The following command-line options have the same effect for +The following command\-line options have the same effect for all daemon programs: .RS -.IP \fB-D\fR +.IP \fB\-D\fR Run the daemon under control by the command specified with the \fBdebugger_command\fR variable in the main.cf configuration file. See DEBUG_README for hints and tips. -.IP "\fB-o { \fIname\fR = \fIvalue\fB }\fR (long form, Postfix >= 2.12)" -.IP "\fB-o \fIname\fR=\fIvalue\fR (short form)" +.IP "\fB\-o { \fIname\fR = \fIvalue\fB }\fR (long form, Postfix >= 3.0)" +.IP "\fB\-o \fIname\fR=\fIvalue\fR (short form)" Override the named main.cf configuration parameter. The parameter value can refer to other parameters as \fI$name\fR etc., just like in main.cf. See \fBpostconf\fR(5) for @@ -202,23 +202,23 @@ instead of spaces, or specify the value in main.cf. Example: .nf /etc/postfix/master.cf: submission inet .... smtpd - -o smtpd_xxx_yyy=$submission_xxx_yyy + \-o smtpd_xxx_yyy=$submission_xxx_yyy .sp /etc/postfix/main.cf submission_xxx_yyy = text with whitespace... .fi .sp -NOTE 3: Over-zealous use of parameter overrides makes the +NOTE 3: Over\-zealous use of parameter overrides makes the Postfix configuration hard to understand and maintain. At a certain point, it might be easier to configure multiple instances of Postfix, instead of configuring multiple personalities via master.cf. -.IP \fB-v\fR -Increase the verbose logging level. Specify multiple \fB-v\fR +.IP \fB\-v\fR +Increase the verbose logging level. Specify multiple \fB\-v\fR options to make a Postfix daemon process increasingly verbose. -.IP "Other command-line arguments" +.IP "Other command\-line arguments" Specify "{" and "}" around command arguments that contain -whitespace (Postfix 2.12 and later). Whitespace +whitespace (Postfix 3.0 and later). Whitespace after "{" and before "}" is ignored. .SH "SEE ALSO" .na diff --git a/postfix/man/man5/memcache_table.5 b/postfix/man/man5/memcache_table.5 index 5b355c306..686463811 100644 --- a/postfix/man/man5/memcache_table.5 +++ b/postfix/man/man5/memcache_table.5 @@ -8,9 +8,9 @@ Postfix memcache client configuration .SH "SYNOPSIS" .na .nf -\fBpostmap -q "\fIstring\fB" memcache:/etc/postfix/\fIfilename\fR +\fBpostmap \-q "\fIstring\fB" memcache:/etc/postfix/\fIfilename\fR -\fBpostmap -q - memcache:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +\fBpostmap \-q \- memcache:/etc/postfix/\fIfilename\fB <\fIinputfile\fR .SH DESCRIPTION .ad .fi @@ -23,10 +23,10 @@ instances. To use memcache lookups, define a memcache source as a lookup table in main.cf, for example: .nf - virtual_alias_maps = memcache:/etc/postfix/memcache-aliases.cf + virtual_alias_maps = memcache:/etc/postfix/memcache\-aliases.cf .fi -The file /etc/postfix/memcache-aliases.cf has the same +The file /etc/postfix/memcache\-aliases.cf has the same format as the Postfix main.cf file, and specifies the parameters described below. @@ -44,7 +44,7 @@ The memcache server (note: singular) that Postfix will try to connect to. For a TCP server specify "inet:" followed by a hostname or address, ":", and a port name or number. Specify an IPv6 address inside "[]". -For a UNIX-domain server specify "unix:" followed by the +For a UNIX\-domain server specify "unix:" followed by the socket pathname. Examples: .nf @@ -54,7 +54,7 @@ socket pathname. Examples: memcache = unix:/path/to/socket .fi -NOTE: to access a UNIX-domain socket with the proxymap(8) +NOTE: to access a UNIX\-domain socket with the proxymap(8) server, the socket must be accessible by the unprivileged postfix user. .IP "\fBbackup (default: undefined)\fR" @@ -65,7 +65,7 @@ information in the persistent database. Specify a Postfix "type:table" database. Examples: .nf - # Non-shared postscreen cache. + # Non\-shared postscreen cache. backup = btree:/var/lib/postfix/postscreen_cache_map # Shared postscreen cache for processes on the same host. @@ -89,7 +89,7 @@ NOTE 3: When the backup database is accessed with "proxy:" lookups, the full backup database name (including the "proxy:" prefix) must be specified in the proxymap server's proxy_read_maps or proxy_write_maps setting (depending on -whether the access is read-only or read-write). +whether the access is read\-only or read\-write). .IP "\fBflags (default: 0)\fR" Optional flags that should be stored along with a memcache update. The flags are ignored when looking up information. @@ -155,10 +155,10 @@ When the input key is an address of the form user@domain, Otherwise, a lookup is silently suppressed and returns no results (an update is skipped with a warning). .IP "\fB\fB%[SUD]\fR\fR" -The upper-case equivalents of the above expansions behave +The upper\-case equivalents of the above expansions behave in the \fBkey_format\fR parameter identically to their -lower-case counter-parts. -.IP "\fB\fB%[1-9]\fR\fR" +lower\-case counter\-parts. +.IP "\fB\fB%[1\-9]\fR\fR" The patterns %1, %2, ... %9 are replaced by the corresponding most significant component of the input key's domain. If the input key is \fIuser@mail.example.com\fR, then %1 is @@ -173,7 +173,7 @@ This feature can significantly reduce database server load. Specify a list of domain names, paths to files, or "type:table" databases. When specified, only fully qualified search keys with a -*non-empty* localpart and a matching domain are eligible +*non\-empty* localpart and a matching domain are eligible for lookup or update: bare 'user' lookups, bare domain lookups and "@domain" lookups are silently skipped (updates are skipped with a warning). Example: @@ -202,7 +202,7 @@ receiving a memcache reply. .SH BUGS .ad .fi -The Postfix memcache client cannot be used for security-sensitive +The Postfix memcache client cannot be used for security\-sensitive tables such as \fBalias_maps\fR (these may contain "\fI|command\fR and "\fI/file/name\fR" destinations), or \fBvirtual_uid_maps\fR, \fBvirtual_gid_maps\fR and @@ -210,7 +210,7 @@ tables such as \fBalias_maps\fR (these may contain privileges or "\fI/file/name\fR" destinations). In a typical deployment a memcache database is writable by any process that can talk to the memcache server; in contrast, -security-sensitive tables must never be writable by the +security\-sensitive tables must never be writable by the unprivileged Postfix user. The Postfix memcache client requires additional configuration diff --git a/postfix/man/man5/mysql_table.5 b/postfix/man/man5/mysql_table.5 index 0b332e486..744aad2f5 100644 --- a/postfix/man/man5/mysql_table.5 +++ b/postfix/man/man5/mysql_table.5 @@ -8,9 +8,9 @@ Postfix MySQL client configuration .SH "SYNOPSIS" .na .nf -\fBpostmap -q "\fIstring\fB" mysql:/etc/postfix/\fIfilename\fR +\fBpostmap \-q "\fIstring\fB" mysql:/etc/postfix/\fIfilename\fR -\fBpostmap -q - mysql:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +\fBpostmap \-q \- mysql:/etc/postfix/\fIfilename\fB <\fIinputfile\fR .SH DESCRIPTION .ad .fi @@ -22,10 +22,10 @@ Alternatively, lookup tables can be specified as MySQL databases. In order to use MySQL lookups, define a MySQL source as a lookup table in main.cf, for example: .nf - alias_maps = mysql:/etc/mysql-aliases.cf + alias_maps = mysql:/etc/mysql\-aliases.cf .fi -The file /etc/postfix/mysql-aliases.cf has the same format as +The file /etc/postfix/mysql\-aliases.cf has the same format as the Postfix main.cf file, and can specify the parameters described below. .SH "BACKWARDS COMPATIBILITY" @@ -43,7 +43,7 @@ specified as "mysql:\fImysqlname\fR", the parameter "hosts" below would be defined in main.cf as "\fImysqlname\fR_hosts". Note: with this form, the passwords for the MySQL sources are -written in main.cf, which is normally world-readable. Support +written in main.cf, which is normally world\-readable. Support for this form will be removed in a future Postfix version. Normally, the SQL query is specified via a single \fBquery\fR @@ -102,7 +102,7 @@ connections (default). Example: The hosts are tried in random order, with all connections over UNIX domain sockets being tried before those over TCP. The connections are automatically closed after being idle for about -1 minute, and are re-opened as necessary. Postfix versions 2.0 +1 minute, and are re\-opened as necessary. Postfix versions 2.0 and earlier do not randomize the host order. NOTE: if you specify localhost as a hostname (even if you @@ -151,11 +151,11 @@ When the input key is an address of the form user@domain, \fB%d\fR is replaced by the SQL quoted domain part of the address. Otherwise, the query is suppressed and returns no results. .IP "\fB\fB%[SUD]\fR\fR" -The upper-case equivalents of the above expansions behave in the -\fBquery\fR parameter identically to their lower-case counter-parts. +The upper\-case equivalents of the above expansions behave in the +\fBquery\fR parameter identically to their lower\-case counter\-parts. With the \fBresult_format\fR parameter (see below), they expand the input key rather than the result value. -.IP "\fB\fB%[1-9]\fR\fR" +.IP "\fB\fB%[1\-9]\fR\fR" The patterns %1, %2, ... %9 are replaced by the corresponding most significant component of the input key's domain. If the input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR, @@ -167,8 +167,8 @@ no results. .IP The \fBdomain\fR parameter described below limits the input keys to addresses in matching domains. When the \fBdomain\fR -parameter is non-empty, SQL queries for unqualified addresses -or addresses in non-matching domains are suppressed +parameter is non\-empty, SQL queries for unqualified addresses +or addresses in non\-matching domains are suppressed and return no results. This parameter is available with Postfix 2.2. In prior releases @@ -208,8 +208,8 @@ When a result attribute value is an address of the form user@domain, \fB%d\fR is replaced by the domain part of the attribute value. When the result is unqualified it is skipped. -.IP "\fB\fB%[SUD1-9]\fR\fB" -The upper-case and decimal digit expansions interpolate +.IP "\fB\fB%[SUD1\-9]\fR\fB" +The upper\-case and decimal digit expansions interpolate the parts of the input key rather than the result. Their behavior is identical to that described with \fBquery\fR, and in fact because the input key is known in advance, queries @@ -234,7 +234,7 @@ NOTE: DO NOT put quotes around the result format! .IP "\fBdomain (default: no domain list)\fR" This is a list of domain names, paths to files, or dictionaries. When specified, only fully qualified search -keys with a *non-empty* localpart and a matching domain +keys with a *non\-empty* localpart and a matching domain are eligible for lookup: 'user' lookups, bare domain lookups and "@domain" lookups are not performed. This can significantly reduce the query load on the MySQL server. @@ -274,19 +274,19 @@ File containing the private key corresponding to \fBtls_cert_file\fR. .sp This parameter is available with Postfix 2.11 and later. .IP "\fBtls_CAfile\fR" -File containing certificates for all of the X509 Certificate +File containing certificates for all of the X509 Certification Authorities the client will recognize. Takes precedence over \fBtls_CApath\fR. .sp This parameter is available with Postfix 2.11 and later. .IP "\fBtls_CApath\fR" -Directory containing X509 Certificate Authority certificates +Directory containing X509 Certification Authority certificates in separate individual files. .sp This parameter is available with Postfix 2.11 and later. .IP "\fBtls_verify_cert (default: no)\fR" Verify that the server's name matches the common name in the -certficate. +certificate. .sp This parameter is available with Postfix 2.11 and later. .SH "OBSOLETE QUERY INTERFACE" @@ -373,5 +373,5 @@ IC Group, Inc. Further enhancements by: Liviu Daia Institute of Mathematics of the Romanian Academy -P.O. BOX 1-764 -RO-014700 Bucharest, ROMANIA +P.O. BOX 1\-764 +RO\-014700 Bucharest, ROMANIA diff --git a/postfix/man/man5/nisplus_table.5 b/postfix/man/man5/nisplus_table.5 index 65ae659b2..51e14812f 100644 --- a/postfix/man/man5/nisplus_table.5 +++ b/postfix/man/man5/nisplus_table.5 @@ -8,9 +8,9 @@ Postfix NIS+ client .SH "SYNOPSIS" .na .nf -\fBpostmap -q "\fIstring\fB" "nisplus:[\fIname\fB=%s];\fIname.name.\fB"\fR +\fBpostmap \-q "\fIstring\fB" "nisplus:[\fIname\fB=%s];\fIname.name.\fB"\fR -\fBpostmap -q - "nisplus:[\fIname\fB=%s];\fIname.name.\fB" <\fIinputfile\fR +\fBpostmap \-q \- "nisplus:[\fIname\fB=%s];\fIname.name.\fB" <\fIinputfile\fR .SH DESCRIPTION .ad .fi @@ -20,9 +20,9 @@ Alternatively, lookup tables can be specified as NIS+ databases. To find out what types of lookup tables your Postfix system -supports use the "\fBpostconf -m\fR" command. +supports use the "\fBpostconf \-m\fR" command. -To test Postfix NIS+ lookup tables, use the "\fBpostmap -q\fR" +To test Postfix NIS+ lookup tables, use the "\fBpostmap \-q\fR" command as described in the SYNOPSIS above. .SH "QUERY SYNTAX" .na @@ -89,7 +89,7 @@ The Secure Mailer license must be distributed with this software. .na .nf Geoff Gibbs -UK-HGMP-RC +UK\-HGMP\-RC Hinxton Cambridge CB10 1SB, UK diff --git a/postfix/man/man5/pcre_table.5 b/postfix/man/man5/pcre_table.5 index 4068423b3..dabf552d7 100644 --- a/postfix/man/man5/pcre_table.5 +++ b/postfix/man/man5/pcre_table.5 @@ -8,13 +8,13 @@ format of Postfix PCRE tables .SH "SYNOPSIS" .na .nf -\fBpostmap -q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR +\fBpostmap \-q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR -\fBpostmap -q - pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +\fBpostmap \-q \- pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR -\fBpostmap -hmq - pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +\fBpostmap \-hmq \- pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR -\fBpostmap -bmq - pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +\fBpostmap \-bmq \- pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR .SH DESCRIPTION .ad .fi @@ -28,12 +28,12 @@ against a list of patterns. When a match is found, the corresponding result is returned and the search is terminated. To find out what types of lookup tables your Postfix system -supports use the "\fBpostconf -m\fR" command. +supports use the "\fBpostconf \-m\fR" command. -To test lookup tables, use the "\fBpostmap -q\fR" command -as described in the SYNOPSIS above. Use "\fBpostmap -hmq --\fR <\fIfile\fR" for header_checks(5) patterns, and -"\fBpostmap -bmq -\fR <\fIfile\fR" for body_checks(5) +To test lookup tables, use the "\fBpostmap \-q\fR" command +as described in the SYNOPSIS above. Use "\fBpostmap \-hmq +\-\fR <\fIfile\fR" for header_checks(5) patterns, and +"\fBpostmap \-bmq \-\fR <\fIfile\fR" for body_checks(5) (Postfix 2.6 and later). .SH "COMPATIBILITY" .na @@ -41,7 +41,7 @@ as described in the SYNOPSIS above. Use "\fBpostmap -hmq .ad .fi With Postfix version 2.2 and earlier specify "\fBpostmap --fq\fR" to query a table that contains case sensitive +\-fq\fR" to query a table that contains case sensitive patterns. Patterns are case insensitive by default. .SH "TABLE FORMAT" .na @@ -76,19 +76,19 @@ Note: do not prepend whitespace to patterns inside .sp This feature is available in Postfix 2.1 and later. .IP "blank lines and comments" -Empty lines and whitespace-only lines are ignored, as -are lines whose first non-whitespace character is a `#'. -.IP "multi-line text" -A logical line starts with non-whitespace text. A line that +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP "multi\-line text" +A logical line starts with non\-whitespace text. A line that starts with whitespace continues a logical line. .PP -Each pattern is a perl-like regular expression. The expression -delimiter can be any non-alphanumerical character, except +Each pattern is a perl\-like regular expression. The expression +delimiter can be any non\-alphanumerical character, except whitespace or characters that have special meaning (traditionally the forward slash is used). The regular expression can contain whitespace. -By default, matching is case-insensitive, and newlines are not +By default, matching is case\-insensitive, and newlines are not treated as special characters. The behavior is controlled by flags, which are toggled by appending one or more of the following characters after the pattern: @@ -104,7 +104,7 @@ matching at the start and end of the subject string. Toggles the PCRE_DOTALL flag. When this flag is on, the \fB.\fR metacharacter matches the newline character. With Postfix versions prior to 2.0, the flag is off by -default, which is inconvenient for multi-line message header +default, which is inconvenient for multi\-line message header matching. .IP "\fBx\fR (default: off)" Toggles the pcre extended flag. When this flag is on, whitespace @@ -173,13 +173,13 @@ available for negated patterns. .na .nf # Protect your outgoing majordomo exploders -/^(?!owner-)(.*)-outgoing@(.*)/ 550 Use ${1}@${2} instead +/^(?!owner\-)(.*)\-outgoing@(.*)/ 550 Use ${1}@${2} instead # Bounce friend@whatever, except when whatever is our domain (you would -# be better just bouncing all friend@ mail - this is just an example). +# be better just bouncing all friend@ mail \- this is just an example). /^(friend@(?!my\\.domain$).*)$/ 550 Stick this in your pipe $1 -# A multi-line entry. The text is sent as one line. +# A multi\-line entry. The text is sent as one line. # /^noddy@my\\.domain$/ \ 550 This user is a funny one. You really don't want to send mail to diff --git a/postfix/man/man5/pgsql_table.5 b/postfix/man/man5/pgsql_table.5 index 5aac06912..2803ac01a 100644 --- a/postfix/man/man5/pgsql_table.5 +++ b/postfix/man/man5/pgsql_table.5 @@ -8,9 +8,9 @@ Postfix PostgreSQL client configuration .SH "SYNOPSIS" .na .nf -\fBpostmap -q "\fIstring\fB" pgsql:/etc/postfix/\fIfilename\fR +\fBpostmap \-q "\fIstring\fB" pgsql:/etc/postfix/\fIfilename\fR -\fBpostmap -q - pgsql:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +\fBpostmap \-q \- pgsql:/etc/postfix/\fIfilename\fB <\fIinputfile\fR .SH DESCRIPTION .ad .fi @@ -22,10 +22,10 @@ Alternatively, lookup tables can be specified as PostgreSQL databases. In order to use PostgreSQL lookups, define a PostgreSQL source as a lookup table in main.cf, for example: .nf - alias_maps = pgsql:/etc/pgsql-aliases.cf + alias_maps = pgsql:/etc/pgsql\-aliases.cf .fi -The file /etc/postfix/pgsql-aliases.cf has the same format as +The file /etc/postfix/pgsql\-aliases.cf has the same format as the Postfix main.cf file, and can specify the parameters described below. .SH "BACKWARDS COMPATIBILITY" @@ -44,7 +44,7 @@ the parameter "hosts" below would be defined in main.cf as "\fIpgsqlname\fR_hosts". Note: with this form, the passwords for the PostgreSQL sources -are written in main.cf, which is normally world-readable. +are written in main.cf, which is normally world\-readable. Support for this form will be removed in a future Postfix version. @@ -100,7 +100,7 @@ return the key itself or a constant value. .fi .IP "\fBhosts\fR" The hosts that Postfix will try to connect to and query from. -Specify \fIunix:\fR for UNIX-domain sockets, \fIinet:\fR for TCP +Specify \fIunix:\fR for UNIX\-domain sockets, \fIinet:\fR for TCP connections (default). Example: .nf hosts = host1.some.domain host2.some.domain:port @@ -110,7 +110,7 @@ connections (default). Example: The hosts are tried in random order, with all connections over UNIX domain sockets being tried before those over TCP. The connections are automatically closed after being idle for about -1 minute, and are re-opened as necessary. +1 minute, and are re\-opened as necessary. NOTE: the \fIunix:\fR and \fIinet:\fR prefixes are accepted for backwards compatibility reasons, but are actually ignored. @@ -156,14 +156,14 @@ When the input key is an address of the form user@domain, \fB%d\fR is replaced by the SQL quoted domain part of the address. Otherwise, the query is suppressed and returns no results. .IP "\fB\fB%[SUD]\fR\fR" -The upper-case equivalents of the above expansions behave in the -\fBquery\fR parameter identically to their lower-case counter-parts. +The upper\-case equivalents of the above expansions behave in the +\fBquery\fR parameter identically to their lower\-case counter\-parts. With the \fBresult_format\fR parameter (see below), they expand the input key rather than the result value. .IP The above %S, %U and %D expansions are available with Postfix 2.2 and later -.IP "\fB\fB%[1-9]\fR\fR" +.IP "\fB\fB%[1\-9]\fR\fR" The patterns %1, %2, ... %9 are replaced by the corresponding most significant component of the input key's domain. If the input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR, @@ -178,8 +178,8 @@ and later .IP The \fBdomain\fR parameter described below limits the input keys to addresses in matching domains. When the \fBdomain\fR -parameter is non-empty, SQL queries for unqualified addresses -or addresses in non-matching domains are suppressed +parameter is non\-empty, SQL queries for unqualified addresses +or addresses in non\-matching domains are suppressed and return no results. The precedence of this parameter has changed with Postfix 2.2, @@ -209,8 +209,8 @@ When a result attribute value is an address of the form user@domain, \fB%d\fR is replaced by the domain part of the attribute value. When the result is unqualified it is skipped. -.IP "\fB\fB%[SUD1-9]\fR\fB" -The upper-case and decimal digit expansions interpolate +.IP "\fB\fB%[SUD1\-9]\fR\fB" +The upper\-case and decimal digit expansions interpolate the parts of the input key rather than the result. Their behavior is identical to that described with \fBquery\fR, and in fact because the input key is known in advance, queries @@ -235,7 +235,7 @@ NOTE: DO NOT put quotes around the result format! .IP "\fBdomain (default: no domain list)\fR" This is a list of domain names, paths to files, or dictionaries. When specified, only fully qualified search -keys with a *non-empty* localpart and a matching domain +keys with a *non\-empty* localpart and a matching domain are eligible for lookup: 'user' lookups, bare domain lookups and "@domain" lookups are not performed. This can significantly reduce the query load on the PostgreSQL server. @@ -277,7 +277,7 @@ This is equivalent to: query = SELECT my_lookup_user_alias('%s') .fi -This parameter overrides the legacy table-related fields (described +This parameter overrides the legacy table\-related fields (described below). With Postfix versions prior to 2.2, it also overrides the \fBquery\fR parameter. Starting with Postfix 2.2, the \fBquery\fR parameter has highest precedence, and the \fBselect_function\fR @@ -365,5 +365,5 @@ Aaron Sethman Further enhanced by: Liviu Daia Institute of Mathematics of the Romanian Academy -P.O. BOX 1-764 -RO-014700 Bucharest, ROMANIA +P.O. BOX 1\-764 +RO\-014700 Bucharest, ROMANIA diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index bf2a43ef9..defa686f0 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -8,7 +8,7 @@ Postfix configuration parameters .nf \fBpostconf\fR \fIparameter\fR ... -\fBpostconf -e\fR "\fIparameter=value\fR" ... +\fBpostconf \-e\fR "\fIparameter=value\fR" ... .SH DESCRIPTION .ad .fi @@ -38,23 +38,23 @@ replaced with the empty value. .IP \(bu The expressions "${name?value}" and "${name?{value}}" are replaced with "value" when "$name" is non-empty. These forms are supported -with Postfix versions >= 2.2 and >= 2.12, respectively. +with Postfix versions >= 2.2 and >= 3.0, respectively. .IP \(bu The expressions "${name:value}" and "${name:{value}}" are replaced with "value" when "$name" is empty. These forms are supported with -Postfix versions >= 2.2 and >= 2.12, respectively. +Postfix versions >= 2.2 and >= 3.0, respectively. .IP \(bu The expression "${name?{value1}:{value2}}" is replaced with "value1" when "$name" is non-empty, and with "value2" when "$name" is empty. The "{}" is required for "value1", optional for "value2". This form -is supported with Postfix versions >= 2.12. +is supported with Postfix versions >= 3.0. .IP \(bu The first item inside "${...}" may be a logical expression of the form: "{value3} == {value4}". Besides the "==" (equality) operator Postfix supports "!=" (inequality), "<", "<=", ">=", and ">". The comparison is numerical when both operands are all digits, otherwise the comparison is lexicographical. These forms are supported with -Postfix versions >= 2.12. +Postfix versions >= 3.0. .IP \(bu Each "value" is subject to recursive named parameter and logical expression evaluation, except where noted. @@ -74,7 +74,7 @@ Otherwise, the order of main.cf parameter definitions does not matter. The remainder of this document is a description of all Postfix configuration parameters. Default values are shown after the parameter name in parentheses, and can be looked up with the -"\fBpostconf -d\fR" command. +"\fBpostconf \-d\fR" command. .PP Note: this is not an invitation to make changes to Postfix configuration parameters. Unnecessary changes can impair the @@ -87,7 +87,7 @@ parameter. The numerical Postfix SMTP server response code for an \fBaccess\fR(5) map "defer" action, including "defer_if_permit" or "defer_if_reject". Prior to Postfix 2.6, the response -is hard-coded as "450". +is hard\-coded as "450". .PP Do not change this unless you have a complete understanding of RFC 5321. .PP @@ -123,7 +123,7 @@ Overrides the local_transport parameter setting for address verification probes. .PP This feature is available in Postfix 2.1 and later. -.SH address_verify_map (default: see "postconf -d" output) +.SH address_verify_map (default: see "postconf \-d" output) Lookup table for persistent address verification status storage. The table is maintained by the \fBverify\fR(8) service, and is opened before the process releases privileges. @@ -139,9 +139,9 @@ delete (NOT: truncate) the file and do "\fBpostfix reload\fR". .PP Postfix daemon processes do not use root privileges when opening this file (Postfix 2.5 and later). The file must therefore be -stored under a Postfix-owned directory such as the data_directory. -As a migration aid, an attempt to open the file under a non-Postfix -directory is redirected to the Postfix-owned data_directory, and a +stored under a Postfix\-owned directory such as the data_directory. +As a migration aid, an attempt to open the file under a non\-Postfix +directory is redirected to the Postfix\-owned data_directory, and a warning is logged. .PP Examples: @@ -182,7 +182,7 @@ How many times to query the \fBverify\fR(8) service for the completion of an address verification request in progress. .PP By default, the Postfix SMTP server polls the \fBverify\fR(8) service -up to three times under non-overload conditions, and only once when +up to three times under non\-overload conditions, and only once when under overload. With Postfix version 2.5 and earlier, the SMTP server always polls the \fBverify\fR(8) service up to three times by default. @@ -272,8 +272,8 @@ verification probes. .PP This feature is available in Postfix 2.3 and later. .SH address_verify_sender_ttl (default: 0s) -The time between changes in the time-dependent portion of address -verification probe sender addresses. The time-dependent portion is +The time between changes in the time\-dependent portion of address +verification probe sender addresses. The time\-dependent portion is appended to the localpart of the address specified with the address_verify_sender parameter. This feature is ignored when the probe sender addresses is the null sender, i.e. the address_verify_sender @@ -283,8 +283,8 @@ Historically, the probe sender address was fixed. This has caused such addresses to end up on spammer mailing lists, and has resulted in wasted network and processing resources. .PP -To enable time-dependent probe sender addresses, specify a -non-zero time value (an integral value plus an optional one-letter +To enable time\-dependent probe sender addresses, specify a +non\-zero time value (an integral value plus an optional one\-letter suffix that specifies the time unit). Specify a value of at least several hours, to avoid problems with senders that use greylisting. Avoid nice TTL values, to make the result less predictable. Time @@ -305,9 +305,9 @@ Overrides the virtual_transport parameter setting for address verification probes. .PP This feature is available in Postfix 2.1 and later. -.SH alias_database (default: see "postconf -d" output) +.SH alias_database (default: see "postconf \-d" output) The alias databases for \fBlocal\fR(8) delivery that are updated with -"\fBnewaliases\fR" or with "\fBsendmail -bi\fR". +"\fBnewaliases\fR" or with "\fBsendmail \-bi\fR". .PP This is a separate configuration parameter because not all the tables specified with $alias_maps have to be local files. @@ -322,7 +322,7 @@ alias_database = hash:/etc/mail/aliases .fi .ad .ft R -.SH alias_maps (default: see "postconf -d" output) +.SH alias_maps (default: see "postconf \-d" output) The alias databases that are used for \fBlocal\fR(8) delivery. See \fBaliases\fR(5) for syntax details. Specify zero or more "type:name" lookup tables, separated by @@ -393,17 +393,17 @@ allow_mail_to_files = alias,forward,include .ad .ft R .SH allow_min_user (default: no) -Allow a sender or recipient address to have `-' as the first +Allow a sender or recipient address to have `\-' as the first character. By default, this is not allowed, to avoid accidents with software that passes email addresses via the command line. Such software would not be able to distinguish a malicious address from a -bona fide command-line option. Although this can be prevented by -inserting a "--" option terminator into the command line, this is +bona fide command\-line option. Although this can be prevented by +inserting a "\-\-" option terminator into the command line, this is difficult to enforce consistently and globally. .PP As of Postfix version 2.5, this feature is implemented by -\fBtrivial-rewrite\fR(8). With earlier versions this feature was implemented +trivial\-\fBrewrite\fR(8). With earlier versions this feature was implemented by \fBqmgr\fR(8) and was limited to recipient addresses only. .SH allow_percent_hack (default: yes) Enable the rewriting of the form "user%domain" to "user@domain". @@ -418,7 +418,7 @@ The message is received from a network client that matches $local_header_rewrite_clients, .IP \(bu The message is received from the network, and the -remote_header_rewrite_domain parameter specifies a non-empty value. +remote_header_rewrite_domain parameter specifies a non\-empty value. .br .PP To get the behavior before Postfix version 2.2, specify @@ -434,30 +434,30 @@ allow_percent_hack = no .ad .ft R .SH allow_untrusted_routing (default: no) -Forward mail with sender-specified routing (user[@%!]remote[@%!]site) +Forward mail with sender\-specified routing (user[@%!]remote[@%!]site) from untrusted clients to destinations matching $relay_domains. .PP By default, this feature is turned off. This closes a nasty open relay loophole where a backup MX host can be tricked into forwarding junk mail to a primary MX host which then spams it out to the world. .PP -This parameter also controls if non-local addresses with sender-specified +This parameter also controls if non\-local addresses with sender\-specified routing can match Postfix access tables. By default, such addresses cannot match Postfix access tables, because the address is ambiguous. .SH alternate_config_directories (default: empty) -A list of non-default Postfix configuration directories that may -be specified with "-c config_directory" on the command line, or +A list of non\-default Postfix configuration directories that may +be specified with "\-c config_directory" on the command line, or via the MAIL_CONFIG environment parameter. .PP This list must be specified in the default Postfix configuration -directory, and is used by set-gid Postfix commands such as \fBpostqueue\fR(1) +directory, and is used by set\-gid Postfix commands such as \fBpostqueue\fR(1) and \fBpostdrop\fR(1). .SH always_add_missing_headers (default: no) -Always add (Resent-) From:, To:, Date: or Message-ID: headers +Always add (Resent\-) From:, To:, Date: or Message\-ID: headers when not present. Postfix 2.6 and later add these headers only when clients match the local_header_rewrite_clients parameter setting. Earlier Postfix versions always add these headers; this -may break DKIM signatures that cover non-existent headers. +may break DKIM signatures that cover non\-existent headers. The undisclosed_recipients_header parameter setting determines whether a To: header will be added. .SH always_bcc (default: empty) @@ -466,7 +466,7 @@ that is received by the Postfix mail system. .PP Note: with Postfix 2.3 and later the BCC address is added as if it was specified with NOTIFY=NONE. The sender will not be notified -when the BCC address is undeliverable, as long as all down-stream +when the BCC address is undeliverable, as long as all down\-stream software implements RFC 3461. .PP Note: with Postfix 2.2 and earlier the sender will be notified @@ -503,7 +503,7 @@ addresses without domain information. With remotely submitted mail, append the string "@$remote_header_rewrite_domain" instead. .PP Note 1: this feature is enabled by default and must not be turned off. -Postfix does not support domain-less addresses. +Postfix does not support domain\-less addresses. .PP Note 2: with Postfix version 2.2, message header address rewriting happens only when one of the following conditions is true: @@ -514,12 +514,12 @@ The message is received from a network client that matches $local_header_rewrite_clients, .IP \(bu The message is received from the network, and the -remote_header_rewrite_domain parameter specifies a non-empty value. +remote_header_rewrite_domain parameter specifies a non\-empty value. .br .PP To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all". -.SH append_dot_mydomain (default: Postfix >= 2.12: no, Postfix < 2.12: yes) +.SH append_dot_mydomain (default: Postfix >= 3.0: no, Postfix < 3.0: yes) With locally submitted mail, append the string ".$mydomain" to addresses that have no ".domain" information. With remotely submitted mail, append the string ".$remote_header_rewrite_domain" @@ -538,7 +538,7 @@ The message is received from a network client that matches $local_header_rewrite_clients, .IP \(bu The message is received from the network, and the -remote_header_rewrite_domain parameter specifies a non-empty value. +remote_header_rewrite_domain parameter specifies a non\-empty value. .br .PP To get the behavior before Postfix version 2.2, specify @@ -555,7 +555,7 @@ This feature is available in Postfix 2.1 and later. List of users who are authorized to flush the queue. .PP By default, all users are allowed to flush the queue. Access is -always granted if the invoking user is the super-user or the +always granted if the invoking user is the super\-user or the $mail_owner user. Otherwise, the real UID of the process is looked up in the system password file, and access is granted only if the corresponding login name is on the access list. The username @@ -577,7 +577,7 @@ This feature is available in Postfix 2.2 and later. List of users who are authorized to view the queue. .PP By default, all users are allowed to view the queue. Access is -always granted if the invoking user is the super-user or the +always granted if the invoking user is the super\-user or the $mail_owner user. Otherwise, the real UID of the process is looked up in the system password file, and access is granted only if the corresponding login name is on the access list. The username @@ -663,12 +663,12 @@ functionality. .PP This feature is available in Postfix 2.1 and later. .SH berkeley_db_create_buffer_size (default: 16777216) -The per-table I/O buffer size for programs that create Berkeley DB +The per\-table I/O buffer size for programs that create Berkeley DB hash or btree tables. Specify a byte count. .PP This feature is available in Postfix 2.0 and later. .SH berkeley_db_read_buffer_size (default: 131072) -The per-table I/O buffer size for programs that read Berkeley DB +The per\-table I/O buffer size for programs that read Berkeley DB hash or btree tables. Specify a byte count. .PP This feature is available in Postfix 2.0 and later. @@ -730,14 +730,14 @@ Specify 0 when mail delivery should be tried only once. This feature is available in Postfix 2.1 and later. .SH bounce_service_name (default: bounce) The name of the \fBbounce\fR(8) service. This service maintains a record -of failed delivery attempts and generates non-delivery notifications. +of failed delivery attempts and generates non\-delivery notifications. .PP This feature is available in Postfix 2.0 and later. .SH bounce_size_limit (default: 50000) The maximal amount of original message text that is sent in a -non-delivery notification. Specify a byte count. A message is +non\-delivery notification. Specify a byte count. A message is returned as either message/rfc822 (the complete original) or as -text/rfc822-headers (the headers only). With Postfix version 2.4 +text/rfc822\-headers (the headers only). With Postfix version 2.4 and earlier, a message is always returned as message/rfc822 and is truncated when it exceeds the size limit. .PP @@ -747,30 +747,30 @@ If you increase this limit, then you should increase the mime_nesting_limit value proportionally. .IP \(bu Be careful when making changes. Excessively large values -will result in the loss of non-delivery notifications, when a bounce +will result in the loss of non\-delivery notifications, when a bounce message size exceeds a local or remote MTA's message size limit. .br .SH bounce_template_file (default: empty) Pathname of a configuration file with bounce message templates. -These override the built-in templates of delivery status notification +These override the built\-in templates of delivery status notification (DSN) messages for undeliverable mail, for delayed mail, successful delivery, or delivery verification. The \fBbounce\fR(5) manual page describes how to edit and test template files. .PP Template message body text may contain $name references to Postfix configuration parameters. The result of $name expansion can -be previewed with "\fBpostconf -b \fIfile_name\fR\fR" before the file +be previewed with "\fBpostconf \-b \fIfile_name\fR\fR" before the file is placed into the Postfix configuration directory. .PP This feature is available in Postfix 2.3 and later. .SH broken_sasl_auth_clients (default: no) -Enable inter-operability with remote SMTP clients that implement an obsolete +Enable inter\-operability with remote SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0. .PP Specify "broken_sasl_auth_clients = yes" to have Postfix advertise -AUTH support in a non-standard way. +AUTH support in a non\-standard way. .SH canonical_classes (default: envelope_sender, envelope_recipient, header_sender, header_recipient) What addresses are subject to canonical_maps address mapping. By default, canonical_maps address mapping is applied to envelope @@ -810,7 +810,7 @@ The message is received from a network client that matches $local_header_rewrite_clients, .IP \(bu The message is received from the network, and the -remote_header_rewrite_domain parameter specifies a non-empty value. +remote_header_rewrite_domain parameter specifies a non\-empty value. .br .PP To get the behavior before Postfix version 2.2, specify @@ -832,7 +832,7 @@ into the standard form, and performs \fBcanonical\fR(5) address mapping and \fBvirtual\fR(5) aliasing. .PP This feature is available in Postfix 2.0 and later. -.SH command_directory (default: see "postconf -d" output) +.SH command_directory (default: see "postconf \-d" output) The location of all postfix administrative commands. .SH command_execution_directory (default: empty) The \fBlocal\fR(8) delivery agent working directory for delivery to @@ -867,11 +867,11 @@ The entire recipient localpart. .br .IP "\fB$recipient_delimiter\fR" The address extension delimiter that was found in the recipient -address (Postfix 2.11 and later), or the system-wide recipient +address (Postfix 2.11 and later), or the system\-wide recipient address extension delimiter (Postfix 2.10 and earlier). .br .IP "\fB${name?value}\fR" -Expands to \fIvalue\fR when \fI$name\fR is non-empty. +Expands to \fIvalue\fR when \fI$name\fR is non\-empty. .br .IP "\fB${name:value}\fR" Expands to \fIvalue\fR when \fI$name\fR is empty. @@ -881,7 +881,7 @@ Expands to \fIvalue\fR when \fI$name\fR is empty. Instead of $name you can also specify ${name} or $(name). .PP This feature is available in Postfix 2.2 and later. -.SH command_expansion_filter (default: see "postconf -d" output) +.SH command_expansion_filter (default: see "postconf \-d" output) Restrict the characters that the \fBlocal\fR(8) delivery agent allows in $name expansions of $mailbox_command and $command_execution_directory. Characters outside the @@ -894,22 +894,22 @@ delivery by the \fBpipe\fR(8) delivery agent. Note: if you set this time limit to a large value you must update the global ipc_timeout parameter as well. .SH compatibility_level (default: 0) -A safety net that causes Postfix to run with backwards-compatible +A safety net that causes Postfix to run with backwards\-compatible default settings after an upgrade to a newer Postfix version. .PP With backwards compatibility turned on (the main.cf compatibility_level -value is less than the Postfix built-in value), Postfix looks for +value is less than the Postfix built\-in value), Postfix looks for settings that are left at their implicit default value, and logs a -message when a backwards-compatible default setting is required. +message when a backwards\-compatible default setting is required. .sp .in +4 .nf .na .ft C -using backwards-compatible default setting \fIname=value\fR +using backwards\-compatible default setting \fIname=value\fR to [accept a specific client request] .sp -using backwards-compatible default setting \fIname=value\fR +using backwards\-compatible default setting \fIname=value\fR to [enable specific Postfix behavior] .fi .ad @@ -918,7 +918,7 @@ using backwards-compatible default setting \fIname=value\fR .PP See COMPATIBILITY_README for specific message details. If such a message is logged in the context of a legitimate request, the -system administrator should make the backwards-compatible setting +system administrator should make the backwards\-compatible setting permanent in main.cf or master.cf, for example: .sp .in +4 @@ -932,7 +932,7 @@ permanent in main.cf or master.cf, for example: .ft R .in -4 .PP -When no more backwards-compatible settings need to be made +When no more backwards\-compatible settings need to be made permanent, the administrator should turn off backwards compatibility by updating the compatibility_level setting in main.cf: .sp @@ -961,8 +961,8 @@ warning: To disable backwards compatibility use "postconf .ft R .in -4 .PP -This feature is available in Postfix 2.12 and later. -.SH config_directory (default: see "postconf -d" output) +This feature is available in Postfix 3.0 and later. +.SH config_directory (default: see "postconf \-d" output) The default location of the Postfix main.cf and master.cf configuration files. This can be overruled via the following mechanisms: @@ -970,10 +970,10 @@ mechanisms: The MAIL_CONFIG environment variable (daemon processes and commands). .IP \(bu -The "-c" command-line option (commands only). +The "\-c" command\-line option (commands only). .br .PP -With Postfix command that run with set-gid privileges, a +With Postfix command that run with set\-gid privileges, a config_directory override requires either root privileges, or it requires that the directory is listed with the alternate_config_directories parameter in the default main.cf file. @@ -985,7 +985,7 @@ and is therefore disabled by default. .PP See also: delay_warning_time. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH connection_cache_protocol_timeout (default: 5s) Time limit for connection cache connect, send or receive operations. The time limit is enforced in the client. @@ -1001,7 +1001,7 @@ How frequently the \fBscache\fR(8) server logs usage statistics with connection cache hit and miss rates for logical destinations and for physical endpoints. .SH connection_cache_ttl_limit (default: 2s) -The maximal time-to-live value that the \fBscache\fR(8) connection +The maximal time\-to\-live value that the \fBscache\fR(8) connection cache server allows. Requests that specify a larger TTL will be stored with the maximum allowed TTL. The purpose of this additional control is to @@ -1011,7 +1011,7 @@ is already bounded by $max_idle. After the message is queued, send the entire message to the specified \fItransport:destination\fR. The \fItransport\fR name specifies the first field of a mail delivery agent definition in -master.cf; the syntax of the next-hop \fIdestination\fR is described +master.cf; the syntax of the next\-hop \fIdestination\fR is described in the manual page of the corresponding delivery agent. More information about external content filters is in the Postfix FILTER_README file. @@ -1022,22 +1022,22 @@ This setting has lower precedence than a FILTER action that is specified in an \fBaccess\fR(5), \fBheader_checks\fR(5) or \fBbody_checks\fR(5) table. .IP \(bu -The meaning of an empty next-hop filter \fIdestination\fR +The meaning of an empty next\-hop filter \fIdestination\fR is version dependent. Postfix 2.7 and later will use the recipient domain; earlier versions will use $myhostname. Specify "default_filter_nexthop = $myhostname" for compatibility with Postfix 2.6 or earlier, or specify a content_filter value with an explicit -next-hop \fIdestination\fR. +next\-hop \fIdestination\fR. .br .SH cyrus_sasl_config_path (default: empty) Search path for Cyrus SASL application configuration files, currently used only to locate the $smtpd_sasl_path.conf file. Specify zero or more directories separated by a colon character, -or an empty value to use Cyrus SASL's built-in search path. +or an empty value to use Cyrus SASL's built\-in search path. .PP This feature is available in Postfix 2.5 and later when compiled with Cyrus SASL 2.1.22 or later. -.SH daemon_directory (default: see "postconf -d" output) +.SH daemon_directory (default: see "postconf \-d" output) The directory with Postfix support programs and daemon programs. These should not be invoked directly by humans. The directory must be owned by root. @@ -1071,14 +1071,14 @@ limited to 13 over the lifetime of a daemon process. This feature is available in Postfix 2.9 and later. .SH daemon_timeout (default: 18000s) How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .PP Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). -.SH data_directory (default: see "postconf -d" output) -The directory with Postfix-writable data files (for example: -caches, pseudo-random numbers). This directory must be owned by -the mail_owner account, and must not be shared with non-Postfix +.SH data_directory (default: see "postconf \-d" output) +The directory with Postfix\-writable data files (for example: +caches, pseudo\-random numbers). This directory must be owned by +the mail_owner account, and must not be shared with non\-Postfix software. .PP This feature is available in Postfix 2.5 and later. @@ -1091,7 +1091,7 @@ address patterns that cause the verbose logging level to increase by the amount specified in $debug_peer_level. .PP Specify domain names, network/netmask patterns, "/file/name" -patterns or "type:table" lookup tables. The right-hand side result +patterns or "type:table" lookup tables. The right\-hand side result from "type:table" lookups is ignored. .PP Pattern matching of domain names is controlled by the presence @@ -1110,10 +1110,10 @@ debug_peer_list = example.com .ft R .SH debugger_command (default: empty) The external command to execute when a Postfix daemon program is -invoked with the -D option. +invoked with the \-D option. .PP Use "command .. & sleep 5" so that the debugger can attach before -the process marches on. If you use an X-based debugger, be sure to +the process marches on. If you use an X\-based debugger, be sure to set up your XAUTHORITY environment variable before starting Postfix. .PP Note: the command is subject to $name expansion, before it is @@ -1131,7 +1131,7 @@ debugger_command = .fi .ad .ft R -.SH default_database_type (default: see "postconf -d" output) +.SH default_database_type (default: see "postconf \-d" output) The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1) and \fBpostmap\fR(1) commands. On many UNIX systems the default type is either \fBdbm\fR or \fBhash\fR. The default setting is frozen @@ -1151,31 +1151,31 @@ default_database_type = dbm How often the Postfix queue manager's scheduler is allowed to preempt delivery of one message with another. .PP -Each transport maintains a so-called "available delivery slot counter" +Each transport maintains a so\-called "available delivery slot counter" for each message. One message can be preempted by another one when the other message can be delivered using no more delivery slots (i.e., invocations of delivery agents) than the current message -counter has accumulated (or will eventually accumulate - see about +counter has accumulated (or will eventually accumulate \- see about slot loans below). This parameter controls how often is the counter -incremented - it happens after each default_delivery_slot_cost +incremented \- it happens after each default_delivery_slot_cost recipients have been delivered. .PP The cost of 0 is used to disable the preempting scheduling completely. -The minimum value the scheduling algorithm can use is 2 - use it +The minimum value the scheduling algorithm can use is 2 \- use it if you want to maximize the message throughput rate. Although there is no maximum, it doesn't make much sense to use values above say 50. .PP The only reason why the value of 2 is not the default is the way -this parameter affects the delivery of mailing-list mail. In the +this parameter affects the delivery of mailing\-list mail. In the worst case, their delivery can take somewhere between (cost+1/cost) -and (cost/cost-1) times more than if the preemptive scheduler was +and (cost/cost\-1) times more than if the preemptive scheduler was disabled. The default value of 5 turns out to provide reasonable -message response times while making sure the mailing-list deliveries -are not extended by more than 20-25 percent even in the worst case. +message response times while making sure the mailing\-list deliveries +are not extended by more than 20\-25 percent even in the worst case. .PP Use \fItransport\fR_delivery_slot_cost to specify a -transport-specific override, where \fItransport\fR is the master.cf +transport\-specific override, where \fItransport\fR is the master.cf name of the message delivery transport. .PP Examples: @@ -1189,7 +1189,7 @@ default_delivery_slot_cost = 2 .ad .ft R .SH default_delivery_slot_discount (default: 50) -The default value for transport-specific _delivery_slot_discount +The default value for transport\-specific _delivery_slot_discount settings. .PP This parameter speeds up the moment when a message preemption can @@ -1201,10 +1201,10 @@ Note that the full amount will still have to be accumulated before another preemption can take place later. .PP Use \fItransport\fR_delivery_slot_discount to specify a -transport-specific override, where \fItransport\fR is the master.cf +transport\-specific override, where \fItransport\fR is the master.cf name of the message delivery transport. .SH default_delivery_slot_loan (default: 3) -The default value for transport-specific _delivery_slot_loan +The default value for transport\-specific _delivery_slot_loan settings. .PP This parameter speeds up the moment when a message preemption can @@ -1216,7 +1216,7 @@ Note that the full amount will still have to be accumulated before another preemption can take place later. .PP Use \fItransport\fR_delivery_slot_loan to specify a -transport-specific override, where \fItransport\fR is the master.cf +transport\-specific override, where \fItransport\fR is the master.cf name of the message delivery transport. .SH default_delivery_status_filter (default: empty) Optional filter to replace the delivery status code or explanatory @@ -1236,14 +1236,14 @@ to a recipient, the tables are queried in the specified order with one line of text that is structured as follows: .sp .in +4 -enhanced-status-code SPACE explanatory-text +enhanced\-status\-code SPACE explanatory\-text .in -4 .PP The first table match wins. The lookup result must have the same structure as the query, a successful status code (2.X.X) must be replaced with a successful status code, an unsuccessful status code (4.X.X or 5.X.X) must be replaced with an unsuccessful status -code, and the explanatory text field must be non-empty. Other results +code, and the explanatory text field must be non\-empty. Other results will result in a warning. .PP Example 1: convert specific soft TLS errors into hard errors, @@ -1279,7 +1279,7 @@ by overriding the first number in the enhanced status code. .ft R .in -4 .PP -Example 2: censor the per-recipient delivery status text so +Example 2: censor the per\-recipient delivery status text so that it does not reveal the destination command or filename when a remote sender requests confirmation of successful delivery. .sp @@ -1312,23 +1312,23 @@ This feature will NOT override the soft_bounce safety net. .IP \(bu This feature will change the enhanced status code and text that is logged to the maillog file, and that is reported to the -sender in delivery confirmation or non-delivery notifications. +sender in delivery confirmation or non\-delivery notifications. .br .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH default_destination_concurrency_failed_cohort_limit (default: 1) -How many pseudo-cohorts must suffer connection or handshake +How many pseudo\-cohorts must suffer connection or handshake failure before a specific destination is considered unavailable (and further delivery is suspended). Specify zero to disable this -feature. A destination's pseudo-cohort failure count is reset each +feature. A destination's pseudo\-cohort failure count is reset each time a delivery completes without connection or handshake failure for that specific destination. .PP -A pseudo-cohort is the number of deliveries equal to a destination's +A pseudo\-cohort is the number of deliveries equal to a destination's delivery concurrency. .PP Use \fItransport\fR_destination_concurrency_failed_cohort_limit to specify -a transport-specific override, where \fItransport\fR is the master.cf +a transport\-specific override, where \fItransport\fR is the master.cf name of the message delivery transport. .PP This feature is available in Postfix 2.5. The default setting @@ -1337,14 +1337,14 @@ is compatible with earlier Postfix versions. The default maximal number of parallel deliveries to the same destination. This is the default limit for delivery via the \fBlmtp\fR(8), \fBpipe\fR(8), \fBsmtp\fR(8) and \fBvirtual\fR(8) delivery agents. -With per-destination recipient limit > 1, a destination is a domain, +With per\-destination recipient limit > 1, a destination is a domain, otherwise it is a recipient. .PP Use \fItransport\fR_destination_concurrency_limit to specify a -transport-specific override, where \fItransport\fR is the master.cf +transport\-specific override, where \fItransport\fR is the master.cf name of the message delivery transport. .SH default_destination_concurrency_negative_feedback (default: 1) -The per-destination amount of delivery concurrency negative +The per\-destination amount of delivery concurrency negative feedback, after a delivery completes with a connection or handshake failure. Feedback values are in the range 0..1 inclusive. With negative feedback, concurrency is decremented at the beginning of @@ -1354,11 +1354,11 @@ where concurrency is incremented at the end of a sequence of length .PP As of Postfix version 2.5, negative feedback cannot reduce delivery concurrency to zero. Instead, a destination is marked -dead (further delivery suspended) after the failed pseudo-cohort +dead (further delivery suspended) after the failed pseudo\-cohort count reaches $default_destination_concurrency_failed_cohort_limit (or $\fItransport\fR_destination_concurrency_failed_cohort_limit). To make the scheduler completely immune to connection or handshake -failures, specify a zero feedback value and a zero failed pseudo-cohort +failures, specify a zero feedback value and a zero failed pseudo\-cohort limit. .PP Specify one of the following forms: @@ -1368,31 +1368,31 @@ Constant feedback. The value must be in the range 0..1 inclusive. The default setting of "1" is compatible with Postfix versions before 2.5, where a destination's delivery concurrency is throttled down to zero (and further delivery suspended) after a single failed -pseudo-cohort. +pseudo\-cohort. .br .IP "\fB\fInumber\fR / concurrency \fR" Variable feedback of "\fInumber\fR / (delivery concurrency)". The \fInumber\fR must be in the range 0..1 inclusive. With \fInumber\fR equal to "1", a destination's delivery concurrency -is decremented by 1 after each failed pseudo-cohort. +is decremented by 1 after each failed pseudo\-cohort. .br .br .PP -A pseudo-cohort is the number of deliveries equal to a destination's +A pseudo\-cohort is the number of deliveries equal to a destination's delivery concurrency. .PP Use \fItransport\fR_destination_concurrency_negative_feedback -to specify a transport-specific override, where \fItransport\fR +to specify a transport\-specific override, where \fItransport\fR is the master.cf name of the message delivery transport. .PP This feature is available in Postfix 2.5. The default setting is compatible with earlier Postfix versions. .SH default_destination_concurrency_positive_feedback (default: 1) -The per-destination amount of delivery concurrency positive +The per\-destination amount of delivery concurrency positive feedback, after a delivery completes without connection or handshake failure. Feedback values are in the range 0..1 inclusive. The -concurrency increases until it reaches the per-destination maximal +concurrency increases until it reaches the per\-destination maximal concurrency limit. With positive feedback, concurrency is incremented at the end of a sequence with length 1/feedback. This is unlike negative feedback, where concurrency is decremented at the start @@ -1404,42 +1404,42 @@ Specify one of the following forms: Constant feedback. The value must be in the range 0..1 inclusive. The default setting of "1" is compatible with Postfix versions before 2.5, where a destination's delivery concurrency -doubles after each successful pseudo-cohort. +doubles after each successful pseudo\-cohort. .br .IP "\fB\fInumber\fR / concurrency \fR" Variable feedback of "\fInumber\fR / (delivery concurrency)". The \fInumber\fR must be in the range 0..1 inclusive. With \fInumber\fR equal to "1", a destination's delivery concurrency -is incremented by 1 after each successful pseudo-cohort. +is incremented by 1 after each successful pseudo\-cohort. .br .br .PP -A pseudo-cohort is the number of deliveries equal to a destination's +A pseudo\-cohort is the number of deliveries equal to a destination's delivery concurrency. .PP Use \fItransport\fR_destination_concurrency_positive_feedback -to specify a transport-specific override, where \fItransport\fR +to specify a transport\-specific override, where \fItransport\fR is the master.cf name of the message delivery transport. .PP This feature is available in Postfix 2.5 and later. .SH default_destination_rate_delay (default: 0s) The default amount of delay that is inserted between individual deliveries to the same destination; the resulting behavior depends -on the value of the corresponding per-destination recipient limit. +on the value of the corresponding per\-destination recipient limit. .IP \(bu -With a corresponding per-destination recipient limit > +With a corresponding per\-destination recipient limit > 1, the rate delay specifies the time between deliveries to the \fIsame domain\fR. Different domains are delivered in parallel, subject to the process limits specified in master.cf. .IP \(bu -With a corresponding per-destination recipient limit equal +With a corresponding per\-destination recipient limit equal to 1, the rate delay specifies the time between deliveries to the \fIsame recipient\fR. Different recipients are delivered in parallel, subject to the process limits specified in master.cf. .br .PP -To enable the delay, specify a non-zero time value (an integral -value plus an optional one-letter suffix that specifies the time +To enable the delay, specify a non\-zero time value (an integral +value plus an optional one\-letter suffix that specifies the time unit). .PP Time units: s (seconds), m (minutes), h (hours), d (days), w @@ -1450,10 +1450,10 @@ timer state does not survive "\fBpostfix reload\fR" or "\fBpostfix stop\fR". .PP Use \fItransport\fR_destination_rate_delay to specify a -transport-specific override, where \fItransport\fR is the master.cf +transport\-specific override, where \fItransport\fR is the master.cf name of the message delivery transport. .PP -NOTE: with a non-zero _destination_rate_delay, specify a +NOTE: with a non\-zero _destination_rate_delay, specify a \fItransport\fR_destination_concurrency_failed_cohort_limit of 10 or more to prevent Postfix from deferring all mail for the same destination after only one connection or handshake error. @@ -1467,44 +1467,44 @@ This is the default limit for delivery via the \fBlmtp\fR(8), \fBpipe\fR(8), Setting this parameter to a value of 1 affects email deliveries as follows: .IP \(bu -It changes the meaning of the corresponding per-destination +It changes the meaning of the corresponding per\-destination concurrency limit, from concurrency of deliveries to the \fIsame domain\fR into concurrency of deliveries to the \fIsame recipient\fR. Different recipients are delivered in parallel, subject to the process limits specified in master.cf. .IP \(bu -It changes the meaning of the corresponding per-destination +It changes the meaning of the corresponding per\-destination rate delay, from the delay between deliveries to the \fIsame domain\fR into the delay between deliveries to the \fIsame recipient\fR. Again, different recipients are delivered in parallel, subject to the process limits specified in master.cf. .IP \(bu -It changes the meaning of other corresponding per-destination +It changes the meaning of other corresponding per\-destination settings in a similar manner, from settings for delivery to the \fIsame domain\fR into settings for delivery to the \fIsame recipient\fR. .br .PP Use \fItransport\fR_destination_recipient_limit to specify a -transport-specific override, where \fItransport\fR is the master.cf +transport\-specific override, where \fItransport\fR is the master.cf name of the message delivery transport. .SH default_extra_recipient_limit (default: 1000) -The default value for the extra per-transport limit imposed on the -number of in-memory recipients. This extra recipient space is +The default value for the extra per\-transport limit imposed on the +number of in\-memory recipients. This extra recipient space is reserved for the cases when the Postfix queue manager's scheduler preempts one message with another and suddenly needs some extra recipients slots for the chosen message in order to avoid performance degradation. .PP Use \fItransport\fR_extra_recipient_limit to specify a -transport-specific override, where \fItransport\fR is the master.cf +transport\-specific override, where \fItransport\fR is the master.cf name of the message delivery transport. .SH default_filter_nexthop (default: empty) When a content_filter or FILTER request specifies no explicit -next-hop destination, use $default_filter_nexthop instead; when +next\-hop destination, use $default_filter_nexthop instead; when that value is empty, use the domain in the recipient address. Specify "default_filter_nexthop = $myhostname" for compatibility -with Postfix version 2.6 and earlier, or specify an explicit next-hop +with Postfix version 2.6 and earlier, or specify an explicit next\-hop destination with each content_filter value or FILTER action. .PP This feature is available in Postfix 2.7 and later. @@ -1515,7 +1515,7 @@ which would never accumulate at least this many delivery slots (subject to slot cost parameter as well) are never preempted. .PP Use \fItransport\fR_minimum_delivery_slots to specify a -transport-specific override, where \fItransport\fR is the master.cf +transport\-specific override, where \fItransport\fR is the master.cf name of the message delivery transport. .SH default_privs (default: nobody) The default rights used by the \fBlocal\fR(8) delivery agent for delivery @@ -1527,9 +1527,9 @@ PRIVILEGED USER OR THE POSTFIX OWNER\fR. The default maximal number of Postfix child processes that provide a given service. This limit can be overruled for specific services in the master.cf file. -.SH default_rbl_reply (default: see "postconf -d" output) +.SH default_rbl_reply (default: see "postconf \-d" output) The default Postfix SMTP server response template for a request that is -rejected by an RBL-based restriction. This template can be overruled +rejected by an RBL\-based restriction. This template can be overruled by specific entries in the optional rbl_reply_maps lookup table. .PP This feature is available in Postfix 2.0 and later. @@ -1546,7 +1546,7 @@ The client hostname or "unknown". See reject_unknown_client_hostname for more details. .br .IP "\fB$reverse_client_name\fR" -The client hostname from address->name lookup, or "unknown". +The client hostname from address\->name lookup, or "unknown". See reject_unknown_reverse_client_hostname for more details. .br .IP "\fB$helo_name\fR" @@ -1607,50 +1607,50 @@ are needed when the same RBL reply template is used for client, helo, sender, or recipient access restrictions. .IP \(bu When rejecting a sender address, the Postfix SMTP server -will transform a recipient DSN status (e.g., 4.1.1-4.1.6) into the +will transform a recipient DSN status (e.g., 4.1.1\-4.1.6) into the corresponding sender DSN status, and vice versa. .IP \(bu -When rejecting non-address information (such as the HELO +When rejecting non\-address information (such as the HELO command argument or the client hostname/address), the Postfix SMTP server will transform a sender or recipient DSN status into a generic -non-address DSN status (e.g., 4.0.0). +non\-address DSN status (e.g., 4.0.0). .br .SH default_recipient_limit (default: 20000) -The default per-transport upper limit on the number of in-memory +The default per\-transport upper limit on the number of in\-memory recipients. These limits take priority over the global qmgr_message_recipient_limit after the message has been assigned to the respective transports. See also default_extra_recipient_limit and qmgr_message_recipient_minimum. .PP Use \fItransport\fR_recipient_limit to specify a -transport-specific override, where \fItransport\fR is the master.cf +transport\-specific override, where \fItransport\fR is the master.cf name of the message delivery transport. .SH default_recipient_refill_delay (default: 5s) -The default per-transport maximum delay between recipients refills. +The default per\-transport maximum delay between recipients refills. When not all message recipients fit into the memory at once, keep loading more of them at least once every this many seconds. This is used to make sure the recipients are refilled in timely manner even when $default_recipient_refill_limit is too high for too slow deliveries. .PP Use \fItransport\fR_recipient_refill_delay to specify a -transport-specific override, where \fItransport\fR is the master.cf +transport\-specific override, where \fItransport\fR is the master.cf name of the message delivery transport. .PP This feature is available in Postfix 2.4 and later. .SH default_recipient_refill_limit (default: 100) -The default per-transport limit on the number of recipients refilled at +The default per\-transport limit on the number of recipients refilled at once. When not all message recipients fit into the memory at once, keep loading more of them in batches of at least this many at a time. See also $default_recipient_refill_delay, which may result in recipient batches lower than this when this limit is too high for too slow deliveries. .PP Use \fItransport\fR_recipient_refill_limit to specify a -transport-specific override, where \fItransport\fR is the master.cf +transport\-specific override, where \fItransport\fR is the master.cf name of the message delivery transport. .PP This feature is available in Postfix 2.4 and later. .SH default_transport (default: smtp) -The default mail delivery transport and next-hop destination for +The default mail delivery transport and next\-hop destination for destinations that do not match $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, or $relay_domains. This information can be overruled with the @@ -1679,7 +1679,7 @@ default_transport = uucp:relayhostname .SH default_verp_delimiters (default: +=) The two default VERP delimiter characters. These are used when no explicit delimiters are specified with the SMTP XVERP command -or with the "\fBsendmail -V\fR" command-line option. Specify +or with the "\fBsendmail \-V\fR" command\-line option. Specify characters that are allowed by the verp_delimiter_filter setting. .PP This feature is available in Postfix 1.1 and later. @@ -1691,12 +1691,12 @@ Do not change this unless you have a complete understanding of RFC 5321. .SH defer_service_name (default: defer) The name of the defer service. This service is implemented by the \fBbounce\fR(8) daemon and maintains a record -of failed delivery attempts and generates non-delivery notifications. +of failed delivery attempts and generates non\-delivery notifications. .PP This feature is available in Postfix 2.0 and later. .SH defer_transports (default: empty) The names of message delivery transports that should not deliver mail -unless someone issues "\fBsendmail -q\fR" or equivalent. Specify zero +unless someone issues "\fBsendmail \-q\fR" or equivalent. Specify zero or more names of mail delivery transports names that appear in the first field of master.cf. .PP @@ -1711,11 +1711,11 @@ defer_transports = smtp .ft R .SH delay_logging_resolution_limit (default: 2) The maximal number of digits after the decimal point when logging -sub-second delay values. Specify a number in the range 0..6. +sub\-second delay values. Specify a number in the range 0..6. .PP Large delay values are rounded off to an integral number seconds; delay values below the delay_logging_resolution_limit are logged -as "0", and delay values under 100s are logged with at most two-digit +as "0", and delay values under 100s are logged with at most two\-digit precision. .PP The format of the "delays=a/b/c/d" logging is as follows: @@ -1741,8 +1741,8 @@ The time after which the sender receives a copy of the message headers of mail that is still queued. The confirm_delay_cleared parameter controls sender notification when the delay clears up. .PP -To enable this feature, specify a non-zero time value (an integral -value plus an optional one-letter suffix that specifies the time +To enable this feature, specify a non\-zero time value (an integral +value plus an optional one\-letter suffix that specifies the time unit). .PP Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). @@ -1765,8 +1765,8 @@ analysis purposes. This feature is available in Postfix 2.5 and later. .SH detect_8bit_encoding_header (default: yes) Automatically detect 8BITMIME body content by looking at -Content-Transfer-Encoding: message headers; historically, this -behavior was hard-coded to be "always on". +Content\-Transfer\-Encoding: message headers; historically, this +behavior was hard\-coded to be "always on". .PP This feature is available in Postfix 2.5 and later. .SH disable_dns_lookups (default: no) @@ -1779,7 +1779,7 @@ instead. DNS lookups are enabled by default. .SH disable_mime_input_processing (default: no) Turn off MIME processing while receiving mail. This means that no -special treatment is given to Content-Type: message headers, and +special treatment is given to Content\-Type: message headers, and that all text after the initial message headers is considered to be part of the message body. .PP @@ -1825,7 +1825,7 @@ This feature is available in Postfix 2.8 and later. Don't remove queue files and save them to the "saved" mail queue. This is a debugging aid. To inspect the envelope information and content of a Postfix queue file, use the \fBpostcat\fR(1) command. -.SH double_bounce_sender (default: double-bounce) +.SH double_bounce_sender (default: double\-bounce) The sender address of postmaster notifications that are generated by the mail system. All mail to this address is silently discarded, in order to terminate mail bounce loops. @@ -1838,7 +1838,7 @@ The sender_dependent_default_transport_maps search string that will be used instead of the null sender address. .PP This feature is available in Postfix 2.7 and later. -.SH empty_address_recipient (default: MAILER-DAEMON) +.SH empty_address_recipient (default: MAILER\-DAEMON) The recipient of mail addressed to the null address. Postfix does not accept such addresses in SMTP commands, but they may still be created locally as the result of configuration or software error. @@ -1851,13 +1851,13 @@ earlier versions, sender_dependent_relayhost_maps lookups were skipped for the null sender address. .SH enable_errors_to (default: no) Report mail delivery errors to the address specified with the -non-standard Errors-To: message header, instead of the envelope +non\-standard Errors\-To: message header, instead of the envelope sender address (this feature is removed with Postfix version 2.2, is turned off by default with Postfix version 2.1, and is always turned on with older Postfix versions). .SH enable_long_queue_ids (default: no) -Enable long, non-repeating, queue IDs (queue file names). The -benefit of non-repeating names is simpler logfile analysis and +Enable long, non\-repeating, queue IDs (queue file names). The +benefit of non\-repeating names is simpler logfile analysis and easier queue migration (there is no need to run "postsuper" to change queue file names that don't match their message file inode number). @@ -1870,19 +1870,19 @@ Changing the parameter value to "yes" has the following effects: Existing queue file names are not affected. .IP \(bu New queue files are created with names such as 3Pt2mN2VXxznjll. -These are encoded in a 52-character alphabet that contains digits -(0-9), upper-case letters (B-Z) and lower-case letters (b-z). For +These are encoded in a 52\-character alphabet that contains digits +(0\-9), upper\-case letters (B\-Z) and lower\-case letters (b\-z). For safety reasons the vowels (AEIOUaeiou) are excluded from the alphabet. The name format is: 6 or more characters for the time in seconds, 4 characters for the time in microseconds, the 'z'; the remainder is the file inode number encoded in the first 51 characters of the -52-character alphabet. +52\-character alphabet. .IP \(bu -New messages have a Message-ID header with +New messages have a Message\-ID header with \fIqueueID\fR@\fImyhostname\fR. .IP \(bu -The mailq (postqueue -p) output has a wider Queue ID column. -The number of whitespace-separated fields is not changed. +The mailq (postqueue \-p) output has a wider Queue ID column. +The number of whitespace\-separated fields is not changed. .IP \(bu The hash_queue_depth algorithm uses the first characters of the queue file creation time in microseconds, after conversion @@ -1897,16 +1897,16 @@ Existing long queue file names are renamed to the short form (while running "postfix reload" or "postsuper"). .IP \(bu New queue files are created with names such as C3CD21F3E90 -from a hexadecimal alphabet that contains digits (0-9) and upper-case -letters (A-F). The name format is: 5 characters for the time in +from a hexadecimal alphabet that contains digits (0\-9) and upper\-case +letters (A\-F). The name format is: 5 characters for the time in microseconds; the remainder is the file inode number. .IP \(bu -New messages have a Message-ID header with +New messages have a Message\-ID header with \fIYYYYMMDDHHMMSS.queueid\fR@\fImyhostname\fR, where \fIYYYYMMDDHHMMSS\fR are the year, month, day, hour, minute and second. .IP \(bu -The mailq (postqueue -p) output has the same format as +The mailq (postqueue \-p) output has the same format as with Postfix <= 2.8. .IP \(bu The hash_queue_depth algorithm uses the first characters @@ -1932,12 +1932,12 @@ name changes. .PP This feature is available in Postfix 2.9 and later. .SH enable_original_recipient (default: yes) -Enable support for the X-Original-To message header. This header -is needed for multi-recipient mailboxes. +Enable support for the X\-Original\-To message header. This header +is needed for multi\-recipient mailboxes. .PP When this parameter is set to yes, the \fBcleanup\fR(8) daemon performs duplicate elimination on distinct pairs of (original recipient, -rewritten recipient), and generates non-empty original recipient +rewritten recipient), and generates non\-empty original recipient queue file records. .PP When this parameter is set to no, the \fBcleanup\fR(8) daemon performs @@ -1945,8 +1945,8 @@ duplicate elimination on the rewritten recipient address only, and generates empty original recipient queue file records. .PP This feature is available in Postfix 2.1 and later. With Postfix -version 2.0, support for the X-Original-To message header is always turned -on. Postfix versions before 2.0 have no support for the X-Original-To +version 2.0, support for the X\-Original\-To message header is always turned +on. Postfix versions before 2.0 have no support for the X\-Original\-To message header. .SH error_notice_recipient (default: postmaster) The recipient of postmaster notifications about mail delivery @@ -1958,27 +1958,27 @@ The name of the \fBerror\fR(8) pseudo delivery agent. This service always returns mail as undeliverable. .PP This feature is available in Postfix 2.0 and later. -.SH execution_directory_expansion_filter (default: see "postconf -d" output) +.SH execution_directory_expansion_filter (default: see "postconf \-d" output) Restrict the characters that the \fBlocal\fR(8) delivery agent allows in $name expansions of $command_execution_directory. Characters outside the allowed set are replaced by underscores. .PP This feature is available in Postfix 2.2 and later. .SH expand_owner_alias (default: no) -When delivering to an alias "aliasname" that has an "owner-aliasname" +When delivering to an alias "aliasname" that has an "owner\-aliasname" companion alias, set the envelope sender address to the expansion -of the "owner-aliasname" alias. Normally, Postfix sets the envelope -sender address to the name of the "owner-aliasname" alias. -.SH export_environment (default: see "postconf -d" output) +of the "owner\-aliasname" alias. Normally, Postfix sets the envelope +sender address to the name of the "owner\-aliasname" alias. +.SH export_environment (default: see "postconf \-d" output) The list of environment variables that a Postfix process will export -to non-Postfix processes. The TZ variable is needed for sane -time keeping on System-V-ish systems. +to non\-Postfix processes. The TZ variable is needed for sane +time keeping on System\-V\-ish systems. .PP Specify a list of names and/or name=value pairs, separated by whitespace or comma. Specify "{ name=value }" to protect whitespace or comma in parameter values (whitespace after "{" and before "}" is ignored). The form name=value is supported with Postfix version -2.1 and later; the use of {} is supported with Postfix 2.12 and +2.1 and later; the use of {} is supported with Postfix 3.0 and later. .PP Example: @@ -1992,7 +1992,7 @@ export_environment = TZ PATH=/bin:/usr/bin .ft R .SH extract_recipient_limit (default: 10240) The maximal number of recipient addresses that Postfix will extract -from message headers when mail is submitted with "\fBsendmail -t\fR". +from message headers when mail is submitted with "\fBsendmail \-t\fR". .PP This feature was removed in Postfix version 2.1. .SH fallback_relay (default: empty) @@ -2016,11 +2016,11 @@ is unavailable. .IP \(bu In main.cf specify "relay_transport = relay", .IP \(bu -In master.cf specify "-o fallback_relay =" (i.e., empty) at +In master.cf specify "\-o fallback_relay =" (i.e., empty) at the end of the relay entry. .IP \(bu In transport maps, specify "relay:\fInexthop...\fR" -as the right-hand side for backup or primary MX domain entries. +as the right\-hand side for backup or primary MX domain entries. .br .PP Postfix version 2.2 and later will not use the fallback_relay feature @@ -2035,7 +2035,7 @@ is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, fallback_transport_maps, fallback_transport and luser_relay. .SH fallback_transport_maps (default: empty) -Optional lookup tables with per-recipient message delivery +Optional lookup tables with per\-recipient message delivery transports for recipients that the \fBlocal\fR(8) delivery agent could not find in the \fBaliases\fR(5) or UNIX password database. .PP @@ -2049,7 +2049,7 @@ substitutions in regular expression maps. .PP This feature is available in Postfix 2.3 and later. .SH fast_flush_domains (default: $relay_domains) -Optional list of destinations that are eligible for per-destination +Optional list of destinations that are eligible for per\-destination logfiles with mail that is queued to those destinations. .PP By default, Postfix maintains "fast flush" logfiles only for @@ -2071,14 +2071,14 @@ parameter value. Specify "fast_flush_domains =" (i.e., empty) to disable the feature altogether. .SH fast_flush_purge_time (default: 7d) -The time after which an empty per-destination "fast flush" logfile +The time after which an empty per\-destination "fast flush" logfile is deleted. .PP You can specify the time as a number, or as a number followed by a letter that indicates the time unit: s=seconds, m=minutes, h=hours, d=days, w=weeks. The default time unit is days. .SH fast_flush_refresh_time (default: 12h) -The time after which a non-empty but unread per-destination "fast +The time after which a non\-empty but unread per\-destination "fast flush" logfile needs to be refreshed. The contents of a logfile are refreshed by requesting delivery of all messages listed in the logfile. @@ -2090,7 +2090,7 @@ d=days, w=weeks. The default time unit is hours. Force specific internal tests to fail, to test the handling of errors that are difficult to reproduce otherwise. .SH flush_service_name (default: flush) -The name of the \fBflush\fR(8) service. This service maintains per-destination +The name of the \fBflush\fR(8) service. This service maintains per\-destination logfiles with the queue file names of mail that is queued for those destinations. .PP @@ -2102,13 +2102,13 @@ The delay between attempts to fork() a child process. .PP Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). -.SH forward_expansion_filter (default: see "postconf -d" output) +.SH forward_expansion_filter (default: see "postconf \-d" output) Restrict the characters that the \fBlocal\fR(8) delivery agent allows in $name expansions of $forward_path. Characters outside the allowed set are replaced by underscores. -.SH forward_path (default: see "postconf -d" output) +.SH forward_path (default: see "postconf \-d" output) The \fBlocal\fR(8) delivery agent search list for finding a .forward -file with user-specified delivery methods. The first file that is +file with user\-specified delivery methods. The first file that is found is used. .PP The following $name expansions are done on forward_path before @@ -2138,11 +2138,11 @@ The entire recipient localpart. .br .IP "\fB$recipient_delimiter\fR" The address extension delimiter that was found in the recipient -address (Postfix 2.11 and later), or the system-wide recipient +address (Postfix 2.11 and later), or the system\-wide recipient address extension delimiter (Postfix 2.10 and earlier). .br .IP "\fB${name?value}\fR" -Expands to \fIvalue\fR when \fI$name\fR is non-empty. +Expands to \fIvalue\fR when \fI$name\fR is non\-empty. .br .IP "\fB${name:value}\fR" Expands to \fIvalue\fR when \fI$name\fR is empty. @@ -2164,21 +2164,21 @@ forward_path = .ad .ft R .SH frozen_delivered_to (default: yes) -Update the \fBlocal\fR(8) delivery agent's idea of the Delivered-To: +Update the \fBlocal\fR(8) delivery agent's idea of the Delivered\-To: address (see prepend_delivered_header) only once, at the start of -a delivery attempt; do not update the Delivered-To: address while +a delivery attempt; do not update the Delivered\-To: address while expanding aliases or .forward files. .PP This feature is available in Postfix 2.3 and later. With older Postfix releases, the behavior is as if this parameter is set to "no". The old setting can be expensive with deeply nested aliases or .forward files. When an alias or .forward file changes the -Delivered-To: address, it ties up one queue file and one cleanup +Delivered\-To: address, it ties up one queue file and one cleanup process instance while mail is being forwarded. .SH hash_queue_depth (default: 1) The number of subdirectory levels for queue directories listed with the hash_queue_names parameter. Queue hashing is implemented by -creating one or more levels of directories with one-character names. +creating one or more levels of directories with one\-character names. Originally, these directory names were equal to the first characters of the queue file name, with the hexadecimal representation of the file creation time in microseconds. @@ -2209,7 +2209,7 @@ The maximal number of address tokens are allowed in an address message header. Information that exceeds the limit is discarded. The limit is enforced by the \fBcleanup\fR(8) server. .SH header_checks (default: empty) -Optional lookup tables for content inspection of primary non-MIME +Optional lookup tables for content inspection of primary non\-MIME message headers, as specified in the \fBheader_checks\fR(5) manual page. .SH header_size_limit (default: 102400) The maximal amount of memory in bytes for storing a message header. @@ -2224,7 +2224,7 @@ This feature is available in Postfix 2.0 and later. Optional pathname of a mailbox file relative to a \fBlocal\fR(8) user's home directory. .PP -Specify a pathname ending in "/" for qmail-style delivery. +Specify a pathname ending in "/" for qmail\-style delivery. .PP The precedence of \fBlocal\fR(8) delivery features from high to low is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, @@ -2245,7 +2245,7 @@ home_mailbox = Maildir/ The maximal number of Received: message headers that is allowed in the primary message headers. A message that exceeds the limit is bounced, in order to stop a mailer loop. -.SH html_directory (default: see "postconf -d" output) +.SH html_directory (default: see "postconf \-d" output) The location of Postfix HTML files that describe how to build, configure or operate a specific Postfix subsystem or feature. .SH ignore_mx_lookup_error (default: no) @@ -2255,22 +2255,22 @@ delay. This behavior is required by the SMTP standard. .PP Specify "ignore_mx_lookup_error = yes" to force a DNS A record lookup instead. This violates the SMTP standard and can result in -mis-delivery of mail. -.SH import_environment (default: see "postconf -d" output) +mis\-delivery of mail. +.SH import_environment (default: see "postconf \-d" output) The list of environment parameters that a Postfix process will -import from a non-Postfix parent process. Examples of relevant +import from a non\-Postfix parent process. Examples of relevant parameters: .IP "\fBTZ\fR" -Needed for sane time keeping on most System-V-ish systems. +Needed for sane time keeping on most System\-V\-ish systems. .br .IP "\fBDISPLAY\fR" -Needed for debugging Postfix daemons with an X-windows debugger. +Needed for debugging Postfix daemons with an X\-windows debugger. .br .IP "\fBXAUTHORITY\fR" -Needed for debugging Postfix daemons with an X-windows debugger. +Needed for debugging Postfix daemons with an X\-windows debugger. .br .IP "\fBMAIL_CONFIG\fR" -Needed to make "\fBpostfix -c\fR" work. +Needed to make "\fBpostfix \-c\fR" work. .br .br .PP @@ -2278,7 +2278,7 @@ Specify a list of names and/or name=value pairs, separated by whitespace or comma. Specify "{ name=value }" to protect whitespace or comma in parameter values (whitespace after "{" and before "}" is ignored). The form name=value is supported with Postfix version -2.1 and later; the use of {} is supported with Postfix 2.12 and +2.1 and later; the use of {} is supported with Postfix 3.0 and later. .SH in_flow_delay (default: 1s) Time to pause before accepting a new message, when the message @@ -2293,7 +2293,7 @@ Specify 0 to disable the feature. Valid delays are 0..10. .SH inet_interfaces (default: all) The network interface addresses that this mail system receives mail on. Specify "all" to receive mail on all network -interfaces (default), and "loopback-only" to receive mail +interfaces (default), and "loopback\-only" to receive mail on loopback network interfaces only (Postfix version 2.2 and later). The parameter also controls delivery of mail to user@[ip.address]. .PP @@ -2307,7 +2307,7 @@ that is not a loopback address, the Postfix SMTP client will use this address as the IP source address for outbound mail. Support for IPv6 is available in Postfix version 2.2 and later. .PP -On a multi-homed firewall with separate Postfix instances listening on the +On a multi\-homed firewall with separate Postfix instances listening on the "inside" and "outside" interfaces, this can prevent each instance from being able to reach remote SMTP servers on the "other side" of the firewall. Setting @@ -2315,7 +2315,7 @@ smtp_bind_address to 0.0.0.0 avoids the potential problem for IPv4, and setting smtp_bind_address6 to :: solves the problem for IPv6. .PP -A better solution for multi-homed firewalls is to leave inet_interfaces +A better solution for multi\-homed firewalls is to leave inet_interfaces at the default value and instead use explicit IP addresses in the master.cf SMTP server definitions. This preserves the Postfix SMTP client's @@ -2335,7 +2335,7 @@ Examples: .na .ft C inet_interfaces = all (DEFAULT) -inet_interfaces = loopback-only (Postfix version 2.2 and later) +inet_interfaces = loopback\-only (Postfix version 2.2 and later) inet_interfaces = 127.0.0.1 inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later) inet_interfaces = 192.168.1.2, 127.0.0.1 @@ -2360,7 +2360,7 @@ This feature is available in Postfix 2.2 and later. Note: you MUST stop and start Postfix after changing this parameter. .PP -On systems that pre-date IPV6_V6ONLY support (RFC 3493), an +On systems that pre\-date IPV6_V6ONLY support (RFC 3493), an IPv6 server will also accept IPv4 connections, even when IPv4 is turned off with the inet_protocols parameter. On systems with IPV6_V6ONLY support, Postfix will use separate server sockets for @@ -2369,8 +2369,8 @@ corresponding protocol. .PP When IPv4 support is enabled via the inet_protocols parameter, Postfix will look up DNS type A records, and will convert -IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original -IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date +IPv4\-in\-IPv6 client IP addresses (::ffff:1.2.3.4) to their original +IPv4 form (1.2.3.4). The latter is needed on hosts that pre\-date IPV6_V6ONLY support (RFC 3493). .PP When IPv6 support is enabled via the inet_protocols parameter, @@ -2394,20 +2394,20 @@ inet_protocols = ipv4, ipv6 .ad .ft R .SH initial_destination_concurrency (default: 5) -The initial per-destination concurrency level for parallel delivery +The initial per\-destination concurrency level for parallel delivery to the same destination. -With per-destination recipient limit > 1, a destination is a domain, +With per\-destination recipient limit > 1, a destination is a domain, otherwise it is a recipient. .PP Use \fItransport\fR_initial_destination_concurrency to specify -a transport-specific override, where \fItransport\fR is the master.cf +a transport\-specific override, where \fItransport\fR is the master.cf name of the message delivery transport (Postfix 2.5 and later). .PP Warning: with concurrency of 1, one bad message can be enough to block all mail to a site. .SH internal_mail_filter_classes (default: empty) -What categories of Postfix-generated mail are subject to -before-queue content inspection by non_smtpd_milters, header_checks +What categories of Postfix\-generated mail are subject to +before\-queue content inspection by non_smtpd_milters, header_checks and body_checks. Specify zero or more of the following, separated by whitespace or comma. .IP "\fBbounce\fR" @@ -2421,7 +2421,7 @@ notifications by the \fBsmtp\fR(8) and \fBsmtpd\fR(8) processes. .br .PP NOTE: It's generally not safe to enable content inspection of -Postfix-generated email messages. The user is warned. +Postfix\-generated email messages. The user is warned. .PP This feature is available in Postfix 2.3 and later. .SH invalid_hostname_reject_code (default: 501) @@ -2468,34 +2468,34 @@ a database becomes full, its size limit is doubled. .PP This feature is available in Postfix 2.11 and later. .SH lmtp_address_preference (default: ipv6) -The LMTP-specific version of the smtp_address_preference +The LMTP\-specific version of the smtp_address_preference configuration parameter. See there for details. .PP This feature is available in Postfix 2.8 and later. .SH lmtp_address_verify_target (default: rcpt) -The LMTP-specific version of the smtp_dns_support_level +The LMTP\-specific version of the smtp_dns_support_level configuration parameter. See there for details. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH lmtp_assume_final (default: no) When a remote LMTP server announces no DSN support, assume that the server performs final delivery, and send "delivered" delivery status notifications instead of "relayed". The default setting is backwards compatible to avoid the infinitesimal possibility of breaking -existing LMTP-based content filters. +existing LMTP\-based content filters. .SH lmtp_bind_address (default: empty) -The LMTP-specific version of the smtp_bind_address configuration +The LMTP\-specific version of the smtp_bind_address configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_bind_address6 (default: empty) -The LMTP-specific version of the smtp_bind_address6 configuration +The LMTP\-specific version of the smtp_bind_address6 configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_body_checks (default: empty) -The LMTP-specific version of the smtp_body_checks configuration +The LMTP\-specific version of the smtp_body_checks configuration parameter. See there for details. .PP This feature is available in Postfix 2.5 and later. @@ -2519,7 +2519,7 @@ specified with the Postfix max_idle configuration parameter. A delivery request specifies a different destination than the one currently cached. .IP \(bu -The per-process limit on the number of delivery requests is +The per\-process limit on the number of delivery requests is reached. This limit is specified with the Postfix max_use configuration parameter. .IP \(bu @@ -2532,13 +2532,13 @@ Most of these limitations have been with the Postfix a connection cache that is shared among multiple LMTP client programs. .SH lmtp_cname_overrides_servername (default: yes) -The LMTP-specific version of the smtp_cname_overrides_servername +The LMTP\-specific version of the smtp_cname_overrides_servername configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_connect_timeout (default: 0s) The Postfix LMTP client time limit for completing a TCP connection, or -zero (use the operating system built-in time limit). When no +zero (use the operating system built\-in time limit). When no connection can be made within the deadline, the LMTP client tries the next address on the mail exchanger list. .PP @@ -2555,28 +2555,28 @@ lmtp_connect_timeout = 30s .ad .ft R .SH lmtp_connection_cache_destinations (default: empty) -The LMTP-specific version of the smtp_connection_cache_destinations +The LMTP\-specific version of the smtp_connection_cache_destinations configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_connection_cache_on_demand (default: yes) -The LMTP-specific version of the smtp_connection_cache_on_demand +The LMTP\-specific version of the smtp_connection_cache_on_demand configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_connection_cache_time_limit (default: 2s) -The LMTP-specific version of the +The LMTP\-specific version of the smtp_connection_cache_time_limit configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_connection_reuse_count_limit (default: 0) -The LMTP-specific version of the smtp_connection_reuse_count_limit +The LMTP\-specific version of the smtp_connection_reuse_count_limit configuration parameter. See there for details. .PP This feature is available in Postfix 2.11 and later. .SH lmtp_connection_reuse_time_limit (default: 300s) -The LMTP-specific version of the smtp_connection_reuse_time_limit +The LMTP\-specific version of the smtp_connection_reuse_time_limit configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. @@ -2604,15 +2604,15 @@ the LMTP client terminates the transfer. Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). .SH lmtp_defer_if_no_mx_address_found (default: no) -The LMTP-specific version of the smtp_defer_if_no_mx_address_found +The LMTP\-specific version of the smtp_defer_if_no_mx_address_found configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_delivery_status_filter (default: empty) -The LMTP-specific version of the smtp_delivery_status_filter +The LMTP\-specific version of the smtp_delivery_status_filter configuration parameter. See there for details. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH lmtp_destination_concurrency_limit (default: $default_destination_concurrency_limit) The maximal number of parallel deliveries to the same destination via the lmtp message delivery transport. This limit is enforced by @@ -2647,7 +2647,7 @@ This feature is available in Postfix 2.3 and later. .PP Notes: .IP \(bu -Specify the \fBsilent-discard\fR pseudo keyword to prevent +Specify the \fBsilent\-discard\fR pseudo keyword to prevent this action from being logged. .IP \(bu Use the lmtp_discard_lhlo_keyword_address_maps feature to @@ -2657,34 +2657,34 @@ discard LHLO keywords selectively. Optional filter for Postfix LMTP client DNS lookup results. See smtp_dns_reply_filter for details including an example. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH lmtp_dns_resolver_options (default: empty) -The LMTP-specific version of the smtp_dns_resolver_options +The LMTP\-specific version of the smtp_dns_resolver_options configuration parameter. See there for details. .PP This feature is available in Postfix 2.8 and later. .SH lmtp_dns_support_level (default: empty) -The LMTP-specific version of the smtp_dns_support_level +The LMTP\-specific version of the smtp_dns_support_level configuration parameter. See there for details. .PP This feature is available in Postfix 2.11 and later. .SH lmtp_enforce_tls (default: no) -The LMTP-specific version of the smtp_enforce_tls configuration +The LMTP\-specific version of the smtp_enforce_tls configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_generic_maps (default: empty) -The LMTP-specific version of the smtp_generic_maps configuration +The LMTP\-specific version of the smtp_generic_maps configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_header_checks (default: empty) -The LMTP-specific version of the smtp_header_checks configuration +The LMTP\-specific version of the smtp_header_checks configuration parameter. See there for details. .PP This feature is available in Postfix 2.5 and later. .SH lmtp_host_lookup (default: dns) -The LMTP-specific version of the smtp_host_lookup configuration +The LMTP\-specific version of the smtp_host_lookup configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. @@ -2703,7 +2703,7 @@ client, for example: .na .ft C /etc/postfix/master.cf: - mylmtp ... lmtp -o lmtp_lhlo_name=foo.bar.com + mylmtp ... lmtp \-o lmtp_lhlo_name=foo.bar.com .fi .ad .ft R @@ -2717,7 +2717,7 @@ and for receiving the initial remote LMTP server response. Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). .SH lmtp_line_length_limit (default: 990) -The LMTP-specific version of the smtp_line_length_limit +The LMTP\-specific version of the smtp_line_length_limit configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. @@ -2728,47 +2728,47 @@ and for receiving the remote LMTP server response. Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). .SH lmtp_mime_header_checks (default: empty) -The LMTP-specific version of the smtp_mime_header_checks +The LMTP\-specific version of the smtp_mime_header_checks configuration parameter. See there for details. .PP This feature is available in Postfix 2.5 and later. .SH lmtp_mx_address_limit (default: 5) -The LMTP-specific version of the smtp_mx_address_limit configuration +The LMTP\-specific version of the smtp_mx_address_limit configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_mx_session_limit (default: 2) -The LMTP-specific version of the smtp_mx_session_limit configuration +The LMTP\-specific version of the smtp_mx_session_limit configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_nested_header_checks (default: empty) -The LMTP-specific version of the smtp_nested_header_checks +The LMTP\-specific version of the smtp_nested_header_checks configuration parameter. See there for details. .PP This feature is available in Postfix 2.5 and later. .SH lmtp_per_record_deadline (default: no) -The LMTP-specific version of the smtp_per_record_deadline +The LMTP\-specific version of the smtp_per_record_deadline configuration parameter. See there for details. .PP This feature is available in Postfix 2.9 and later. .SH lmtp_pix_workaround_delay_time (default: 10s) -The LMTP-specific version of the smtp_pix_workaround_delay_time +The LMTP\-specific version of the smtp_pix_workaround_delay_time configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_pix_workaround_maps (default: empty) -The LMTP-specific version of the smtp_pix_workaround_maps +The LMTP\-specific version of the smtp_pix_workaround_maps configuration parameter. See there for details. .PP This feature is available in Postfix 2.4 and later. .SH lmtp_pix_workaround_threshold_time (default: 500s) -The LMTP-specific version of the smtp_pix_workaround_threshold_time +The LMTP\-specific version of the smtp_pix_workaround_threshold_time configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_pix_workarounds (default: empty) -The LMTP-specific version of the smtp_pix_workaround +The LMTP\-specific version of the smtp_pix_workaround configuration parameter. See there for details. .PP This feature is available in Postfix 2.4 and later. @@ -2779,12 +2779,12 @@ and for receiving the remote LMTP server response. Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). .SH lmtp_quote_rfc821_envelope (default: yes) -The LMTP-specific version of the smtp_quote_rfc821_envelope +The LMTP\-specific version of the smtp_quote_rfc821_envelope configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_randomize_addresses (default: yes) -The LMTP-specific version of the smtp_randomize_addresses +The LMTP\-specific version of the smtp_randomize_addresses configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. @@ -2795,7 +2795,7 @@ and for receiving the remote LMTP server response. Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). .SH lmtp_reply_filter (default: empty) -The LMTP-specific version of the smtp_reply_filter +The LMTP\-specific version of the smtp_reply_filter configuration parameter. See there for details. .PP This feature is available in Postfix 2.7 and later. @@ -2809,24 +2809,24 @@ cached connection is still alive. Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). .SH lmtp_sasl_auth_cache_name (default: empty) -The LMTP-specific version of the smtp_sasl_auth_cache_name +The LMTP\-specific version of the smtp_sasl_auth_cache_name configuration parameter. See there for details. .PP This feature is available in Postfix 2.5 and later. .SH lmtp_sasl_auth_cache_time (default: 90d) -The LMTP-specific version of the smtp_sasl_auth_cache_time +The LMTP\-specific version of the smtp_sasl_auth_cache_time configuration parameter. See there for details. .PP This feature is available in Postfix 2.5 and later. .SH lmtp_sasl_auth_enable (default: no) Enable SASL authentication in the Postfix LMTP client. .SH lmtp_sasl_auth_soft_bounce (default: yes) -The LMTP-specific version of the smtp_sasl_auth_soft_bounce +The LMTP\-specific version of the smtp_sasl_auth_soft_bounce configuration parameter. See there for details. .PP This feature is available in Postfix 2.5 and later. .SH lmtp_sasl_mechanism_filter (default: empty) -The LMTP-specific version of the smtp_sasl_mechanism_filter +The LMTP\-specific version of the smtp_sasl_mechanism_filter configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. @@ -2836,8 +2836,8 @@ per host or domain. If a remote host or domain has no username:password entry, then the Postfix LMTP client will not attempt to authenticate to the remote host. .SH lmtp_sasl_path (default: empty) -Implementation-specific information that is passed through to -the SASL plug-in implementation that is selected with +Implementation\-specific information that is passed through to +the SASL plug\-in implementation that is selected with \fBlmtp_sasl_type\fR. Typically this specifies the name of a configuration file or rendezvous point. .PP @@ -2853,7 +2853,7 @@ client SASL implementation: Disallow authentication methods that use plaintext passwords. .br .IP "\fBnoactive\fR" -Disallow authentication methods that are vulnerable to non-dictionary +Disallow authentication methods that are vulnerable to non\-dictionary active attacks. .br .IP "\fBnodictionary\fR" @@ -2875,24 +2875,24 @@ lmtp_sasl_security_options = noplaintext .ad .ft R .SH lmtp_sasl_tls_security_options (default: $lmtp_sasl_security_options) -The LMTP-specific version of the smtp_sasl_tls_security_options +The LMTP\-specific version of the smtp_sasl_tls_security_options configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_sasl_tls_verified_security_options (default: $lmtp_sasl_tls_security_options) -The LMTP-specific version of the +The LMTP\-specific version of the smtp_sasl_tls_verified_security_options configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_sasl_type (default: cyrus) -The SASL plug-in type that the Postfix LMTP client should use +The SASL plug\-in type that the Postfix LMTP client should use for authentication. The available types are listed with the -"\fBpostconf -A\fR" command. +"\fBpostconf \-A\fR" command. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_send_dummy_mail_auth (default: no) -The LMTP-specific version of the smtp_send_dummy_mail_auth +The LMTP\-specific version of the smtp_send_dummy_mail_auth configuration parameter. See there for details. .PP This feature is available in Postfix 2.9 and later. @@ -2907,178 +2907,178 @@ your content filter supports this command. .PP This feature is available in Postfix 2.1 and later. .SH lmtp_sender_dependent_authentication (default: no) -The LMTP-specific version of the smtp_sender_dependent_authentication +The LMTP\-specific version of the smtp_sender_dependent_authentication configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_skip_5xx_greeting (default: yes) -The LMTP-specific version of the smtp_skip_5xx_greeting +The LMTP\-specific version of the smtp_skip_5xx_greeting configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_skip_quit_response (default: no) Wait for the response to the LMTP QUIT command. .SH lmtp_starttls_timeout (default: 300s) -The LMTP-specific version of the smtp_starttls_timeout configuration +The LMTP\-specific version of the smtp_starttls_timeout configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tcp_port (default: 24) The default TCP port that the Postfix LMTP client connects to. .SH lmtp_tls_CAfile (default: empty) -The LMTP-specific version of the smtp_tls_CAfile +The LMTP\-specific version of the smtp_tls_CAfile configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_CApath (default: empty) -The LMTP-specific version of the smtp_tls_CApath +The LMTP\-specific version of the smtp_tls_CApath configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_block_early_mail_reply (default: empty) -The LMTP-specific version of the smtp_tls_block_early_mail_reply +The LMTP\-specific version of the smtp_tls_block_early_mail_reply configuration parameter. See there for details. .PP This feature is available in Postfix 2.7 and later. .SH lmtp_tls_cert_file (default: empty) -The LMTP-specific version of the smtp_tls_cert_file +The LMTP\-specific version of the smtp_tls_cert_file configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_ciphers (default: export) -The LMTP-specific version of the smtp_tls_ciphers configuration +The LMTP\-specific version of the smtp_tls_ciphers configuration parameter. See there for details. .PP This feature is available in Postfix 2.6 and later. .SH lmtp_tls_dcert_file (default: empty) -The LMTP-specific version of the smtp_tls_dcert_file +The LMTP\-specific version of the smtp_tls_dcert_file configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_dkey_file (default: $lmtp_tls_dcert_file) -The LMTP-specific version of the smtp_tls_dkey_file +The LMTP\-specific version of the smtp_tls_dkey_file configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_eccert_file (default: empty) -The LMTP-specific version of the smtp_tls_eccert_file configuration +The LMTP\-specific version of the smtp_tls_eccert_file configuration parameter. See there for details. .PP This feature is available in Postfix 2.6 and later, when Postfix is compiled and linked with OpenSSL 1.0.0 or later. .SH lmtp_tls_eckey_file (default: empty) -The LMTP-specific version of the smtp_tls_eckey_file configuration +The LMTP\-specific version of the smtp_tls_eckey_file configuration parameter. See there for details. .PP This feature is available in Postfix 2.6 and later, when Postfix is compiled and linked with OpenSSL 1.0.0 or later. .SH lmtp_tls_enforce_peername (default: yes) -The LMTP-specific version of the smtp_tls_enforce_peername +The LMTP\-specific version of the smtp_tls_enforce_peername configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_exclude_ciphers (default: empty) -The LMTP-specific version of the smtp_tls_exclude_ciphers +The LMTP\-specific version of the smtp_tls_exclude_ciphers configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_fingerprint_cert_match (default: empty) -The LMTP-specific version of the smtp_tls_fingerprint_cert_match +The LMTP\-specific version of the smtp_tls_fingerprint_cert_match configuration parameter. See there for details. .PP This feature is available in Postfix 2.5 and later. .SH lmtp_tls_fingerprint_digest (default: md5) -The LMTP-specific version of the smtp_tls_fingerprint_digest +The LMTP\-specific version of the smtp_tls_fingerprint_digest configuration parameter. See there for details. .PP This feature is available in Postfix 2.5 and later. .SH lmtp_tls_force_insecure_host_tlsa_lookup (default: no) -The LMTP-specific version of the smtp_tls_force_insecure_host_tlsa_lookup +The LMTP\-specific version of the smtp_tls_force_insecure_host_tlsa_lookup configuration parameter. See there for details. .PP This feature is available in Postfix 2.11 and later. .SH lmtp_tls_key_file (default: $lmtp_tls_cert_file) -The LMTP-specific version of the smtp_tls_key_file +The LMTP\-specific version of the smtp_tls_key_file configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_loglevel (default: 0) -The LMTP-specific version of the smtp_tls_loglevel +The LMTP\-specific version of the smtp_tls_loglevel configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_mandatory_ciphers (default: empty) -The LMTP-specific version of the smtp_tls_mandatory_ciphers +The LMTP\-specific version of the smtp_tls_mandatory_ciphers configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_mandatory_exclude_ciphers (default: empty) -The LMTP-specific version of the smtp_tls_mandatory_exclude_ciphers +The LMTP\-specific version of the smtp_tls_mandatory_exclude_ciphers configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_mandatory_protocols (default: !SSLv2) -The LMTP-specific version of the smtp_tls_mandatory_protocols +The LMTP\-specific version of the smtp_tls_mandatory_protocols configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_note_starttls_offer (default: no) -The LMTP-specific version of the smtp_tls_note_starttls_offer +The LMTP\-specific version of the smtp_tls_note_starttls_offer configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_per_site (default: empty) -The LMTP-specific version of the smtp_tls_per_site configuration +The LMTP\-specific version of the smtp_tls_per_site configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_policy_maps (default: empty) -The LMTP-specific version of the smtp_tls_policy_maps +The LMTP\-specific version of the smtp_tls_policy_maps configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_protocols (default: empty) -The LMTP-specific version of the smtp_tls_protocols configuration +The LMTP\-specific version of the smtp_tls_protocols configuration parameter. See there for details. .PP This feature is available in Postfix 2.6 and later. .SH lmtp_tls_scert_verifydepth (default: 9) -The LMTP-specific version of the smtp_tls_scert_verifydepth +The LMTP\-specific version of the smtp_tls_scert_verifydepth configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_secure_cert_match (default: nexthop) -The LMTP-specific version of the smtp_tls_secure_cert_match +The LMTP\-specific version of the smtp_tls_secure_cert_match configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_security_level (default: empty) -The LMTP-specific version of the smtp_tls_security_level configuration +The LMTP\-specific version of the smtp_tls_security_level configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_session_cache_database (default: empty) -The LMTP-specific version of the smtp_tls_session_cache_database +The LMTP\-specific version of the smtp_tls_session_cache_database configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_session_cache_timeout (default: 3600s) -The LMTP-specific version of the smtp_tls_session_cache_timeout +The LMTP\-specific version of the smtp_tls_session_cache_timeout configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_trust_anchor_file (default: empty) -The LMTP-specific version of the smtp_tls_trust_anchor_file +The LMTP\-specific version of the smtp_tls_trust_anchor_file configuration parameter. See there for details. .PP This feature is available in Postfix 2.11 and later. .SH lmtp_tls_verify_cert_match (default: hostname) -The LMTP-specific version of the smtp_tls_verify_cert_match +The LMTP\-specific version of the smtp_tls_verify_cert_match configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. .SH lmtp_use_tls (default: no) -The LMTP-specific version of the smtp_use_tls configuration +The LMTP\-specific version of the smtp_use_tls configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. @@ -3094,17 +3094,17 @@ The default time unit is s (seconds). .PP This feature is available in Postfix 2.1 and later. .SH local_command_shell (default: empty) -Optional shell program for \fBlocal\fR(8) delivery to non-Postfix command. -By default, non-Postfix commands are executed directly; commands +Optional shell program for \fBlocal\fR(8) delivery to non\-Postfix command. +By default, non\-Postfix commands are executed directly; commands are given to given to the default shell (typically, /bin/sh) only -when they contain shell meta characters or shell built-in commands. +when they contain shell meta characters or shell built\-in commands. .PP "sendmail's restricted shell" (smrsh) is what most people will use in order to restrict what programs can be run from e.g. .forward files (smrsh is part of the Sendmail distribution). .PP Note: when a shell program is specified, it is invoked even -when the command contains no shell built-in commands or meta +when the command contains no shell built\-in commands or meta characters. .PP Example: @@ -3112,8 +3112,8 @@ Example: .nf .na .ft C -local_command_shell = /some/where/smrsh -c -local_command_shell = /bin/bash -c +local_command_shell = /some/where/smrsh \-c +local_command_shell = /bin/bash \-c .fi .ad .ft R @@ -3122,7 +3122,7 @@ Optional filter for the \fBlocal\fR(8) delivery agent to change the status code or explanatory text of successful or unsuccessful deliveries. See default_delivery_status_filter for details. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH local_destination_concurrency_limit (default: 2) The maximal number of parallel deliveries via the local mail delivery transport to the same recipient (when @@ -3179,7 +3179,7 @@ Append the domain name in $myorigin or $mydomain when the remote SMTP client TLS certificate fingerprint or public key fingerprint (Postfix 2.9 and later) is listed in $relay_clientcerts. The fingerprint digest algorithm is configurable via the -smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to +smtpd_tls_fingerprint_digest parameter (hard\-coded as md5 prior to Postfix version 2.5). .br .IP "\fBpermit_tls_all_clientcerts \fR" @@ -3193,7 +3193,7 @@ authority. Append the domain name in $myorigin or $mydomain when the client IP address matches the specified lookup table. The lookup result is ignored, and no subnet lookup is done. This -is suitable for, e.g., pop-before-smtp lookup tables. +is suitable for, e.g., pop\-before\-smtp lookup tables. .br .br .PP @@ -3240,7 +3240,7 @@ system. .ft C local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated permit_tls_clientcerts - check_address_map hash:/etc/postfix/pop-before-smtp + check_address_map hash:/etc/postfix/pop\-before\-smtp .fi .ad .ft R @@ -3249,7 +3249,7 @@ local_header_rewrite_clients = permit_mynetworks, Lookup tables with all names or addresses of local recipients: a recipient address is local when its domain matches $mydestination, $inet_interfaces or $proxy_interfaces. Specify @domain as a -wild-card for domains that do not have a valid recipient list. +wild\-card for domains that do not have a valid recipient list. Technically, tables listed with $local_recipient_maps are used as lists: Postfix needs to know only if a lookup string is found or not, but it does not use the result from table lookup. @@ -3258,7 +3258,7 @@ Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Tables will be searched in the specified order until a match is found. .PP -If this parameter is non-empty (the default), then the Postfix SMTP +If this parameter is non\-empty (the default), then the Postfix SMTP server will reject mail for unknown local users. .PP To turn off local recipient checking in the Postfix SMTP server, @@ -3293,7 +3293,7 @@ local_recipient_maps = .ad .ft R .SH local_transport (default: local:$myhostname) -The default mail delivery transport and next-hop destination +The default mail delivery transport and next\-hop destination for final delivery to domains listed with mydestination, and for [ipaddress] destinations that match $inet_interfaces or $proxy_interfaces. This information can be overruled with the \fBtransport\fR(5) table. @@ -3310,7 +3310,7 @@ Beware: if you override the default local delivery agent then you need to review the LOCAL_RECIPIENT_README document, otherwise the SMTP server may reject mail for local recipients. .SH luser_relay (default: empty) -Optional catch-all destination for unknown \fBlocal\fR(8) recipients. +Optional catch\-all destination for unknown \fBlocal\fR(8) recipients. By default, mail for unknown recipients in domains that match $mydestination, $inet_interfaces or $proxy_interfaces is returned as undeliverable. @@ -3333,7 +3333,7 @@ The full recipient address. .br .IP "\fB$recipient_delimiter\fR" The address extension delimiter that was found in the recipient -address (Postfix 2.11 and later), or the system-wide recipient +address (Postfix 2.11 and later), or the system\-wide recipient address extension delimiter (Postfix 2.10 and earlier). .br .IP "\fB$shell\fR" @@ -3343,7 +3343,7 @@ The recipient's login shell. The recipient username. .br .IP "\fB${name?value}\fR" -Expands to \fIvalue\fR when \fI$name\fR has a non-empty value. +Expands to \fIvalue\fR when \fI$name\fR has a non\-empty value. .br .IP "\fB${name:value}\fR" Expands to \fIvalue\fR when \fI$name\fR has an empty value. @@ -3357,7 +3357,7 @@ Note: luser_relay works only for the Postfix \fBlocal\fR(8) delivery agent. Note: if you use this feature for accounts not in the UNIX password file, then you must specify "local_recipient_maps =" (i.e. empty) in the main.cf file, otherwise the Postfix SMTP server will reject mail -for non-UNIX accounts with "User unknown in local recipient table". +for non\-UNIX accounts with "User unknown in local recipient table". .PP Examples: .PP @@ -3381,19 +3381,19 @@ owns no other files or processes on the system. In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID. .PP -When this parameter value is changed you need to re-run "\fBpostfix -set-permissions\fR" (with Postfix version 2.0 and earlier: -"\fB/etc/postfix/post-install set-permissions\fR". -.SH mail_release_date (default: see "postconf -d" output) +When this parameter value is changed you need to re\-run "\fBpostfix +set\-permissions\fR" (with Postfix version 2.0 and earlier: +"\fB/etc/postfix/post\-install set\-permissions\fR". +.SH mail_release_date (default: see "postconf \-d" output) The Postfix release date, in "YYYYMMDD" format. -.SH mail_spool_directory (default: see "postconf -d" output) -The directory where \fBlocal\fR(8) UNIX-style mailboxes are kept. The +.SH mail_spool_directory (default: see "postconf \-d" output) +The directory where \fBlocal\fR(8) UNIX\-style mailboxes are kept. The default setting depends on the system type. Specify a name ending -in / for maildir-style delivery. +in / for maildir\-style delivery. .PP Note: maildir delivery is done with the privileges of the recipient. If you use the mail_spool_directory setting for maildir style -delivery, then you must create the top-level maildir directory in +delivery, then you must create the top\-level maildir directory in advance. Postfix will not create it. .PP Examples: @@ -3406,7 +3406,7 @@ mail_spool_directory = /var/spool/mail .fi .ad .ft R -.SH mail_version (default: see "postconf -d" output) +.SH mail_version (default: see "postconf \-d" output) The version of the mail system. Stable releases are named \fImajor\fR.\fIminor\fR.\fIpatchlevel\fR. Experimental releases also include the release date. The version string can be used in, @@ -3489,7 +3489,7 @@ via Procmail then running a shell won't make a noticeable difference in the total cost. .PP Note: if you use the mailbox_command feature to deliver mail -system-wide, you must set up an alias that forwards mail for root +system\-wide, you must set up an alias that forwards mail for root to a real user. .PP The precedence of \fBlocal\fR(8) delivery features from high to low @@ -3503,14 +3503,14 @@ Examples: .na .ft C mailbox_command = /some/where/procmail -mailbox_command = /some/where/procmail -a "$EXTENSION" -mailbox_command = /some/where/maildrop -d "$USER" - -f "$SENDER" "$EXTENSION" +mailbox_command = /some/where/procmail \-a "$EXTENSION" +mailbox_command = /some/where/maildrop \-d "$USER" + \-f "$SENDER" "$EXTENSION" .fi .ad .ft R .SH mailbox_command_maps (default: empty) -Optional lookup tables with per-recipient external commands to use +Optional lookup tables with per\-recipient external commands to use for \fBlocal\fR(8) mailbox delivery. Behavior is as with mailbox_command. .PP The precedence of \fBlocal\fR(8) delivery features from high to low @@ -3521,10 +3521,10 @@ fallback_transport_maps, fallback_transport and luser_relay. Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Tables will be searched in the specified order until a match is found. -.SH mailbox_delivery_lock (default: see "postconf -d" output) -How to lock a UNIX-style \fBlocal\fR(8) mailbox before attempting delivery. +.SH mailbox_delivery_lock (default: see "postconf \-d" output) +How to lock a UNIX\-style \fBlocal\fR(8) mailbox before attempting delivery. For a list of available file locking methods, use the "\fBpostconf --l\fR" command. +\-l\fR" command. .PP This setting is ignored with \fBmaildir\fR style delivery, because such deliveries are safe without explicit locks. @@ -3551,7 +3551,7 @@ is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, fallback_transport_maps, fallback_transport and luser_relay. .SH mailbox_transport_maps (default: empty) -Optional lookup tables with per-recipient message delivery +Optional lookup tables with per\-recipient message delivery transports to use for \fBlocal\fR(8) mailbox delivery, whether or not the recipients are found in the UNIX passwd database. .PP @@ -3568,11 +3568,11 @@ For safety reasons, this feature does not allow $number substitutions in regular expression maps. .PP This feature is available in Postfix 2.3 and later. -.SH mailq_path (default: see "postconf -d" output) +.SH mailq_path (default: see "postconf \-d" output) Sendmail compatibility feature that specifies where the Postfix \fBmailq\fR(1) command is installed. This command can be used to list the Postfix mail queue. -.SH manpage_directory (default: see "postconf -d" output) +.SH manpage_directory (default: see "postconf \-d" output) Where the Postfix manual pages are installed. .SH maps_rbl_domains (default: empty) Obsolete feature: use the reject_rbl_client feature instead. @@ -3638,7 +3638,7 @@ The message is received from a network client that matches $local_header_rewrite_clients, .IP \(bu The message is received from the network, and the -remote_header_rewrite_domain parameter specifies a non-empty value. +remote_header_rewrite_domain parameter specifies a non\-empty value. .br .PP To get the behavior before Postfix version 2.2, specify @@ -3674,7 +3674,7 @@ Examples: .nf .na .ft C -masquerade_exceptions = root, mailer-daemon +masquerade_exceptions = root, mailer\-daemon masquerade_exceptions = root .fi .ad @@ -3715,7 +3715,7 @@ This feature is available in Postfix 2.6 and later. The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. This parameter -is ignored by the Postfix queue manager and by other long-lived +is ignored by the Postfix queue manager and by other long\-lived Postfix daemon processes. .PP Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). @@ -3724,7 +3724,7 @@ The default time unit is s (seconds). The maximal number of incoming connections that a Postfix daemon process will service before terminating voluntarily. This parameter is ignored by the Postfix queue -manager and by other long-lived Postfix daemon processes. +manager and by other long\-lived Postfix daemon processes. .SH maximal_backoff_time (default: 4000s) The maximal time between attempts to deliver a deferred message. .PP @@ -3742,19 +3742,19 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is d (days). .PP Specify 0 when mail delivery should be tried only once. -.SH message_drop_headers (default: bcc, content-length, resent-bcc, return-path) +.SH message_drop_headers (default: bcc, content\-length, resent\-bcc, return\-path) Names of message headers that the \fBcleanup\fR(8) daemon will remove after applying \fBheader_checks\fR(5) and before invoking Milter applications. -The default setting is compatible with Postfix < 2.12. +The default setting is compatible with Postfix < 3.0. .PP Specify a list of header names, separated by comma or space. -Names are matched in a case-insensitive manner. The list of supported +Names are matched in a case\-insensitive manner. The list of supported header names is limited only by available memory. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH message_reject_characters (default: empty) The set of characters that Postfix will reject in message -content. The usual C-like escape sequences are recognized: \ea +content. The usual C\-like escape sequences are recognized: \ea \eb \ef \en \er \et \ev \e\fIddd\fR (up to three octal digits) and \e\e. .PP @@ -3780,11 +3780,11 @@ This feature is available in Postfix 2.3 and later. The maximal size in bytes of a message, including envelope information. .PP Note: be careful when making changes. Excessively small values -will result in the loss of non-delivery notifications, when a bounce +will result in the loss of non\-delivery notifications, when a bounce message size exceeds the local or remote MTA's message size limit. .SH message_strip_characters (default: empty) The set of characters that Postfix will remove from message -content. The usual C-like escape sequences are recognized: \ea +content. The usual C\-like escape sequences are recognized: \ea \eb \ef \en \er \et \ev \e\fIddd\fR (up to three octal digits) and \e\e. .PP @@ -3806,11 +3806,11 @@ message_strip_characters = \e0 .ft R .PP This feature is available in Postfix 2.3 and later. -.SH meta_directory (default: see 'postconf -d' output) -The location of non-executable files that are shared among -multiple Postfix instances, such as postfix-files, dynamicmaps.cf, -and the multi-instance template files main.cf.proto and master.cf.proto. -This directory should contain only Postfix-related files. Typically, +.SH meta_directory (default: see 'postconf \-d' output) +The location of non\-executable files that are shared among +multiple Postfix instances, such as postfix\-files, dynamicmaps.cf, +and the multi\-instance template files main.cf.proto and master.cf.proto. +This directory should contain only Postfix\-related files. Typically, the meta_directory parameter has the same default as the config_directory parameter (/etc/postfix or /usr/local/etc/postfix). .PP @@ -3820,19 +3820,19 @@ installing or upgrading Postfix, or specify "meta_directory = /path/name" on the "make makefiles", "make install" or "make upgrade" command line. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH milter_command_timeout (default: 30s) The time limit for sending an SMTP command to a Milter (mail filter) application, and for receiving the response. .PP -Specify a non-zero time value (an integral value plus an optional -one-letter suffix that specifies the time unit). +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). .PP Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). .PP This feature is available in Postfix 2.3 and later. -.SH milter_connect_macros (default: see "postconf -d" output) +.SH milter_connect_macros (default: see "postconf \-d" output) The macros that are sent to Milter (mail filter) applications after completion of an SMTP connection. See MILTER_README for a list of available macro names and their meanings. @@ -3842,8 +3842,8 @@ This feature is available in Postfix 2.3 and later. The time limit for connecting to a Milter (mail filter) application, and for negotiating protocol options. .PP -Specify a non-zero time value (an integral value plus an optional -one-letter suffix that specifies the time unit). +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). .PP Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). @@ -3853,14 +3853,14 @@ This feature is available in Postfix 2.3 and later. The time limit for sending message content to a Milter (mail filter) application, and for receiving the response. .PP -Specify a non-zero time value (an integral value plus an optional -one-letter suffix that specifies the time unit). +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). .PP Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). .PP This feature is available in Postfix 2.3 and later. -.SH milter_data_macros (default: see "postconf -d" output) +.SH milter_data_macros (default: see "postconf \-d" output) The macros that are sent to version 4 or higher Milter (mail filter) applications after the SMTP DATA command. See MILTER_README for a list of available macro names and their meanings. @@ -3868,7 +3868,7 @@ for a list of available macro names and their meanings. This feature is available in Postfix 2.3 and later. .SH milter_default_action (default: tempfail) The default action when a Milter (mail filter) application is -unavailable or mis-configured. Specify one of the following: +unavailable or mis\-configured. Specify one of the following: .IP "accept" Proceed as if the mail filter was not present. .br @@ -3887,13 +3887,13 @@ the "hold" queue. Available with Postfix 2.6 and later. .br .PP This feature is available in Postfix 2.3 and later. -.SH milter_end_of_data_macros (default: see "postconf -d" output) +.SH milter_end_of_data_macros (default: see "postconf \-d" output) The macros that are sent to Milter (mail filter) applications -after the message end-of-data. See MILTER_README for a list of +after the message end\-of\-data. See MILTER_README for a list of available macro names and their meanings. .PP This feature is available in Postfix 2.3 and later. -.SH milter_end_of_header_macros (default: see "postconf -d" output) +.SH milter_end_of_header_macros (default: see "postconf \-d" output) The macros that are sent to Milter (mail filter) applications after the end of the message header. See MILTER_README for a list of available macro names and their meanings. @@ -3905,7 +3905,7 @@ that are produced by Milter applications. See the \fBheader_checks\fR(5) manual page available actions. Currently, PREPEND is not implemented. .PP The following example sends all mail that is marked as SPAM to -a spam handling machine. Note that matches are case-insensitive +a spam handling machine. Note that matches are case\-insensitive by default. .PP .nf @@ -3921,18 +3921,18 @@ by default. .na .ft C /etc/postfix/milter_header_checks: - /^X-SPAM-FLAG:\es+YES/ FILTER mysmtp:sanitizer.example.com:25 + /^X\-SPAM\-FLAG:\es+YES/ FILTER mysmtp:sanitizer.example.com:25 .fi .ad .ft R .PP The milter_header_checks mechanism could also be used for whitelisting. For example it could be used to skip heavy content -inspection for DKIM-signed mail from known friendly domains. +inspection for DKIM\-signed mail from known friendly domains. .PP This feature is available in Postfix 2.7, and as an optional patch for Postfix 2.6. -.SH milter_helo_macros (default: see "postconf -d" output) +.SH milter_helo_macros (default: see "postconf \-d" output) The macros that are sent to Milter (mail filter) applications after the SMTP HELO or EHLO command. See MILTER_README for a list of available macro names and their meanings. @@ -3950,7 +3950,7 @@ See MILTER_README for a list of available macro names and their meanings. .PP This feature is available in Postfix 2.3 and later. -.SH milter_mail_macros (default: see "postconf -d" output) +.SH milter_mail_macros (default: see "postconf \-d" output) The macros that are sent to Milter (mail filter) applications after the SMTP MAIL FROM command. See MILTER_README for a list of available macro names and their meanings. @@ -3990,13 +3990,13 @@ will not reply for each individual message header. .br .PP This feature is available in Postfix 2.3 and later. -.SH milter_rcpt_macros (default: see "postconf -d" output) +.SH milter_rcpt_macros (default: see "postconf \-d" output) The macros that are sent to Milter (mail filter) applications after the SMTP RCPT TO command. See MILTER_README for a list of available macro names and their meanings. .PP This feature is available in Postfix 2.3 and later. -.SH milter_unknown_command_macros (default: see "postconf -d" output) +.SH milter_unknown_command_macros (default: see "postconf \-d" output) The macros that are sent to version 3 or higher Milter (mail filter) applications after an unknown SMTP command. See MILTER_README for a list of available macro names and their meanings. @@ -4023,7 +4023,7 @@ The minimal time between attempts to deliver a deferred message; prior to Postfix 2.4 the default value was 1000s. .PP This parameter also limits the time an unreachable destination is -kept in the short-term, in-memory, destination status cache. +kept in the short\-term, in\-memory, destination status cache. .PP This parameter should be set greater than or equal to $queue_run_delay. See also $maximal_backoff_time. @@ -4031,7 +4031,7 @@ $queue_run_delay. See also $maximal_backoff_time. Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). .SH multi_instance_directories (default: empty) -An optional list of non-default Postfix configuration directories; +An optional list of non\-default Postfix configuration directories; these directories belong to additional Postfix instances that share the Postfix executable files and documentation with the default Postfix instance, and that are started, stopped, etc., together @@ -4039,10 +4039,10 @@ with the default Postfix instance. Specify a list of pathnames separated by comma or whitespace. .PP When $multi_instance_directories is empty, the \fBpostfix\fR(1) command -runs in single-instance mode and operates on a single Postfix -instance only. Otherwise, the \fBpostfix\fR(1) command runs in multi-instance -mode and invokes the multi-instance manager specified with the -multi_instance_wrapper parameter. The multi-instance manager in +runs in single\-instance mode and operates on a single Postfix +instance only. Otherwise, the \fBpostfix\fR(1) command runs in multi\-instance +mode and invokes the multi\-instance manager specified with the +multi_instance_wrapper parameter. The multi\-instance manager in turn executes \fBpostfix\fR(1) commands for the default instance and for all Postfix instances in $multi_instance_directories. .PP @@ -4052,16 +4052,16 @@ default main.cf file. This feature is available in Postfix 2.6 and later. .SH multi_instance_enable (default: no) Allow this Postfix instance to be started, stopped, etc., by a -multi-instance manager. By default, new instances are created in +multi\-instance manager. By default, new instances are created in a safe state that prevents them from being started inadvertently. -This parameter is reserved for the multi-instance manager. +This parameter is reserved for the multi\-instance manager. .PP This feature is available in Postfix 2.6 and later. .SH multi_instance_group (default: empty) The optional instance group name of this Postfix instance. A -group identifies closely-related Postfix instances that the -multi-instance manager can start, stop, etc., as a unit. This -parameter is reserved for the multi-instance manager. +group identifies closely\-related Postfix instances that the +multi\-instance manager can start, stop, etc., as a unit. This +parameter is reserved for the multi\-instance manager. .PP This feature is available in Postfix 2.6 and later. .SH multi_instance_name (default: empty) @@ -4070,18 +4070,18 @@ becomes also the default value for the syslog_name parameter. .PP This feature is available in Postfix 2.6 and later. .SH multi_instance_wrapper (default: empty) -The pathname of a multi-instance manager command that the +The pathname of a multi\-instance manager command that the \fBpostfix\fR(1) command invokes when the multi_instance_directories -parameter value is non-empty. The pathname may be followed by +parameter value is non\-empty. The pathname may be followed by initial command arguments separated by whitespace; shell metacharacters such as quotes are not supported in this context. .PP The \fBpostfix\fR(1) command invokes the manager command with the -\fBpostfix\fR(1) non-option command arguments on the manager command line, +\fBpostfix\fR(1) non\-option command arguments on the manager command line, and with all installation configuration parameters exported into the manager command process environment. The manager command in turn invokes the \fBpostfix\fR(1) command for individual Postfix instances -as "postfix -c \fIconfig_directory\fR \fIcommand\fR". +as "postfix \-c \fIconfig_directory\fR \fIcommand\fR". .PP This feature is available in Postfix 2.6 and later. .SH multi_recipient_bounce_reject_code (default: 550) @@ -4097,7 +4097,7 @@ The list of domains that are delivered via the $local_transport mail delivery transport. By default this is the Postfix \fBlocal\fR(8) delivery agent which looks up all recipients in /etc/passwd and /etc/aliases. The SMTP server validates recipient addresses with -$local_recipient_maps and rejects non-existent recipients. See also +$local_recipient_maps and rejects non\-existent recipients. See also the local domain class in the ADDRESS_CLASS_README file. .PP The default mydestination value specifies names for the local @@ -4111,7 +4111,7 @@ parameters). .PP Warnings: .IP \(bu -Do not specify the names of virtual domains - those domains +Do not specify the names of virtual domains \- those domains are specified elsewhere. See VIRTUAL_README for more information. .IP \(bu Do not specify the names of domains that this machine is @@ -4141,7 +4141,7 @@ mydestination = $myhostname, localhost.$mydomain www.$mydomain, ftp.$mydomain .fi .ad .ft R -.SH mydomain (default: see "postconf -d" output) +.SH mydomain (default: see "postconf \-d" output) The internet domain name of this mail system. The default is to use $myhostname minus the first component, or "localdomain" (Postfix 2.3 and later). $mydomain is used as @@ -4156,10 +4156,10 @@ mydomain = domain.tld .fi .ad .ft R -.SH myhostname (default: see "postconf -d" output) +.SH myhostname (default: see "postconf \-d" output) The internet hostname of this mail system. The default is to use -the fully-qualified domain name (FQDN) from gethostname(), or to -use the non-FQDN result from gethostname() and append ".$mydomain". +the fully\-qualified domain name (FQDN) from gethostname(), or to +use the non\-FQDN result from gethostname() and append ".$mydomain". $myhostname is used as a default value for many other configuration parameters. .PP @@ -4172,7 +4172,7 @@ myhostname = host.example.com .fi .ad .ft R -.SH mynetworks (default: see "postconf -d" output) +.SH mynetworks (default: see "postconf \-d" output) The list of "trusted" remote SMTP clients that have more privileges than "strangers". .PP @@ -4225,7 +4225,7 @@ mynetworks = hash:/etc/postfix/network_table .fi .ad .ft R -.SH mynetworks_style (default: Postfix >= 2.12: host, Postfix < 2.12: subnet) +.SH mynetworks_style (default: Postfix >= 3.0: host, Postfix < 3.0: subnet) The method to generate the default value for the mynetworks parameter. This is the list of trusted networks for relay access control etc. .IP \(bu @@ -4239,17 +4239,17 @@ specified with the "ifconfig" command. .IP \(bu Specify "mynetworks_style = class" when Postfix should "trust" remote SMTP clients in the same IP class A/B/C networks as the -local machine. Don't do this with a dialup site - it would cause +local machine. Don't do this with a dialup site \- it would cause Postfix to "trust" your entire provider's network. Instead, specify an explicit mynetworks list by hand, as described with the mynetworks configuration parameter. .br .SH myorigin (default: $myhostname) -The domain name that locally-posted mail appears to come +The domain name that locally\-posted mail appears to come from, and that locally posted mail is delivered to. The default, $myhostname, is adequate for small sites. If you run a domain with multiple machines, you should (1) change this to $mydomain and (2) -set up a domain-wide alias database that aliases each user to +set up a domain\-wide alias database that aliases each user to user@that.users.mailhost. .PP Example: @@ -4262,12 +4262,12 @@ myorigin = $mydomain .ad .ft R .SH nested_header_checks (default: $header_checks) -Optional lookup tables for content inspection of non-MIME message +Optional lookup tables for content inspection of non\-MIME message headers in attached messages, as described in the \fBheader_checks\fR(5) manual page. .PP This feature is available in Postfix 2.0 and later. -.SH newaliases_path (default: see "postconf -d" output) +.SH newaliases_path (default: see "postconf \-d" output) Sendmail compatibility feature that specifies the location of the \fBnewaliases\fR(1) command. This command can be used to rebuild the \fBlocal\fR(8) \fBaliases\fR(5) database. @@ -4279,8 +4279,8 @@ or reject_non_fqdn_recipient restriction. A list of Milter (mail filter) applications for new mail that does not arrive via the Postfix \fBsmtpd\fR(8) server. This includes local submission via the \fBsendmail\fR(1) command line, new mail that arrives -via the Postfix \fBqmqpd\fR(8) server, and old mail that is re-injected -into the queue with "postsuper -r". Specify space or comma as +via the Postfix \fBqmqpd\fR(8) server, and old mail that is re\-injected +into the queue with "postsuper \-r". Specify space or comma as separator. See the MILTER_README document for details. .PP This feature is available in Postfix 2.3 and later. @@ -4364,13 +4364,13 @@ record (an MX record with an empty hostname). This is one of the possible replies from the restrictions reject_unknown_sender_domain and reject_unknown_recipient_domain. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH owner_request_special (default: yes) -Give special treatment to owner-listname and listname-request +Give special treatment to owner\-listname and listname\-request address localparts: don't split such addresses when the -recipient_delimiter is set to "-". This feature is useful for +recipient_delimiter is set to "\-". This feature is useful for mailing lists. -.SH parent_domain_matches_subdomains (default: see "postconf -d" output) +.SH parent_domain_matches_subdomains (default: see "postconf \-d" output) A list of Postfix features where the pattern "example.com" also matches subdomains of example.com, instead of requiring an explicit ".example.com" pattern. This is @@ -4394,7 +4394,7 @@ smtpd_access_maps, .IP "Postfix version 2.8 and later" postscreen_access_list .br -.IP "Postfix version 2.12 and later" +.IP "Postfix version 3.0 and later" smtpd_client_event_limit_exceptions .br .br @@ -4417,7 +4417,7 @@ Optional filter for the \fBpipe\fR(8) delivery agent to change the delivery status code or explanatory text of successful or unsuccessful deliveries. See default_delivery_status_filter for details. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH plaintext_reject_code (default: 450) The numerical Postfix SMTP server response code when a request is rejected by the \fBreject_plaintext_session\fR restriction. @@ -4433,10 +4433,10 @@ This feature is available in Postfix 2.6 and later. The \fBpostfix\fR(1) commands that the \fBpostmulti\fR(1) instance manager treats as "start" commands. For these commands, disabled instances are "checked" rather than "started", and failure to "start" a member instance of an -instance group will abort the start-up of later instances. +instance group will abort the start\-up of later instances. .PP This feature is available in Postfix 2.6 and later. -.SH postmulti_stop_commands (default: see "postconf -d" output) +.SH postmulti_stop_commands (default: see "postconf \-d" output) The \fBpostfix\fR(1) commands that the \fBpostmulti\fR(1) instance manager treats as "stop" commands. For these commands, disabled instances are skipped, and enabled instances are processed in reverse order. @@ -4445,7 +4445,7 @@ This feature is available in Postfix 2.6 and later. .SH postscreen_access_list (default: permit_mynetworks) Permanent white/blacklist for remote SMTP client IP addresses. \fBpostscreen\fR(8) searches this list immediately after a remote SMTP -client connects. Specify a comma- or whitespace-separated list of +client connects. Specify a comma\- or whitespace\-separated list of commands (in upper or lower case) or lookup tables. The search stops upon the first command that fires for the client IP address. .IP "\fB permit_mynetworks \fR" @@ -4556,8 +4556,8 @@ is long because a remote SMTP client must disconnect after it passes the test, before it can talk to a real Postfix SMTP server. .PP -Specify a non-zero time value (an integral value plus an optional -one-letter suffix that specifies the time unit). Time units: s +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). .PP This feature is available in Postfix 2.8. @@ -4627,13 +4627,13 @@ allowed to have with the \fBpostscreen\fR(8) daemon. By default, this limit is the same as with the Postfix SMTP server. Note that the triage process can take several seconds, with the time spent in postscreen_greet_wait -delay, and with the time spent talking to the \fBpostscreen\fR(8) built-in +delay, and with the time spent talking to the \fBpostscreen\fR(8) built\-in dummy SMTP protocol engine. .PP This feature is available in Postfix 2.8. .SH postscreen_command_count_limit (default: 20) The limit on the total number of commands per SMTP session for -\fBpostscreen\fR(8)'s built-in SMTP protocol engine. This SMTP engine +\fBpostscreen\fR(8)'s built\-in SMTP protocol engine. This SMTP engine defers or rejects all attempts to deliver mail, therefore there is no need to enforce separate limits on the number of junk commands and error commands. @@ -4646,7 +4646,7 @@ See smtpd_command_filter for further details. This feature is available in Postfix 2.8 and later. .SH postscreen_command_time_limit (default: normal: 300s, overload: 10s) The time limit to read an entire command line with \fBpostscreen\fR(8)'s -built-in SMTP protocol engine. +built\-in SMTP protocol engine. .PP This feature is available in Postfix 2.8. .SH postscreen_disable_vrfy_command (default: $disable_vrfy_command) @@ -4727,10 +4727,10 @@ Example: This feature is available in Postfix 2.8. .SH postscreen_dnsbl_sites (default: empty) Optional list of DNS white/blacklist domains, filters and weight -factors. When the list is non-empty, the \fBdnsblog\fR(8) daemon will +factors. When the list is non\-empty, the \fBdnsblog\fR(8) daemon will query these domains with the IP addresses of remote SMTP clients, and \fBpostscreen\fR(8) will update an SMTP client's DNSBL score with -each non-error reply. +each non\-error reply. .PP Caution: when postscreen rejects mail, it replies with the DNSBL domain name. Use the postscreen_dnsbl_reply_map feature to hide @@ -4744,10 +4744,10 @@ Specify a list of domain=filter*weight entries, separated by comma or whitespace. .IP \(bu When no "=filter" is specified, \fBpostscreen\fR(8) will use any -non-error DNSBL reply. Otherwise, \fBpostscreen\fR(8) uses only DNSBL +non\-error DNSBL reply. Otherwise, \fBpostscreen\fR(8) uses only DNSBL replies that match the filter. The filter has the form d.d.d.d, where each d is a number, or a pattern inside [] that contains one -or more ";"-separated numbers or number..number ranges. +or more ";"\-separated numbers or number..number ranges. .IP \(bu When no "*weight" is specified, \fBpostscreen\fR(8) increments the remote SMTP client's DNSBL score by 1. Otherwise, the weight must be @@ -4761,7 +4761,7 @@ DNSBL responses, \fBpostscreen\fR(8) applies the weight at most once. .PP Examples: .PP -To use example.com as a high-confidence blocklist, and to +To use example.com as a high\-confidence blocklist, and to block mail with example.net and example.org only when both agree: .PP .nf @@ -4795,15 +4795,15 @@ The time limit for DNSBL or DNSWL lookups. This is separate from the timeouts in the \fBdnsblog\fR(8) daemon which are defined by system \fBresolver\fR(3) routines. .PP -This feature is available in Postfix 2.12. +This feature is available in Postfix 3.0. .SH postscreen_dnsbl_ttl (default: 1h) The amount of time that \fBpostscreen\fR(8) will use the result from a successful DNS blocklist test. During this time, the client IP address is excluded from this test. The default is relatively short, because a good client can immediately talk to a real Postfix SMTP server. .PP -Specify a non-zero time value (an integral value plus an optional -one-letter suffix that specifies the time unit). Time units: s +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). .PP This feature is available in Postfix 2.8. @@ -4815,8 +4815,8 @@ defined with the postscreen_dnsbl_sites parameter. Specify a negative value to enable this feature. When a client passes the postscreen_dnsbl_whitelist_threshold without having failed other tests, all pending or disabled tests are flagged as -completed with a time-to-live value equal to postscreen_dnsbl_ttl. -When a test was already completed, its time-to-live value is updated +completed with a time\-to\-live value equal to postscreen_dnsbl_ttl. +When a test was already completed, its time\-to\-live value is updated if it was less than postscreen_dnsbl_ttl. .PP This feature is available in Postfix 2.11. @@ -4827,7 +4827,7 @@ for details. .PP This feature is available in Postfix 2.8 and later. Preferably, use postscreen_tls_security_level instead. -.SH postscreen_expansion_filter (default: see "postconf -d" output) +.SH postscreen_expansion_filter (default: see "postconf \-d" output) List of characters that are permitted in postscreen_reject_footer attribute expansions. See smtpd_expansion_filter for further details. @@ -4865,11 +4865,11 @@ IP address. .PP This feature is available in Postfix 2.8. .SH postscreen_greet_banner (default: $smtpd_banner) -The \fItext\fR in the optional "220-\fItext\fR..." server +The \fItext\fR in the optional "220\-\fItext\fR..." server response that \fBpostscreen\fR(8) sends ahead of the real Postfix SMTP server's "220 text..." response, in an attempt to confuse bad SMTP clients so -that they speak before their turn (pre-greet). Specify an empty +that they speak before their turn (pre\-greet). Specify an empty value to disable this feature. .PP This feature is available in Postfix 2.8. @@ -4879,8 +4879,8 @@ a successful PREGREET test. During this time, the client IP address is excluded from this test. The default is relatively short, because a good client can immediately talk to a real Postfix SMTP server. .PP -Specify a non-zero time value (an integral value plus an optional -one-letter suffix that specifies the time unit). Time units: s +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). .PP This feature is available in Postfix 2.8. @@ -4890,8 +4890,8 @@ client to send a command before its turn, and for DNS blocklist lookup results to arrive (default: up to 2 seconds under stress, up to 6 seconds otherwise). .PP -Specify a non-zero time value (an integral value plus an optional -one-letter suffix that specifies the time unit). +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). .PP Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). @@ -4904,7 +4904,7 @@ commencing a MAIL transaction. This feature is available in Postfix 2.8. .SH postscreen_non_smtp_command_action (default: drop) The action that \fBpostscreen\fR(8) takes when a remote SMTP client sends -non-SMTP commands as specified with the postscreen_forbidden_commands +non\-SMTP commands as specified with the postscreen_forbidden_commands parameter. Specify one of the following: .IP "\fBignore\fR" Ignore the failure of this test. Allow other tests to complete. @@ -4928,7 +4928,7 @@ feature. .PP This feature is available in Postfix 2.8. .SH postscreen_non_smtp_command_enable (default: no) -Enable "non-SMTP command" tests in the \fBpostscreen\fR(8) server. These +Enable "non\-SMTP command" tests in the \fBpostscreen\fR(8) server. These tests are expensive: a client must disconnect after it passes the test, before it can talk to a real Postfix SMTP server. .PP @@ -4940,8 +4940,8 @@ time, the client IP address is excluded from this test. The default is long because a client must disconnect after it passes the test, before it can talk to a real Postfix SMTP server. .PP -Specify a non-zero time value (an integral value plus an optional -one-letter suffix that specifies the time unit). Time units: s +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). .PP This feature is available in Postfix 2.8. @@ -4983,8 +4983,8 @@ client IP address is excluded from this test. The default is long because a good client must disconnect after it passes the test, before it can talk to a real Postfix SMTP server. .PP -Specify a non-zero time value (an integral value plus an optional -one-letter suffix that specifies the time unit). Time units: s +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). .PP This feature is available in Postfix 2.8. @@ -4996,10 +4996,10 @@ receive a 421 response. .PP This feature is available in Postfix 2.8. .SH postscreen_pre_queue_limit (default: $default_process_limit) -The number of non-whitelisted clients that can be waiting for +The number of non\-whitelisted clients that can be waiting for a decision whether they will receive service from a real Postfix SMTP server -process. When this queue is full, all non-whitelisted clients will +process. When this queue is full, all non\-whitelisted clients will receive a 421 response. .PP This feature is available in Postfix 2.8. @@ -5011,13 +5011,13 @@ response. See smtpd_reject_footer for further details. This feature is available in Postfix 2.8 and later. .SH postscreen_tls_security_level (default: $smtpd_tls_security_level) The SMTP TLS security level for the \fBpostscreen\fR(8) server; when -a non-empty value is specified, this overrides the obsolete parameters +a non\-empty value is specified, this overrides the obsolete parameters postscreen_use_tls and postscreen_enforce_tls. See smtpd_tls_security_level for details. .PP This feature is available in Postfix 2.8 and later. .SH postscreen_upstream_proxy_protocol (default: empty) -The name of the proxy protocol used by an optional before-postscreen +The name of the proxy protocol used by an optional before\-postscreen proxy agent. When a proxy agent is used, this protocol conveys local and remote address and port information. Specify "postscreen_upstream_proxy_protocol = haproxy" to enable the haproxy @@ -5038,20 +5038,20 @@ Preferably, use postscreen_tls_security_level instead. .SH postscreen_watchdog_timeout (default: 10s) How much time a \fBpostscreen\fR(8) process may take to respond to a remote SMTP client command or to perform a cache operation before it -is terminated by a built-in watchdog timer. This is a safety -mechanism that prevents \fBpostscreen\fR(8) from becoming non-responsive +is terminated by a built\-in watchdog timer. This is a safety +mechanism that prevents \fBpostscreen\fR(8) from becoming non\-responsive due to a bug in Postfix itself or in system software. To avoid false alarms and unnecessary cache corruption this limit cannot be set under 10s. .PP -Specify a non-zero time value (an integral value plus an optional -one-letter suffix that specifies the time unit). Time units: s +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). .PP This feature is available in Postfix 2.8. .SH postscreen_whitelist_interfaces (default: static:all) A list of local \fBpostscreen\fR(8) server IP addresses where a -non-whitelisted remote SMTP client can obtain \fBpostscreen\fR(8)'s temporary +non\-whitelisted remote SMTP client can obtain \fBpostscreen\fR(8)'s temporary whitelist status. This status is required before the client can talk to a Postfix SMTP server process. By default, a client can obtain \fBpostscreen\fR(8)'s whitelist status on any local \fBpostscreen\fR(8) @@ -5100,13 +5100,13 @@ Example: This feature is available in Postfix 2.9 and later. .SH prepend_delivered_header (default: command, file, forward) The message delivery contexts where the Postfix \fBlocal\fR(8) delivery -agent prepends a Delivered-To: message header with the address +agent prepends a Delivered\-To: message header with the address that the mail was delivered to. This information is used for mail delivery loop detection. .PP -By default, the Postfix local delivery agent prepends a Delivered-To: +By default, the Postfix local delivery agent prepends a Delivered\-To: header when forwarding mail and when delivering to file (mailbox) -and command. Turning off the Delivered-To: header when forwarding +and command. Turning off the Delivered\-To: header when forwarding mail is not recommended. .PP Specify zero or more of \fBforward\fR, \fBfile\fR, or \fBcommand\fR. @@ -5120,12 +5120,12 @@ prepend_delivered_header = forward .fi .ad .ft R -.SH process_id (read-only) +.SH process_id (read\-only) The process ID of a Postfix command or daemon process. .SH process_id_directory (default: pid) The location of Postfix PID files relative to $queue_directory. -This is a read-only parameter. -.SH process_name (read-only) +This is a read\-only parameter. +.SH process_name (read\-only) The process name of a Postfix command or daemon process. .SH propagate_unmatched_extensions (default: canonical, virtual) What address lookup tables copy an address extension from the lookup @@ -5177,29 +5177,29 @@ proxy_interfaces = 1.2.3.4 .fi .ad .ft R -.SH proxy_read_maps (default: see "postconf -d" output) +.SH proxy_read_maps (default: see "postconf \-d" output) The lookup tables that the \fBproxymap\fR(8) server is allowed to -access for the read-only service. +access for the read\-only service. .PP Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Table references that don't begin with proxy: are ignored. .PP This feature is available in Postfix 2.0 and later. -.SH proxy_write_maps (default: see "postconf -d" output) +.SH proxy_write_maps (default: see "postconf \-d" output) The lookup tables that the \fBproxymap\fR(8) server is allowed to -access for the read-write service. Postfix-owned local database -files should be stored under the Postfix-owned data_directory. +access for the read\-write service. Postfix\-owned local database +files should be stored under the Postfix\-owned data_directory. Table references that don't begin with proxy: are ignored. .PP This feature is available in Postfix 2.5 and later. .SH proxymap_service_name (default: proxymap) -The name of the proxymap read-only table lookup service. This +The name of the proxymap read\-only table lookup service. This service is normally implemented by the \fBproxymap\fR(8) daemon. .PP This feature is available in Postfix 2.6 and later. .SH proxywrite_service_name (default: proxywrite) -The name of the proxywrite read-write table lookup service. +The name of the proxywrite read\-write table lookup service. This service is normally implemented by the \fBproxymap\fR(8) daemon. .PP This feature is available in Postfix 2.6 and later. @@ -5212,7 +5212,7 @@ This feature is enabled with the helpful_warnings parameter. This feature is available in Postfix 2.0 and later. .SH qmgr_daemon_timeout (default: 1000s) How much time a Postfix queue manager process may take to handle -a request before it is terminated by a built-in watchdog timer. +a request before it is terminated by a built\-in watchdog timer. .PP Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). @@ -5239,11 +5239,11 @@ This feature is available in Postfix 2.8 and later. The maximal number of messages in the active queue. .SH qmgr_message_recipient_limit (default: 20000) The maximal number of recipients held in memory by the Postfix -queue manager, and the maximal size of the short-term, -in-memory "dead" destination status cache. +queue manager, and the maximal size of the short\-term, +in\-memory "dead" destination status cache. .SH qmgr_message_recipient_minimum (default: 10) -The minimal number of in-memory recipients for any message. This -takes priority over any other in-memory recipient limits (i.e., +The minimal number of in\-memory recipients for any message. This +takes priority over any other in\-memory recipient limits (i.e., the global qmgr_message_recipient_limit and the per transport _recipient_limit) if necessary. The minimum value allowed for this parameter is 1. @@ -5298,8 +5298,8 @@ seconds the Postfix QMQP server gives up and disconnects. .PP Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). -.SH queue_directory (default: see "postconf -d" output) -The location of the Postfix top-level queue directory. This is the +.SH queue_directory (default: see "postconf \-d" output) +The location of the Postfix top\-level queue directory. This is the root directory of Postfix daemon processes that run chrooted. .SH queue_file_attribute_count_limit (default: 100) The maximal number of (name=value) attributes that may be stored @@ -5342,13 +5342,13 @@ parameter. See there for a discussion of the syntax of RBL reply templates. .PP This feature is available in Postfix 2.0 and later. -.SH readme_directory (default: see "postconf -d" output) +.SH readme_directory (default: see "postconf \-d" output) The location of Postfix README files that describe how to build, configure or operate a specific Postfix subsystem or feature. .SH receive_override_options (default: empty) -Enable or disable recipient validation, built-in content +Enable or disable recipient validation, built\-in content filtering, or address mapping. Typically, these are specified in -master.cf as command-line arguments for the \fBsmtpd\fR(8), \fBqmqpd\fR(8) or +master.cf as command\-line arguments for the \fBsmtpd\fR(8), \fBqmqpd\fR(8) or \fBpickup\fR(8) daemons. .PP Specify zero or more of the following options. The options @@ -5361,7 +5361,7 @@ This is typically specified AFTER an external content filter. .br .IP "\fBno_address_mappings\fR" Disable canonical address mapping, virtual alias map expansion, -address masquerading, and automatic BCC (blind carbon-copy) +address masquerading, and automatic BCC (blind carbon\-copy) recipients. This is typically specified BEFORE an external content filter. .br @@ -5394,7 +5394,7 @@ receive_override_options = no_address_mappings .PP This feature is available in Postfix 2.1 and later. .SH recipient_bcc_maps (default: empty) -Optional BCC (blind carbon-copy) address lookup tables, indexed by +Optional BCC (blind carbon\-copy) address lookup tables, indexed by recipient address. The BCC address (multiple results are not supported) is added when mail enters from outside of Postfix. .PP @@ -5422,7 +5422,7 @@ Look up the "@domain.tld" part. .PP Note: with Postfix 2.3 and later the BCC address is added as if it was specified with NOTIFY=NONE. The sender will not be notified -when the BCC address is undeliverable, as long as all down-stream +when the BCC address is undeliverable, as long as all down\-stream software implements RFC 3461. .PP Note: with Postfix 2.2 and earlier the sender will unconditionally @@ -5496,18 +5496,18 @@ recipient delimiter that was found in the recipient email address (Postfix 2.11 and later), or it is replaced with the main.cf recipient_delimiter parameter value (Postfix 2.10 and earlier). .PP -The recipient_delimiter is not applied to the mailer-daemon -address, the postmaster address, or the double-bounce address. With +The recipient_delimiter is not applied to the mailer\-daemon +address, the postmaster address, or the double\-bounce address. With the default "owner_request_special = yes" setting, the recipient_delimiter -is also not applied to addresses with the special "owner-" prefix -or the special "-request" suffix. +is also not applied to addresses with the special "owner\-" prefix +or the special "\-request" suffix. .PP Examples: .PP .nf .na .ft C -# Handle Postfix-style extensions. +# Handle Postfix\-style extensions. recipient_delimiter = + .fi .ad @@ -5517,7 +5517,7 @@ recipient_delimiter = + .na .ft C # Handle both Postfix and qmail extensions (Postfix 2.11 and later). -recipient_delimiter = +- +recipient_delimiter = +\- .fi .ad .ft R @@ -5538,7 +5538,7 @@ client request is rejected by the "reject" restriction. .PP Do not change this unless you have a complete understanding of RFC 5321. .SH reject_tempfail_action (default: defer_if_permit) -The Postfix SMTP server's action when a reject-type restriction +The Postfix SMTP server's action when a reject\-type restriction fails due to a temporary error condition. Specify "defer" to defer the remote SMTP client request immediately. With the default "defer_if_permit" action, the Postfix SMTP server continues to look @@ -5551,11 +5551,11 @@ and unknown_helo_hostname_tempfail_action. .PP This feature is available in Postfix 2.6 and later. .SH relay_clientcerts (default: empty) -List of tables with remote SMTP client-certificate fingerprints or +List of tables with remote SMTP client\-certificate fingerprints or public key fingerprints (Postfix 2.9 and later) for which the Postfix SMTP server will allow access with the permit_tls_clientcerts feature. The fingerprint digest algorithm is configurable via the -smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to +smtpd_tls_fingerprint_digest parameter (hard\-coded as md5 prior to Postfix version 2.5). .PP Postfix lookup tables are in the form of (key, value) pairs. @@ -5573,12 +5573,12 @@ relay_clientcerts = hash:/etc/postfix/relay_clientcerts .ad .ft R .PP -For more fine-grained control, use check_ccert_access to select +For more fine\-grained control, use check_ccert_access to select an appropriate \fBaccess\fR(5) policy for each client. See RESTRICTION_CLASS_README. .PP \fBNote:\fR Postfix 2.9.0-2.9.5 computed the public key -fingerprint incorrectly. To use public-key fingerprints, upgrade +fingerprint incorrectly. To use public\-key fingerprints, upgrade to Postfix 2.9.6 or later. .PP This feature is available with Postfix version 2.2. @@ -5600,7 +5600,7 @@ relay_destination_concurrency_limit from concurrency per domain into concurrency per recipient. .PP This feature is available in Postfix 2.0 and later. -.SH relay_domains (default: Postfix >= 2.12: empty, Postfix < 2.12: $mydestination) +.SH relay_domains (default: Postfix >= 3.0: empty, Postfix < 3.0: $mydestination) What destination domains (and subdomains thereof) this system will relay mail to. For details about how the relay_domains value is used, see the description of the @@ -5609,7 +5609,7 @@ restrictions. .PP Domains that match $relay_domains are delivered with the $relay_transport mail delivery transport. The SMTP server validates -recipient addresses with $relay_recipient_maps and rejects non-existent +recipient addresses with $relay_recipient_maps and rejects non\-existent recipients. See also the relay domains address class in the ADDRESS_CLASS_README file. .PP @@ -5636,9 +5636,9 @@ restriction. Do not change this unless you have a complete understanding of RFC 5321. .SH relay_recipient_maps (default: empty) Optional lookup tables with all valid addresses in the domains -that match $relay_domains. Specify @domain as a wild-card for +that match $relay_domains. Specify @domain as a wild\-card for domains that have no valid recipient list, and become a source of -backscatter mail: Postfix accepts spam for non-existent recipients +backscatter mail: Postfix accepts spam for non\-existent recipients and then floods innocent people with undeliverable mail. Technically, tables listed with $relay_recipient_maps are used as lists: Postfix needs @@ -5649,7 +5649,7 @@ Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Tables will be searched in the specified order until a match is found. .PP -If this parameter is non-empty, then the Postfix SMTP server will reject +If this parameter is non\-empty, then the Postfix SMTP server will reject mail to unknown relay users. This feature is off by default. .PP See also the relay domains address class in the ADDRESS_CLASS_README @@ -5667,7 +5667,7 @@ relay_recipient_maps = hash:/etc/postfix/relay_recipients .PP This feature is available in Postfix 2.0 and later. .SH relay_transport (default: relay) -The default mail delivery transport and next-hop destination for +The default mail delivery transport and next\-hop destination for remote delivery to domains listed with $relay_domains. In order of decreasing precedence, the nexthop destination is taken from $relay_transport, $sender_dependent_relayhost_maps, $relayhost, or @@ -5684,7 +5684,7 @@ file. .PP This feature is available in Postfix 2.0 and later. .SH relayhost (default: empty) -The next-hop destination of non-local mail; overrides non-local +The next\-hop destination of non\-local mail; overrides non\-local domains in recipient addresses. This information is overruled with relay_transport, sender_dependent_default_transport_maps, default_transport, sender_dependent_relayhost_maps @@ -5777,7 +5777,7 @@ before mail delivery is attempted. By default this test is disabled. It can be useful for environments that import home directories to the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED). .SH reset_owner_alias (default: no) -Reset the \fBlocal\fR(8) delivery agent's idea of the owner-alias +Reset the \fBlocal\fR(8) delivery agent's idea of the owner\-alias attribute, when delivering mail to a child alias that does not have its own owner alias. .PP @@ -5786,7 +5786,7 @@ Postfix releases, the behavior is as if this parameter is set to "yes". .PP As documented in \fBaliases\fR(5), when an alias \fIname\fR has a -companion alias named owner-\fIname\fR, delivery errors will be +companion alias named owner\-\fIname\fR, delivery errors will be reported to the owner alias instead of the sender. This configuration is recommended for mailing lists. .PP @@ -5808,13 +5808,13 @@ with one list member results in multiple message deliveries to other list members. .PP The default behavior of Postfix 2.8 and later is to keep the -owner-alias attribute of the parent alias, when delivering mail to +owner\-alias attribute of the parent alias, when delivering mail to a child alias that does not have its own owner alias. Then, local addresses from that child alias will be written to a new queue file, and a temporary error with one local address will not affect delivery to other mailing list members. .PP -Unfortunately, older Postfix releases reset the owner-alias +Unfortunately, older Postfix releases reset the owner\-alias attribute when delivering mail to a child alias that does not have its own owner alias. The \fBlocal\fR(8) delivery agent then attempts to deliver local addresses as soon as they come out of child alias @@ -5857,7 +5857,7 @@ This feature is available in Postfix 2.3 and later. .SH rewrite_service_name (default: rewrite) The name of the address rewriting service. This service rewrites addresses to standard form and resolves them to a (delivery method, -next-hop host, recipient) triple. +next\-hop host, recipient) triple. .PP This feature is available in Postfix 2.0 and later. .SH sample_directory (default: /etc/postfix) @@ -5869,9 +5869,9 @@ When authenticating to a remote SMTP or LMTP server with the default setting "no", send no SASL authoriZation ID (authzid); send only the SASL authentiCation ID (authcid) plus the authcid's password. .PP -The non-default setting "yes" enables the behavior of older +The non\-default setting "yes" enables the behavior of older Postfix versions. These always send a SASL authzid that is equal -to the SASL authcid, but this causes inter-operability problems +to the SASL authcid, but this causes inter\-operability problems with some SMTP servers. .PP This feature is available in Postfix 2.4.4 and later. @@ -5879,7 +5879,7 @@ This feature is available in Postfix 2.4.4 and later. This parameter should not be used. It was replaced by sender_dependent_relayhost_maps in Postfix version 2.3. .SH sender_bcc_maps (default: empty) -Optional BCC (blind carbon-copy) address lookup tables, indexed +Optional BCC (blind carbon\-copy) address lookup tables, indexed by sender address. The BCC address (multiple results are not supported) is added when mail enters from outside of Postfix. .PP @@ -5907,7 +5907,7 @@ Look up the "@domain.tld" part. .PP Note: with Postfix 2.3 and later the BCC address is added as if it was specified with NOTIFY=NONE. The sender will not be notified -when the BCC address is undeliverable, as long as all down-stream +when the BCC address is undeliverable, as long as all down\-stream software implements RFC 3461. .PP Note: with Postfix 2.2 and earlier the sender will be notified @@ -5960,7 +5960,7 @@ sender_canonical_maps = hash:/etc/postfix/sender_canonical .ad .ft R .SH sender_dependent_default_transport_maps (default: empty) -A sender-dependent override for the global default_transport +A sender\-dependent override for the global default_transport parameter setting. The tables are searched by the envelope sender address and @domain. A lookup result of DUNNO terminates the search without overriding the global default_transport parameter setting. @@ -5981,7 +5981,7 @@ substitutions in regular expression maps. .PP This feature is available in Postfix 2.7 and later. .SH sender_dependent_relayhost_maps (default: empty) -A sender-dependent override for the global relayhost parameter +A sender\-dependent override for the global relayhost parameter setting. The tables are searched by the envelope sender address and @domain. A lookup result of DUNNO terminates the search without overriding the global relayhost parameter setting (Postfix 2.6 and @@ -6008,7 +6008,7 @@ in . This setting is the default with Postfix .IP "\fBstrict\fR" Convert message lines ending in only if the first input line ends in -. This setting is backwards-compatible with +. This setting is backwards\-compatible with Postfix 2.8 and earlier. .br .IP "\fBnever\fR" @@ -6018,7 +6018,7 @@ Never convert message lines ending in .br .PP This feature is available in Postfix 2.9 and later. -.SH sendmail_path (default: see "postconf -d" output) +.SH sendmail_path (default: see "postconf \-d" output) A Sendmail compatibility feature that specifies the location of the Postfix \fBsendmail\fR(1) command. This command can be used to submit mail into the Postfix queue. @@ -6029,13 +6029,13 @@ appears to be malfunctioning. Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). .SH setgid_group (default: postdrop) -The group ownership of set-gid Postfix commands and of group-writable +The group ownership of set\-gid Postfix commands and of group\-writable Postfix directories. When this parameter value is changed you need -to re-run "\fBpostfix set-permissions\fR" (with Postfix version 2.0 and -earlier: "\fB/etc/postfix/post-install set-permissions\fR". -.SH shlib_directory (default: see 'postconf -d' output) -The location of Postfix shared libraries (libpostfix-*.so), -and the default location of Postfix database plugins (libpostfix-*.so) +to re\-run "\fBpostfix set\-permissions\fR" (with Postfix version 2.0 and +earlier: "\fB/etc/postfix/post\-install set\-permissions\fR". +.SH shlib_directory (default: see 'postconf \-d' output) +The location of Postfix shared libraries (libpostfix\-*.so), +and the default location of Postfix database plugins (libpostfix\-*.so) that have a relative pathname in the dynamicmaps.cf file. The shlib_directory parameter defaults to "no" when Postfix shared libraries and database plugins are disabled at compile time, otherwise @@ -6044,21 +6044,21 @@ it typically defaults to /usr/lib/postfix or /usr/local/lib/postfix. Notes: .IP \(bu The directory specified with shlib_directory should contain -only Postfix-related files. Postfix shared libraries and database +only Postfix\-related files. Postfix shared libraries and database plugins should not be installed in a "public" system directory such -as /usr/lib or /usr/local/lib. Linking Postfix shared-library files -or database plugins into non-Postfix programs is not supported. +as /usr/lib or /usr/local/lib. Linking Postfix shared\-library files +or database plugins into non\-Postfix programs is not supported. Postfix shared libraries and database plugins implement a -Postfix-internal API that changes without maintaining compatibility. +Postfix\-internal API that changes without maintaining compatibility. .IP \(bu You can change the shlib_directory value after Postfix is built. However, you may have to run ldconfig or equivalent to prevent -Postfix programs from failing because the libpostfix-*.so files are -not found. No ldconfig command is needed if you keep the libpostfix-*.so -files in the compiled-in default $shlib_directory location. +Postfix programs from failing because the libpostfix\-*.so files are +not found. No ldconfig command is needed if you keep the libpostfix\-*.so +files in the compiled\-in default $shlib_directory location. .br .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH show_user_unknown_table_name (default: yes) Display the name of the recipient table in the "User unknown" responses. The extra detail makes trouble shooting easier but also @@ -6113,8 +6113,8 @@ transport_maps to apply this feature selectively: .na .ft C /etc/postfix/transport: - smtp-domain-that-verifies-after-data smtp-data-target: - lmtp-domain-that-verifies-after-data lmtp-data-target: + smtp\-domain\-that\-verifies\-after\-data smtp\-data\-target: + lmtp\-domain\-that\-verifies\-after\-data lmtp\-data\-target: .fi .ad .ft R @@ -6125,21 +6125,20 @@ transport_maps to apply this feature selectively: .na .ft C /etc/postfix/master.cf: - smtp-data-target unix - - n - - smtp - -o smtp_address_verify_target=data - lmtp-data-target unix - - n - - lmtp - -o lmtp_address_verify_target=data -.sp -.in +4 -.nf -.na -.ft C + smtp\-data\-target unix \- \- n \- \- smtp + \-o smtp_address_verify_target=data + lmtp\-data\-target unix \- \- n \- \- lmtp + \-o lmtp_address_verify_target=data +.fi +.ad +.ft R +.in -4 .PP Unselective use of the "data" target does no harm, but will result in unnecessary "lost connection after DATA" events at remote SMTP/LMTP servers. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH smtp_always_send_ehlo (default: yes) Always send EHLO at the start of an SMTP session. .PP @@ -6160,16 +6159,16 @@ for example: .na .ft C /etc/postfix/master.cf: - smtp ... smtp -o smtp_bind_address=11.22.33.44 + smtp ... smtp \-o smtp_bind_address=11.22.33.44 .fi .ad .ft R .in -4 .PP Note 1: when inet_interfaces specifies no more than one IPv4 -address, and that address is a non-loopback address, it is +address, and that address is a non\-loopback address, it is automatically used as the smtp_bind_address. This supports virtual -IP hosting, but can be a problem on multi-homed firewalls. See the +IP hosting, but can be a problem on multi\-homed firewalls. See the inet_interfaces documentation for more detail. .PP Note 2: address information may be enclosed inside [], @@ -6189,16 +6188,16 @@ for example: .na .ft C /etc/postfix/master.cf: - smtp ... smtp -o smtp_bind_address6=1:2:3:4:5:6:7:8 + smtp ... smtp \-o smtp_bind_address6=1:2:3:4:5:6:7:8 .fi .ad .ft R .in -4 .PP Note 1: when inet_interfaces specifies no more than one IPv6 -address, and that address is a non-loopback address, it is +address, and that address is a non\-loopback address, it is automatically used as the smtp_bind_address6. This supports virtual -IP hosting, but can be a problem on multi-homed firewalls. See the +IP hosting, but can be a problem on multi\-homed firewalls. See the inet_interfaces documentation for more detail. .PP Note 2: address information may be enclosed inside [], @@ -6214,7 +6213,7 @@ When the remote SMTP servername is a DNS CNAME, replace the servername with the result from CNAME expansion for the purpose of logging, SASL password lookup, TLS policy decisions, or TLS certificate verification. The value "no" -hardens Postfix smtp_tls_per_site hostname-based policies against +hardens Postfix smtp_tls_per_site hostname\-based policies against false hostname information in DNS CNAME records, and makes SASL password file lookups more predictable. This is the default setting as of Postfix 2.3. @@ -6226,7 +6225,7 @@ override the above servername (Postfix 2.11 and later). This feature is available in Postfix 2.2.9 and later. .SH smtp_connect_timeout (default: 30s) The Postfix SMTP client time limit for completing a TCP connection, or -zero (use the operating system built-in time limit). +zero (use the operating system built\-in time limit). .PP When no connection can be made within the deadline, the Postfix SMTP client @@ -6245,24 +6244,24 @@ seconds. This allows connections to be reused for other deliveries, and can improve mail delivery performance. .PP Specify a comma or white space separated list of destinations -or pseudo-destinations: +or pseudo\-destinations: .IP \(bu if mail is sent without a relay host: a domain name (the -right-hand side of an email address, without the [] around a numeric +right\-hand side of an email address, without the [] around a numeric IP address), .IP \(bu if mail is sent via a relay host: a relay host name (without -[] or non-default TCP port), as specified in main.cf or in the +[] or non\-default TCP port), as specified in main.cf or in the transport map, .IP \(bu -if mail is sent via a UNIX-domain socket: a pathname (without +if mail is sent via a UNIX\-domain socket: a pathname (without the unix: prefix), .IP \(bu a /file/name with domain names and/or relay host names as defined above, .IP \(bu a "type:table" with domain names and/or relay host names on -the left-hand side. The right-hand side result from "type:table" +the left\-hand side. The right\-hand side result from "type:table" lookups is ignored. .br .PP @@ -6289,7 +6288,7 @@ that an SMTP session may be reused before it is closed, or zero (no limit). With a reuse count limit of N, a connection is used up to N+1 times. .PP -NOTE: This feature is unsafe. When a high-volume destination +NOTE: This feature is unsafe. When a high\-volume destination has multiple inbound MTAs, then the slowest inbound MTA will attract the most connections to that destination. This limitation does not exist with the smtp_connection_reuse_time_limit feature. @@ -6379,7 +6378,7 @@ Optional filter for the \fBsmtp\fR(8) delivery agent to change the delivery status code or explanatory text of successful or unsuccessful deliveries. See default_delivery_status_filter for details. .PP -NOTE: This feature modifies Postfix SMTP client error or non-error +NOTE: This feature modifies Postfix SMTP client error or non\-error messages that may or may not be derived from remote SMTP server responses. In contrast, the smtp_reply_filter feature modifies remote SMTP server responses only. @@ -6419,7 +6418,7 @@ This feature is available in Postfix 2.2 and later. .PP Notes: .IP \(bu -Specify the \fBsilent-discard\fR pseudo keyword to prevent +Specify the \fBsilent\-discard\fR pseudo keyword to prevent this action from being logged. .IP \(bu Use the smtp_discard_ehlo_keyword_address_maps feature to @@ -6441,12 +6440,12 @@ to the following form: .PP The \fIclass\fR field is always "IN", the \fIpreference\fR field exists only for MX records, the names of hosts, domains, etc. -end in ".", and those names are in ASCII form (xn--mumble form in +end in ".", and those names are in ASCII form (xn\-\-mumble form in the case of UTF8 names). .PP When a match is found, the table lookup result specifies an action. By default, the table query and the action name are -case-insensitive. Currently, only the \fBIGNORE\fR action is +case\-insensitive. Currently, only the \fBIGNORE\fR action is implemented. .PP Notes: @@ -6474,7 +6473,7 @@ query. .br .PP Example: ignore Google AAAA records in Postfix SMTP client DNS -lookups, because Google sometimes hard-rejects mail from IPv6 clients +lookups, because Google sometimes hard\-rejects mail from IPv6 clients with valid PTR etc. records. .PP .nf @@ -6490,23 +6489,23 @@ with valid PTR etc. records. .na .ft C /etc/postfix/smtp_dns_reply_filter: - # /domain ttl IN AAAA address/ action, all case-insensitive. + # /domain ttl IN AAAA address/ action, all case\-insensitive. # Note: the domain name ends in ".". /^\eS+\e.google\e.com\e.\es+\eS+\es+\eS+\es+AAAA\es+/ IGNORE .fi .ad .ft R .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH smtp_dns_resolver_options (default: empty) DNS Resolver options for the Postfix SMTP client. Specify zero or more of the following options, separated by comma or whitespace. -Option names are case-sensitive. Some options refer to domain names +Option names are case\-sensitive. Some options refer to domain names that are specified in the file /etc/resolv.conf or equivalent. .IP "\fBres_defnames\fR" -Append the current domain name to single-component names (those +Append the current domain name to single\-component names (those that do not contain a "." character). This can produce incorrect -results, and is the hard-coded behavior prior to Postfix 2.8. +results, and is the hard\-coded behavior prior to Postfix 2.8. .br .IP "\fBres_dnsrch\fR" Search for host names in the current domain and in parent @@ -6527,7 +6526,7 @@ Specify one of the following: Disable DNS lookups. No MX lookups are performed and hostname to address lookups are unconditionally "native". This setting is not appropriate for hosts that deliver mail to the public Internet. -Some obsolete how-to documents recommend disabling DNS lookups in +Some obsolete how\-to documents recommend disabling DNS lookups in some configurations with content_filters. This is no longer required and strongly discouraged. .br @@ -6535,7 +6534,7 @@ and strongly discouraged. Enable DNS lookups. Nexthop destination domains not enclosed in "[]" will be subject to MX lookups. If "dns" and "native" are included in the "smtp_host_lookup" parameter value, DNS will be -queried first to resolve MX-host A records, followed by "native" +queried first to resolve MX\-host A records, followed by "native" lookups if no answer is found in DNS. .br .IP "\fBdnssec\fR" @@ -6544,8 +6543,8 @@ lookups. The "dnssec" setting differs from the "enabled" setting above in the following ways: .IP \(bu Any MX lookups will set -RES_USE_DNSSEC and RES_USE_EDNS0 to request DNSSEC-validated -responses. If the MX response is DNSSEC-validated the corresponding +RES_USE_DNSSEC and RES_USE_EDNS0 to request DNSSEC\-validated +responses. If the MX response is DNSSEC\-validated the corresponding hostnames are considered validated. .IP \(bu The address lookups of @@ -6553,24 +6552,24 @@ validated hostnames are also validated, (provided of course "smtp_host_lookup" includes "dns", see below). .IP \(bu Temporary -failures in DNSSEC-enabled hostname-to-address resolution block any +failures in DNSSEC\-enabled hostname\-to\-address resolution block any "native" lookups. Additional "native" lookups only happen when -DNSSEC lookups hard-fail (NODATA or NXDOMAIN). +DNSSEC lookups hard\-fail (NODATA or NXDOMAIN). .br .br .br .PP -The Postfix SMTP client considers non-MX "[nexthop]" and -"[nexthop]:port" destinations equivalent to statically-validated +The Postfix SMTP client considers non\-MX "[nexthop]" and +"[nexthop]:port" destinations equivalent to statically\-validated MX records of the form "nexthop. IN MX 0 nexthop." Therefore, -with "dnssec" support turned on, validated hostname-to-address +with "dnssec" support turned on, validated hostname\-to\-address lookups apply to the nexthop domain of any "[nexthop]" or "[nexthop]:port" destination. This is also true for LMTP "inet:host" and "inet:host:port" destinations, as LMTP hostnames are never subject to MX lookups. .PP The "dnssec" setting is recommended only if you plan to use the -dane or dane-only TLS security +dane or dane\-only TLS security level, otherwise enabling DNSSEC support in Postfix offers no additional security. Postfix DNSSEC support relies on an upstream recursive nameserver that validates DNSSEC signatures. Such a DNS @@ -6582,18 +6581,18 @@ should include "dns", as DANE is not applicable to hosts resolved via "native" lookups. .PP As mentioned above, Postfix is not a validating stub -resolver; it relies on the system's configured DNSSEC-validating +resolver; it relies on the system's configured DNSSEC\-validating recursive nameserver to perform all DNSSEC validation. Since this -nameserver's DNSSEC-validated responses will be fully trusted, it -is strongly recommended that the MTA host have a local DNSSEC-validating +nameserver's DNSSEC\-validated responses will be fully trusted, it +is strongly recommended that the MTA host have a local DNSSEC\-validating recursive caching nameserver listening on a loopback address, and be configured to use only this nameserver for all lookups. Otherwise, -Postfix may remain subject to man-in-the-middle attacks that forge +Postfix may remain subject to man\-in\-the\-middle attacks that forge responses from the recursive nameserver .PP DNSSEC support requires a version of Postfix compiled against a -reasonably-modern DNS \fBresolver\fR(3) library that implements the +reasonably\-modern DNS \fBresolver\fR(3) library that implements the RES_USE_DNSSEC and RES_USE_EDNS0 resolver options. .PP This feature is available in Postfix 2.11 and later. @@ -6628,7 +6627,7 @@ not found, and delivery is deferred when a destination is unreachable. .PP With bulk email deliveries, it can be beneficial to run the fallback relay MTA on the same host, so that it can reuse the sender -IP address. This speeds up deliveries that are delayed by IP-based +IP address. This speeds up deliveries that are delayed by IP\-based reputation systems (greylist, etc.). .PP The fallback relays must be SMTP destinations. Specify a domain, @@ -6636,7 +6635,7 @@ host, host:port, [host]:port, [address] or [address]:port; the form [host] turns off MX lookups. If you specify multiple SMTP destinations, Postfix will try them in the specified order. .PP -To prevent mailer loops between MX hosts and fall-back hosts, +To prevent mailer loops between MX hosts and fall\-back hosts, Postfix version 2.2 and later will not use the fallback relays for destinations that it is MX host for (assuming DNS lookup is turned on). .SH smtp_generic_maps (default: empty) @@ -6677,7 +6676,7 @@ client, for example: .na .ft C /etc/postfix/master.cf: - mysmtp ... smtp -o smtp_helo_name=foo.bar.com + mysmtp ... smtp \-o smtp_helo_name=foo.bar.com .fi .ad .ft R @@ -6744,7 +6743,7 @@ This feature is available in Postfix 2.1 and later. .SH smtp_mx_session_limit (default: 2) The maximal number of SMTP sessions per delivery request before the Postfix SMTP client -gives up or delivers to a fall-back relay host, or zero (no +gives up or delivers to a fall\-back relay host, or zero (no limit). This restriction ignores sessions that fail to complete the SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to complete the EHLO and TLS handshake (Postfix version 2.3 and later). @@ -6768,11 +6767,11 @@ line, SMTP message content line, or TLS protocol message). This limits the impact from hostile peers that trickle data one byte at a time. .PP -Note: when per-record deadlines are enabled, a short timeout +Note: when per\-record deadlines are enabled, a short timeout may cause problems with TLS over very slow network connections. The reasons are that a TLS protocol message can be up to 16 kbytes long (with TLSv1), and that an entire TLS protocol message must be -sent or received within the per-record deadline. +sent or received within the per\-record deadline. .PP This feature is available in Postfix 2.9 and later. With older Postfix releases, the behavior is as if this parameter is set to @@ -6786,7 +6785,7 @@ Choosing a too short time makes this workaround ineffective when sending large messages over slow network connections. .SH smtp_pix_workaround_maps (default: empty) Lookup tables, indexed by the remote SMTP server address, with -per-destination workarounds for CISCO PIX firewall bugs. The table +per\-destination workarounds for CISCO PIX firewall bugs. The table is not indexed by hostname for consistency with smtp_discard_ehlo_keyword_address_maps. .PP @@ -6813,7 +6812,7 @@ A list that specifies zero or more workarounds for CISCO PIX firewall bugs. These workarounds are implemented by the Postfix SMTP client. Workaround names are separated by comma or space, and are case insensitive. This parameter setting can be overruled with -per-destination smtp_pix_workaround_maps settings. +per\-destination smtp_pix_workaround_maps settings. .IP "\fBdelay_dotcrlf\fR Insert a delay before sending "." after the end of the message content. The @@ -6848,18 +6847,18 @@ a broken SMTP server, configure a special SMTP client in master.cf: .na .ft C /etc/postfix/master.cf: - broken-smtp . . . smtp -o smtp_quote_rfc821_envelope=no + broken\-smtp . . . smtp \-o smtp_quote_rfc821_envelope=no .fi .ad .ft R .in -4 .PP -and route mail for the destination in question to the "broken-smtp" +and route mail for the destination in question to the "broken\-smtp" message delivery with a \fBtransport\fR(5) table. .PP This feature is available in Postfix 2.1 and later. .SH smtp_randomize_addresses (default: yes) -Randomize the order of equal-preference MX host addresses. This +Randomize the order of equal\-preference MX host addresses. This is a performance feature of the Postfix SMTP client. .SH smtp_rcpt_timeout (default: 300s) The Postfix SMTP client time limit for sending the SMTP RCPT TO @@ -6869,14 +6868,14 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). .SH smtp_reply_filter (default: empty) A mechanism to transform replies from remote SMTP servers one -line at a time. This is a last-resort tool to work around server -replies that break inter-operability with the Postfix SMTP client. +line at a time. This is a last\-resort tool to work around server +replies that break inter\-operability with the Postfix SMTP client. Other uses involve fault injection to test Postfix's handling of invalid responses. .PP Notes: .IP \(bu -In the case of a multi-line reply, the Postfix SMTP client +In the case of a multi\-line reply, the Postfix SMTP client uses the final reply line's numerical SMTP reply code and enhanced status code. .IP \(bu @@ -6908,12 +6907,12 @@ Examples: .na .ft C /etc/postfix/reply_filter: - # Transform garbage into "250-filler..." so that it looks like - # one line from a multi-line reply. It does not matter what we + # Transform garbage into "250\-filler..." so that it looks like + # one line from a multi\-line reply. It does not matter what we # substitute here as long it has the right syntax. The Postfix # SMTP client will use the final line's numerical SMTP reply # code and enhanced status code. - !/^([2-5][0-9][0-9]($|[- ]))/ 250-filler for garbage + !/^([2\-5][0\-9][0\-9]($|[\- ]))/ 250\-filler for garbage .fi .ad .ft R @@ -6941,7 +6940,7 @@ same server, username and password, and instead bounces or defers mail as controlled with the smtp_sasl_auth_soft_bounce configuration parameter. .PP -Use a per-destination delivery concurrency of 1 (for example, +Use a per\-destination delivery concurrency of 1 (for example, "smtp_destination_concurrency_limit = 1", "relay_destination_concurrency_limit = 1", etc.), otherwise multiple delivery agents may experience a login failure at the same time. @@ -6950,7 +6949,7 @@ The table must be accessed via the proxywrite service, i.e. the map name must start with "proxy:". The table should be stored under the directory specified with the data_directory parameter. .PP -This feature uses cryptographic hashing to protect plain-text +This feature uses cryptographic hashing to protect plain\-text passwords, and requires that Postfix is compiled with TLS support. .PP Example: @@ -6985,7 +6984,7 @@ smtp_sasl_auth_enable = yes .SH smtp_sasl_auth_soft_bounce (default: yes) When a remote SMTP server rejects a SASL authentication request with a 535 reply code, defer mail delivery instead of returning -mail as undeliverable. The latter behavior was hard-coded prior to +mail as undeliverable. The latter behavior was hard\-coded prior to Postfix version 2.5. .PP Note: the setting "yes" overrides the global soft_bounce @@ -6998,7 +6997,7 @@ Example: .ft C # Default as of Postfix 2.5 smtp_sasl_auth_soft_bounce = yes -# The old hard-coded default +# The old hard\-coded default smtp_sasl_auth_soft_bounce = no .fi .ad @@ -7006,7 +7005,7 @@ smtp_sasl_auth_soft_bounce = no .PP This feature is available in Postfix 2.5 and later. .SH smtp_sasl_mechanism_filter (default: empty) -If non-empty, a Postfix SMTP client filter for the remote SMTP +If non\-empty, a Postfix SMTP client filter for the remote SMTP server's list of offered SASL mechanisms. Different client and server implementations may support different mechanism lists; by default, the Postfix SMTP client will use the intersection of the @@ -7014,7 +7013,7 @@ two. smtp_sasl_mechanism_filter specifies an optional third mechanism list to intersect with. .PP Specify mechanism names, "/file/name" patterns or "type:table" -lookup tables. The right-hand side result from "type:table" lookups +lookup tables. The right\-hand side result from "type:table" lookups is ignored. Specify "!pattern" to exclude a mechanism name from the list. The form "!/file/name" is supported only in Postfix version 2.4 and later. @@ -7035,7 +7034,7 @@ smtp_sasl_mechanism_filter = !gssapi, !login, static:rest .SH smtp_sasl_password_maps (default: empty) Optional Postfix SMTP client lookup tables with one username:password entry -per remote hostname or domain, or sender address when sender-dependent +per remote hostname or domain, or sender address when sender\-dependent authentication is enabled. If no username:password entry is found, then the Postfix SMTP client will not attempt to authenticate to the remote host. @@ -7047,9 +7046,9 @@ Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Tables will be searched in the specified order until a match is found. .SH smtp_sasl_path (default: empty) -Implementation-specific information that the Postfix SMTP client +Implementation\-specific information that the Postfix SMTP client passes through to -the SASL plug-in implementation that is selected with +the SASL plug\-in implementation that is selected with \fBsmtp_sasl_type\fR. Typically this specifies the name of a configuration file or rendezvous point. .PP @@ -7068,7 +7067,7 @@ Specify zero or more of the following: Disallow methods that use plaintext passwords. .br .IP "\fBnoactive\fR" -Disallow methods subject to active (non-dictionary) attack. +Disallow methods subject to active (non\-dictionary) attack. .br .IP "\fBnodictionary\fR" Disallow methods subject to passive (dictionary) attack. @@ -7113,25 +7112,25 @@ The smtp_sasl_tls_verified_security_options parameter makes it possible to only enable plaintext mechanisms when a secure connection to the server is available. Submission servers subject to this policy must either have verifiable certificates or offer suitable -non-plaintext SASL mechanisms. +non\-plaintext SASL mechanisms. .PP This feature is available in Postfix 2.6 and later. .SH smtp_sasl_type (default: cyrus) -The SASL plug-in type that the Postfix SMTP client should use +The SASL plug\-in type that the Postfix SMTP client should use for authentication. The available types are listed with the -"\fBpostconf -A\fR" command. +"\fBpostconf \-A\fR" command. .PP This feature is available in Postfix 2.3 and later. .SH smtp_send_dummy_mail_auth (default: no) Whether or not to append the "AUTH=<>" option to the MAIL -FROM command in SASL-authenticated SMTP sessions. The default is +FROM command in SASL\-authenticated SMTP sessions. The default is not to send this, to avoid problems with broken remote SMTP servers. Before Postfix 2.9 the behavior is as if "smtp_send_dummy_mail_auth = yes". .PP This feature is available in Postfix 2.9 and later. .SH smtp_send_xforward_command (default: no) -Send the non-standard XFORWARD command when the Postfix SMTP server +Send the non\-standard XFORWARD command when the Postfix SMTP server EHLO response announces XFORWARD support. .PP This allows a Postfix SMTP delivery agent, used for injecting mail @@ -7143,7 +7142,7 @@ localhost[127.0.0.1] etc. .PP This feature is available in Postfix 2.1 and later. .SH smtp_sender_dependent_authentication (default: no) -Enable sender-dependent authentication in the Postfix SMTP client; this is +Enable sender\-dependent authentication in the Postfix SMTP client; this is available only with SASL authentication, and disables SMTP connection caching to ensure that mail from different senders will use the appropriate credentials. @@ -7188,10 +7187,10 @@ but it is best to include all the required certificates directly in $smtp_tls_cert_file. .PP Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use -ONLY the system-supplied default certificate authority certificates. +ONLY the system\-supplied default Certification Authority certificates. .PP Specify "tls_append_default_CA = no" to prevent Postfix from -appending the system-supplied default CAs and trusting third-party +appending the system\-supplied default CAs and trusting third\-party certificates. .PP Example: @@ -7206,7 +7205,7 @@ smtp_tls_CAfile = /etc/postfix/CAcert.pem .PP This feature is available in Postfix 2.2 and later. .SH smtp_tls_CApath (default: empty) -Directory with PEM format certificate authority certificates +Directory with PEM format Certification Authority certificates that the Postfix SMTP client uses to verify a remote SMTP server certificate. Don't forget to create the necessary "hash" links with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". @@ -7215,10 +7214,10 @@ To use this option in chroot mode, this directory (or a copy) must be inside the chroot jail. .PP Specify "smtp_tls_CApath = /path/to/system_CA_directory" to -use ONLY the system-supplied default certificate authority certificates. +use ONLY the system\-supplied default Certification Authority certificates. .PP Specify "tls_append_default_CA = no" to prevent Postfix from -appending the system-supplied default CAs and trusting third-party +appending the system\-supplied default CAs and trusting third\-party certificates. .PP Example: @@ -7234,9 +7233,9 @@ smtp_tls_CApath = /etc/postfix/certs This feature is available in Postfix 2.2 and later. .SH smtp_tls_block_early_mail_reply (default: no) Try to detect a mail hijacking attack based on a TLS protocol -vulnerability (CVE-2009-3555), where an attacker prepends malicious +vulnerability (CVE\-2009\-3555), where an attacker prepends malicious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. -The attack would succeed with non-Postfix SMTP servers that reply +The attack would succeed with non\-Postfix SMTP servers that reply to the malicious HELO, MAIL, RCPT, DATA commands after negotiating the Postfix SMTP client TLS session. .PP @@ -7274,7 +7273,7 @@ To enable remote SMTP servers to verify the Postfix SMTP client certificate, the issuing CA certificates must be made available to the server. You should include the required certificates in the client certificate file, the client certificate first, then the issuing -CA(s) (bottom-up order). +CA(s) (bottom\-up order). .PP Example: the certificate for "client.example.com" was issued by "intermediate CA" which itself has a certificate issued by "root CA". @@ -7287,7 +7286,7 @@ which case it is not necessary to have them in the smtp_tls_cert_file, smtp_tls_dcert_file or smtp_tls_eccert_file. .PP A certificate supplied here must be usable as an SSL client certificate -and hence pass the "openssl verify -purpose sslclient ..." test. +and hence pass the "openssl verify \-purpose sslclient ..." test. .PP Example: .PP @@ -7303,8 +7302,8 @@ This feature is available in Postfix 2.2 and later. .SH smtp_tls_cipherlist (default: empty) Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS cipher list. As this feature applies to all TLS security levels, it is easy -to create inter-operability problems by choosing a non-default cipher -list. Do not use a non-default TLS cipher list on hosts that deliver email +to create inter\-operability problems by choosing a non\-default cipher +list. Do not use a non\-default TLS cipher list on hosts that deliver email to the public Internet: you will be unable to send email to servers that only support the ciphers you exclude. Using a restricted cipher list may be more appropriate for an internal MTA, where one can exert some @@ -7319,14 +7318,14 @@ The minimum TLS cipher grade that the Postfix SMTP client will use with opportunistic TLS encryption. Cipher types listed in smtp_tls_exclude_ciphers are excluded from the base definition of the selected cipher grade. The default value "export" ensures maximum -inter-operability. Because encryption is optional, stronger controls +inter\-operability. Because encryption is optional, stronger controls are not appropriate, and this setting SHOULD NOT be changed unless the change is essential. .PP When TLS is mandatory the cipher grade is chosen via the smtp_tls_mandatory_ciphers configuration parameter, see there for syntax details. See smtp_tls_policy_maps for information on how to configure -ciphers on a per-destination basis. +ciphers on a per\-destination basis. .PP Example: .nf @@ -7351,7 +7350,7 @@ Example: .nf .na .ft C -smtp_tls_dcert_file = /etc/postfix/client-dsa.pem +smtp_tls_dcert_file = /etc/postfix/client\-dsa.pem .fi .ad .ft R @@ -7362,8 +7361,8 @@ File with the Postfix SMTP client DSA private key in PEM format. This file may be combined with the Postfix SMTP client DSA certificate file specified with $smtp_tls_dcert_file. .PP -The private key must be accessible without a pass-phrase, i.e. it -must not be encrypted. File permissions should grant read-only +The private key must be accessible without a pass\-phrase, i.e. it +must not be encrypted. File permissions should grant read\-only access to the system superuser account ("root"), and no access to anyone else. .PP @@ -7379,7 +7378,7 @@ Example: .nf .na .ft C -smtp_tls_eccert_file = /etc/postfix/ecdsa-ccert.pem +smtp_tls_eccert_file = /etc/postfix/ecdsa\-ccert.pem .fi .ad .ft R @@ -7391,8 +7390,8 @@ File with the Postfix SMTP client ECDSA private key in PEM format. This file may be combined with the Postfix SMTP client ECDSA certificate file specified with $smtp_tls_eccert_file. .PP -The private key must be accessible without a pass-phrase, i.e. it -must not be encrypted. File permissions should grant read-only +The private key must be accessible without a pass\-phrase, i.e. it +must not be encrypted. File permissions should grant read\-only access to the system superuser account ("root"), and no access to anyone else. .PP @@ -7410,7 +7409,7 @@ via the smtp_tls_per_site table. .PP Disabling the hostname verification can make sense in closed environment where special CAs are created. If not used carefully, -this option opens the danger of a "man-in-the-middle" attack (the +this option opens the danger of a "man\-in\-the\-middle" attack (the CommonName of this attacker will be logged). .PP This feature is available in Postfix 2.2 and later. With @@ -7432,7 +7431,7 @@ Examples (some of these will cause problems): smtp_tls_exclude_ciphers = aNULL smtp_tls_exclude_ciphers = MD5, DES smtp_tls_exclude_ciphers = DES+MD5 -smtp_tls_exclude_ciphers = AES256-SHA, DES-CBC3-MD5 +smtp_tls_exclude_ciphers = AES256\-SHA, DES\-CBC3\-MD5 smtp_tls_exclude_ciphers = kEDH+aRSA .fi .ad @@ -7442,15 +7441,15 @@ smtp_tls_exclude_ciphers = kEDH+aRSA The first setting, disables anonymous ciphers. The next setting disables ciphers that use the MD5 digest algorithm or the (single) DES encryption algorithm. The next setting disables ciphers that use MD5 and -DES together. The next setting disables the two ciphers "AES256-SHA" -and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH" +DES together. The next setting disables the two ciphers "AES256\-SHA" +and "DES\-CBC3\-MD5". The last setting disables ciphers that use "EDH" key exchange with RSA authentication. .PP This feature is available in Postfix 2.3 and later. .SH smtp_tls_fingerprint_cert_match (default: empty) List of acceptable remote SMTP server certificate fingerprints for the "fingerprint" TLS security level (\fBsmtp_tls_security_level\fR = -fingerprint). At this security level, certificate authorities are not +fingerprint). At this security level, Certification Authorities are not used, and certificate expiration times are ignored. Instead, server certificates are verified directly via their certificate fingerprint or public key fingerprint (Postfix 2.9 and later). The fingerprint @@ -7466,8 +7465,8 @@ attribute, or multiple match attributes can be employed. .PP Example: Certificate fingerprint verification with internal mailhub. Two matching fingerprints are listed. The relayhost may be multiple -physical hosts behind a load-balancer, each with its own private/public -key and self-signed certificate. Alternatively, a single relayhost may +physical hosts behind a load\-balancer, each with its own private/public +key and self\-signed certificate. Alternatively, a single relayhost may be in the process of switching from one set of private/public keys to another, and both keys are trusted just prior to the transition. .sp @@ -7523,9 +7522,9 @@ verified by directly matching its certificate fingerprint or its public key fingerprint (Postfix 2.9 and later). The fingerprint is the message digest of the server certificate (or its public key) using the selected -algorithm. With a digest algorithm resistant to "second pre-image" +algorithm. With a digest algorithm resistant to "second pre\-image" attacks, it is not feasible to create a new public key and a matching -certificate (or public/private key-pair) that has the same fingerprint. +certificate (or public/private key\-pair) that has the same fingerprint. .PP The default algorithm is \fBmd5\fR; this is consistent with the backwards compatible setting of the digest used to verify client @@ -7533,7 +7532,7 @@ certificates in the SMTP server. .PP The best practice algorithm is now \fBsha1\fR. Recent advances in hash function cryptanalysis have led to md5 being deprecated in favor of sha1. -However, as long as there are no known "second pre-image" attacks +However, as long as there are no known "second pre\-image" attacks against md5, its use in this context can still be considered safe. .PP While additional digest algorithms are often available with OpenSSL's @@ -7547,7 +7546,7 @@ specific digest algorithm, run: .nf .na .ft C -$ openssl x509 -noout -fingerprint -\fIdigest\fR -in \fIcertfile\fR.pem +$ openssl x509 \-noout \-fingerprint \-\fIdigest\fR \-in \fIcertfile\fR.pem .fi .ad .ft R @@ -7560,7 +7559,7 @@ For example: .nf .na .ft C -$ openssl x509 -noout -fingerprint -sha1 -in cert.pem +$ openssl x509 \-noout \-fingerprint \-sha1 \-in cert.pem SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A .fi .ad @@ -7570,7 +7569,7 @@ SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A To extract the public key fingerprint from an X.509 certificate, you need to extract the public key from the certificate and compute the appropriate digest of its DER (ASN.1) encoding. With OpenSSL -the "-pubkey" option of the "x509" command extracts the public +the "\-pubkey" option of the "x509" command extracts the public key always in "PEM" format. We pipe the result to another OpenSSL command that converts the key to DER and then to the "dgst" command to compute the fingerprint. @@ -7586,10 +7585,10 @@ used. .nf .na .ft C -# OpenSSL 1.0 with all certificates and SHA-1 fingerprints. -$ openssl x509 -in cert.pem -noout -pubkey | - openssl pkey -pubin -outform DER | - openssl dgst -sha1 -c +# OpenSSL 1.0 with all certificates and SHA\-1 fingerprints. +$ openssl x509 \-in cert.pem \-noout \-pubkey | + openssl pkey \-pubin \-outform DER | + openssl dgst \-sha1 \-c (stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58 .fi .ad @@ -7601,9 +7600,9 @@ $ openssl x509 -in cert.pem -noout -pubkey | .na .ft C # OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints. -$ openssl x509 -in cert.pem -noout -pubkey | - openssl rsa -pubin -outform DER | - openssl dgst -md5 -c +$ openssl x509 \-in cert.pem \-noout \-pubkey | + openssl rsa \-pubin \-outform DER | + openssl dgst \-md5 \-c (stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50 .fi .ad @@ -7615,7 +7614,7 @@ fingerprint and public key fingerprint when the TLS loglevel is 2 or higher. .PP \fBNote:\fR Postfix 2.9.0-2.9.5 computed the public key -fingerprint incorrectly. To use public-key fingerprints, upgrade +fingerprint incorrectly. To use public\-key fingerprints, upgrade to Postfix 2.9.6 or later. .PP This feature is available in Postfix 2.5 and later. @@ -7624,7 +7623,7 @@ Lookup the associated DANE TLSA RRset even when a hostname is not an alias and its address records lie in an unsigned zone. This is unlikely to ever yield DNSSEC validated results, since child zones of unsigned zones are also unsigned in the absence of DLV or -locally configured non-root trust-anchors. We anticipate that such +locally configured non\-root trust\-anchors. We anticipate that such mechanisms will not be used for just the "_tcp" subdomain of a host. Suppressing the TLSA RRset lookup reduces latency and avoids potential interoperability problems with nameservers for unsigned zones that @@ -7636,8 +7635,8 @@ File with the Postfix SMTP client RSA private key in PEM format. This file may be combined with the Postfix SMTP client RSA certificate file specified with $smtp_tls_cert_file. .PP -The private key must be accessible without a pass-phrase, i.e. it -must not be encrypted. File permissions should grant read-only +The private key must be accessible without a pass\-phrase, i.e. it +must not be encrypted. File permissions should grant read\-only access to the system superuser account ("root"), and no access to anyone else. .PP @@ -7661,10 +7660,10 @@ a lower logging level. .br .IP "" 1 Log only a summary message on TLS handshake completion -- no logging of remote SMTP server certificate trust-chain +- no logging of remote SMTP server certificate trust\-chain verification errors if server certificate verification is not required. With Postfix 2.8 and earlier, log the summary message and unconditionally -log trust-chain verification errors. +log trust\-chain verification errors. .br .IP "" 2 Also log levels during TLS negotiation. @@ -7690,7 +7689,7 @@ mandatory TLS encryption. The default value "medium" is suitable for most destinations with which you may want to enforce TLS, and is beyond the reach of today's cryptanalytic methods. See smtp_tls_policy_maps for information on how to configure ciphers -on a per-destination basis. +on a per\-destination basis. .PP The following cipher grades are supported: .IP "\fBexport\fR" @@ -7724,8 +7723,8 @@ encouraged to not change. Enable only the "NULL" OpenSSL ciphers, these provide authentication without encryption. This setting is only appropriate in the rare case that all servers are prepared to use NULL ciphers (not normally enabled -in TLS servers). A plausible use-case is an LMTP server listening on a -UNIX-domain socket that is configured to support "NULL" ciphers. The +in TLS servers). A plausible use\-case is an LMTP server listening on a +UNIX\-domain socket that is configured to support "NULL" ciphers. The underlying cipherlist is specified via the tls_null_cipherlist configuration parameter, which you are strongly encouraged to not change. @@ -7750,7 +7749,7 @@ works in addition to the exclusions listed with smtp_tls_exclude_ciphers (see there for syntax details). .PP Starting with Postfix 2.6, the mandatory cipher exclusions can be -specified on a per-destination basis via the TLS policy "exclude" +specified on a per\-destination basis via the TLS policy "exclude" attribute. See smtp_tls_policy_maps for notes and examples. .PP This feature is available in Postfix 2.3 and later. @@ -7796,14 +7795,14 @@ versions of Postfix >= 2.10 can explicitly disable support for "TLSv1.1" or "TLSv1.2". .PP At the dane and -dane-only security +dane\-only security levels, when usable TLSA records are obtained for the remote SMTP server, the Postfix SMTP client is obligated to include the SNI TLS extension in its SSL client hello message. This may help the remote SMTP server live up to its promise to provide a certificate that matches its TLSA records. Since TLS extensions require TLS 1.0 or later, the Postfix SMTP client must disable "SSLv2" and "SSLv3" when -SNI is required. If you use "dane" or "dane-only" do not disable +SNI is required. If you use "dane" or "dane\-only" do not disable TLSv1, except perhaps via the policy table for destinations which you are sure will support "TLSv1.1" or "TLSv1.2". .PP @@ -7846,27 +7845,27 @@ postfix/smtp[pid]: Host offered STARTTLS: [name.of.host] This feature is available in Postfix 2.2 and later. .SH smtp_tls_per_site (default: empty) Optional lookup tables with the Postfix SMTP client TLS usage -policy by next-hop destination and by remote SMTP server hostname. -When both lookups succeed, the more specific per-site policy (NONE, +policy by next\-hop destination and by remote SMTP server hostname. +When both lookups succeed, the more specific per\-site policy (NONE, MUST, etc) overrides the less specific one (MAY), and the more secure -per-site policy (MUST, etc) overrides the less secure one (NONE). +per\-site policy (MUST, etc) overrides the less secure one (NONE). With Postfix 2.3 and later smtp_tls_per_site is strongly discouraged: use smtp_tls_policy_maps instead. .PP -Use of the bare hostname as the per-site table lookup key is +Use of the bare hostname as the per\-site table lookup key is discouraged. Always use the full destination nexthop (enclosed in -[] with a possible ":port" suffix). A recipient domain or MX-enabled -transport next-hop with no port suffix may look like a bare hostname, +[] with a possible ":port" suffix). A recipient domain or MX\-enabled +transport next\-hop with no port suffix may look like a bare hostname, but is still a suitable \fIdestination\fR. .PP -Specify a next-hop destination or server hostname on the left-hand -side; no wildcards are allowed. The next-hop destination is either +Specify a next\-hop destination or server hostname on the left\-hand +side; no wildcards are allowed. The next\-hop destination is either the recipient domain, or the destination specified with a \fBtransport\fR(5) table, the relayhost parameter, or the relay_transport parameter. On the right hand side specify one of the following keywords: .IP "NONE" Don't use TLS at all. This overrides a less -specific \fBMAY\fR lookup result from the alternate host or next-hop +specific \fBMAY\fR lookup result from the alternate host or next\-hop lookup key, and overrides the global smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername settings. .br @@ -7874,7 +7873,7 @@ and smtp_tls_enforce_peername settings. Try to use TLS if the server announces support, otherwise use the unencrypted connection. This has less precedence than a more specific result (including \fBNONE\fR) from the alternate -host or next-hop lookup key, and has less precedence than the more +host or next\-hop lookup key, and has less precedence than the more specific global "smtp_enforce_tls = yes" or "smtp_tls_enforce_peername = yes". .br @@ -7884,7 +7883,7 @@ require that the remote SMTP server hostname matches the information in the remote SMTP server certificate, or that the server certificate was issued by a trusted CA. This overrides a less secure \fBNONE\fR or a less specific \fBMAY\fR lookup result from the alternate host -or next-hop lookup key, and overrides the global smtp_use_tls, +or next\-hop lookup key, and overrides the global smtp_use_tls, smtp_enforce_tls and smtp_tls_enforce_peername settings. .br .IP "MUST" @@ -7893,7 +7892,7 @@ SMTP server hostname matches the information in the remote SMTP server certificate, and require that the remote SMTP server certificate was issued by a trusted CA. This overrides a less secure \fBNONE\fR and \fBMUST_NOPEERMATCH\fR or a less specific \fBMAY\fR lookup -result from the alternate host or next-hop lookup key, and overrides +result from the alternate host or next\-hop lookup key, and overrides the global smtp_use_tls, smtp_enforce_tls and smtp_tls_enforce_peername settings. .br @@ -7914,13 +7913,13 @@ that Postfix uses for TLS policy lookup and server certificate verification. Even with a perfect match between the server hostname and the server certificate, there is no guarantee that Postfix is connected to the right server. See TLS_README (Closing a DNS loophole with obsolete -per-site TLS policies) for a possible work-around. +per\-site TLS policies) for a possible work\-around. .PP This feature is available in Postfix 2.2 and later. With Postfix 2.3 and later use smtp_tls_policy_maps instead. .SH smtp_tls_policy_maps (default: empty) Optional lookup tables with the Postfix SMTP client TLS security -policy by next-hop destination; when a non-empty value is specified, +policy by next\-hop destination; when a non\-empty value is specified, this overrides the obsolete smtp_tls_per_site parameter. See TLS_README for a more detailed discussion of TLS security levels. .PP @@ -7928,15 +7927,15 @@ Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Tables will be searched in the specified order until a match is found. .PP -The TLS policy table is indexed by the full next-hop destination, -which is either the recipient domain, or the verbatim next-hop +The TLS policy table is indexed by the full next\-hop destination, +which is either the recipient domain, or the verbatim next\-hop specified in the transport table, $local_transport, $virtual_transport, $relay_transport or $default_transport. This includes any enclosing -square brackets and any non-default destination server port suffix. The +square brackets and any non\-default destination server port suffix. The LMTP socket type prefix (inet: or unix:) is not included in the lookup key. .PP -Only the next-hop domain, or $myhostname with LMTP over UNIX-domain +Only the next\-hop domain, or $myhostname with LMTP over UNIX\-domain sockets, is used as the nexthop name for certificate verification. The port and any enclosing square brackets are used in the table lookup key, but are not used for server name verification. @@ -7946,7 +7945,7 @@ or any \fI:port\fR suffix (typically the recipient domain), and the full domain is not found in the table, just as with the \fBtransport\fR(5) table, the parent domain starting with a leading "." is matched recursively. This allows one to specify a security policy for a recipient domain and all -its sub-domains. +its sub\-domains. .PP The lookup result is a security level, followed by an optional list of whitespace and/or comma separated name=value attributes that override @@ -7958,12 +7957,12 @@ No TLS. No additional attributes are supported at this level. .IP "\fBmay\fR" Opportunistic TLS. Since sending in the clear is acceptable, demanding stronger than default TLS security merely reduces -inter-operability. The optional "ciphers", "exclude" and "protocols" +inter\-operability. The optional "ciphers", "exclude" and "protocols" attributes (available for opportunistic TLS with Postfix >= 2.6) override the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and "smtp_tls_protocols" configuration parameters. When opportunistic TLS handshakes fail, Postfix retries the connection with TLS disabled. -This allows mail delivery to sites with non-interoperable TLS +This allows mail delivery to sites with non\-interoperable TLS implementations. .br .IP "\fBencrypt\fR" @@ -7986,7 +7985,7 @@ server certificate must match the TLSA records. RFC 6698 (DANE) TLS authentication and DNSSEC support is available with Postfix 2.11 and later. .br -.IP "\fBdane-only\fR" +.IP "\fBdane\-only\fR" Mandatory DANE TLS. The TLS policy for the destination is obtained via TLSA records in DNSSEC. If no TLSA records are found, or none are usable, no connection is made to the server. When @@ -7998,7 +7997,7 @@ and later. .IP "\fBfingerprint\fR" Certificate fingerprint verification. Available with Postfix 2.5 and later. At this security -level, there are no trusted certificate authorities. The certificate +level, there are no trusted Certification Authorities. The certificate trust chain, expiration date, ... are not checked. Instead, the optional \fBmatch\fR attribute, or else the main.cf \fBsmtp_tls_fingerprint_cert_match\fR parameter, lists the certificate @@ -8022,11 +8021,11 @@ In practice explicit control over matching is more common with the "secure" policy, described below. .br .IP "\fBsecure\fR" -Secure-channel TLS. At this security level, DNS -MX lookups, though potentially used to determine the candidate next-hop +Secure\-channel TLS. At this security level, DNS +MX lookups, though potentially used to determine the candidate next\-hop gateway IP addresses, are \fBnot\fR trusted to be secure enough for TLS peername verification. Instead, the default name verified in the server -certificate is obtained directly from the next-hop, or is explicitly +certificate is obtained directly from the next\-hop, or is explicitly specified via the optional \fBmatch\fR attribute which overrides the main.cf smtp_tls_secure_cert_match parameter. In the policy table, multiple match patterns and strategies must be separated by colons. @@ -8035,7 +8034,7 @@ common server, the policy entries for additional domains specify matching rules for the primary domain certificate. While transport table overrides routing the secondary domains to the primary nexthop also allow secure verification, they risk delivery to the wrong destination when domains -change hands or are re-assigned to new gateways. With the "match" +change hands or are re\-assigned to new gateways. With the "match" attribute approach, routing is not perturbed, and mail is deferred if verification of a new MX host fails. .br @@ -8073,10 +8072,10 @@ Example: .ad .ft R .PP -\fBNote:\fR The \fBhostname\fR strategy if listed in a non-default +\fBNote:\fR The \fBhostname\fR strategy if listed in a non\-default setting of smtp_tls_secure_cert_match or in the \fBmatch\fR attribute in the policy table can render the \fBsecure\fR level vulnerable to -DNS forgery. Do not use the \fBhostname\fR strategy for secure-channel +DNS forgery. Do not use the \fBhostname\fR strategy for secure\-channel configurations in environments where DNS security is not assured. .PP This feature is available in Postfix 2.3 and later. @@ -8140,7 +8139,7 @@ of 1 is sufficient if the issuing CA is listed in a local CA file. The default verification depth is 9 (the OpenSSL default) for compatibility with earlier Postfix behavior. Prior to Postfix 2.5, the default value was 5, but the limit was not actually enforced. If -you have set this to a lower non-default value, certificates with longer +you have set this to a lower non\-default value, certificates with longer trust chains may now fail to verify. Certificate chains with 1 or 2 CAs are common, deeper chains are more rare and any number between 5 and 9 should suffice in practice. You can choose a lower number if, @@ -8148,7 +8147,7 @@ for example, you trust certificates directly signed by an issuing CA but not any CAs it delegates to. .PP This feature is available in Postfix 2.2 and later. -.SH smtp_tls_secure_cert_match (default: nexthop, dot-nexthop) +.SH smtp_tls_secure_cert_match (default: nexthop, dot\-nexthop) How the Postfix SMTP client verifies the server certificate peername for the "secure" TLS security level. In a "secure" TLS policy table ($smtp_tls_policy_maps) entry the optional "match" attribute @@ -8162,7 +8161,7 @@ For a description of the pattern and strategy syntax see the smtp_tls_verify_cert_match parameter. The "hostname" strategy should be avoided in this context, as in the absence of a secure global DNS, using the results of MX lookups in certificate verification is not immune to active -(man-in-the-middle) attacks on DNS. +(man\-in\-the\-middle) attacks on DNS. .PP Sample main.cf setting: .sp @@ -8192,7 +8191,7 @@ example.net secure match=example.com:.example.com This feature is available in Postfix 2.3 and later. .SH smtp_tls_security_level (default: empty) The default SMTP TLS security level for the Postfix SMTP client; -when a non-empty value is specified, this overrides the obsolete +when a non\-empty value is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. .PP Specify one of the following security levels: @@ -8204,14 +8203,14 @@ destinations via smtp_tls_policy_maps. Opportunistic TLS. Use TLS if this is supported by the remote SMTP server, otherwise use plaintext. Since sending in the clear is acceptable, demanding stronger than default TLS -security merely reduces inter-operability. +security merely reduces inter\-operability. The "smtp_tls_ciphers" and "smtp_tls_protocols" (Postfix >= 2.6) configuration parameters provide control over the protocols and cipher grade used with opportunistic TLS. With earlier releases the opportunistic TLS cipher grade is always "export" and no protocols are disabled. When TLS handshakes fail, the connection is retried with TLS disabled. -This allows mail delivery to sites with non-interoperable TLS +This allows mail delivery to sites with non\-interoperable TLS implementations. .br .IP "\fBencrypt\fR" @@ -8239,17 +8238,17 @@ not, TLS security will vary from delivery to delivery. It is up to the domain owner to configure their MX hosts and their DNS sensibly. To configure the Postfix SMTP client for DNSSEC lookups see the documentation for the smtp_dns_support_level main.cf -parameter. When DNSSEC-validated TLSA records are not found the +parameter. When DNSSEC\-validated TLSA records are not found the effective tls security level is "may". When TLSA records are found, but are all unusable the effective security level is "encrypt". For purposes of protocol and cipher selection, the "dane" security level is treated like a "mandatory" TLS security level, and weak ciphers and protocols are disabled. Since DANE authenticates server -certificates the "aNULL" cipher-suites are transparently excluded +certificates the "aNULL" cipher\-suites are transparently excluded at this level, no need to configure this manually. RFC 6698 (DANE) TLS authentication is available with Postfix 2.11 and later. .br -.IP "\fBdane-only\fR" +.IP "\fBdane\-only\fR" Mandatory DANE TLS. This is just like "dane" above, but DANE TLSA authentication is required. There is no fallback to "may" or "encrypt" when TLSA records are missing or unusable. RFC 6698 @@ -8257,7 +8256,7 @@ TLSA authentication is required. There is no fallback to "may" or .br .IP "\fBfingerprint\fR" Certificate fingerprint verification. -At this security level, there are no trusted certificate authorities. +At this security level, there are no trusted Certification Authorities. The certificate trust chain, expiration date, etc., are not checked. Instead, the \fBsmtp_tls_fingerprint_cert_match\fR parameter lists the certificate fingerprint or public key fingerprint @@ -8277,14 +8276,14 @@ below. This security level is not an appropriate default for systems delivering mail to the Internet. .br .IP "\fBsecure\fR" -Secure-channel TLS. At this security level, +Secure\-channel TLS. At this security level, DNS MX lookups, though potentially used to determine the candidate -next-hop gateway IP addresses, are \fBnot\fR trusted to be secure enough +next\-hop gateway IP addresses, are \fBnot\fR trusted to be secure enough for TLS peername verification. Instead, the default name verified in -the server certificate is obtained from the next-hop domain as specified +the server certificate is obtained from the next\-hop domain as specified in the smtp_tls_secure_cert_match configuration parameter. The default matching rule is that a server certificate matches when its name is equal -to or is a sub-domain of the nexthop domain. This security level is not +to or is a sub\-domain of the nexthop domain. This security level is not an appropriate default for systems delivering mail to the Internet. .br .br @@ -8319,7 +8318,7 @@ smtp_tls_protocols = !SSLv2 .nf .na .ft C -# Mandatory (high-grade) TLS encryption. +# Mandatory (high\-grade) TLS encryption. smtp_tls_security_level = encrypt smtp_tls_mandatory_ciphers = high .fi @@ -8332,7 +8331,7 @@ smtp_tls_mandatory_ciphers = high # Mandatory TLS verification of hostname or nexthop domain. smtp_tls_security_level = verify smtp_tls_mandatory_ciphers = high -smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop +smtp_tls_verify_cert_match = hostname, nexthop, dot\-nexthop .fi .ad .ft R @@ -8353,8 +8352,8 @@ smtp_tls_secure_cert_match = nexthop .na .ft C # Certificate fingerprint verification (Postfix >= 2.5). -# The CA-less "fingerprint" security level only scales to a limited -# number of destinations. As a global default rather than a per-site +# The CA\-less "fingerprint" security level only scales to a limited +# number of destinations. As a global default rather than a per\-site # setting, this is practical when mail for all recipients is sent # to a central mail hub. relayhost = [mailhub.example.com] @@ -8376,7 +8375,7 @@ such as \fBbtree\fR or \fBsdbm\fR; there is no need to support concurrent access. The file is created if it does not exist. The \fBsmtp\fR(8) daemon does not use this parameter directly, rather the cache is implemented indirectly in the \fBtlsmgr\fR(8) daemon. This means that -per-smtp-instance master.cf overrides of this parameter are not effective. +per\-smtp\-instance master.cf overrides of this parameter are not effective. Note, that each of the cache databases supported by \fBtlsmgr\fR(8) daemon: $smtpd_tls_session_cache_database, $smtp_tls_session_cache_database (and with Postfix 2.3 and later $lmtp_tls_session_cache_database), needs to @@ -8387,9 +8386,9 @@ Note: \fBdbm\fR databases are not suitable. TLS session objects are too large. .PP As of version 2.5, Postfix no longer uses root privileges when -opening this file. The file should now be stored under the Postfix-owned +opening this file. The file should now be stored under the Postfix\-owned data_directory. As a migration aid, an attempt to open the file -under a non-Postfix directory is redirected to the Postfix-owned +under a non\-Postfix directory is redirected to the Postfix\-owned data_directory, and a warning is logged. .PP Example: @@ -8408,7 +8407,7 @@ The expiration time of Postfix SMTP client TLS session cache information. A cache cleanup is performed periodically every $smtp_tls_session_cache_timeout seconds. As with $smtp_tls_session_cache_database, this parameter is implemented in the -\fBtlsmgr\fR(8) daemon and therefore per-smtp-instance master.cf overrides +\fBtlsmgr\fR(8) daemon and therefore per\-smtp\-instance master.cf overrides are not possible. .PP As of Postfix 2.11 this setting cannot exceed 100 days. If set @@ -8417,31 +8416,31 @@ less than 2 minutes, the minimum value of 2 minutes is used instead. .PP This feature is available in Postfix 2.2 and later. .SH smtp_tls_trust_anchor_file (default: empty) -Zero or more PEM-format files with trust-anchor certificates +Zero or more PEM\-format files with trust\-anchor certificates and/or public keys. If the parameter is not empty the root CAs in CAfile and CApath are no longer trusted. Rather, the Postfix SMTP -client will only trust certificate-chains signed by one of the -trust-anchors contained in the chosen files. The specified -trust-anchor certificates and public keys are not subject to -expiration, and need not be (self-signed) root CAs. They may, if +client will only trust certificate\-chains signed by one of the +trust\-anchors contained in the chosen files. The specified +trust\-anchor certificates and public keys are not subject to +expiration, and need not be (self\-signed) root CAs. They may, if desired, be intermediate certificates. Therefore, these certificates also may be found "in the middle" of the trust chain presented by the remote SMTP server, and any untrusted issuing parent certificates will be ignored. Specify a list of pathnames separated by comma or whitespace. .PP -Whether specified in main.cf, or on a per-destination basis, -the trust-anchor PEM file must be accessible to the Postfix SMTP -client in the chroot jail if applicable. The trust-anchor file +Whether specified in main.cf, or on a per\-destination basis, +the trust\-anchor PEM file must be accessible to the Postfix SMTP +client in the chroot jail if applicable. The trust\-anchor file should contain only certificates and public keys, no private key -material, and must be readable by the non-privileged $mail_owner +material, and must be readable by the non\-privileged $mail_owner user. This allows destinations to be bound to a set of specific CAs or public keys without trusting the same CAs for all destinations. .PP -The main.cf parameter supports single-purpose Postfix installations +The main.cf parameter supports single\-purpose Postfix installations that send mail to a fixed set of SMTP peers. At most sites, if -trust-anchor files are used at all, they will be specified on a -per-destination basis via the "tafile" attribute of the "verify" +trust\-anchor files are used at all, they will be specified on a +per\-destination basis via the "tafile" attribute of the "verify" and "secure" levels in smtp_tls_policy_maps. .PP The underlying mechanism is in support of RFC 6698 (DANE TLSA), @@ -8456,7 +8455,7 @@ containing a single certificate, as follows: .nf .na .ft C -$ openssl x509 -in cert.pem -out ta-key.pem -noout -pubkey +$ openssl x509 \-in cert.pem \-out ta\-key.pem \-noout \-pubkey .fi .ad .ft R @@ -8482,35 +8481,35 @@ upper and lower case distinctions are ignored. .br .IP "\fI.example.com\fR" Match subdomains of the \fIexample.com\fR domain, i.e. match -a name in the server certificate that consists of a non-zero number of +a name in the server certificate that consists of a non\-zero number of labels followed by a \fI.example.com\fR suffix. Case distinctions are ignored. .br .br .PP -Strategies specify a transformation from the next-hop domain +Strategies specify a transformation from the next\-hop domain to the expected name in the server certificate: .IP "nexthop" -Match against the next-hop domain, which is either the recipient -domain, or the transport next-hop configured for the domain stripped of +Match against the next\-hop domain, which is either the recipient +domain, or the transport next\-hop configured for the domain stripped of any optional socket type prefix, enclosing square brackets and trailing port. When MX lookups are not suppressed, this is the original nexthop domain prior to the MX lookup, not the result of the MX lookup. For -LMTP delivery via UNIX-domain sockets, the verified next-hop name is +LMTP delivery via UNIX\-domain sockets, the verified next\-hop name is $myhostname. This strategy is suitable for use with the "secure" policy. Case is ignored. .br -.IP "dot-nexthop" +.IP "dot\-nexthop" As above, but match server certificate names that are subdomains -of the next-hop domain. Case is ignored. +of the next\-hop domain. Case is ignored. .br .IP "hostname" Match against the hostname of the server, often obtained via an unauthenticated DNS MX lookup. For LMTP delivery via -UNIX-domain sockets, the verified name is $myhostname. This matches +UNIX\-domain sockets, the verified name is $myhostname. This matches the verification strategy of the "MUST" keyword in the obsolete smtp_tls_per_site table, and is suitable for use with the "verify" -security level. When the next-hop name is enclosed in square brackets +security level. When the next\-hop name is enclosed in square brackets to suppress MX lookups, the "hostname" strategy is the same as the "nexthop" strategy. Case is ignored. .br @@ -8521,7 +8520,7 @@ Sample main.cf setting: .nf .na .ft C -smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop +smtp_tls_verify_cert_match = hostname, nexthop, dot\-nexthop .fi .ad .ft R @@ -8552,7 +8551,7 @@ Example: deliver all remote mail via a provider's server .na .ft C /etc/postfix/main.cf: - # Client-side SMTPS requires "encrypt" or stronger. + # Client\-side SMTPS requires "encrypt" or stronger. smtp_tls_security_level = encrypt smtp_tls_wrappermode = yes # The [] suppress MX lookups. @@ -8564,7 +8563,7 @@ Example: deliver all remote mail via a provider's server More examples are in TLS_README, including examples for older Postfix versions. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH smtp_use_tls (default: no) Opportunistic mode: use TLS when a remote SMTP server announces STARTTLS support, otherwise send the mail in the clear. Beware: @@ -8613,7 +8612,7 @@ pattern. .SH smtpd_authorized_xclient_hosts (default: empty) What remote SMTP clients are allowed to use the XCLIENT feature. This command overrides remote SMTP client information that is used for access -control. Typical use is for SMTP-based content filters, fetchmail-like +control. Typical use is for SMTP\-based content filters, fetchmail\-like programs, or SMTP server access rule testing. See the XCLIENT_README document for details. .PP @@ -8641,7 +8640,7 @@ pattern. .SH smtpd_authorized_xforward_hosts (default: empty) What remote SMTP clients are allowed to use the XFORWARD feature. This command forwards information that is used to improve logging after -SMTP-based content filters. See the XFORWARD_README document for +SMTP\-based content filters. See the XFORWARD_README document for details. .PP This feature is available in Postfix 2.1 and later. @@ -8734,7 +8733,7 @@ contain the ":" character, and would otherwise be confused with a .PP Pattern matching of domain names is controlled by the presence or absence of "smtpd_client_event_limit_exceptions" in the -parent_domain_matches_subdomains parameter value (postfix 2.12 and +parent_domain_matches_subdomains parameter value (postfix 3.0 and later). .PP This feature is available in Postfix 2.2 and later. @@ -8773,7 +8772,7 @@ By default, a remote SMTP client can negotiate as many new TLS sessions per time unit as Postfix can accept. .PP To disable this feature, specify a limit of 0. Otherwise, specify -a limit that is at least the per-client concurrent session limit, +a limit that is at least the per\-client concurrent session limit, or else legitimate client sessions may be rejected. .PP WARNING: The purpose of this feature is to limit abuse. It must @@ -8841,7 +8840,7 @@ fingerprint (Postfix 2.9 and later) as lookup key for the specified \fBaccess\fR(5) database; with Postfix version 2.2, also require that the remote SMTP client certificate is verified successfully. The fingerprint digest algorithm is configurable via the -smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to +smtpd_tls_fingerprint_digest parameter (hard\-coded as md5 prior to Postfix version 2.5). This feature is available with Postfix version 2.2 and later. .br @@ -8855,7 +8854,7 @@ Search the specified \fBaccess\fR(5) database for the IP addresses for the client hostname, and execute the corresponding action. Note: a result of "OK" is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. This feature is available -in Postfix 2.12 and later. +in Postfix 3.0 and later. .br .IP "\fBcheck_client_mx_access \fItype:table\fR\fR" Search the specified \fBaccess\fR(5) database for the MX hosts for the @@ -8885,7 +8884,7 @@ Search the specified \fBaccess\fR(5) database for the IP addresses for the unverified reverse client hostname, and execute the corresponding action. Note: a result of "OK" is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .br .IP "\fBcheck_reverse_client_hostname_mx_access \fItype:table\fR\fR" Search the specified \fBaccess\fR(5) database for the MX hosts for the @@ -8905,7 +8904,7 @@ This feature is available in Postfix 2.7 and later. Use the remote SMTP client SASL user name as lookup key for the specified \fBaccess\fR(5) database. The lookup key has the form "username@domainname" when the smtpd_sasl_local_domain parameter -value is non-empty. Unlike the check_client_access feature, +value is non\-empty. Unlike the check_client_access feature, check_sasl_access does not perform matches of parent domains or IP subnet ranges. This feature is available with Postfix version 2.11 and later. @@ -8926,10 +8925,10 @@ authenticated via the RFC 4954 (AUTH) protocol. Permit the request when the remote SMTP client certificate is verified successfully. This option must be used only if a special CA issues the certificates and only this CA is listed as trusted -CA. Otherwise, clients with a third-party certificate would also +CA. Otherwise, clients with a third\-party certificate would also be allowed to relay. Specify "tls_append_default_CA = no" when the trusted CA is specified with smtpd_tls_CAfile or smtpd_tls_CApath, -to prevent Postfix from appending the system-supplied default CAs. +to prevent Postfix from appending the system\-supplied default CAs. This feature is available with Postfix version 2.2. .br .IP "\fBpermit_tls_clientcerts\fR" @@ -8937,7 +8936,7 @@ Permit the request when the remote SMTP client certificate fingerprint or public key fingerprint (Postfix 2.9 and later) is listed in $relay_clientcerts. The fingerprint digest algorithm is configurable via the -smtpd_tls_fingerprint_digest parameter (hard-coded as md5 prior to +smtpd_tls_fingerprint_digest parameter (hard\-coded as md5 prior to Postfix version 2.5). This feature is available with Postfix version 2.2. .br @@ -8945,7 +8944,7 @@ Postfix version 2.5). This feature is available with Postfix version Reject the request when the reversed client network address is listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR (Postfix version 2.1 and later only). Each "\fId\fR" is a number, -or a pattern inside "[]" that contains one or more ";"-separated +or a pattern inside "[]" that contains one or more ";"\-separated numbers or number..number ranges (Postfix version 2.8 and later). If no "\fI=d.d.d.d\fR" is specified, reject the request when the reversed client network address is listed with any A record under @@ -8961,7 +8960,7 @@ This feature is available in Postfix 2.0 and later. Accept the request when the reversed client network address is listed with the A record "\fId.d.d.d\fR" under \fIdnswl_domain\fR. Each "\fId\fR" is a number, or a pattern inside "[]" that contains -one or more ";"-separated numbers or number..number ranges. +one or more ";"\-separated numbers or number..number ranges. If no "\fI=d.d.d.d\fR" is specified, accept the request when the reversed client network address is listed with any A record under \fIdnswl_domain\fR. @@ -8975,7 +8974,7 @@ is available in Postfix 2.8 and later. Reject the request when the client hostname is listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR (Postfix version 2.1 and later only). Each "\fId\fR" is a number, or a pattern -inside "[]" that contains one or more ";"-separated numbers or +inside "[]" that contains one or more ";"\-separated numbers or number..number ranges (Postfix version 2.8 and later). If no "\fI=d.d.d.d\fR" is specified, reject the request when the client hostname is listed with @@ -8989,14 +8988,14 @@ produce better results. Accept the request when the client hostname is listed with the A record "\fId.d.d.d\fR" under \fIrhswl_domain\fR. Each "\fId\fR" is a number, or a pattern inside "[]" that contains one or more -";"-separated numbers or number..number ranges. If no +";"\-separated numbers or number..number ranges. If no "\fI=d.d.d.d\fR" is specified, accept the request when the client hostname is listed with any A record under \fIrhswl_domain\fR. .br Caution: client name whitelisting is fragile, since the client name lookup can fail due to temporary outages. Client name whitelisting should be used only to reduce false positives in e.g. -DNS-based blocklists, and not for making access rule exceptions. +DNS\-based blocklists, and not for making access rule exceptions. .br For safety, permit_rhswl_client is silently ignored when it would override reject_unauth_destination. The result is DEFER_IF_REJECT @@ -9007,7 +9006,7 @@ when whitelist lookup fails. This feature is available in Postfix Reject the request when the unverified reverse client hostname is listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR. Each "\fId\fR" is a number, or a pattern inside "[]" that contains -one or more ";"-separated numbers or number..number ranges. +one or more ";"\-separated numbers or number..number ranges. If no "\fI=d.d.d.d\fR" is specified, reject the request when the unverified reverse client hostname is listed with any A record under \fIrbl_domain\fR. See the reject_rbl_client description above for @@ -9015,8 +9014,8 @@ additional RBL related configuration parameters. This feature is available in Postfix 2.8 and later. .br .IP "\fBreject_unknown_client_hostname\fR (with Postfix < 2.3: reject_unknown_client)" -Reject the request when 1) the client IP address->name mapping -fails, 2) the name->address mapping fails, or 3) the name->address +Reject the request when 1) the client IP address\->name mapping +fails, 2) the name\->address mapping fails, or 3) the name\->address mapping does not match the client IP address. .br This is a @@ -9026,21 +9025,21 @@ feature, which triggers only under condition 1) above. The unknown_client_reject_code parameter specifies the response code for rejected requests (default: 450). The reply is always 450 in -case the address->name or name->address lookup failed due to +case the address\->name or name\->address lookup failed due to a temporary problem. .br .IP "\fBreject_unknown_reverse_client_hostname\fR" -Reject the request when the client IP address has no address->name +Reject the request when the client IP address has no address\->name mapping. .br This is a weaker restriction than the reject_unknown_client_hostname feature, which requires not only -that the address->name and name->address mappings exist, but +that the address\->name and name\->address mappings exist, but also that the two mappings reproduce the client IP address. .br The unknown_client_reject_code parameter specifies the response code for rejected requests (default: 450). The reply is always 450 -in case the address->name lookup failed due to a temporary +in case the address\->name lookup failed due to a temporary problem. .br This feature is available in Postfix 2.3 and @@ -9084,7 +9083,7 @@ a restriction list, to make the default policy explicit. Reject the request when the envelope sender is the null address, and the message has multiple envelope recipients. This usage has rare but legitimate applications: under certain conditions, -multi-recipient mail that was posted with the DSN option NOTIFY=NEVER +multi\-recipient mail that was posted with the DSN option NOTIFY=NEVER may be forwarded with the null sender address. .br Note: this restriction can only work reliably @@ -9114,7 +9113,7 @@ ESMTP command pipelining. This stops mail from bulk mail software that improperly uses ESMTP command pipelining in order to speed up deliveries. .br -With Postfix 2.6 and later, the SMTP server sets a per-session +With Postfix 2.6 and later, the SMTP server sets a per\-session flag whenever it detects illegal pipelining, including pipelined HELO or EHLO commands. The reject_unauth_pipelining feature simply tests whether the flag was set at any point in time during the @@ -9148,9 +9147,9 @@ This feature is available in Postfix 2.3. .br .IP "\fBwarn_if_reject\fR" A safety net for testing. When "warn_if_reject" is placed -before a reject-type restriction, access table query, or +before a reject\-type restriction, access table query, or check_policy_service query, this logs a "reject_warning" message -instead of rejecting a request (when a reject-type restriction fails +instead of rejecting a request (when a reject\-type restriction fails due to a temporary error, this logs a "reject_warning" message for any implicit "defer_if_permit" actions that would normally prevent mail from being accepted by some later access restriction). This @@ -9180,8 +9179,8 @@ smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname .ft R .SH smtpd_command_filter (default: empty) A mechanism to transform commands from remote SMTP clients. -This is a last-resort tool to work around client commands that break -inter-operability with the Postfix SMTP server. Other uses involve +This is a last\-resort tool to work around client commands that break +inter\-operability with the Postfix SMTP server. Other uses involve fault injection to test Postfix's handling of invalid commands. .PP Specify the name of a "type:table" lookup table. The search @@ -9249,7 +9248,7 @@ feature: .nf .na .ft C - # Append XVERP to MAIL FROM commands to request VERP-style delivery. + # Append XVERP to MAIL FROM commands to request VERP\-style delivery. # See VERP_README for more information on how to use Postfix VERP. /^(MAIL FROM:\es*.*)/ $1 XVERP .fi @@ -9259,7 +9258,7 @@ feature: .nf .na .ft C - # Bounce-never mail sink. Use notify_classes=bounce,resource,software + # Bounce\-never mail sink. Use notify_classes=bounce,resource,software # to send bounced mail to the postmaster (with message body removed). /^(RCPT\es+TO:\es*<.*>.*)\es+NOTIFY=\eS+(.*)/ $1 NOTIFY=NEVER$2 /^(RCPT\es+TO:.*)/ $1 NOTIFY=NEVER @@ -9291,7 +9290,7 @@ smtpd_client_restrictions, smtpd_helo_restrictions, smtpd_sender_restrictions or smtpd_recipient_restrictions. .IP \(bu However, no recipient information is available in the case of -multi-recipient mail. Acting on only one recipient would be misleading, +multi\-recipient mail. Acting on only one recipient would be misleading, because any decision will affect all recipients equally. Acting on all recipients would require a possibly very large amount of memory, and would also be misleading for the reasons mentioned before. @@ -9317,7 +9316,7 @@ With sites that reject lots of mail, the default setting reduces the use of disk, CPU and memory resources. The downside is that rejected recipients are logged with NOQUEUE instead of a mail transaction -ID. This complicates the logfile analysis of multi-recipient mail. +ID. This complicates the logfile analysis of multi\-recipient mail. .PP This feature is available in Postfix 2.3 and later. .SH smtpd_delay_reject (default: yes) @@ -9327,7 +9326,7 @@ $smtpd_sender_restrictions, or wait until the ETRN command before evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions. .PP This feature is turned on by default because some clients apparently -mis-behave when the Postfix SMTP server rejects commands before +mis\-behave when the Postfix SMTP server rejects commands before RCPT TO. .PP The default setting has one major benefit: it allows Postfix to log @@ -9357,7 +9356,7 @@ This feature is available in Postfix 2.2 and later. .PP Notes: .IP \(bu -Specify the \fBsilent-discard\fR pseudo keyword to prevent +Specify the \fBsilent\-discard\fR pseudo keyword to prevent this action from being logged. .IP \(bu Use the smtpd_discard_ehlo_keyword_address_maps feature @@ -9367,10 +9366,10 @@ to discard EHLO keywords selectively. Optional filter for Postfix SMTP server DNS lookup results. See smtp_dns_reply_filter for details including an example. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH smtpd_end_of_data_restrictions (default: empty) Optional access restrictions that the Postfix SMTP server -applies in the context of the SMTP END-OF-DATA command. +applies in the context of the SMTP END\-OF\-DATA command. See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access restriction lists" for a discussion of evaluation context and time. .PP @@ -9380,12 +9379,12 @@ See smtpd_data_restrictions for details and limitations. .SH smtpd_enforce_tls (default: no) Mandatory TLS: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption. According to RFC 2487 -this MUST NOT be applied in case of a publicly-referenced SMTP +this MUST NOT be applied in case of a publicly\-referenced SMTP server. This option is therefore off by default. .PP Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes". .PP -Note 2: when invoked via "\fBsendmail -bs\fR", Postfix will never offer +Note 2: when invoked via "\fBsendmail \-bs\fR", Postfix will never offer STARTTLS due to insufficient privileges to access the server private key. This is intended behavior. .PP @@ -9441,7 +9440,7 @@ smtpd_etrn_restrictions = permit_mynetworks, reject .fi .ad .ft R -.SH smtpd_expansion_filter (default: see "postconf -d" output) +.SH smtpd_expansion_filter (default: see "postconf \-d" output) What characters are allowed in $name expansions of RBL reply templates. Characters not in the allowed set are replaced by "_". Use C like escapes to specify special characters such as whitespace. @@ -9511,7 +9510,7 @@ use DUNNO in order to exclude specific hosts from blacklists. Note 2: specify "smtpd_helo_required = yes" to fully enforce this restriction (without "smtpd_helo_required = yes", a client can simply skip check_helo_a_access by not sending HELO or EHLO). This -feature is available in Postfix 2.12 and later. +feature is available in Postfix 3.0 and later. .br .IP "\fBcheck_helo_mx_access \fItype:table\fR\fR" Search the specified \fBaccess\fR(5) database for the MX hosts for @@ -9544,7 +9543,7 @@ for rejected requests (default: 501). .br .IP "\fBreject_non_fqdn_helo_hostname\fR (with Postfix < 2.3: reject_non_fqdn_hostname)" Reject the request when the HELO or EHLO hostname is not in -fully-qualified domain or address literal form, as required by the +fully\-qualified domain or address literal form, as required by the RFC. Note: specify "smtpd_helo_required = yes" to fully enforce this restriction (without "smtpd_helo_required = yes", a client can simply skip @@ -9557,7 +9556,7 @@ rejected requests (default: 504). Reject the request when the HELO or EHLO hostname is listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR (Postfix version 2.1 and later only). Each "\fId\fR" is a number, -or a pattern inside "[]" that contains one or more ";"-separated +or a pattern inside "[]" that contains one or more ";"\-separated numbers or number..number ranges (Postfix version 2.8 and later). If no "\fI=d.d.d.d\fR" is specified, reject the request when the HELO or EHLO hostname is @@ -9691,11 +9690,11 @@ line, SMTP message content line, or TLS protocol message). This limits the impact from hostile peers that trickle data one byte at a time. .PP -Note: when per-record deadlines are enabled, a short timeout +Note: when per\-record deadlines are enabled, a short timeout may cause problems with TLS over very slow network connections. The reasons are that a TLS protocol message can be up to 16 kbytes long (with TLSv1), and that an entire TLS protocol message must be -sent or received within the per-record deadline. +sent or received within the per\-record deadline. .PP This feature is available in Postfix 2.9 and later. With older Postfix releases, the behavior is as if this parameter is set to @@ -9714,10 +9713,10 @@ SMTPD policy server response (or \fBaccess\fR(5) map lookup result). An be declared in advance with a restriction_class setting. .IP \(bu If the specified action invokes another check_policy_service -request, that request will have the built-in default action. +request, that request will have the built\-in default action. .br .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH smtpd_policy_service_max_idle (default: 300s) The time after which an idle SMTPD policy service connection is closed. @@ -9732,15 +9731,15 @@ This feature is available in Postfix 2.1 and later. The maximal number of requests per SMTPD policy service connection, or zero (no limit). Once a connection reaches this limit, the connection is closed and the next request will be sent over a new -connection. This is a workaround to avoid error-recovery delays +connection. This is a workaround to avoid error\-recovery delays with policy servers that cannot maintain a persistent connection. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH smtpd_policy_service_retry_delay (default: 1s) The delay between attempts to resend a failed SMTPD policy service request. Specify a value greater than zero. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH smtpd_policy_service_timeout (default: 100s) The time limit for connecting to, writing to, or receiving from a delegated SMTPD policy server. @@ -9750,7 +9749,7 @@ This feature is available in Postfix 2.1 and later. The maximal number of attempts to send an SMTPD policy service request before giving up. Specify a value greater than zero. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH smtpd_proxy_ehlo (default: $myhostname) How the Postfix SMTP server announces itself to the proxy filter. By default, the Postfix hostname is used. @@ -9762,7 +9761,7 @@ The proxy receives all mail from the Postfix SMTP server, and is supposed to give the result to another Postfix SMTP server process. .PP Specify "host:port" or "inet:host:port" for a TCP endpoint, or -"unix:pathname" for a UNIX-domain endpoint. The host can be specified +"unix:pathname" for a UNIX\-domain endpoint. The host can be specified as an IP address or as a symbolic name; no MX lookups are done. When no "host" or "host:" are specified, the local machine is assumed. Pathname interpretation is relative to the Postfix queue @@ -9774,15 +9773,15 @@ The "inet:" and "unix:" prefixes are available in Postfix 2.3 and later. .SH smtpd_proxy_options (default: empty) List of options that control how the Postfix SMTP server -communicates with a before-queue content filter. Specify zero or +communicates with a before\-queue content filter. Specify zero or more of the following, separated by comma or whitespace. .IP "\fBspeed_adjust\fR" -Do not connect to a before-queue content filter until an entire +Do not connect to a before\-queue content filter until an entire message has been received. This reduces the number of simultaneous -before-queue content filter processes. +before\-queue content filter processes. .PP NOTE 1: A filter must not \fIselectively\fR reject recipients -of a multi-recipient message. Rejecting all recipients is OK, as +of a multi\-recipient message. Rejecting all recipients is OK, as is accepting all recipients. .PP NOTE 2: This feature increases the minimum amount of free queue @@ -9808,9 +9807,9 @@ accepts per message delivery request. .SH smtpd_recipient_overshoot_limit (default: 1000) The number of recipients that a remote SMTP client can send in excess of the limit specified with $smtpd_recipient_limit, before -the Postfix SMTP server increments the per-session error count +the Postfix SMTP server increments the per\-session error count for each excess recipient. -.SH smtpd_recipient_restrictions (default: see "postconf -d" output) +.SH smtpd_recipient_restrictions (default: see "postconf \-d" output) Optional restrictions that the Postfix SMTP server applies in the context of a client RCPT TO command, after smtpd_relay_restrictions. See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access @@ -9818,7 +9817,7 @@ restriction lists" for a discussion of evaluation context and time. .PP With Postfix versions before 2.10, the rules for relay permission and spam blocking were combined under smtpd_recipient_restrictions, -resulting in error-prone configuration. As of Postfix 2.10, relay +resulting in error\-prone configuration. As of Postfix 2.10, relay permission rules are preferably implemented with smtpd_relay_restrictions, so that a permissive spam blocking policy under smtpd_recipient_restrictions will no longer result in a permissive @@ -9870,7 +9869,7 @@ Search the specified \fBaccess\fR(5) database for the IP addresses for the RCPT TO domain, and execute the corresponding action. Note: a result of "OK" is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. This -feature is available in Postfix 2.12 and later. +feature is available in Postfix 3.0 and later. .br .IP "\fBcheck_recipient_mx_access \fItype:table\fR\fR" Search the specified \fBaccess\fR(5) database for the MX hosts for @@ -9891,12 +9890,12 @@ Permit the request when one of the following is true: .IP \(bu Postfix is mail forwarder: the resolved RCPT TO domain matches $relay_domains or a subdomain thereof, and the address contains no -sender-specified routing (user@elsewhere@domain), +sender\-specified routing (user@elsewhere@domain), .IP \(bu Postfix is the final destination: the resolved RCPT TO domain matches $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, or $virtual_mailbox_domains, and the address -contains no sender-specified routing (user@elsewhere@domain). +contains no sender\-specified routing (user@elsewhere@domain). .br .br .IP "\fBpermit_mx_backup\fR" @@ -9905,9 +9904,9 @@ the RCPT TO domain, or when the domain is an authorized destination (see permit_auth_destination for definition). .IP \(bu Safety: permit_mx_backup does not accept addresses that have -sender-specified routing information (example: user@elsewhere@domain). +sender\-specified routing information (example: user@elsewhere@domain). .IP \(bu -Safety: permit_mx_backup can be vulnerable to mis-use when +Safety: permit_mx_backup can be vulnerable to mis\-use when access is not restricted with permit_mx_backup_networks. .IP \(bu Safety: as of Postfix version 2.3, permit_mx_backup no longer @@ -9922,7 +9921,7 @@ lookup problem with Postfix prior to version 2.0. .br .IP "\fBreject_non_fqdn_recipient\fR" Reject the request when the RCPT TO address is not in -fully-qualified domain form, as required by the RFC. +fully\-qualified domain form, as required by the RFC. .br The non_fqdn_reject_code parameter specifies the response code for @@ -9932,7 +9931,7 @@ rejected requests (default: 504). Reject the request when the RCPT TO domain is listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR (Postfix version 2.1 and later only). Each "\fId\fR" is a number, or a pattern -inside "[]" that contains one or more ";"-separated numbers or +inside "[]" that contains one or more ";"\-separated numbers or number..number ranges (Postfix version 2.8 and later). If no "\fI=d.d.d.d\fR" is specified, reject the request when the RCPT TO domain is listed with @@ -9949,20 +9948,20 @@ in Postfix version 2.0 and later. Reject the request unless one of the following is true: .IP \(bu Postfix is mail forwarder: the resolved RCPT TO domain matches -$relay_domains or a subdomain thereof, and contains no sender-specified +$relay_domains or a subdomain thereof, and contains no sender\-specified routing (user@elsewhere@domain), .IP \(bu Postfix is the final destination: the resolved RCPT TO domain matches $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, or $virtual_mailbox_domains, and contains -no sender-specified routing (user@elsewhere@domain). +no sender\-specified routing (user@elsewhere@domain). .br The relay_domains_reject_code parameter specifies the response code for rejected requests (default: 554). .br .IP "\fBdefer_unauth_destination\fR" Reject the same requests as reject_unauth_destination, with a -non-permanent error code. This feature is available in Postfix +non\-permanent error code. This feature is available in Postfix 2.10 and later. .br .IP "\fBreject_unknown_recipient_domain\fR" @@ -9970,12 +9969,12 @@ Reject the request when Postfix is not final destination for the recipient domain, and the RCPT TO domain has 1) no DNS MX and no DNS A record or 2) a malformed MX record such as a record with -a zero-length MX hostname (Postfix version 2.3 and later). +a zero\-length MX hostname (Postfix version 2.3 and later). .br The reply is specified with the unknown_address_reject_code parameter (default: 450), unknown_address_tempfail_action (default: -defer_if_permit), or 556 (nullmx, Postfix 2.12 and +defer_if_permit), or 556 (nullmx, Postfix 3.0 and later). See the respective parameter descriptions for details. .br .IP "\fBreject_unlisted_recipient\fR (with Postfix version 2.0: check_recipient_maps)" @@ -10045,7 +10044,7 @@ is output literally. .na .ft C /etc/postfix/main.cf: - smtpd_reject_footer = \ec. For assistance, call 800-555-0101. + smtpd_reject_footer = \ec. For assistance, call 800\-555\-0101. Please provide the following information in your problem report: time ($localtime), client ($client_address) and server ($server_name). @@ -10058,8 +10057,8 @@ Server response: .nf .na .ft C - 550-5.5.1 Recipient address rejected: User - unknown. For assistance, call 800-555-0101. Please provide the + 550\-5.5.1 Recipient address rejected: User + unknown. For assistance, call 800\-555\-0101. Please provide the following information in your problem report: time (Jan 4 15:42:00), client (192.168.1.248) and server (mail1.example.com). .fi @@ -10093,7 +10092,7 @@ hh:mm:ss) that is logged in the maillog file. .IP "\fBserver_name\fR" The server's myhostname value. This attribute is made available for sites with multiple MTAs -(perhaps behind a load-balancer), where the server name can help +(perhaps behind a load\-balancer), where the server name can help the server support team to quickly find the right log files. .br .br @@ -10107,13 +10106,13 @@ For safety reasons, text that does not match $smtpd_expansion_filter is censored. .br .PP -This feature supports the two-character sequence \en as a request +This feature supports the two\-character sequence \en as a request for a line break in the footer text. Postfix automatically inserts -after each line break the three-digit SMTP reply code (and optional +after each line break the three\-digit SMTP reply code (and optional enhanced status code) from the original Postfix reject message. .PP -To work around mail software that mis-handles multi-line replies, -specify the two-character sequence \ec at the start of the template. +To work around mail software that mis\-handles multi\-line replies, +specify the two\-character sequence \ec at the start of the template. This suppresses the line break between the reply text and the footer text (Postfix 2.10 and later). .PP @@ -10122,7 +10121,7 @@ This feature is available in Postfix 2.8 and later. Request that the Postfix SMTP server rejects mail for unknown recipient addresses, even when no explicit reject_unlisted_recipient access restriction is specified. This prevents the Postfix queue -from filling up with undeliverable MAILER-DAEMON messages. +from filling up with undeliverable MAILER\-DAEMON messages. .PP An address is always considered "known" when it matches a \fBvirtual\fR(5) alias or a \fBcanonical\fR(5) mapping. @@ -10179,7 +10178,7 @@ restriction lists" for a discussion of evaluation context and time. .PP With Postfix versions before 2.10, the rules for relay permission and spam blocking were combined under smtpd_recipient_restrictions, -resulting in error-prone configuration. As of Postfix 2.10, relay +resulting in error\-prone configuration. As of Postfix 2.10, relay permission rules are preferably implemented with smtpd_relay_restrictions, so that a permissive spam blocking policy under smtpd_recipient_restrictions will no longer result in a permissive @@ -10194,7 +10193,7 @@ By default, the Postfix SMTP server accepts: Mail from clients whose IP address matches $mynetworks, or: .IP \(bu Mail to remote destinations that match $relay_domains, except -for addresses that contain sender-specified routing +for addresses that contain sender\-specified routing (user@elsewhere@domain), or: .IP \(bu Mail to local destinations that match $inet_interfaces @@ -10234,11 +10233,11 @@ smtpd_recipient_restrictions. .PP This feature is available in Postix 2.10 and later. .SH smtpd_restriction_classes (default: empty) -User-defined aliases for groups of access restrictions. The aliases +User\-defined aliases for groups of access restrictions. The aliases can be specified in smtpd_recipient_restrictions etc., and on the -right-hand side of a Postfix \fBaccess\fR(5) table. +right\-hand side of a Postfix \fBaccess\fR(5) table. .PP -One major application is for implementing per-recipient UCE control. +One major application is for implementing per\-recipient UCE control. See the RESTRICTION_CLASS_README document for other examples. .SH smtpd_sasl_application_name (default: smtpd) The application name that the Postfix SMTP server uses for SASL @@ -10353,9 +10352,9 @@ smtpd_sasl_local_domain = $myhostname .ad .ft R .SH smtpd_sasl_path (default: smtpd) -Implementation-specific information that the Postfix SMTP server +Implementation\-specific information that the Postfix SMTP server passes through to -the SASL plug-in implementation that is selected with +the SASL plug\-in implementation that is selected with \fBsmtpd_sasl_type\fR. Typically this specifies the name of a configuration file or rendezvous point. .PP @@ -10379,7 +10378,7 @@ Specify zero or more of the following: Disallow methods that use plaintext passwords. .br .IP "\fBnoactive\fR" -Disallow methods subject to active (non-dictionary) attack. +Disallow methods subject to active (non\-dictionary) attack. .br .IP "\fBnodictionary\fR" Disallow methods subject to passive (dictionary) attack. @@ -10400,9 +10399,9 @@ By default, the Postfix SMTP server accepts plaintext passwords but not anonymous logins. .PP Warning: it appears that clients try authentication methods in the -order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5) +order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM\-MD5) which means that if you disable plaintext passwords, clients will -log in anonymously, even when they should be able to use CRAM-MD5. +log in anonymously, even when they should be able to use CRAM\-MD5. So, if you disable plaintext logins, disable anonymous logins too. Postfix treats anonymous login as no authentication. .PP @@ -10416,7 +10415,7 @@ smtpd_sasl_security_options = noanonymous, noplaintext .ad .ft R .SH smtpd_sasl_service (default: smtp) -The service name that is passed to the SASL plug-in that is +The service name that is passed to the SASL plug\-in that is selected with \fBsmtpd_sasl_type\fR and \fBsmtpd_sasl_path\fR. .PP This feature is available in Postfix 2.11 and later. Prior @@ -10427,9 +10426,9 @@ server uses for TLS encrypted SMTP sessions. .PP This feature is available in Postfix 2.2 and later. .SH smtpd_sasl_type (default: cyrus) -The SASL plug-in type that the Postfix SMTP server should use +The SASL plug\-in type that the Postfix SMTP server should use for authentication. The available types are listed with the -"\fBpostconf -a\fR" command. +"\fBpostconf \-a\fR" command. .PP This feature is available in Postfix 2.3 and later. .SH smtpd_sender_login_maps (default: empty) @@ -10482,7 +10481,7 @@ Search the specified \fBaccess\fR(5) database for the IP addresses for the MAIL FROM domain, and execute the corresponding action. Note: a result of "OK" is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. This -feature is available in Postfix 2.12 and later. +feature is available in Postfix 3.0 and later. .br .IP "\fBcheck_sender_mx_access \fItype:table\fR\fR" Search the specified \fBaccess\fR(5) database for the MX hosts for @@ -10510,7 +10509,7 @@ feature is available in Postfix version 2.11 and later. .br .IP "\fBreject_non_fqdn_sender\fR" Reject the request when the MAIL FROM address is not in -fully-qualified domain form, as required by the RFC. +fully\-qualified domain form, as required by the RFC. .br The non_fqdn_reject_code parameter specifies the response code for @@ -10520,7 +10519,7 @@ rejected requests (default: 504). Reject the request when the MAIL FROM domain is listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR (Postfix version 2.1 and later only). Each "\fId\fR" is a number, or a -pattern inside "[]" that contains one or more ";"-separated numbers +pattern inside "[]" that contains one or more ";"\-separated numbers or number..number ranges (Postfix version 2.8 and later). If no "\fI=d.d.d.d\fR" is specified, reject the request when the MAIL FROM domain is @@ -10550,12 +10549,12 @@ Reject the request when Postfix is not final destination for the sender address, and the MAIL FROM domain has 1) no DNS MX and no DNS A record, or 2) a malformed MX record such as a record with -a zero-length MX hostname (Postfix version 2.3 and later). +a zero\-length MX hostname (Postfix version 2.3 and later). .br The reply is specified with the unknown_address_reject_code parameter (default: 450), unknown_address_tempfail_action (default: -defer_if_permit), or 550 (nullmx, Postfix 2.12 and +defer_if_permit), or 550 (nullmx, Postfix 3.0 and later). See the respective parameter descriptions for details. .br .IP "\fBreject_unlisted_sender\fR" @@ -10631,10 +10630,10 @@ delays all responses by $smtpd_error_sleep_time seconds. With Postfix versions 2.0 and earlier, the Postfix SMTP server delays all responses by (number of errors) seconds. .br -.SH smtpd_starttls_timeout (default: see "postconf -d" output) +.SH smtpd_starttls_timeout (default: see "postconf \-d" output) The time limit for Postfix SMTP server write and read operations during TLS startup and shutdown handshake procedures. The current -default value is stress-dependent. Before Postfix version 2.8, it +default value is stress\-dependent. Before Postfix version 2.8, it was fixed at 300s. .PP This feature is available in Postfix 2.2 and later. @@ -10662,18 +10661,18 @@ but it is best to include all the required certificates directly in the server certificate file. .PP Specify "smtpd_tls_CAfile = /path/to/system_CA_file" to use ONLY -the system-supplied default certificate authority certificates. +the system\-supplied default Certification Authority certificates. .PP Specify "tls_append_default_CA = no" to prevent Postfix from -appending the system-supplied default CAs and trusting third-party +appending the system\-supplied default CAs and trusting third\-party certificates. .PP By default (see smtpd_tls_ask_ccert), client certificates are not requested, and smtpd_tls_CAfile should remain empty. If you do make use -of client certificates, the distinguished names (DNs) of the certificate -authorities listed in smtpd_tls_CAfile are sent to the remote SMTP client +of client certificates, the distinguished names (DNs) of the Certification +Authorities listed in smtpd_tls_CAfile are sent to the remote SMTP client in the client certificate request message. MUAs with multiple client -certificates may use the list of preferred certificate authorities +certificates may use the list of preferred Certification Authorities to select the correct client certificate. You may want to put your "preferred" CA or CAs in this file, and install other trusted CAs in $smtpd_tls_CApath. @@ -10698,18 +10697,18 @@ smtpd_tls_CApath in chroot mode, this directory (or a copy) must be inside the chroot jail. .PP Specify "smtpd_tls_CApath = /path/to/system_CA_directory" to -use ONLY the system-supplied default certificate authority certificates. +use ONLY the system\-supplied default Certification Authority certificates. .PP Specify "tls_append_default_CA = no" to prevent Postfix from -appending the system-supplied default CAs and trusting third-party +appending the system\-supplied default CAs and trusting third\-party certificates. .PP By default (see smtpd_tls_ask_ccert), client certificates are not requested, and smtpd_tls_CApath should remain empty. In contrast -to smtpd_tls_CAfile, DNs of certificate authorities installed +to smtpd_tls_CAfile, DNs of Certification Authorities installed in $smtpd_tls_CApath are not included in the client certificate request message. MUAs with multiple client certificates may use the -list of preferred certificate authorities to select the correct +list of preferred Certification Authorities to select the correct client certificate. You may want to put your "preferred" CA or CAs in $smtpd_tls_CAfile, and install the remaining trusted CAs in $smtpd_tls_CApath. @@ -10733,7 +10732,7 @@ is empty). This behavior is compatible with Postfix < 2.3. With Postfix 2.3 and later the Postfix SMTP server can disable session id generation when TLS session caching is turned off. This keeps remote SMTP clients from caching sessions that almost certainly cannot -be re-used. +be re\-used. .PP By default, the Postfix SMTP server always generates TLS session ids. This works around a known defect in mail client applications @@ -10776,7 +10775,7 @@ file. The default verification depth is 9 (the OpenSSL default) for compatibility with earlier Postfix behavior. Prior to Postfix 2.5, the default value was 5, but the limit was not actually enforced. If -you have set this to a lower non-default value, certificates with longer +you have set this to a lower non\-default value, certificates with longer trust chains may now fail to verify. Certificate chains with 1 or 2 CAs are common, deeper chains are more rare and any number between 5 and 9 should suffice in practice. You can choose a lower number if, @@ -10790,7 +10789,7 @@ This file may also contain the Postfix SMTP server private RSA key. .PP Public Internet MX hosts without certificates signed by a "reputable" CA must generate, and be prepared to present to most clients, a -self-signed or private-CA signed certificate. The client will not be +self\-signed or private\-CA signed certificate. The client will not be able to authenticate the server, but unless it is running Postfix 2.3 or similar software, it will still insist on a server certificate. .PP @@ -10801,7 +10800,7 @@ typical SMTP clients. Since such clients will not, as a rule, fall back to plain text after a TLS handshake failure, the server will be unable to receive email from TLS enabled clients. To avoid accidental configurations with no certificates, Postfix 2.3 enables -certificate-less operation only when the administrator explicitly +certificate\-less operation only when the administrator explicitly sets "smtpd_tls_cert_file = none". This ensures that new Postfix configurations will not accidentally run with no certificates. .PP @@ -10814,7 +10813,7 @@ To enable a remote SMTP client to verify the Postfix SMTP server certificate, the issuing CA certificates must be made available to the client. You should include the required certificates in the server certificate file, the server certificate first, then the issuing -CA(s) (bottom-up order). +CA(s) (bottom\-up order). .PP Example: the certificate for "server.example.com" was issued by "intermediate CA" which itself has a certificate of "root CA". @@ -10827,7 +10826,7 @@ case it is not necessary to have them in the smtpd_tls_cert_file or smtpd_tls_dcert_file. .PP A certificate supplied here must be usable as an SSL server certificate -and hence pass the "openssl verify -purpose sslserver ..." test. +and hence pass the "openssl verify \-purpose sslserver ..." test. .PP Example: .PP @@ -10842,8 +10841,8 @@ smtpd_tls_cert_file = /etc/postfix/server.pem This feature is available in Postfix 2.2 and later. .SH smtpd_tls_cipherlist (default: empty) Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS -cipher list. It is easy to create inter-operability problems by choosing -a non-default cipher list. Do not use a non-default TLS cipherlist for +cipher list. It is easy to create inter\-operability problems by choosing +a non\-default cipher list. Do not use a non\-default TLS cipherlist for MX hosts on the public Internet. Clients that begin the TLS handshake, but are unable to agree on a common cipher, may not be able to send any email to the SMTP server. Using a restricted cipher list may be more @@ -10860,7 +10859,7 @@ The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption. Cipher types listed in smtpd_tls_exclude_ciphers are excluded from the base definition of the selected cipher grade. The default value "export" ensures maximum -inter-operability. Because encryption is optional, stronger controls +inter\-operability. Because encryption is optional, stronger controls are not appropriate, and this setting SHOULD NOT be changed unless the change is essential. .PP @@ -10891,7 +10890,7 @@ Example: .nf .na .ft C -smtpd_tls_dcert_file = /etc/postfix/server-dsa.pem +smtpd_tls_dcert_file = /etc/postfix/server\-dsa.pem .fi .ad .ft R @@ -10899,7 +10898,7 @@ smtpd_tls_dcert_file = /etc/postfix/server-dsa.pem This feature is available in Postfix 2.2 and later. .SH smtpd_tls_dh1024_param_file (default: empty) File with DH parameters that the Postfix SMTP server should -use with non-export EDH ciphers. +use with non\-export EDH ciphers. .PP Instead of using the exact same parameter sets as distributed with other TLS packages, it is more secure to generate your own @@ -10909,9 +10908,9 @@ set of parameters with something like the following commands: .nf .na .ft C -openssl dhparam -out /etc/postfix/dh512.pem 512 -openssl dhparam -out /etc/postfix/dh1024.pem 1024 -openssl dhparam -out /etc/postfix/dh2048.pem 2048 +openssl dhparam \-out /etc/postfix/dh512.pem 512 +openssl dhparam \-out /etc/postfix/dh1024.pem 1024 +openssl dhparam \-out /etc/postfix/dh2048.pem 2048 .fi .ad .ft R @@ -10942,7 +10941,7 @@ smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem This feature is available with Postfix version 2.2. .SH smtpd_tls_dh512_param_file (default: empty) File with DH parameters that the Postfix SMTP server should -use with export-grade EDH ciphers. +use with export\-grade EDH ciphers. .PP See also the discussion under the smtpd_tls_dh1024_param_file configuration parameter. @@ -10963,8 +10962,8 @@ File with the Postfix SMTP server DSA private key in PEM format. This file may be combined with the Postfix SMTP server DSA certificate file specified with $smtpd_tls_dcert_file. .PP -The private key must be accessible without a pass-phrase, i.e. it -must not be encrypted. File permissions should grant read-only +The private key must be accessible without a pass\-phrase, i.e. it +must not be encrypted. File permissions should grant read\-only access to the system superuser account ("root"), and no access to anyone else. .PP @@ -10980,7 +10979,7 @@ Example: .nf .na .ft C -smtpd_tls_eccert_file = /etc/postfix/ecdsa-scert.pem +smtpd_tls_eccert_file = /etc/postfix/ecdsa\-scert.pem .fi .ad .ft R @@ -10992,16 +10991,16 @@ File with the Postfix SMTP server ECDSA private key in PEM format. This file may be combined with the Postfix SMTP server ECDSA certificate file specified with $smtpd_tls_eccert_file. .PP -The private key must be accessible without a pass-phrase, i.e. it -must not be encrypted. File permissions should grant read-only +The private key must be accessible without a pass\-phrase, i.e. it +must not be encrypted. File permissions should grant read\-only access to the system superuser account ("root"), and no access to anyone else. .PP This feature is available in Postfix 2.6 and later, when Postfix is compiled and linked with OpenSSL 1.0.0 or later. -.SH smtpd_tls_eecdh_grade (default: see "postconf -d" output) -The Postfix SMTP server security grade for ephemeral elliptic-curve -Diffie-Hellman (EECDH) key exchange. +.SH smtpd_tls_eecdh_grade (default: see "postconf \-d" output) +The Postfix SMTP server security grade for ephemeral elliptic\-curve +Diffie\-Hellman (EECDH) key exchange. .PP The available choices are: .IP "\fBnone\fR" @@ -11012,14 +11011,14 @@ exchange will be disabled. This is the default in Postfix versions .IP "\fBstrong\fR" Use EECDH with approximately 128 bits of security at a reasonable computational cost. This is the -current best-practice trade-off between security and computational +current best\-practice trade\-off between security and computational efficiency. This is the default in Postfix version 2.8 and later. .br .IP "\fBultra\fR" Use EECDH with approximately 192 bits of security at computational cost that is approximately twice as high as 128 bit strength ECC. Barring significant progress in attacks on -elliptic curve crypto-systems, the "strong" curve is sufficient for most +elliptic curve crypto\-systems, the "strong" curve is sufficient for most users. .br .br @@ -11053,7 +11052,7 @@ Examples (some of these will cause problems): smtpd_tls_exclude_ciphers = aNULL smtpd_tls_exclude_ciphers = MD5, DES smtpd_tls_exclude_ciphers = DES+MD5 -smtpd_tls_exclude_ciphers = AES256-SHA, DES-CBC3-MD5 +smtpd_tls_exclude_ciphers = AES256\-SHA, DES\-CBC3\-MD5 smtpd_tls_exclude_ciphers = kEDH+aRSA .fi .ad @@ -11063,14 +11062,14 @@ smtpd_tls_exclude_ciphers = kEDH+aRSA The first setting disables anonymous ciphers. The next setting disables ciphers that use the MD5 digest algorithm or the (single) DES encryption algorithm. The next setting disables ciphers that use MD5 and -DES together. The next setting disables the two ciphers "AES256-SHA" -and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH" +DES together. The next setting disables the two ciphers "AES256\-SHA" +and "DES\-CBC3\-MD5". The last setting disables ciphers that use "EDH" key exchange with RSA authentication. .PP This feature is available in Postfix 2.3 and later. .SH smtpd_tls_fingerprint_digest (default: md5) The message digest algorithm to construct remote SMTP -client-certificate +client\-certificate fingerprints or public key fingerprints (Postfix 2.9 and later) for \fBcheck_ccert_access\fR and \fBpermit_tls_clientcerts\fR. The default algorithm is \fBmd5\fR, for backwards compatibility with Postfix @@ -11078,7 +11077,7 @@ releases prior to 2.5. .PP Advances in hash function cryptanalysis have led to md5 being deprecated in favor of sha1. -However, as long as there are no known "second pre-image" attacks +However, as long as there are no known "second pre\-image" attacks against md5, its use in this context can still be considered safe. .PP While additional digest algorithms are often available with OpenSSL's @@ -11092,7 +11091,7 @@ specific digest algorithm, run: .nf .na .ft C -$ openssl x509 -noout -fingerprint -\fIdigest\fR -in \fIcertfile\fR.pem +$ openssl x509 \-noout \-fingerprint \-\fIdigest\fR \-in \fIcertfile\fR.pem .fi .ad .ft R @@ -11105,7 +11104,7 @@ For example: .nf .na .ft C -$ openssl x509 -noout -fingerprint -sha1 -in cert.pem +$ openssl x509 \-noout \-fingerprint \-sha1 \-in cert.pem SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A .fi .ad @@ -11115,7 +11114,7 @@ SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A To extract the public key fingerprint from an X.509 certificate, you need to extract the public key from the certificate and compute the appropriate digest of its DER (ASN.1) encoding. With OpenSSL -the "-pubkey" option of the "x509" command extracts the public +the "\-pubkey" option of the "x509" command extracts the public key always in "PEM" format. We pipe the result to another OpenSSL command that converts the key to DER and then to the "dgst" command to compute the fingerprint. @@ -11131,10 +11130,10 @@ used. .nf .na .ft C -# OpenSSL 1.0 with all certificates and SHA-1 fingerprints. -$ openssl x509 -in cert.pem -noout -pubkey | - openssl pkey -pubin -outform DER | - openssl dgst -sha1 -c +# OpenSSL 1.0 with all certificates and SHA\-1 fingerprints. +$ openssl x509 \-in cert.pem \-noout \-pubkey | + openssl pkey \-pubin \-outform DER | + openssl dgst \-sha1 \-c (stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58 .fi .ad @@ -11146,9 +11145,9 @@ $ openssl x509 -in cert.pem -noout -pubkey | .na .ft C # OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints. -$ openssl x509 -in cert.pem -noout -pubkey | - openssl rsa -pubin -outform DER | - openssl dgst -md5 -c +$ openssl x509 \-in cert.pem \-noout \-pubkey | + openssl rsa \-pubin \-outform DER | + openssl dgst \-md5 \-c (stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50 .fi .ad @@ -11160,10 +11159,10 @@ fingerprint and public key fingerprint when the TLS loglevel is 2 or higher. .PP \fBNote:\fR Postfix 2.9.0-2.9.5 computed the public key -fingerprint incorrectly. To use public-key fingerprints, upgrade +fingerprint incorrectly. To use public\-key fingerprints, upgrade to Postfix 2.9.6 or later. .PP -Example: client-certificate access table, with sha1 fingerprints: +Example: client\-certificate access table, with sha1 fingerprints: .sp .in +4 .nf @@ -11197,8 +11196,8 @@ File with the Postfix SMTP server RSA private key in PEM format. This file may be combined with the Postfix SMTP server RSA certificate file specified with $smtpd_tls_cert_file. .PP -The private key must be accessible without a pass-phrase, i.e. it -must not be encrypted. File permissions should grant read-only +The private key must be accessible without a pass\-phrase, i.e. it +must not be encrypted. File permissions should grant read\-only access to the system superuser account ("root"), and no access to anyone else. .SH smtpd_tls_loglevel (default: 0) @@ -11210,10 +11209,10 @@ a lower logging level. .br .IP "" 1 Log only a summary message on TLS handshake completion -- no logging of client certificate trust-chain verification errors +- no logging of client certificate trust\-chain verification errors if client certificate verification is not required. With Postfix 2.8 and earlier, log the summary message, peer certificate summary information -and unconditionally log trust-chain verification errors. +and unconditionally log trust\-chain verification errors. .br .IP "" 2 Also log levels during TLS negotiation. @@ -11240,7 +11239,7 @@ sessions to a more stringent grade is likely negligible, especially given the fact that many implementations still do not offer any stronger ("high" grade) ciphers, while those that do, will always use "high" grade ciphers. So insisting on "high" grade ciphers is generally -counter-productive. Allowing "export" or "low" ciphers is typically +counter\-productive. Allowing "export" or "low" ciphers is typically not a good idea, as systems limited to just these are limited to obsolete browsers. No known SMTP clients fail to support at least one "medium" or "high" grade cipher. @@ -11260,8 +11259,8 @@ configuration parameter, which you are strongly encouraged to not change. .br .IP "\fBmedium\fR" -Enable "MEDIUM" grade or stronger OpenSSL ciphers. These use 128-bit -or longer symmetric bulk-encryption keys. This is the default minimum +Enable "MEDIUM" grade or stronger OpenSSL ciphers. These use 128\-bit +or longer symmetric bulk\-encryption keys. This is the default minimum strength for mandatory TLS encryption. The underlying cipherlist is specified via the tls_medium_cipherlist configuration parameter, which you are strongly encouraged to not change. @@ -11309,7 +11308,7 @@ This feature is available in Postfix 2.3 and later. .SH smtpd_tls_mandatory_protocols (default: !SSLv2) The SSL/TLS protocols accepted by the Postfix SMTP server with mandatory TLS encryption. If the list is empty, the server supports -all available SSL/TLS protocol versions. A non-empty value is a +all available SSL/TLS protocol versions. A non\-empty value is a list of protocol names separated by whitespace, commas or colons. The supported protocol names are "SSLv2", "SSLv3" and "TLSv1", and are not case sensitive. @@ -11352,7 +11351,7 @@ This feature is available in Postfix 2.3 and later. List of TLS protocols that the Postfix SMTP server will exclude or include with opportunistic TLS encryption. This parameter SHOULD be left at its default empty value, allowing all protocols to be -used with opportunistic TLS. A non-empty value is a list of protocol +used with opportunistic TLS. A non\-empty value is a list of protocol names separated by whitespace, commas or colons. The supported protocol names are "SSLv2", "SSLv3" and "TLSv1", and are not case sensitive. @@ -11400,7 +11399,7 @@ a warning written to the mail log. This feature is available in Postfix 2.2 and later. .SH smtpd_tls_security_level (default: empty) The SMTP TLS security level for the Postfix SMTP server; when -a non-empty value is specified, this overrides the obsolete parameters +a non\-empty value is specified, this overrides the obsolete parameters smtpd_use_tls and smtpd_enforce_tls. This parameter is ignored with "smtpd_tls_wrappermode = yes". .PP @@ -11416,7 +11415,7 @@ to remote SMTP clients, but do not require that clients use TLS encryption. Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption. According to RFC 2487 this MUST NOT be applied in case -of a publicly-referenced SMTP server. Instead, this option should +of a publicly\-referenced SMTP server. Instead, this option should be used only on dedicated servers. .br .br @@ -11431,7 +11430,7 @@ features. Note 2: The parameter setting "smtpd_tls_security_level = encrypt" implies "smtpd_tls_auth_only = yes". .PP -Note 3: when invoked via "sendmail -bs", Postfix will never +Note 3: when invoked via "sendmail \-bs", Postfix will never offer STARTTLS due to insufficient privileges to access the server private key. This is intended behavior. .PP @@ -11443,7 +11442,7 @@ such as \fBbtree\fR or \fBsdbm\fR; there is no need to support concurrent access. The file is created if it does not exist. The \fBsmtpd\fR(8) daemon does not use this parameter directly, rather the cache is implemented indirectly in the \fBtlsmgr\fR(8) daemon. This means that -per-smtpd-instance master.cf overrides of this parameter are not +per\-smtpd\-instance master.cf overrides of this parameter are not effective. Note, that each of the cache databases supported by \fBtlsmgr\fR(8) daemon: $smtpd_tls_session_cache_database, $smtp_tls_session_cache_database (and with Postfix 2.3 and later $lmtp_tls_session_cache_database), needs to be @@ -11454,9 +11453,9 @@ Note: \fBdbm\fR databases are not suitable. TLS session objects are too large. .PP As of version 2.5, Postfix no longer uses root privileges when -opening this file. The file should now be stored under the Postfix-owned +opening this file. The file should now be stored under the Postfix\-owned data_directory. As a migration aid, an attempt to open the file -under a non-Postfix directory is redirected to the Postfix-owned +under a non\-Postfix directory is redirected to the Postfix\-owned data_directory, and a warning is logged. .PP Example: @@ -11475,12 +11474,12 @@ The expiration time of Postfix SMTP server TLS session cache information. A cache cleanup is performed periodically every $smtpd_tls_session_cache_timeout seconds. As with $smtpd_tls_session_cache_database, this parameter is implemented in the -\fBtlsmgr\fR(8) daemon and therefore per-smtpd-instance master.cf overrides +\fBtlsmgr\fR(8) daemon and therefore per\-smtpd\-instance master.cf overrides are not possible. .PP As of Postfix 2.11 this setting cannot exceed 100 days. If set <= 0, session caching is disabled, not just via the database, but -also via RFC 5077 TLS session tickets, which don't require server-side +also via RFC 5077 TLS session tickets, which don't require server\-side storage. If set to a positive value less than 2 minutes, the minimum value of 2 minutes is used instead. TLS session tickets require an OpenSSL library (at least version 0.9.8h) that provides full @@ -11489,17 +11488,17 @@ support for this TLS extension. This feature is available in Postfix 2.2 and later, and updated for TLS session ticket support in Postfix 2.11. .SH smtpd_tls_wrappermode (default: no) -Run the Postfix SMTP server in the non-standard "wrapper" mode, +Run the Postfix SMTP server in the non\-standard "wrapper" mode, instead of using the STARTTLS command. .PP If you want to support this service, enable a special port in -master.cf, and specify "-o smtpd_tls_wrappermode=yes" on the SMTP +master.cf, and specify "\-o smtpd_tls_wrappermode=yes" on the SMTP server's command line. Port 465 (smtps) was once chosen for this purpose. .PP This feature is available in Postfix 2.2 and later. .SH smtpd_upstream_proxy_protocol (default: empty) -The name of the proxy protocol used by an optional before-smtpd +The name of the proxy protocol used by an optional before\-smtpd proxy agent. When a proxy agent is used, this protocol conveys local and remote address and port information. Specify "smtpd_upstream_proxy_protocol = haproxy" to enable the haproxy @@ -11519,7 +11518,7 @@ This feature is available in Postfix 2.10 and later. Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption. .PP -Note: when invoked via "\fBsendmail -bs\fR", Postfix will never offer +Note: when invoked via "\fBsendmail \-bs\fR", Postfix will never offer STARTTLS due to insufficient privileges to access the server private key. This is intended behavior. .PP @@ -11527,11 +11526,11 @@ This feature is available in Postfix 2.2 and later. With Postfix 2.3 and later use smtpd_tls_security_level instead. .SH smtputf8_autodetect_classes (default: sendmail, verify) Detect that a message requires SMTPUTF8 support for the specified -mail origin classes. This is a workaround to avoid chicken-and-egg -problems during the initial SMTPUTF8 roll-out in environments with -pre-existing mail flows that contain UTF8. Those mail flows should +mail origin classes. This is a workaround to avoid chicken\-and\-egg +problems during the initial SMTPUTF8 roll\-out in environments with +pre\-existing mail flows that contain UTF8. Those mail flows should not break because Postfix suddenly refuses to deliver such mail -to down-stream MTAs that don't announce SMTPUTF8 support. +to down\-stream MTAs that don't announce SMTPUTF8 support. .PP The problem is that Postfix cannot rely solely on the sender's declaration that a message requires SMTPUTF8 support, because UTF8 @@ -11542,7 +11541,7 @@ expansion, automatic BCC recipients, local forwarding, and changes made by header checks or Milter applications). .PP For now, the default is to enable "SMTPUTF8 required" autodetection -only for Postfix sendmail command-line submissions and address +only for Postfix sendmail command\-line submissions and address verification probes. This may change once SMTPUTF8 support achieves world domination. However, sites that add UTF8 content via local processing (see above) should autodetect the need for SMTPUTF8 @@ -11585,16 +11584,16 @@ mail. .br .br .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH smtputf8_enable (default: yes) -Enable experimental SMTPUTF8 support for the protocols described +Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531..6533. This requires that Postfix is built to support these protocols. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH soft_bounce (default: no) Safety net to keep mail queued that would otherwise be returned to -the sender. This parameter disables locally-generated bounces, +the sender. This parameter disables locally\-generated bounces, changes the handling of negative responses from remote servers, content filters or plugins, and prevents the Postfix SMTP server from rejecting mail permanently @@ -11625,7 +11624,7 @@ This feature is documented in the STRESS_README document. .PP This feature is available in Postfix 2.5 and later. .SH strict_7bit_headers (default: no) -Reject mail with 8-bit text in message headers. This blocks mail +Reject mail with 8\-bit text in message headers. This blocks mail from poorly written applications. .PP This feature should not be enabled on a general purpose mail server, @@ -11640,12 +11639,12 @@ because it is likely to reject legitimate email. .PP This feature is available in Postfix 2.0 and later. .SH strict_8bitmime_body (default: no) -Reject 8-bit message body text without 8-bit MIME content encoding +Reject 8\-bit message body text without 8\-bit MIME content encoding information. This blocks mail from poorly written applications. .PP Unfortunately, this also rejects majordomo approval requests when -the included request contains valid 8-bit MIME mail, and it rejects -bounces from mailers that do not MIME encapsulate 8-bit content +the included request contains valid 8\-bit MIME mail, and it rejects +bounces from mailers that do not MIME encapsulate 8\-bit content (for example, bounces from qmail or from old versions of Postfix). .PP This feature should not be enabled on a general purpose mail server, @@ -11658,7 +11657,7 @@ The default setting is not backwards compatible. .PP This feature is available in Postfix 2.5.3 and later. .SH strict_mime_encoding_domain (default: no) -Reject mail with invalid Content-Transfer-Encoding: information +Reject mail with invalid Content\-Transfer\-Encoding: information for the message/* or multipart/* MIME content types. This blocks mail from poorly written software. .PP @@ -11679,7 +11678,7 @@ Enable stricter enforcement of the SMTPUTF8 protocol. The Postfix SMTP server accepts UTF8 sender or recipient addresses only when the client requests an SMTPUTF8 mail transaction. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH sun_mailtool_compatibility (default: no) Obsolete SUN mailtool compatibility feature. Instead, use "mailbox_delivery_lock = dotlock". @@ -11697,7 +11696,7 @@ The message is received from a network client that matches $local_header_rewrite_clients, .IP \(bu The message is received from the network, and the -remote_header_rewrite_domain parameter specifies a non-empty value. +remote_header_rewrite_domain parameter specifies a non\-empty value. .br .PP To get the behavior before Postfix version 2.2, specify @@ -11716,16 +11715,16 @@ swap_bangpath = no The syslog facility of Postfix logging. Specify a facility as defined in syslog.\fBconf\fR(5). The default facility is "mail". .PP -Warning: a non-default syslog_facility setting takes effect only +Warning: a non\-default syslog_facility setting takes effect only after a Postfix process has completed initialization. Errors during process initialization will be logged with the default facility. Examples are errors while parsing the command line arguments, and errors while accessing the Postfix main.cf configuration file. -.SH syslog_name (default: see "postconf -d" output) +.SH syslog_name (default: see "postconf \-d" output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .PP -Warning: a non-default syslog_name setting takes effect only after +Warning: a non\-default syslog_name setting takes effect only after a Postfix process has completed initialization. Errors during process initialization will be logged with the default name. Examples are errors while parsing the command line arguments, and errors @@ -11743,7 +11742,7 @@ first terminate all Postfix TCP servers: .nf .na .ft C -# postconf -e master_service_disable=inet +# postconf \-e master_service_disable=inet # postfix reload .fi .ad @@ -11758,7 +11757,7 @@ tcp_windowsize setting: .nf .na .ft C -# postconf -e tcp_windowsize=65535 master_service_disable= +# postconf \-e tcp_windowsize=65535 master_service_disable= # postfix reload .fi .ad @@ -11771,9 +11770,9 @@ tcp_windowsize change will work only for Postfix TCP clients (\fBsmtp\fR(8), .PP This feature is available in Postfix 2.6 and later. .SH tls_append_default_CA (default: no) -Append the system-supplied default certificate authority +Append the system\-supplied default Certification Authority certificates to the ones specified with *_tls_CApath or *_tls_CAfile. -The default is "no"; this prevents Postfix from trusting third-party +The default is "no"; this prevents Postfix from trusting third\-party certificates and giving them relay permission with permit_tls_all_clientcerts. .PP @@ -11782,7 +11781,7 @@ This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8, backwards compatibility, to avoid breaking certificate verification with sites that don't use permit_tls_all_clientcerts. .SH tls_daemon_random_bytes (default: 32) -The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) +The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) process requests from the \fBtlsmgr\fR(8) server in order to seed its internal pseudo random number generator (PRNG). The default of 32 bytes (equivalent to 256 bits) is sufficient to generate a 128bit @@ -11797,13 +11796,13 @@ algorithms are ignored. .PP Specify one of the following: .IP "\fBoff\fR" -DANE verification examines each well-formed record in the TLSA +DANE verification examines each well\-formed record in the TLSA RRset whose matching type is either "0" (no hash used) or is one of the digest algorithms listed in $tls_dane_digests. This setting is not recommended. .br .IP "\fBon\fR" -From each group of well-formed TLSA RRs a non-zero digest +From each group of well\-formed TLSA RRs a non\-zero digest matching type with the same certificate usage and selector, DANE verification examines only those records whose matching type has the highest precedence (appear earliest in $tls_dane_digests). @@ -11813,8 +11812,8 @@ For compatibility with digest algorithm agility, each certificate or public key whose digest is included in a DANE TLSA RRset, SHOULD be published with the same set of digest matching type values as any other with the same usage and selector. Therefore, compatible -TLSA RRsets will contain an identical count of well-formed RRs with -each non-zero digest matching type for any fixed combination of +TLSA RRsets will contain an identical count of well\-formed RRs with +each non\-zero digest matching type for any fixed combination of usage and selector. When this constraint is violated, or any of the digest records are malformed, digest algorithm agility will disabled. Otherwise, digest algorithm agility is enabled. @@ -11823,7 +11822,7 @@ disabled. Otherwise, digest algorithm agility is enabled. .PP Digest algorithm agility ensures that the strongest digest supported by both the Postfix SMTP client and the remote server is -used, and weaker digests are ignored. This supports non-disruptive +used, and weaker digests are ignored. This supports non\-disruptive deprecation of outdated digest algorithms. .PP To ensure compatibility with digest algorithm agility during @@ -11844,7 +11843,7 @@ an eventual update to RFC 6698. .PP This feature is available in Postfix 2.11 and later. .SH tls_dane_digests (default: sha512 sha256) -RFC 6698 TLSA resource-record "matching type" digest algorithms +RFC 6698 TLSA resource\-record "matching type" digest algorithms in descending preference order. All the specified algorithms must be supported by the underlying OpenSSL library, otherwise the Postfix SMTP client will not support DANE TLSA security. @@ -11854,7 +11853,7 @@ whitespace. Each digest name may be followed by an optional "=" suffix. For example, "sha512" may instead be specified as "sha512=2" and "sha256" may instead be specified as "sha256=1". The optional number must match the IANA assigned TLSA matching type number the algorithm in question. Postfix will check this constraint for the algorithms it knows about. Additional matching type algorithms registered with IANA can be added @@ -11884,11 +11883,11 @@ anchor assertion) TLSA records. .PP This feature is available in Postfix 2.11 and later. .SH tls_dane_trust_anchor_digest_enable (default: yes) -RFC 6698 trust-anchor digest support in the Postfix TLS library. +RFC 6698 trust\-anchor digest support in the Postfix TLS library. Enable support for RFC 6698 (DANE TLSA) DNS records that contain -digests of trust-anchors with certificate usage "2". In this case +digests of trust\-anchors with certificate usage "2". In this case the certificate usage logically requires the server administrator -to configure the server to include the trust-anchor certificate in +to configure the server to include the trust\-anchor certificate in the server's SSL certificate chain. If enough domains mess this up, you can disable support for these TLSA records, but you'll no longer have secure connections that get it right and only publish @@ -11898,7 +11897,7 @@ At the dane security level, when a TLSA RRset includes only unusable associations, the Postfix SMTP client will automatically switch the connection to the encrypt -security level. At the dane-only security level, +security level. At the dane\-only security level, the server in question is skipped and delivery is deferred if no secure servers are found. .PP @@ -11907,35 +11906,35 @@ algorithms that are supported in TLSA records. The tls_dane_digest_agility parameter controls digest algorithm downgrade attack resistance. .PP This feature is available in Postfix 2.11 and later. -.SH tls_disable_workarounds (default: see "postconf -d" output) -List or bit-mask of OpenSSL bug work-arounds to disable. +.SH tls_disable_workarounds (default: see "postconf \-d" output) +List or bit\-mask of OpenSSL bug work\-arounds to disable. .PP -The OpenSSL toolkit includes a set of work-arounds for buggy SSL/TLS +The OpenSSL toolkit includes a set of work\-arounds for buggy SSL/TLS implementations. Applications, such as Postfix, that want to maximize interoperability ask the OpenSSL library to enable the full set of -recommended work-arounds. +recommended work\-arounds. .PP -From time to time, it is discovered that a work-around creates a +From time to time, it is discovered that a work\-around creates a security issue, and should no longer be used. If upgrading OpenSSL to a fixed version is not an option or an upgrade is not available in a timely manner, or in closed environments where no buggy clients or servers exist, it may be appropriate to disable some or all of the -OpenSSL interoperability work-arounds. This parameter specifies which -bug work-arounds to disable. +OpenSSL interoperability work\-arounds. This parameter specifies which +bug work\-arounds to disable. .PP If the value of the parameter is a hexadecimal long integer starting -with "0x", the bug work-arounds corresponding to the bits specified in -its value are removed from the \fBSSL_OP_ALL\fR work-around bit-mask +with "0x", the bug work\-arounds corresponding to the bits specified in +its value are removed from the \fBSSL_OP_ALL\fR work\-around bit\-mask (see openssl/ssl.h and SSL_CTX_\fBset_options\fR(3)). You can specify more bits than are present in SSL_OP_ALL, excess bits are ignored. Specifying -0xFFFFFFFF disables all bug-workarounds on a 32-bit system. This should -also be sufficient on 64-bit systems, until OpenSSL abandons support -for 32-bit systems and starts using the high 32 bits of a 64-bit -bug-workaround mask. -.PP -Otherwise, the parameter is a white-space or comma separated list -of specific named bug work-arounds chosen from the list below. It -is possible that your OpenSSL version includes new bug work-arounds +0xFFFFFFFF disables all bug\-workarounds on a 32\-bit system. This should +also be sufficient on 64\-bit systems, until OpenSSL abandons support +for 32\-bit systems and starts using the high 32 bits of a 64\-bit +bug\-workaround mask. +.PP +Otherwise, the parameter is a white\-space or comma separated list +of specific named bug work\-arounds chosen from the list below. It +is possible that your OpenSSL version includes new bug work\-arounds added after your Postfix source code was last updated, in that case you can only disable one of these via the hexadecimal syntax above. .IP "\fBMICROSOFT_SESS_ID_BUG\fR" @@ -11949,7 +11948,7 @@ See SSL_CTX_\fBset_options\fR(3) .br .IP "\fBNETSCAPE_REUSE_CIPHER_CHANGE_BUG\fR" also aliased -as \fBCVE-2010-4180\fR. Postfix 2.8 disables this work-around by +as \fBCVE\-2010\-4180\fR. Postfix 2.8 disables this work\-around by default with OpenSSL versions that may predate the fix. Fixed in OpenSSL 0.9.8q and OpenSSL 1.0.0c. .br @@ -11963,7 +11962,7 @@ SSL_CTX_\fBset_options\fR(3) .br .IP "\fBMSIE_SSLV2_RSA_PADDING\fR" also aliased as -\fBCVE-2005-2969\fR. Postfix 2.8 disables this work-around by +\fBCVE\-2005\-2969\fR. Postfix 2.8 disables this work\-around by default with OpenSSL versions that may predate the fix. Fixed in OpenSSL 0.9.7h and OpenSSL 0.9.8a. .br @@ -11998,9 +11997,9 @@ The elliptic curve used by the Postfix SMTP server for sensibly strong ephemeral ECDH key exchange. This curve is used by the Postfix SMTP server when "smtpd_tls_eecdh_grade = strong". The phrase "sensibly -strong" means approximately 128-bit security based on best known +strong" means approximately 128\-bit security based on best known attacks. The selected curve must be implemented by OpenSSL (as -reported by \fBecparam\fR(1) with the "-list_curves" option) and be one +reported by \fBecparam\fR(1) with the "\-list_curves" option) and be one of the curves listed in Section 5.1.1 of RFC 4492. You should not generally change this setting. Remote SMTP client implementations must support this curve for EECDH key exchange to take place. It @@ -12032,11 +12031,11 @@ The elliptic curve used by the Postfix SMTP server for maximally strong ephemeral ECDH key exchange. This curve is used by the Postfix SMTP server when "smtpd_tls_eecdh_grade = ultra". The phrase "maximally -strong" means approximately 192-bit security based on best known attacks. +strong" means approximately 192\-bit security based on best known attacks. This additional strength comes at a significant computational cost, most users should instead set "smtpd_tls_eecdh_grade = strong". The selected curve must be implemented by OpenSSL (as reported by \fBecparam\fR(1) with the -"-list_curves" option) and be one of the curves listed in Section 5.1.1 +"\-list_curves" option) and be one of the curves listed in Section 5.1.1 of RFC 4492. You should not generally change this setting. .PP This default "ultra" curve is rated in NSA Suite @@ -12061,7 +12060,7 @@ the cipherlist for the opportunistic ("may") TLS client security level and is the default cipherlist for the SMTP server. You are strongly encouraged to not change this setting. With OpenSSL 1.0.0 and later the cipherlist may start with an "aNULL:" prefix, which restores -the 0.9.8-compatible ordering of the aNULL ciphers to the top of the +the 0.9.8\-compatible ordering of the aNULL ciphers to the top of the list when they are enabled. This prefix is not needed with previous OpenSSL releases. .PP @@ -12072,22 +12071,22 @@ the meaning of the "high" setting in smtpd_tls_mandatory_ciphers, smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are strongly encouraged to not change this setting. With OpenSSL 1.0.0 and later the cipherlist may start with an "aNULL:" prefix, which restores -the 0.9.8-compatible ordering of the aNULL ciphers to the top of the +the 0.9.8\-compatible ordering of the aNULL ciphers to the top of the list when they are enabled. This prefix is not needed with previous OpenSSL releases. .PP This feature is available in Postfix 2.3 and later. .SH tls_legacy_public_key_fingerprints (default: no) A temporary migration aid for sites that use certificate -\fIpublic-key\fR fingerprints with Postfix 2.9.0..2.9.5, which use +\fIpublic\-key\fR fingerprints with Postfix 2.9.0..2.9.5, which use an incorrect algorithm. This parameter has no effect on the certificate fingerprint support that is available since Postfix 2.2. .PP Specify "tls_legacy_public_key_fingerprints = yes" temporarily, pending a migration from configuration files with incorrect Postfix -2.9.0..2.9.5 certificate public-key finger prints, to the correct +2.9.0..2.9.5 certificate public\-key finger prints, to the correct fingerprints used by Postfix 2.9.6 and later. To compute the correct -certificate public-key fingerprints, see TLS_README. +certificate public\-key fingerprints, see TLS_README. .PP This feature is available in Postfix 2.9.6 and later. .SH tls_low_cipherlist (default: ALL:!EXPORT:+RC4:@STRENGTH) @@ -12096,7 +12095,7 @@ the meaning of the "low" setting in smtpd_tls_mandatory_ciphers, smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are strongly encouraged to not change this setting. With OpenSSL 1.0.0 and later the cipherlist may start with an "aNULL:" prefix, which restores -the 0.9.8-compatible ordering of the aNULL ciphers to the top of the +the 0.9.8\-compatible ordering of the aNULL ciphers to the top of the list when they are enabled. This prefix is not needed with previous OpenSSL releases. .PP @@ -12109,7 +12108,7 @@ the default cipherlist for mandatory TLS encryption in the TLS client (with anonymous ciphers disabled when verifying server certificates). You are strongly encouraged to not change this setting. With OpenSSL 1.0.0 and later the cipherlist may start with an -"aNULL:" prefix, which restores the 0.9.8-compatible ordering of the +"aNULL:" prefix, which restores the 0.9.8\-compatible ordering of the aNULL ciphers to the top of the list when they are enabled. This prefix is not needed with previous OpenSSL releases. .PP @@ -12139,8 +12138,8 @@ issues. In the past, some SSL clients have listed lower priority ciphers that they did not implement correctly. If the server chooses a cipher that the client prefers less, it may select a cipher whose client implementation is flawed. Most notably Windows 2003 Microsoft -Exchange servers have flawed implementations of DES-CBC3-SHA, which -OpenSSL considers stronger than RC4-SHA. Enabling server cipher-suite +Exchange servers have flawed implementations of DES\-CBC3\-SHA, which +OpenSSL considers stronger than RC4\-SHA. Enabling server cipher\-suite selection may create interoperability issues with Windows 2003 Microsoft Exchange clients. .PP @@ -12148,13 +12147,13 @@ This feature is available in Postfix 2.8 and later, in combination with OpenSSL 0.9.7 and later. .SH tls_random_bytes (default: 32) The number of bytes that \fBtlsmgr\fR(8) reads from $tls_random_source -when (re)seeding the in-memory pseudo random number generator (PRNG) +when (re)seeding the in\-memory pseudo random number generator (PRNG) pool. The default of 32 bytes (256 bits) is good enough for 128bit symmetric keys. If using EGD or a device file, a maximum of 255 bytes is read. .PP This feature is available in Postfix 2.2 and later. -.SH tls_random_exchange_name (default: see "postconf -d" output) +.SH tls_random_exchange_name (default: see "postconf \-d" output) Name of the pseudo random number generator (PRNG) state file that is maintained by \fBtlsmgr\fR(8). The file is created when it does not exist, and its length is fixed at 1024 bytes. @@ -12162,8 +12161,8 @@ not exist, and its length is fixed at 1024 bytes. As of version 2.5, Postfix no longer uses root privileges when opening this file, and the default file location was changed from ${config_directory}/prng_exch to ${data_directory}/prng_exch. As -a migration aid, an attempt to open the file under a non-Postfix -directory is redirected to the Postfix-owned data_directory, and a +a migration aid, an attempt to open the file under a non\-Postfix +directory is redirected to the Postfix\-owned data_directory, and a warning is logged. .PP This feature is available in Postfix 2.2 and later. @@ -12174,15 +12173,15 @@ with $tls_random_exchange_name. .PP This feature is available in Postfix 2.2 and later. .SH tls_random_reseed_period (default: 3600s) -The maximal time between attempts by \fBtlsmgr\fR(8) to re-seed the -in-memory pseudo random number generator (PRNG) pool from external -sources. The actual time between re-seeding attempts is calculated +The maximal time between attempts by \fBtlsmgr\fR(8) to re\-seed the +in\-memory pseudo random number generator (PRNG) pool from external +sources. The actual time between re\-seeding attempts is calculated using the PRNG, and is between 0 and the time specified. .PP This feature is available in Postfix 2.2 and later. -.SH tls_random_source (default: see "postconf -d" output) -The external entropy source for the in-memory \fBtlsmgr\fR(8) pseudo -random number generator (PRNG) pool. Be sure to specify a non-blocking +.SH tls_random_source (default: see "postconf \-d" output) +The external entropy source for the in\-memory \fBtlsmgr\fR(8) pseudo +random number generator (PRNG) pool. Be sure to specify a non\-blocking source. If this source is not a regular file, the entropy source type must be prepended: egd:/path/to/egd_socket for a source with EGD compatible socket interface, or dev:/path/to/device for a @@ -12192,34 +12191,34 @@ Note: on OpenBSD systems specify /dev/arandom when /dev/urandom gives timeout errors. .PP This feature is available in Postfix 2.2 and later. -.SH tls_session_ticket_cipher (default: Postfix >= 2.12: aes-256-cbc, postfix < 2.12: aes-128-cbc) +.SH tls_session_ticket_cipher (default: Postfix >= 3.0: aes\-256\-cbc, Postfix < 3.0: aes\-128\-cbc) Algorithm used to encrypt RFC5077 TLS session tickets. This -algorithm must use CBC mode, have a 128-bit block size, and must +algorithm must use CBC mode, have a 128\-bit block size, and must have a key length between 128 and 256 bits. The default is -aes-256-cbc. Overriding the default to choose a different algorithm +aes\-256\-cbc. Overriding the default to choose a different algorithm is discouraged. .PP Setting this parameter empty disables session ticket support in the Postfix SMTP server. Another way to disable session ticket support is via the tls_ssl_options parameter. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH tls_ssl_options (default: empty) -List or bit-mask of OpenSSL options to enable. +List or bit\-mask of OpenSSL options to enable. .PP The OpenSSL toolkit provides a set of options that applications can enable to tune the OpenSSL behavior. Some of these work around bugs in other implementations and are on by default. You can use the tls_disable_workarounds parameter to selectively disable some -or all of the bug work-arounds, making OpenSSL more strict at the -cost of non-interoperability with SSL clients or servers that exhibit +or all of the bug work\-arounds, making OpenSSL more strict at the +cost of non\-interoperability with SSL clients or servers that exhibit the bugs. .PP Other options are off by default, and typically enable or disable -features rather than bug work-arounds. These may be turned on (with -care) via the tls_ssl_options parameter. The value is a white-space +features rather than bug work\-arounds. These may be turned on (with +care) via the tls_ssl_options parameter. The value is a white\-space or comma separated list of named options chosen from the list below. -The names are not case-sensitive, you can use lower-case if you +The names are not case\-sensitive, you can use lower\-case if you prefer. The upper case values below match the corresponding macro name in the ssl.h header file with the SSL_OP_ prefix removed. It is possible that your OpenSSL version includes new options added @@ -12251,7 +12250,7 @@ See SSL_CTX_\fBset_options\fR(3). .br .IP "\fBNO_COMPRESSION\fR" Disable SSL compression even if -supported by the OpenSSL library. Compression is CPU-intensive, +supported by the OpenSSL library. Compression is CPU\-intensive, and compression before encryption does not always improve security. .br .br @@ -12278,7 +12277,7 @@ example.com. IN MX 0 example.com.mx2.example.net. .PP and the TLS certificate may be for "*.example.net". The "*" then corresponds with multiple labels in the mail server domain -name. While multi-label wildcards are not widely supported, and +name. While multi\-label wildcards are not widely supported, and are not blessed by any standard, there is little to be gained by disallowing their use in this context. .PP @@ -12361,13 +12360,13 @@ private DSA key. See smtpd_tls_dcert_file for further details. This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_dh1024_param_file (default: $smtpd_tls_dh1024_param_file) File with DH parameters that the Postfix \fBtlsproxy\fR(8) server -should use with non-export EDH ciphers. See smtpd_tls_dh1024_param_file +should use with non\-export EDH ciphers. See smtpd_tls_dh1024_param_file for further details. .PP This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_dh512_param_file (default: $smtpd_tls_dh512_param_file) File with DH parameters that the Postfix \fBtlsproxy\fR(8) server -should use with export-grade EDH ciphers. See smtpd_tls_dh512_param_file +should use with export\-grade EDH ciphers. See smtpd_tls_dh512_param_file for further details. .PP This feature is available in Postfix 2.8 and later. @@ -12394,7 +12393,7 @@ See smtpd_tls_eckey_file for further details. This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_eecdh_grade (default: $smtpd_tls_eecdh_grade) The Postfix \fBtlsproxy\fR(8) server security grade for ephemeral -elliptic-curve Diffie-Hellman (EECDH) key exchange. See +elliptic\-curve Diffie\-Hellman (EECDH) key exchange. See smtpd_tls_eecdh_grade for further details. .PP This feature is available in Postfix 2.8 and later. @@ -12406,7 +12405,7 @@ smtpd_tls_exclude_ciphers for further details. This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_fingerprint_digest (default: $smtpd_tls_fingerprint_digest) The message digest algorithm to construct remote SMTP -client-certificate +client\-certificate fingerprints. See smtpd_tls_fingerprint_digest for further details. .PP This feature is available in Postfix 2.8 and later. @@ -12457,7 +12456,7 @@ See smtpd_tls_req_ccert for further details. This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_security_level (default: $smtpd_tls_security_level) The SMTP TLS security level for the Postfix \fBtlsproxy\fR(8) server; -when a non-empty value is specified, this overrides the obsolete +when a non\-empty value is specified, this overrides the obsolete parameters smtpd_use_tls and smtpd_enforce_tls. See smtpd_tls_security_level for further details. .PP @@ -12477,14 +12476,14 @@ for further details. This feature is available in Postfix 2.8 and later. .SH tlsproxy_watchdog_timeout (default: 10s) How much time a \fBtlsproxy\fR(8) process may take to process local -or remote I/O before it is terminated by a built-in watchdog timer. +or remote I/O before it is terminated by a built\-in watchdog timer. This is a safety mechanism that prevents \fBtlsproxy\fR(8) from becoming -non-responsive due to a bug in Postfix itself or in system software. +non\-responsive due to a bug in Postfix itself or in system software. To avoid false alarms and unnecessary cache corruption this limit cannot be set under 10s. .PP -Specify a non-zero time value (an integral value plus an optional -one-letter suffix that specifies the time unit). Time units: s +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). .PP This feature is available in Postfix 2.8. @@ -12492,41 +12491,41 @@ This feature is available in Postfix 2.8. The name of the trace service. This service is implemented by the \fBbounce\fR(8) daemon and maintains a record of mail deliveries and produces a mail delivery report when verbose -delivery is requested with "\fBsendmail -v\fR". +delivery is requested with "\fBsendmail \-v\fR". .PP This feature is available in Postfix 2.1 and later. .SH transport_delivery_slot_cost (default: $default_delivery_slot_cost) -A transport-specific override for the default_delivery_slot_cost +A transport\-specific override for the default_delivery_slot_cost parameter value, where \fItransport\fR is the master.cf name of the message delivery transport. .PP Note: \fItransport\fR_delivery_slot_cost parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a combination -of a master.cf service name and a built-in suffix (in this case: +of a master.cf service name and a built\-in suffix (in this case: "_delivery_slot_cost"). .SH transport_delivery_slot_discount (default: $default_delivery_slot_discount) -A transport-specific override for the default_delivery_slot_discount +A transport\-specific override for the default_delivery_slot_discount parameter value, where \fItransport\fR is the master.cf name of the message delivery transport. .PP Note: \fItransport\fR_delivery_slot_discount parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a -combination of a master.cf service name and a built-in suffix (in +combination of a master.cf service name and a built\-in suffix (in this case: "_delivery_slot_discount"). .SH transport_delivery_slot_loan (default: $default_delivery_slot_loan) -A transport-specific override for the default_delivery_slot_loan +A transport\-specific override for the default_delivery_slot_loan parameter value, where \fItransport\fR is the master.cf name of the message delivery transport. .PP Note: \fItransport\fR_delivery_slot_loan parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a combination -of a master.cf service name and a built-in suffix (in this case: +of a master.cf service name and a built\-in suffix (in this case: "_delivery_slot_loan"). .SH transport_destination_concurrency_failed_cohort_limit (default: $default_destination_concurrency_failed_cohort_limit) -A transport-specific override for the +A transport\-specific override for the default_destination_concurrency_failed_cohort_limit parameter value, where \fItransport\fR is the master.cf name of the message delivery transport. @@ -12535,12 +12534,12 @@ Note: some \fItransport\fR_destination_concurrency_failed_cohort_limit parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a combination of a master.cf service name and a -built-in suffix (in this case: +built\-in suffix (in this case: "_destination_concurrency_failed_cohort_limit"). .PP This feature is available in Postfix 2.5 and later. .SH transport_destination_concurrency_limit (default: $default_destination_concurrency_limit) -A transport-specific override for the +A transport\-specific override for the default_destination_concurrency_limit parameter value, where \fItransport\fR is the master.cf name of the message delivery transport. @@ -12549,9 +12548,9 @@ Note: some \fItransport\fR_destination_concurrency_limit parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a combination of a master.cf service name and a -built-in suffix (in this case: "_destination_concurrency_limit"). +built\-in suffix (in this case: "_destination_concurrency_limit"). .SH transport_destination_concurrency_negative_feedback (default: $default_destination_concurrency_negative_feedback) -A transport-specific override for the +A transport\-specific override for the default_destination_concurrency_negative_feedback parameter value, where \fItransport\fR is the master.cf name of the message delivery transport. @@ -12560,12 +12559,12 @@ Note: some \fItransport\fR_destination_concurrency_negative_feedback parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a combination of a master.cf service name and a -built-in suffix (in this case: +built\-in suffix (in this case: "_destination_concurrency_negative_feedback"). .PP This feature is available in Postfix 2.5 and later. .SH transport_destination_concurrency_positive_feedback (default: $default_destination_concurrency_positive_feedback) -A transport-specific override for the +A transport\-specific override for the default_destination_concurrency_positive_feedback parameter value, where \fItransport\fR is the master.cf name of the message delivery transport. @@ -12574,24 +12573,24 @@ Note: some \fItransport\fR_destination_concurrency_positive_feedback parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a combination of a master.cf service name and a -built-in suffix (in this case: +built\-in suffix (in this case: "_destination_concurrency_positive_feedback"). .PP This feature is available in Postfix 2.5 and later. .SH transport_destination_rate_delay (default: $default_destination_rate_delay) -A transport-specific override for the default_destination_rate_delay +A transport\-specific override for the default_destination_rate_delay parameter value, where \fItransport\fR is the master.cf name of the message delivery transport. .PP Note: some \fItransport\fR_destination_rate_delay parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a -combination of a master.cf service name and a built-in suffix (in +combination of a master.cf service name and a built\-in suffix (in this case: "_destination_rate_delay"). .PP This feature is available in Postfix 2.5 and later. .SH transport_destination_recipient_limit (default: $default_destination_recipient_limit) -A transport-specific override for the +A transport\-specific override for the default_destination_recipient_limit parameter value, where \fItransport\fR is the master.cf name of the message delivery transport. @@ -12599,20 +12598,20 @@ transport. Note: some \fItransport\fR_destination_recipient_limit parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a -combination of a master.cf service name and a built-in suffix (in +combination of a master.cf service name and a built\-in suffix (in this case: "_destination_recipient_limit"). .SH transport_extra_recipient_limit (default: $default_extra_recipient_limit) -A transport-specific override for the default_extra_recipient_limit +A transport\-specific override for the default_extra_recipient_limit parameter value, where \fItransport\fR is the master.cf name of the message delivery transport. .PP Note: \fItransport\fR_extra_recipient_limit parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a -combination of a master.cf service name and a built-in suffix (in +combination of a master.cf service name and a built\-in suffix (in this case: "_extra_recipient_limit"). .SH transport_initial_destination_concurrency (default: $initial_destination_concurrency) -A transport-specific override for the initial_destination_concurrency +A transport\-specific override for the initial_destination_concurrency parameter value, where \fItransport\fR is the master.cf name of the message delivery transport. .PP @@ -12620,12 +12619,12 @@ Note: some \fItransport\fR_initial_destination_concurrency parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a combination of a master.cf service name and a -built-in suffix (in this case: "_initial_destination_concurrency"). +built\-in suffix (in this case: "_initial_destination_concurrency"). .PP This feature is available in Postfix 2.5 and later. .SH transport_maps (default: empty) Optional lookup tables with mappings from recipient address to -(message delivery transport, next-hop destination). See \fBtransport\fR(5) +(message delivery transport, next\-hop destination). See \fBtransport\fR(5) for details. .PP Specify zero or more "type:table" lookup tables, separated by @@ -12652,46 +12651,46 @@ transport_maps = hash:/etc/postfix/transport .ad .ft R .SH transport_minimum_delivery_slots (default: $default_minimum_delivery_slots) -A transport-specific override for the default_minimum_delivery_slots +A transport\-specific override for the default_minimum_delivery_slots parameter value, where \fItransport\fR is the master.cf name of the message delivery transport. .PP Note: \fItransport\fR_minimum_delivery_slots parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a -combination of a master.cf service name and a built-in suffix (in +combination of a master.cf service name and a built\-in suffix (in this case: "_minimum_delivery_slots"). .SH transport_recipient_limit (default: $default_recipient_limit) -A transport-specific override for the default_recipient_limit +A transport\-specific override for the default_recipient_limit parameter value, where \fItransport\fR is the master.cf name of the message delivery transport. .PP Note: some \fItransport\fR_recipient_limit parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a combination -of a master.cf service name and a built-in suffix (in this case: +of a master.cf service name and a built\-in suffix (in this case: "_recipient_limit"). .SH transport_recipient_refill_delay (default: $default_recipient_refill_delay) -A transport-specific override for the default_recipient_refill_delay +A transport\-specific override for the default_recipient_refill_delay parameter value, where \fItransport\fR is the master.cf name of the message delivery transport. .PP Note: \fItransport\fR_recipient_refill_delay parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a -combination of a master.cf service name and a built-in suffix (in +combination of a master.cf service name and a built\-in suffix (in this case: "_recipient_refill_delay"). .PP This feature is available in Postfix 2.4 and later. .SH transport_recipient_refill_limit (default: $default_recipient_refill_limit) -A transport-specific override for the default_recipient_refill_limit +A transport\-specific override for the default_recipient_refill_limit parameter value, where \fItransport\fR is the master.cf name of the message delivery transport. .PP Note: \fItransport\fR_recipient_refill_limit parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a -combination of a master.cf service name and a built-in suffix (in +combination of a master.cf service name and a built\-in suffix (in this case: "_recipient_refill_limit"). .PP This feature is available in Postfix 2.4 and later. @@ -12702,14 +12701,14 @@ a malfunctioning message delivery transport. Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). .SH transport_time_limit (default: $command_time_limit) -A transport-specific override for the command_time_limit parameter +A transport\-specific override for the command_time_limit parameter value, where \fItransport\fR is the master.cf name of the message delivery transport. .PP Note: \fItransport\fR_time_limit parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a combination -of a master.cf service name and a built-in suffix (in this case: +of a master.cf service name and a built\-in suffix (in this case: "_time_limit"). .SH trigger_timeout (default: 10s) The time limit for sending a trigger to a Postfix daemon (for @@ -12719,10 +12718,10 @@ load. .PP Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). -.SH undisclosed_recipients_header (default: see "postconf -d" output) +.SH undisclosed_recipients_header (default: see "postconf \-d" output) Message header that the Postfix \fBcleanup\fR(8) server inserts when a message contains no To: or Cc: message header. With Postfix 2.8 -and later, the default value is empty. With Postfix 2.4-2.7, +and later, the default value is empty. With Postfix 2.4\-2.7, specify an empty value to disable this feature. .PP Example: @@ -12732,7 +12731,7 @@ Example: .ft C # Default value before Postfix 2.8. # Note: the ":" and ";" are both required. -undisclosed_recipients_header = To: undisclosed-recipients:; +undisclosed_recipients_header = To: undisclosed\-recipients:; .fi .ad .ft R @@ -12906,7 +12905,7 @@ for opportunities to reject mail, and defers the client request only if it would otherwise be accepted. .PP This feature is available in Postfix 2.6 and later. -.SH verp_delimiter_filter (default: -=+) +.SH verp_delimiter_filter (default: \-=+) The characters Postfix accepts as VERP delimiter characters on the Postfix \fBsendmail\fR(1) command line and in SMTP commands. .PP @@ -12916,13 +12915,13 @@ The maximal length of an email address after virtual alias expansion. This stops virtual aliasing loops that increase the address length exponentially. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH virtual_alias_domains (default: $virtual_alias_maps) Postfix is final destination for the specified list of virtual alias domains, that is, domains for which all addresses are aliased to addresses in other local or remote domains. The SMTP server validates recipient addresses with $virtual_alias_maps and rejects -non-existent recipients. See also the virtual alias domain class +non\-existent recipients. See also the virtual alias domain class in the ADDRESS_CLASS_README file .PP This feature is available in Postfix 2.0 and later. The default @@ -12931,7 +12930,7 @@ value is backwards compatible with Postfix version 1.1. The default value is $virtual_alias_maps so that you can keep all information about virtual alias domains in one place. If you have many users, it is better to separate information that changes more -frequently (virtual address -> local or remote address mapping) +frequently (virtual address \-> local or remote address mapping) from information that changes less frequently (the list of virtual domain names). .PP @@ -13001,7 +13000,7 @@ Optional filter for the \fBvirtual\fR(8) delivery agent to change the delivery status code or explanatory text of successful or unsuccessful deliveries. See default_delivery_status_filter for details. .PP -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later. .SH virtual_destination_concurrency_limit (default: $default_destination_concurrency_limit) The maximal number of parallel deliveries to the same destination via the virtual message delivery transport. This limit is enforced @@ -13017,7 +13016,7 @@ Setting this parameter to a value of 1 changes the meaning of virtual_destination_concurrency_limit from concurrency per domain into concurrency per recipient. .SH virtual_gid_maps (default: empty) -Lookup tables with the per-recipient group ID for \fBvirtual\fR(8) mailbox +Lookup tables with the per\-recipient group ID for \fBvirtual\fR(8) mailbox delivery. .PP This parameter is specific to the \fBvirtual\fR(8) delivery agent. @@ -13028,7 +13027,7 @@ Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Tables will be searched in the specified order until a match is found. .PP -In a lookup table, specify a left-hand side of "@domain.tld" to +In a lookup table, specify a left\-hand side of "@domain.tld" to match any user in the specified domain that does not have a specific "user@domain.tld" entry. .PP @@ -13070,7 +13069,7 @@ Postfix is final destination for the specified list of domains; mail is delivered via the $virtual_transport mail delivery transport. By default this is the Postfix \fBvirtual\fR(8) delivery agent. The SMTP server validates recipient addresses with $virtual_mailbox_maps -and rejects mail for non-existent recipients. See also the virtual +and rejects mail for non\-existent recipients. See also the virtual mailbox domain class in the ADDRESS_CLASS_README file. .PP This parameter expects the same syntax as the mydestination @@ -13085,17 +13084,17 @@ maildir file, or zero (no limit). This parameter is specific to the \fBvirtual\fR(8) delivery agent. It does not apply when mail is delivered with a different mail delivery program. -.SH virtual_mailbox_lock (default: see "postconf -d" output) -How to lock a UNIX-style \fBvirtual\fR(8) mailbox before attempting +.SH virtual_mailbox_lock (default: see "postconf \-d" output) +How to lock a UNIX\-style \fBvirtual\fR(8) mailbox before attempting delivery. For a list of available file locking methods, use the -"\fBpostconf -l\fR" command. +"\fBpostconf \-l\fR" command. .PP This parameter is specific to the \fBvirtual\fR(8) delivery agent. It does not apply when mail is delivered with a different mail delivery program. .PP This setting is ignored with \fBmaildir\fR style delivery, because -such deliveries are safe without application-level locks. +such deliveries are safe without application\-level locks. .PP Note 1: the \fBdotlock\fR method requires that the recipient UID or GID has write access to the parent directory of the recipient's @@ -13110,7 +13109,7 @@ Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Tables will be searched in the specified order until a match is found. .PP -In a lookup table, specify a left-hand side of "@domain.tld" to +In a lookup table, specify a left\-hand side of "@domain.tld" to match any user in the specified domain that does not have a specific "user@domain.tld" entry. .PP @@ -13119,9 +13118,9 @@ agent. It does not apply when mail is delivered with a different mail delivery program. .PP The \fBvirtual\fR(8) delivery agent uses this table to look up the -per-recipient mailbox or maildir pathname. If the lookup result -ends in a slash ("/"), maildir-style delivery is carried out, -otherwise the path is assumed to specify a UNIX-style mailbox file. +per\-recipient mailbox or maildir pathname. If the lookup result +ends in a slash ("/"), maildir\-style delivery is carried out, +otherwise the path is assumed to specify a UNIX\-style mailbox file. Note that $virtual_mailbox_base is unconditionally prepended to this path. .PP @@ -13155,7 +13154,7 @@ This parameter is specific to the \fBvirtual\fR(8) delivery agent. It does not apply when mail is delivered with a different mail delivery program. .SH virtual_transport (default: virtual) -The default mail delivery transport and next-hop destination for +The default mail delivery transport and next\-hop destination for final delivery to domains listed with $virtual_mailbox_domains. This information can be overruled with the \fBtransport\fR(5) table. .PP @@ -13166,7 +13165,7 @@ in the manual page of the corresponding delivery agent. .PP This feature is available in Postfix 2.0 and later. .SH virtual_uid_maps (default: empty) -Lookup tables with the per-recipient user ID that the \fBvirtual\fR(8) +Lookup tables with the per\-recipient user ID that the \fBvirtual\fR(8) delivery agent uses while writing to the recipient's mailbox. .PP This parameter is specific to the \fBvirtual\fR(8) delivery agent. @@ -13177,7 +13176,7 @@ Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Tables will be searched in the specified order until a match is found. .PP -In a lookup table, specify a left-hand side of "@domain.tld" +In a lookup table, specify a left\-hand side of "@domain.tld" to match any user in the specified domain that does not have a specific "user@domain.tld" entry. .PP diff --git a/postfix/man/man5/postfix-wrapper.5 b/postfix/man/man5/postfix-wrapper.5 index 75f69ad00..8bb165d89 100644 --- a/postfix/man/man5/postfix-wrapper.5 +++ b/postfix/man/man5/postfix-wrapper.5 @@ -4,7 +4,7 @@ .SH NAME postfix-wrapper \- -Postfix multi-instance API +Postfix multi\-instance API .SH DESCRIPTION .ad .fi @@ -16,10 +16,10 @@ queue and data files. This document describes how the familiar "postfix start" etc. user interface can be used to manage one or multiple Postfix instances, and gives details of an API to coordinate -activities between the postfix(1) command and a multi-instance +activities between the postfix(1) command and a multi\-instance manager program. -With multi-instance support, the default Postfix instance +With multi\-instance support, the default Postfix instance is always required. This instance is identified by the config_directory parameter's default value. .SH "GENERAL OPERATION" @@ -27,7 +27,7 @@ config_directory parameter's default value. .nf .ad .fi -Multi-instance support is backwards compatible: when you +Multi\-instance support is backwards compatible: when you run only one Postfix instance, commands such as "postfix start" will not change behavior at all. @@ -41,13 +41,13 @@ For example, to start all Postfix instances, use: # postfix start .PP Other postfix(1) commands also work as expected. For example, -to find out what Postfix instances exist in a multi-instance +to find out what Postfix instances exist in a multi\-instance configuration, use: .IP # postfix status .PP This enumerates the status of all Postfix instances within -a multi-instance configuration. +a multi\-instance configuration. .SH "MANAGING AN INDIVIDUAL POSTFIX INSTANCE" .na .nf @@ -56,11 +56,11 @@ a multi-instance configuration. To manage a specific Postfix instance, specify its configuration directory on the postfix(1) command line: .IP -# postfix -c \fI/path/to/config_directory command\fR +# postfix \-c \fI/path/to/config_directory command\fR .PP Alternatively, the postfix(1) command accepts the instance's configuration directory via the MAIL_CONFIG environment -variable (the -c command-line option has higher precedence). +variable (the \-c command\-line option has higher precedence). Otherwise, the postfix(1) command will operate on all Postfix instances. @@ -69,22 +69,22 @@ instances. .nf .ad .fi -By default, the postfix(1) command operates in single-instance -mode. In this mode the command invokes the postfix-script +By default, the postfix(1) command operates in single\-instance +mode. In this mode the command invokes the postfix\-script file directly (currently installed in the daemon directory). This file contains the commands that start or stop one Postfix instance, that upgrade the configuration of one Postfix instance, and so on. -When the postfix(1) command operates in multi-instance mode +When the postfix(1) command operates in multi\-instance mode as discussed below, the command needs to execute start, stop, etc. commands for each Postfix instance. This -multiplication of commands is handled by a multi-instance +multiplication of commands is handled by a multi\-instance manager program. -Turning on postfix(1) multi-instance mode goes as follows: +Turning on postfix(1) multi\-instance mode goes as follows: in the default Postfix instance's main.cf file, 1) specify -the pathname of a multi-instance manager program with the +the pathname of a multi\-instance manager program with the multi_instance_wrapper parameter; 2) populate the multi_instance_directories parameter with the configuration directory pathnames of additional Postfix instances. For @@ -92,27 +92,27 @@ example: .IP .nf /etc/postfix/main.cf: - multi_instance_wrapper = $daemon_directory/postfix-wrapper - multi_instance_directories = /etc/postfix-test + multi_instance_wrapper = $daemon_directory/postfix\-wrapper + multi_instance_directories = /etc/postfix\-test .fi .PP -The $daemon_directory/postfix-wrapper file implements a +The $daemon_directory/postfix\-wrapper file implements a simple manager and contains instructions for creating Postfix instances by hand. The postmulti(1) command provides a -more extensive implementation including support for life-cycle +more extensive implementation including support for life\-cycle management. The multi_instance_directories and other main.cf parameters are listed below in the CONFIGURATION PARAMETERS section. -In multi-instance mode, the postfix(1) command invokes the -$multi_instance_wrapper command instead of the postfix-script -file. This multi-instance manager in turn executes the -postfix(1) command in single-instance mode for each Postfix +In multi\-instance mode, the postfix(1) command invokes the +$multi_instance_wrapper command instead of the postfix\-script +file. This multi\-instance manager in turn executes the +postfix(1) command in single\-instance mode for each Postfix instance. -To illustrate the main ideas behind multi-instance operation, -below is an example of a simple but useful multi-instance +To illustrate the main ideas behind multi\-instance operation, +below is an example of a simple but useful multi\-instance manager implementation: .IP .nf @@ -122,7 +122,7 @@ manager implementation: POSTCONF=$command_directory/postconf POSTFIX=$command_directory/postfix -instance_dirs=\`$POSTCONF -h multi_instance_directories | +instance_dirs=\`$POSTCONF \-h multi_instance_directories | sed 's/,/ /'\` || exit 1 err=0 @@ -130,16 +130,16 @@ for dir in $config_directory $instance_dirs do case "$1" in stop|abort|flush|reload|drain) - test "\`$POSTCONF -c $dir -h multi_instance_enable\`" \e + test "\`$POSTCONF \-c $dir \-h multi_instance_enable\`" \e = yes || continue;; start) - test "\`$POSTCONF -c $dir -h multi_instance_enable\`" \e + test "\`$POSTCONF \-c $dir \-h multi_instance_enable\`" \e = yes || { - $POSTFIX -c $dir check || err=$? + $POSTFIX \-c $dir check || err=$? continue };; esac - $POSTFIX -c $dir "$@" || err=$? + $POSTFIX \-c $dir "$@" || err=$? done exit $err @@ -150,22 +150,22 @@ exit $err .ad .fi Each Postfix instance has its own main.cf file with parameters -that control how the multi-instance manager operates on +that control how the multi\-instance manager operates on that instance. This section discusses the most important settings. The setting "multi_instance_enable = yes" allows the -multi-instance manager to start (stop, etc.) the corresponding +multi\-instance manager to start (stop, etc.) the corresponding Postfix instance. For safety reasons, this setting is not the default. The default setting "multi_instance_enable = no" is useful -for manual testing with "postfix -c \fI/path/name\fR start" -etc. The multi-instance manager will not start such an +for manual testing with "postfix \-c \fI/path/name\fR start" +etc. The multi\-instance manager will not start such an instance, and it will skip commands such as "stop" or "flush" -that require a running Postfix instance. The multi-instance -manager will execute commands such as "check", "set-permissions" -or "upgrade-configuration", and it will replace "start" by +that require a running Postfix instance. The multi\-instance +manager will execute commands such as "check", "set\-permissions" +or "upgrade\-configuration", and it will replace "start" by "check" so that problems will be reported even when the instance is disabled. .SH "MAINTAINING SHARED AND NON-SHARED FILES" @@ -174,16 +174,16 @@ instance is disabled. .ad .fi Some files are shared between Postfix instances, such as -executables and manpages, and some files are per-instance, +executables and manpages, and some files are per\-instance, such as configuration files, mail queue files, and data -files. See the NON-SHARED FILES section below for a list -of per-instance files. +files. See the NON\-SHARED FILES section below for a list +of per\-instance files. -Before Postfix multi-instance support was implemented, the +Before Postfix multi\-instance support was implemented, the executables, manpages, etc., have always been maintained as part of the default Postfix instance. -With multi-instance support, we simply continue to do this. +With multi\-instance support, we simply continue to do this. Specifically, a Postfix instance will not check or update shared files when that instance's config_directory value is listed with the default main.cf file's multi_instance_directories @@ -197,29 +197,29 @@ instances. .nf .ad .fi -Only the multi-instance manager implements support for the +Only the multi\-instance manager implements support for the multi_instance_enable configuration parameter. The -multi-instance manager will start only Postfix instances +multi\-instance manager will start only Postfix instances whose main.cf file has "multi_instance_enable = yes". A setting of "no" allows a Postfix instance to be tested by hand. The postfix(1) command operates on only one Postfix instance -when the -c option is specified, or when MAIL_CONFIG is +when the \-c option is specified, or when MAIL_CONFIG is present in the process environment. This is necessary to terminate recursion. Otherwise, when the multi_instance_directories parameter -value is non-empty, the postfix(1) command executes the +value is non\-empty, the postfix(1) command executes the command specified with the multi_instance_wrapper parameter, -instead of executing the commands in postfix-script. +instead of executing the commands in postfix\-script. -The multi-instance manager skips commands such as "stop" +The multi\-instance manager skips commands such as "stop" or "reload" that require a running Postfix instance, when an instance does not have "multi_instance_enable = yes". This avoids false error messages. -The multi-instance manager replaces a "start" command by +The multi\-instance manager replaces a "start" command by "check" when a Postfix instance's main.cf file does not have "multi_instance_enable = yes". This substitution ensures that problems will be reported even when the instance is @@ -231,15 +231,15 @@ default main.cf's multi_instance_directories parameter value. Therefore, the default instance should be checked and updated before any Postfix instances that depend on it. -Set-gid commands such as postdrop(1) and postqueue(1) +Set\-gid commands such as postdrop(1) and postqueue(1) effectively append the multi_instance_directories parameter value to the legacy alternate_config_directories parameter value. The commands use this information to determine whether -a -c option or MAIL_CONFIG environment setting specifies a +a \-c option or MAIL_CONFIG environment setting specifies a legitimate value. The legacy alternate_config_directories parameter remains -necessary for non-default Postfix instances that are running +necessary for non\-default Postfix instances that are running different versions of Postfix, or that are not managed together with the default Postfix instance. .SH "ENVIRONMENT VARIABLES" @@ -250,7 +250,7 @@ together with the default Postfix instance. .IP MAIL_CONFIG When present, this forces the postfix(1) command to operate only on the specified Postfix instance. This environment -variable is exported by the postfix(1) -c option, so that +variable is exported by the postfix(1) \-c option, so that postfix(1) commands in descendant processes will work correctly. .SH "CONFIGURATION PARAMETERS" @@ -261,22 +261,22 @@ correctly. The text below provides only a parameter summary. See postconf(5) for more details. .IP "\fBmulti_instance_directories (empty)\fR" -An optional list of non-default Postfix configuration directories; +An optional list of non\-default Postfix configuration directories; these directories belong to additional Postfix instances that share the Postfix executable files and documentation with the default Postfix instance, and that are started, stopped, etc., together with the default Postfix instance. .IP "\fBmulti_instance_wrapper (empty)\fR" -The pathname of a multi-instance manager command that the +The pathname of a multi\-instance manager command that the \fBpostfix\fR(1) command invokes when the multi_instance_directories -parameter value is non-empty. +parameter value is non\-empty. .IP "\fBmulti_instance_name (empty)\fR" The optional instance name of this Postfix instance. .IP "\fBmulti_instance_group (empty)\fR" The optional instance group name of this Postfix instance. .IP "\fBmulti_instance_enable (no)\fR" Allow this Postfix instance to be started, stopped, etc., by a -multi-instance manager. +multi\-instance manager. .SH "NON-SHARED FILES" .na .nf @@ -286,16 +286,16 @@ multi-instance manager. The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdata_directory (see 'postconf -d' output)\fR" -The directory with Postfix-writable data files (for example: -caches, pseudo-random numbers). +The directory with Postfix\-writable data files (for example: +caches, pseudo\-random numbers). .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .SH "SEE ALSO" .na .nf postfix(1) Postfix control program -postmulti(1) full-blown multi-instance manager -$daemon_directory/postfix-wrapper simple multi-instance manager +postmulti(1) full\-blown multi\-instance manager +$daemon_directory/postfix\-wrapper simple multi\-instance manager .SH "LICENSE" .na .nf diff --git a/postfix/man/man5/regexp_table.5 b/postfix/man/man5/regexp_table.5 index ac0fe4f41..3aa9c261d 100644 --- a/postfix/man/man5/regexp_table.5 +++ b/postfix/man/man5/regexp_table.5 @@ -8,9 +8,9 @@ format of Postfix regular expression tables .SH "SYNOPSIS" .na .nf -\fBpostmap -q "\fIstring\fB" regexp:/etc/postfix/\fIfilename\fR +\fBpostmap \-q "\fIstring\fB" regexp:/etc/postfix/\fIfilename\fR -\fBpostmap -q - regexp:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +\fBpostmap \-q \- regexp:/etc/postfix/\fIfilename\fB <\fIinputfile\fR .SH DESCRIPTION .ad .fi @@ -24,12 +24,12 @@ list of patterns. When a match is found, the corresponding result is returned and the search is terminated. To find out what types of lookup tables your Postfix system -supports use the "\fBpostconf -m\fR" command. +supports use the "\fBpostconf \-m\fR" command. -To test lookup tables, use the "\fBpostmap -q\fR" command -as described in the SYNOPSIS above. Use "\fBpostmap -hmq --\fR <\fIfile\fR" for header_checks(5) patterns, and -"\fBpostmap -bmq -\fR <\fIfile\fR" for body_checks(5) +To test lookup tables, use the "\fBpostmap \-q\fR" command +as described in the SYNOPSIS above. Use "\fBpostmap \-hmq +\-\fR <\fIfile\fR" for header_checks(5) patterns, and +"\fBpostmap \-bmq \-\fR <\fIfile\fR" for body_checks(5) (Postfix 2.6 and later). .SH "COMPATIBILITY" .na @@ -37,7 +37,7 @@ as described in the SYNOPSIS above. Use "\fBpostmap -hmq .ad .fi With Postfix version 2.2 and earlier specify "\fBpostmap --fq\fR" to query a table that contains case sensitive +\-fq\fR" to query a table that contains case sensitive patterns. Patterns are case insensitive by default. .SH "TABLE FORMAT" .na @@ -72,10 +72,10 @@ Note: do not prepend whitespace to patterns inside .sp This feature is available in Postfix 2.1 and later. .IP "blank lines and comments" -Empty lines and whitespace-only lines are ignored, as -are lines whose first non-whitespace character is a `#'. -.IP "multi-line text" -A logical line starts with non-whitespace text. A line that +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP "multi\-line text" +A logical line starts with non\-whitespace text. A line that starts with whitespace continues a logical line. .PP Each pattern is a POSIX regular expression enclosed by a pair of @@ -83,12 +83,12 @@ delimiters. The regular expression syntax is documented in \fBre_format\fR(7) with 4.4BSD, in \fBregex\fR(5) with Solaris, and in \fBregex\fR(7) with Linux. Other systems may use other document names. -The expression delimiter can be any non-alphanumerical +The expression delimiter can be any non\-alphanumerical character, except whitespace or characters that have special meaning (traditionally the forward slash is used). The regular expression can contain whitespace. -By default, matching is case-insensitive, and newlines are not +By default, matching is case\-insensitive, and newlines are not treated as special characters. The behavior is controlled by flags, which are toggled by appending one or more of the following characters after the pattern: @@ -96,7 +96,7 @@ characters after the pattern: Toggles the case sensitivity flag. By default, matching is case insensitive. .IP "\fBm\fR (default: off)" -Toggle the multi-line mode flag. When this flag is on, the \fB^\fR +Toggle the multi\-line mode flag. When this flag is on, the \fB^\fR and \fB$\fR metacharacters match immediately after and immediately before a newline character, respectively, in addition to matching at the start and end of the input string. @@ -136,17 +136,17 @@ available for negated patterns. .SH "EXAMPLE SMTPD ACCESS MAP" .na .nf -# Disallow sender-specified routing. This is a must if you relay mail +# Disallow sender\-specified routing. This is a must if you relay mail # for other domains. -/[%!@].*[%!@]/ 550 Sender-specified routing rejected +/[%!@].*[%!@]/ 550 Sender\-specified routing rejected # Postmaster is OK, that way they can talk to us about how to fix # their problem. /^postmaster@/ OK # Protect your outgoing majordomo exploders -if !/^owner-/ -/^(.*)-outgoing@(.*)$/ 550 Use ${1}@${2} instead +if !/^owner\-/ +/^(.*)\-outgoing@(.*)$/ 550 Use ${1}@${2} instead endif .SH "EXAMPLE HEADER FILTER MAP" .na diff --git a/postfix/man/man5/relocated.5 b/postfix/man/man5/relocated.5 index 66798dd05..6d50657e8 100644 --- a/postfix/man/man5/relocated.5 +++ b/postfix/man/man5/relocated.5 @@ -25,11 +25,11 @@ file after changing the corresponding relocated table. When the table is provided via other means such as NIS, LDAP or SQL, the same lookups are done as for ordinary indexed files. -Alternatively, the table can be provided as a regular-expression +Alternatively, the table can be provided as a regular\-expression map where patterns are given as regular expressions, or lookups -can be directed to TCP-based server. In those case, the lookups +can be directed to TCP\-based server. In those case, the lookups are done in a slightly different way as described below under -"REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES". +"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES". Table lookups are case insensitive. .SH "CASE FOLDING" @@ -57,10 +57,10 @@ An entry has one of the following form: Where \fInew_location\fR specifies contact information such as an email address, or perhaps a street address or telephone number. .IP \(bu -Empty lines and whitespace-only lines are ignored, as -are lines whose first non-whitespace character is a `#'. +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. .IP \(bu -A logical line starts with non-whitespace text. A line that +A logical line starts with non\-whitespace text. A line that starts with whitespace continues a logical line. .SH "TABLE SEARCH ORDER" .na @@ -96,7 +96,7 @@ When a mail address localpart contains the optional recipient delimiter .fi This section describes how the table lookups change when the table is given in the form of regular expressions or when lookups are -directed to a TCP-based server. For a description of regular +directed to a TCP\-based server. For a description of regular expression lookup table syntax, see \fBregexp_table\fR(5) or \fBpcre_table\fR(5). For a description of the TCP client/server table lookup protocol, see \fBtcp_table\fR(5). @@ -119,7 +119,7 @@ pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. .ad .fi This section describes how the table lookups change when lookups -are directed to a TCP-based server. For a description of the TCP +are directed to a TCP\-based server. For a description of the TCP client/server lookup protocol, see \fBtcp_table\fR(5). This feature is not available up to and including Postfix version 2.4. @@ -151,14 +151,14 @@ You need to stop and start Postfix when this parameter changes. .IP \fBmydestination\fR List of domains that this mail system considers local. .IP \fBmyorigin\fR -The domain that is appended to locally-posted mail. +The domain that is appended to locally\-posted mail. .IP \fBproxy_interfaces\fR Other interfaces that this machine receives mail on by way of a proxy agent or network address translator. .SH "SEE ALSO" .na .nf -trivial-rewrite(8), address resolver +trivial\-rewrite(8), address resolver postmap(1), Postfix lookup table manager postconf(5), configuration parameters .SH "README FILES" diff --git a/postfix/man/man5/socketmap_table.5 b/postfix/man/man5/socketmap_table.5 index 50376eb8a..07a59da07 100644 --- a/postfix/man/man5/socketmap_table.5 +++ b/postfix/man/man5/socketmap_table.5 @@ -8,13 +8,13 @@ Postfix socketmap table lookup client .SH "SYNOPSIS" .na .nf -\fBpostmap -q "\fIstring\fB" socketmap:inet:\fIhost\fB:\fIport\fB:\fIname\fR +\fBpostmap \-q "\fIstring\fB" socketmap:inet:\fIhost\fB:\fIport\fB:\fIname\fR .br -\fBpostmap -q "\fIstring\fB" socketmap:unix:\fIpathname\fB:\fIname\fR +\fBpostmap \-q "\fIstring\fB" socketmap:unix:\fIpathname\fB:\fIname\fR -\fBpostmap -q - socketmap:inet:\fIhost\fB:\fIport\fB:\fIname\fB <\fIinputfile\fR +\fBpostmap \-q \- socketmap:inet:\fIhost\fB:\fIport\fB:\fIname\fB <\fIinputfile\fR .br -\fBpostmap -q - socketmap:unix:\fIpathname\fB:\fIname\fB <\fIinputfile\fR +\fBpostmap \-q \- socketmap:unix:\fIpathname\fB:\fIname\fB <\fIinputfile\fR .SH DESCRIPTION .ad .fi @@ -23,7 +23,7 @@ rewriting. mail routing or policy lookup. The Postfix socketmap client expects TCP endpoint names of the form \fBinet:\fIhost\fB:\fIport\fB:\fIname\fR, or -UNIX-domain endponts of the form \fBunix:\fIpathname\fB:\fIname\fR. +UNIX\-domain endpoints of the form \fBunix:\fIpathname\fB:\fIname\fR. In both cases, \fIname\fR specifies the name field in a socketmap client request (see "REQUEST FORMAT" below). .SH "PROTOCOL" @@ -43,7 +43,7 @@ The socketmap protocol supports only the lookup request. Postfix will not generate partial search keys such as domain names without one or more subdomains, network addresses -without one or more least-significant octets, or email +without one or more least\-significant octets, or email addresses without the localpart, address extension or domain portion. This behavior is also found with cidr:, pcre:, and regexp: tables. @@ -64,12 +64,12 @@ The requested data was not found. .IP "\fBTEMP \fIreason\fR" .IP "\fBTIMEOUT \fIreason\fR" .IP "\fBPERM \fIreason\fR" -The request failed. The reason, if non-empty, is descriptive +The request failed. The reason, if non\-empty, is descriptive text. .SH "SECURITY" .na .nf -This map cannot be used for security-sensitive information, +This map cannot be used for security\-sensitive information, because neither the connection nor the server are authenticated. .SH "SEE ALSO" .na diff --git a/postfix/man/man5/sqlite_table.5 b/postfix/man/man5/sqlite_table.5 index 40495546c..5ad050336 100644 --- a/postfix/man/man5/sqlite_table.5 +++ b/postfix/man/man5/sqlite_table.5 @@ -8,9 +8,9 @@ Postfix SQLite configuration .SH "SYNOPSIS" .na .nf -\fBpostmap -q "\fIstring\fB" sqlite:/etc/postfix/\fIfilename\fR +\fBpostmap \-q "\fIstring\fB" sqlite:/etc/postfix/\fIfilename\fR -\fBpostmap -q - sqlite:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +\fBpostmap \-q \- sqlite:/etc/postfix/\fIfilename\fB <\fIinputfile\fR .SH DESCRIPTION .ad .fi @@ -22,10 +22,10 @@ Alternatively, lookup tables can be specified as SQLite databases. In order to use SQLite lookups, define an SQLite source as a lookup table in main.cf, for example: .nf - alias_maps = sqlite:/etc/sqlite-aliases.cf + alias_maps = sqlite:/etc/sqlite\-aliases.cf .fi -The file /etc/postfix/sqlite-aliases.cf has the same format as +The file /etc/postfix/sqlite\-aliases.cf has the same format as the Postfix main.cf file, and can specify the parameters described below. .SH "BACKWARDS COMPATIBILITY" @@ -118,11 +118,11 @@ When the input key is an address of the form user@domain, \fB%d\fR is replaced by the SQL quoted domain part of the address. Otherwise, the query is suppressed and returns no results. .IP "\fB\fB%[SUD]\fR\fR" -The upper-case equivalents of the above expansions behave in the -\fBquery\fR parameter identically to their lower-case counter-parts. +The upper\-case equivalents of the above expansions behave in the +\fBquery\fR parameter identically to their lower\-case counter\-parts. With the \fBresult_format\fR parameter (see below), they expand the input key rather than the result value. -.IP "\fB\fB%[1-9]\fR\fR" +.IP "\fB\fB%[1\-9]\fR\fR" The patterns %1, %2, ... %9 are replaced by the corresponding most significant component of the input key's domain. If the input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR, @@ -134,8 +134,8 @@ no results. .IP The \fBdomain\fR parameter described below limits the input keys to addresses in matching domains. When the \fBdomain\fR -parameter is non-empty, SQL queries for unqualified addresses -or addresses in non-matching domains are suppressed +parameter is non\-empty, SQL queries for unqualified addresses +or addresses in non\-matching domains are suppressed and return no results. This parameter is available with Postfix 2.2. In prior releases @@ -175,8 +175,8 @@ When a result attribute value is an address of the form user@domain, \fB%d\fR is replaced by the domain part of the attribute value. When the result is unqualified it is skipped. -.IP "\fB\fB%[SUD1-9]\fR\fB" -The upper-case and decimal digit expansions interpolate +.IP "\fB\fB%[SUD1\-9]\fR\fB" +The upper\-case and decimal digit expansions interpolate the parts of the input key rather than the result. Their behavior is identical to that described with \fBquery\fR, and in fact because the input key is known in advance, queries @@ -201,7 +201,7 @@ NOTE: DO NOT put quotes around the result format! .IP "\fBdomain (default: no domain list)\fR" This is a list of domain names, paths to files, or dictionaries. When specified, only fully qualified search -keys with a *non-empty* localpart and a matching domain +keys with a *non\-empty* localpart and a matching domain are eligible for lookup: 'user' lookups, bare domain lookups and "@domain" lookups are not performed. This can significantly reduce the query load on the SQLite server. diff --git a/postfix/man/man5/tcp_table.5 b/postfix/man/man5/tcp_table.5 index d5d195c44..5423cf4fa 100644 --- a/postfix/man/man5/tcp_table.5 +++ b/postfix/man/man5/tcp_table.5 @@ -8,9 +8,9 @@ Postfix client/server table lookup protocol .SH "SYNOPSIS" .na .nf -\fBpostmap -q "\fIstring\fB" tcp:\fIhost:port\fR +\fBpostmap \-q "\fIstring\fB" tcp:\fIhost:port\fR -\fBpostmap -q - tcp:\fIhost:port\fB <\fIinputfile\fR +\fBpostmap \-q \- tcp:\fIhost:port\fB <\fIinputfile\fR .SH DESCRIPTION .ad .fi @@ -20,9 +20,9 @@ rewriting or mail routing. These tables are usually in can be directed to a TCP server. To find out what types of lookup tables your Postfix system -supports use the "\fBpostconf -m\fR" command. +supports use the "\fBpostconf \-m\fR" command. -To test lookup tables, use the "\fBpostmap -q\fR" command as +To test lookup tables, use the "\fBpostmap \-q\fR" command as described in the SYNOPSIS above. .SH "PROTOCOL DESCRIPTION" .na @@ -69,7 +69,7 @@ the text contains an encoded version of the requested data. .nf .ad .fi -In request and reply parameters, the character %, each non-printing +In request and reply parameters, the character %, each non\-printing character, and each whitespace character must be replaced by %XX, where XX is the corresponding ASCII hexadecimal character value. The hexadecimal codes can be specified in any case (upper, lower, mixed). @@ -83,7 +83,7 @@ is guaranteed to not contain the % or NEWLINE character. .ad .fi Do not use TCP lookup tables for security critical purposes. -The client-server connection is not protected and the server +The client\-server connection is not protected and the server is not authenticated. .SH BUGS .ad diff --git a/postfix/man/man5/transport.5 b/postfix/man/man5/transport.5 index 288923f23..ecede5f47 100644 --- a/postfix/man/man5/transport.5 +++ b/postfix/man/man5/transport.5 @@ -10,18 +10,18 @@ Postfix transport table format .nf \fBpostmap /etc/postfix/transport\fR -\fBpostmap -q "\fIstring\fB" /etc/postfix/transport\fR +\fBpostmap \-q "\fIstring\fB" /etc/postfix/transport\fR -\fBpostmap -q - /etc/postfix/transport <\fIinputfile\fR +\fBpostmap \-q \- /etc/postfix/transport <\fIinputfile\fR .SH DESCRIPTION .ad .fi The optional \fBtransport\fR(5) table specifies a mapping from email -addresses to message delivery transports and next-hop destinations. +addresses to message delivery transports and next\-hop destinations. Message delivery transports such as \fBlocal\fR or \fBsmtp\fR -are defined in the \fBmaster.cf\fR file, and next-hop +are defined in the \fBmaster.cf\fR file, and next\-hop destinations are typically hosts or domain names. The -table is searched by the \fBtrivial-rewrite\fR(8) daemon. +table is searched by the \fBtrivial\-rewrite\fR(8) daemon. This mapping overrides the default \fItransport\fR:\fInexthop\fR selection that is built into Postfix: @@ -58,11 +58,11 @@ file after changing the corresponding transport table. When the table is provided via other means such as NIS, LDAP or SQL, the same lookups are done as for ordinary indexed files. -Alternatively, the table can be provided as a regular-expression +Alternatively, the table can be provided as a regular\-expression map where patterns are given as regular expressions, or lookups -can be directed to TCP-based server. In those case, the lookups +can be directed to TCP\-based server. In those case, the lookups are done in a slightly different way as described below under -"REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES". +"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES". .SH "CASE FOLDING" .na .nf @@ -82,10 +82,10 @@ The input format for the \fBpostmap\fR(1) command is as follows: When \fIpattern\fR matches the recipient address or domain, use the corresponding \fIresult\fR. .IP "blank lines and comments" -Empty lines and whitespace-only lines are ignored, as -are lines whose first non-whitespace character is a `#'. -.IP "multi-line text" -A logical line starts with non-whitespace text. A line that +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP "multi\-line text" +A logical line starts with non\-whitespace text. A line that starts with whitespace continues a logical line. .PP The \fIpattern\fR specifies an email address, a domain name, or @@ -120,12 +120,12 @@ string \fBtransport_maps\fR is not listed in the Otherwise, a domain name matches itself and its subdomains. .IP "\fB*\fI transport\fR:\fInexthop\fR" The special pattern \fB*\fR represents any address (i.e. it -functions as the wild-card pattern, and is unique to Postfix +functions as the wild\-card pattern, and is unique to Postfix transport tables). .PP Note 1: the null recipient address is looked up as \fB$empty_address_recipient\fR@\fB$myhostname\fR (default: -mailer-daemon@hostname). +mailer\-daemon@hostname). Note 2: \fIuser@domain\fR or \fIuser+extension@domain\fR lookup is available in Postfix 2.0 and later. @@ -144,7 +144,7 @@ The transport field specifies the name of a mail delivery transport \fBmaster.cf\fR file). The interpretation of the nexthop field is transport -dependent. In the case of SMTP, specify a service on a non-default +dependent. In the case of SMTP, specify a service on a non\-default port as \fIhost\fR:\fIservice\fR, and disable MX (mail exchanger) DNS lookups with [\fIhost\fR] or [\fIhost\fR]:\fIport\fR. The [] form is required when you specify an IP address instead of a hostname. @@ -153,10 +153,10 @@ A null \fItransport\fR and null \fInexthop\fR result means "do not change": use the delivery transport and nexthop information that would be used when the entire transport table did not exist. -A non-null \fItransport\fR field with a null \fInexthop\fR field +A non\-null \fItransport\fR field with a null \fInexthop\fR field resets the nexthop information to the recipient domain. -A null \fItransport\fR field with non-null \fInexthop\fR field +A null \fItransport\fR field with non\-null \fInexthop\fR field does not modify the transport information. .SH "EXAMPLES" .na @@ -172,7 +172,7 @@ destinations. .nf \fB\&my.domain :\fR \fB\&.my.domain :\fR - \fB* smtp:outbound-relay.my.domain\fR + \fB* smtp:outbound\-relay.my.domain\fR .fi In order to send mail for \fBexample.com\fR and its subdomains @@ -244,7 +244,7 @@ nor is \fIuser+foo@domain\fR looked up as \fIuser@domain\fR. Patterns are applied in the order as specified in the table, until a pattern is found that matches the search string. -The \fBtrivial-rewrite\fR(8) server disallows regular +The \fBtrivial\-rewrite\fR(8) server disallows regular expression substitution of $1 etc. in regular expression lookup tables, because that could open a security hole (Postfix version 2.3 and later). @@ -254,7 +254,7 @@ lookup tables, because that could open a security hole .ad .fi This section describes how the table lookups change when lookups -are directed to a TCP-based server. For a description of the TCP +are directed to a TCP\-based server. For a description of the TCP client/server lookup protocol, see \fBtcp_table\fR(5). This feature is not available up to and including Postfix version 2.4. @@ -282,7 +282,7 @@ List of transport lookup tables. .SH "SEE ALSO" .na .nf -trivial-rewrite(8), rewrite and resolve addresses +trivial\-rewrite(8), rewrite and resolve addresses master(5), master.cf file format postconf(5), configuration parameters postmap(1), Postfix lookup table manager diff --git a/postfix/man/man5/virtual.5 b/postfix/man/man5/virtual.5 index a8c80ecd4..b1ef12152 100644 --- a/postfix/man/man5/virtual.5 +++ b/postfix/man/man5/virtual.5 @@ -10,9 +10,9 @@ Postfix virtual alias table format .nf \fBpostmap /etc/postfix/virtual\fR -\fBpostmap -q "\fIstring\fB" /etc/postfix/virtual\fR +\fBpostmap \-q "\fIstring\fB" /etc/postfix/virtual\fR -\fBpostmap -q - /etc/postfix/virtual <\fIinputfile\fR +\fBpostmap \-q \- /etc/postfix/virtual <\fIinputfile\fR .SH DESCRIPTION .ad .fi @@ -51,11 +51,11 @@ file after changing the corresponding text file. When the table is provided via other means such as NIS, LDAP or SQL, the same lookups are done as for ordinary indexed files. -Alternatively, the table can be provided as a regular-expression +Alternatively, the table can be provided as a regular\-expression map where patterns are given as regular expressions, or lookups -can be directed to TCP-based server. In those case, the lookups +can be directed to TCP\-based server. In those case, the lookups are done in a slightly different way as described below under -"REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES". +"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES". .SH "CASE FOLDING" .na .nf @@ -75,10 +75,10 @@ The input format for the \fBpostmap\fR(1) command is as follows: When \fIpattern\fR matches a mail address, replace it by the corresponding \fIaddress\fR. .IP "blank lines and comments" -Empty lines and whitespace-only lines are ignored, as -are lines whose first non-whitespace character is a `#'. -.IP "multi-line text" -A logical line starts with non-whitespace text. A line that +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP "multi\-line text" +A logical line starts with non\-whitespace text. A line that starts with whitespace continues a logical line. .SH "TABLE SEARCH ORDER" .na @@ -99,17 +99,17 @@ or $\fBproxy_interfaces\fR. .sp This functionality overlaps with functionality of the local \fIaliases\fR(5) database. The difference is that \fBvirtual\fR(5) -mapping can be applied to non-local addresses. +mapping can be applied to non\-local addresses. .IP "@\fIdomain address, address, ...\fR" Redirect mail for other users in \fIdomain\fR to \fIaddress\fR. This form has the lowest precedence. .sp -Note: @\fIdomain\fR is a wild-card. With this form, the +Note: @\fIdomain\fR is a wild\-card. With this form, the Postfix SMTP server accepts mail for any recipient in \fIdomain\fR, regardless of whether that recipient exists. This may turn your mail system into a backscatter source: Postfix first accepts mail for -non-existent recipients and then tries to return that mail +non\-existent recipients and then tries to return that mail as "undeliverable" to the often forged sender address. .SH "RESULT ADDRESS REWRITING" .na @@ -120,7 +120,7 @@ The lookup result is subject to address rewriting: .IP \(bu When the result has the form @\fIotherdomain\fR, the result becomes the same \fIuser\fR in \fIotherdomain\fR. -This works only for the first address in a multi-address +This works only for the first address in a multi\-address lookup result. .IP \(bu When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR" @@ -156,10 +156,10 @@ delivery agent. With virtual mailbox domains, each recipient address can have its own mailbox. With a virtual alias domain, the virtual domain has its -own user name space. Local (i.e. non-virtual) usernames are not +own user name space. Local (i.e. non\-virtual) usernames are not visible in a virtual alias domain. In particular, local \fBaliases\fR(5) and local mailing lists are not visible as -\fIlocalname@virtual-alias.domain\fR. +\fIlocalname@virtual\-alias.domain\fR. Support for a virtual alias domain looks like: @@ -169,17 +169,17 @@ Support for a virtual alias domain looks like: .fi Note: some systems use \fBdbm\fR databases instead of \fBhash\fR. -See the output from "\fBpostconf -m\fR" for available database types. +See the output from "\fBpostconf \-m\fR" for available database types. .nf /etc/postfix/virtual: - \fIvirtual-alias.domain anything\fR (right-hand content does not matter) - \fIpostmaster@virtual-alias.domain postmaster\fR - \fIuser1@virtual-alias.domain address1\fR - \fIuser2@virtual-alias.domain address2, address3\fR + \fIvirtual\-alias.domain anything\fR (right\-hand content does not matter) + \fIpostmaster@virtual\-alias.domain postmaster\fR + \fIuser1@virtual\-alias.domain address1\fR + \fIuser2@virtual\-alias.domain address2, address3\fR .fi .sp -The \fIvirtual-alias.domain anything\fR entry is required for a +The \fIvirtual\-alias.domain anything\fR entry is required for a virtual alias domain. \fBWithout this entry, mail is rejected with "relay access denied", or bounces with "mail loops back to myself".\fR @@ -188,8 +188,8 @@ Do not specify virtual alias domain names in the \fBmain.cf mydestination\fR or \fBrelay_domains\fR configuration parameters. With a virtual alias domain, the Postfix SMTP server -accepts mail for \fIknown-user@virtual-alias.domain\fR, and rejects -mail for \fIunknown-user\fR@\fIvirtual-alias.domain\fR as undeliverable. +accepts mail for \fIknown\-user@virtual\-alias.domain\fR, and rejects +mail for \fIunknown\-user\fR@\fIvirtual\-alias.domain\fR as undeliverable. Instead of specifying the virtual alias domain name via the \fBvirtual_alias_maps\fR table, you may also specify it via @@ -223,7 +223,7 @@ pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. .ad .fi This section describes how the table lookups change when lookups -are directed to a TCP-based server. For a description of the TCP +are directed to a TCP\-based server. For a description of the TCP client/server lookup protocol, see \fBtcp_table\fR(5). This feature is not available up to and including Postfix version 2.4. @@ -266,7 +266,7 @@ List of domains that this mail system considers local. .IP \fBmyorigin\fR The domain that is appended to any address that does not have a domain. .IP \fBowner_request_special\fR -Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR +Give special treatment to \fBowner\-\fIxxx\fR and \fIxxx\fB\-request\fR addresses. .IP \fBproxy_interfaces\fR Other interfaces that this machine receives mail on by way of a diff --git a/postfix/man/man8/anvil.8 b/postfix/man/man8/anvil.8 index 24224fa4b..4aff7adcf 100644 --- a/postfix/man/man8/anvil.8 +++ b/postfix/man/man8/anvil.8 @@ -22,7 +22,7 @@ by the Postfix \fBmaster\fR(8) server. In the following text, \fBident\fR specifies a (service, client) combination. The exact syntax of that information -is application-dependent; the \fBanvil\fR(8) server does +is application\-dependent; the \fBanvil\fR(8) server does not care. .SH "CONNECTION COUNT/RATE CONTROL" .na @@ -152,12 +152,12 @@ combination specified with \fBident\fR: The \fBanvil\fR(8) server does not talk to the network or to local users, and can run chrooted at fixed low privilege. -The \fBanvil\fR(8) server maintains an in-memory table with +The \fBanvil\fR(8) server maintains an in\-memory table with information about recent clients requests. No persistent state is kept because standard system library routines are -not sufficiently robust for update-intensive applications. +not sufficiently robust for update\-intensive applications. -Although the in-memory state is kept only temporarily, this +Although the in\-memory state is kept only temporarily, this may require a lot of memory on systems that handle connections from many remote clients. To reduce memory usage, reduce the time unit over which state is kept. @@ -197,7 +197,7 @@ it does not explicitly limit them. .nf .ad .fi -On low-traffic mail systems, changes to \fBmain.cf\fR are +On low\-traffic mail systems, changes to \fBmain.cf\fR are picked up automatically as \fBanvil\fR(8) processes run for only a limited amount of time. On other mail systems, use the command "\fBpostfix reload\fR" to speed up a change. @@ -215,7 +215,7 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBipc_timeout (3600s)\fR" The time limit for sending or receiving information over an internal communication channel. @@ -225,9 +225,9 @@ for an incoming connection before terminating voluntarily. .IP "\fBmax_use (100)\fR" The maximal number of incoming connections that a Postfix daemon process will service before terminating voluntarily. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. diff --git a/postfix/man/man8/bounce.8 b/postfix/man/man8/bounce.8 index 76a315357..1e9de3b15 100644 --- a/postfix/man/man8/bounce.8 +++ b/postfix/man/man8/bounce.8 @@ -12,7 +12,7 @@ Postfix delivery status reports .SH DESCRIPTION .ad .fi -The \fBbounce\fR(8) daemon maintains per-message log files with +The \fBbounce\fR(8) daemon maintains per\-message log files with delivery status information. Each log file is named after the queue file that it corresponds to, and is kept in a queue subdirectory named after the service name in the \fBmaster.cf\fR file (either @@ -22,20 +22,20 @@ manager. The \fBbounce\fR(8) daemon processes two types of service requests: .IP \(bu -Append a recipient (non-)delivery status record to a per-message +Append a recipient (non\-)delivery status record to a per\-message log file. .IP \(bu Enqueue a delivery status notification message, with a copy -of a per-message log file and of the corresponding message. +of a per\-message log file and of the corresponding message. When the delivery status notification message is -enqueued successfully, the per-message log file is deleted. +enqueued successfully, the per\-message log file is deleted. .PP -The software does a best notification effort. A non-delivery +The software does a best notification effort. A non\-delivery notification is sent even when the log file or the original message cannot be read. Optionally, a bounce (defer, trace) client can request that the -per-message log file be deleted when the requested operation fails. +per\-message log file be deleted when the requested operation fails. This is used by clients that cannot retry transactions by themselves, and that depend on retry logic in their own client. .SH "STANDARDS" @@ -46,7 +46,7 @@ RFC 2045 (Format of Internet Message Bodies) RFC 2822 (Internet Message Format) RFC 3462 (Delivery Status Notifications) RFC 3464 (Delivery Status Notifications) -RFC 3834 (Auto-Submitted: message header) +RFC 3834 (Auto\-Submitted: message header) RFC 5322 (Internet Message Format) RFC 6531 (Internationalized SMTP) RFC 6532 (Internationalized Message Format) @@ -78,7 +78,7 @@ of mail that Postfix did not deliver and of SMTP conversation transcripts of mail that Postfix did not receive. .IP "\fBbounce_size_limit (50000)\fR" The maximal amount of original message text that is sent in a -non-delivery notification. +non\-delivery notification. .IP "\fBbounce_template_file (empty)\fR" Pathname of a configuration file with bounce message templates. .IP "\fBconfig_directory (see 'postconf -d' output)\fR" @@ -86,7 +86,7 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBdelay_notice_recipient (postmaster)\fR" The recipient of postmaster notifications with the message headers of mail that cannot be delivered within $delay_warning_time time @@ -101,8 +101,8 @@ file or \fBbounce\fR(8) logfile. The time limit for sending or receiving information over an internal communication channel. .IP "\fBinternal_mail_filter_classes (empty)\fR" -What categories of Postfix-generated mail are subject to -before-queue content inspection by non_smtpd_milters, header_checks +What categories of Postfix\-generated mail are subject to +before\-queue content inspection by non_smtpd_milters, header_checks and body_checks. .IP "\fBmail_name (Postfix)\fR" The mail system name that is displayed in Received: headers, in @@ -115,27 +115,27 @@ The maximal number of incoming connections that a Postfix daemon process will service before terminating voluntarily. .IP "\fBnotify_classes (resource, software)\fR" The list of error classes that are reported to the postmaster. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .PP -Available in Postfix 2.12 and later: +Available in Postfix 3.0 and later: .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" Detect that a message requires SMTPUTF8 support for the specified mail origin classes. .SH "FILES" .na .nf -/var/spool/postfix/bounce/* non-delivery records -/var/spool/postfix/defer/* non-delivery records +/var/spool/postfix/bounce/* non\-delivery records +/var/spool/postfix/defer/* non\-delivery records /var/spool/postfix/trace/* delivery status records .SH "SEE ALSO" .na diff --git a/postfix/man/man8/cleanup.8 b/postfix/man/man8/cleanup.8 index 2c358e8a3..c4d520eb8 100644 --- a/postfix/man/man8/cleanup.8 +++ b/postfix/man/man8/cleanup.8 @@ -18,18 +18,18 @@ manager of its arrival. The \fBcleanup\fR(8) daemon always performs the following transformations: .IP \(bu -Insert missing message headers: (\fBResent-\fR) \fBFrom:\fR, -\fBTo:\fR, \fBMessage-Id:\fR, and \fBDate:\fR. +Insert missing message headers: (\fBResent\-\fR) \fBFrom:\fR, +\fBTo:\fR, \fBMessage\-Id:\fR, and \fBDate:\fR. .IP \(bu Transform envelope and header addresses to the standard -\fIuser@fully-qualified-domain\fR form that is expected by other +\fIuser@fully\-qualified\-domain\fR form that is expected by other Postfix programs. -This task is delegated to the \fBtrivial-rewrite\fR(8) daemon. +This task is delegated to the \fBtrivial\-rewrite\fR(8) daemon. .IP \(bu Eliminate duplicate envelope recipient addresses. .IP \(bu -Remove message headers: \fBBcc\fR, \fBContent-Length\fR, -\fBResent-Bcc\fR, \fBReturn-Path\fR. +Remove message headers: \fBBcc\fR, \fBContent\-Length\fR, +\fBResent\-Bcc\fR, \fBReturn\-Path\fR. .PP The following address transformations are optional: .IP \(bu @@ -68,7 +68,7 @@ Problems and transactions are logged to \fBsyslogd\fR(8). .SH BUGS .ad .fi -Table-driven rewriting rules make it hard to express \fBif then +Table\-driven rewriting rules make it hard to express \fBif then else\fR and other logical relationships. .SH "CONFIGURATION PARAMETERS" .na @@ -94,22 +94,22 @@ message contains no To: or Cc: message header. Available in Postfix version 2.1 only: .IP "\fBenable_errors_to (no)\fR" Report mail delivery errors to the address specified with the -non-standard Errors-To: message header, instead of the envelope +non\-standard Errors\-To: message header, instead of the envelope sender address (this feature is removed with Postfix version 2.2, is turned off by default with Postfix version 2.1, and is always turned on with older Postfix versions). .PP Available in Postfix version 2.6 and later: .IP "\fBalways_add_missing_headers (no)\fR" -Always add (Resent-) From:, To:, Date: or Message-ID: headers +Always add (Resent\-) From:, To:, Date: or Message\-ID: headers when not present. .PP Available in Postfix version 2.9 and later: .IP "\fBenable_long_queue_ids (no)\fR" -Enable long, non-repeating, queue IDs (queue file names). +Enable long, non\-repeating, queue IDs (queue file names). .PP -Available in Postfix version 2.12 and later: -.IP "\fBmessage_drop_headers (bcc, content-length, resent-bcc, return-path)\fR" +Available in Postfix version 3.0 and later: +.IP "\fBmessage_drop_headers (bcc, content\-length, resent\-bcc, return\-path)\fR" Names of message headers that the \fBcleanup\fR(8) daemon will remove after applying \fBheader_checks\fR(5) and before invoking Milter applications. .SH "BUILT-IN CONTENT FILTERING CONTROLS" @@ -117,13 +117,13 @@ after applying \fBheader_checks\fR(5) and before invoking Milter applications. .nf .ad .fi -Postfix built-in content filtering is meant to stop a flood of +Postfix built\-in content filtering is meant to stop a flood of worms or viruses. It is not a general content filter. .IP "\fBbody_checks (empty)\fR" Optional lookup tables for content inspection as specified in the \fBbody_checks\fR(5) manual page. .IP "\fBheader_checks (empty)\fR" -Optional lookup tables for content inspection of primary non-MIME +Optional lookup tables for content inspection of primary non\-MIME message headers, as specified in the \fBheader_checks\fR(5) manual page. .PP Available in Postfix version 2.0 and later: @@ -134,7 +134,7 @@ prefer to use that term) is subjected to body_checks inspection. Optional lookup tables for content inspection of MIME related message headers, as described in the \fBheader_checks\fR(5) manual page. .IP "\fBnested_header_checks ($header_checks)\fR" -Optional lookup tables for content inspection of non-MIME message +Optional lookup tables for content inspection of non\-MIME message headers in attached messages, as described in the \fBheader_checks\fR(5) manual page. .PP @@ -164,7 +164,7 @@ for communication with a Milter application; prior to Postfix 2.6 the default protocol is 2. .IP "\fBmilter_default_action (tempfail)\fR" The default action when a Milter (mail filter) application is -unavailable or mis-configured. +unavailable or mis\-configured. .IP "\fBmilter_macro_daemon_name ($myhostname)\fR" The {daemon_name} macro value for Milter (mail filter) applications. .IP "\fBmilter_macro_v ($mail_name $mail_version)\fR" @@ -198,7 +198,7 @@ The macros that are sent to version 3 or higher Milter (mail filter) applications after an unknown SMTP command. .IP "\fBmilter_end_of_data_macros (see 'postconf -d' output)\fR" The macros that are sent to Milter (mail filter) applications -after the message end-of-data. +after the message end\-of\-data. .PP Available in Postfix version 2.5 and later: .IP "\fBmilter_end_of_header_macros (see 'postconf -d' output)\fR" @@ -224,19 +224,19 @@ The maximal recursion level that the MIME processor will handle. .IP "\fBstrict_8bitmime (no)\fR" Enable both strict_7bit_headers and strict_8bitmime_body. .IP "\fBstrict_7bit_headers (no)\fR" -Reject mail with 8-bit text in message headers. +Reject mail with 8\-bit text in message headers. .IP "\fBstrict_8bitmime_body (no)\fR" -Reject 8-bit message body text without 8-bit MIME content encoding +Reject 8\-bit message body text without 8\-bit MIME content encoding information. .IP "\fBstrict_mime_encoding_domain (no)\fR" -Reject mail with invalid Content-Transfer-Encoding: information +Reject mail with invalid Content\-Transfer\-Encoding: information for the message/* or multipart/* MIME content types. .PP Available in Postfix version 2.5 and later: .IP "\fBdetect_8bit_encoding_header (yes)\fR" Automatically detect 8BITMIME body content by looking at -Content-Transfer-Encoding: message headers; historically, this -behavior was hard-coded to be "always on". +Content\-Transfer\-Encoding: message headers; historically, this +behavior was hard\-coded to be "always on". .SH "AUTOMATIC BCC RECIPIENT CONTROLS" .na .nf @@ -250,19 +250,19 @@ that is received by the Postfix mail system. .PP Available in Postfix version 2.1 and later: .IP "\fBsender_bcc_maps (empty)\fR" -Optional BCC (blind carbon-copy) address lookup tables, indexed +Optional BCC (blind carbon\-copy) address lookup tables, indexed by sender address. .IP "\fBrecipient_bcc_maps (empty)\fR" -Optional BCC (blind carbon-copy) address lookup tables, indexed by +Optional BCC (blind carbon\-copy) address lookup tables, indexed by recipient address. .SH "ADDRESS TRANSFORMATION CONTROLS" .na .nf .ad .fi -Address rewriting is delegated to the \fBtrivial-rewrite\fR(8) daemon. +Address rewriting is delegated to the \fBtrivial\-rewrite\fR(8) daemon. The \fBcleanup\fR(8) server implements table driven address mapping. -.IP "\fBempty_address_recipient (MAILER-DAEMON)\fR" +.IP "\fBempty_address_recipient (MAILER\-DAEMON)\fR" The recipient of mail addressed to the null address. .IP "\fBcanonical_maps (empty)\fR" Optional address mapping lookup tables for message headers and @@ -349,9 +349,21 @@ from each original recipient. .IP "\fBvirtual_alias_recursion_limit (1000)\fR" The maximal nesting depth of virtual alias expansion. .PP -Available in Postfix version 2.12 and later: +Available in Postfix version 3.0 and later: .IP "\fBvirtual_alias_address_length_limit (1000)\fR" The maximal length of an email address after virtual alias expansion. +.SH "SMTPUTF8 CONTROLS" +.na +.nf +.ad +.fi +Preliminary SMTPUTF8 support is introduced with Postfix 3.0. +.IP "\fBsmtputf8_enable (yes)\fR" +Enable preliminary SMTPUTF8 support for the protocols described +in RFC 6531..6533. +.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" +Detect that a message requires SMTPUTF8 support for the specified +mail origin classes. .SH "MISCELLANEOUS CONTROLS" .na .nf @@ -362,10 +374,10 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBdelay_logging_resolution_limit (2)\fR" The maximal number of digits after the decimal point when logging -sub-second delay values. +sub\-second delay values. .IP "\fBdelay_warning_time (0h)\fR" The time after which the sender receives a copy of the message headers of mail that is still queued. @@ -381,14 +393,14 @@ process will service before terminating voluntarily. .IP "\fBmyhostname (see 'postconf -d' output)\fR" The internet hostname of this mail system. .IP "\fBmyorigin ($myhostname)\fR" -The domain name that locally-posted mail appears to come +The domain name that locally\-posted mail appears to come from, and that locally posted mail is delivered to. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsoft_bounce (no)\fR" Safety net to keep mail queued that would otherwise be returned to the sender. @@ -400,7 +412,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd". .PP Available in Postfix version 2.1 and later: .IP "\fBenable_original_recipient (yes)\fR" -Enable support for the X-Original-To message header. +Enable support for the X\-Original\-To message header. .SH "FILES" .na .nf @@ -409,7 +421,7 @@ Enable support for the X-Original-To message header. .SH "SEE ALSO" .na .nf -trivial-rewrite(8), address rewriting +trivial\-rewrite(8), address rewriting qmgr(8), queue manager header_checks(5), message header content inspection body_checks(5), body parts content inspection diff --git a/postfix/man/man8/discard.8 b/postfix/man/man8/discard.8 index 05c283970..171ae0f08 100644 --- a/postfix/man/man8/discard.8 +++ b/postfix/man/man8/discard.8 @@ -15,14 +15,14 @@ Postfix discard mail delivery agent The Postfix \fBdiscard\fR(8) delivery agent processes delivery requests from the queue manager. Each request specifies a queue file, a sender -address, a next-hop destination that is treated as the reason for +address, a next\-hop destination that is treated as the reason for discarding the mail, and recipient information. -The reason may be prefixed with an RFC 3463-compatible detail code. +The reason may be prefixed with an RFC 3463\-compatible detail code. This program expects to be run from the \fBmaster\fR(8) process manager. The \fBdiscard\fR(8) delivery agent pretends to deliver all recipients -in the delivery request, logs the "next-hop" destination +in the delivery request, logs the "next\-hop" destination as the reason for discarding the mail, updates the queue file, and either marks recipients as finished or informs the queue manager that delivery should be tried again at a later time. @@ -34,7 +34,7 @@ daemon as appropriate. .nf .ad .fi -The \fBdiscard\fR(8) mailer is not security-sensitive. It does not talk +The \fBdiscard\fR(8) mailer is not security\-sensitive. It does not talk to the network, and can be run chrooted at fixed low privilege. .SH "STANDARDS" .na @@ -63,11 +63,11 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBdelay_logging_resolution_limit (2)\fR" The maximal number of digits after the decimal point when logging -sub-second delay values. -.IP "\fBdouble_bounce_sender (double-bounce)\fR" +sub\-second delay values. +.IP "\fBdouble_bounce_sender (double\-bounce)\fR" The sender address of postmaster notifications that are generated by the mail system. .IP "\fBipc_timeout (3600s)\fR" @@ -79,12 +79,12 @@ for an incoming connection before terminating voluntarily. .IP "\fBmax_use (100)\fR" The maximal number of incoming connections that a Postfix daemon process will service before terminating voluntarily. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" diff --git a/postfix/man/man8/dnsblog.8 b/postfix/man/man8/dnsblog.8 index 5f1fdcda7..8be212d6e 100644 --- a/postfix/man/man8/dnsblog.8 +++ b/postfix/man/man8/dnsblog.8 @@ -12,7 +12,7 @@ Postfix DNS white/blacklist logger .SH DESCRIPTION .ad .fi -The \fBdnsblog\fR(8) server implements an ad-hoc DNS +The \fBdnsblog\fR(8) server implements an ad\-hoc DNS white/blacklist lookup service. This may eventually be replaced by an UDP client that is built directly into the \fBpostscreen\fR(8) server. @@ -50,19 +50,19 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBpostscreen_dnsbl_sites (empty)\fR" Optional list of DNS white/blacklist domains, filters and weight factors. .IP "\fBipc_timeout (3600s)\fR" The time limit for sending or receiving information over an internal communication channel. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" diff --git a/postfix/man/man8/error.8 b/postfix/man/man8/error.8 index b77ab2910..c8a85c06a 100644 --- a/postfix/man/man8/error.8 +++ b/postfix/man/man8/error.8 @@ -15,17 +15,17 @@ Postfix error/retry mail delivery agent The Postfix \fBerror\fR(8) delivery agent processes delivery requests from the queue manager. Each request specifies a queue file, a sender -address, the reason for non-delivery (specified as the -next-hop destination), and recipient information. -The reason may be prefixed with an RFC 3463-compatible detail code; +address, the reason for non\-delivery (specified as the +next\-hop destination), and recipient information. +The reason may be prefixed with an RFC 3463\-compatible detail code; if none is specified a default 4.0.0 or 5.0.0 code is used instead. This program expects to be run from the \fBmaster\fR(8) process manager. Depending on the service name in master.cf, \fBerror\fR or \fBretry\fR, the server bounces or defers all recipients -in the delivery request using the "next-hop" information -as the reason for non-delivery. The \fBretry\fR service name is +in the delivery request using the "next\-hop" information +as the reason for non\-delivery. The \fBretry\fR service name is supported as of Postfix 2.4. Delivery status reports are sent to the \fBbounce\fR(8), @@ -35,7 +35,7 @@ Delivery status reports are sent to the \fBbounce\fR(8), .nf .ad .fi -The \fBerror\fR(8) mailer is not security-sensitive. It does not talk +The \fBerror\fR(8) mailer is not security\-sensitive. It does not talk to the network, and can be run chrooted at fixed low privilege. .SH "STANDARDS" .na @@ -71,11 +71,11 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBdelay_logging_resolution_limit (2)\fR" The maximal number of digits after the decimal point when logging -sub-second delay values. -.IP "\fBdouble_bounce_sender (double-bounce)\fR" +sub\-second delay values. +.IP "\fBdouble_bounce_sender (double\-bounce)\fR" The sender address of postmaster notifications that are generated by the mail system. .IP "\fBipc_timeout (3600s)\fR" @@ -89,12 +89,12 @@ The maximal number of incoming connections that a Postfix daemon process will service before terminating voluntarily. .IP "\fBnotify_classes (resource, software)\fR" The list of error classes that are reported to the postmaster. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" diff --git a/postfix/man/man8/flush.8 b/postfix/man/man8/flush.8 index 2c33d1061..8ba3c542a 100644 --- a/postfix/man/man8/flush.8 +++ b/postfix/man/man8/flush.8 @@ -15,19 +15,19 @@ Postfix fast flush server The \fBflush\fR(8) server maintains a record of deferred mail by destination. This information is used to improve the performance of the SMTP -\fBETRN\fR request, and of its command-line equivalent, -"\fBsendmail -qR\fR" or "\fBpostqueue -f\fR". +\fBETRN\fR request, and of its command\-line equivalent, +"\fBsendmail \-qR\fR" or "\fBpostqueue \-f\fR". This program expects to be run from the \fBmaster\fR(8) process manager. -The record is implemented as a per-destination logfile with +The record is implemented as a per\-destination logfile with as contents the queue IDs of deferred mail. A logfile is -append-only, and is truncated when delivery is requested +append\-only, and is truncated when delivery is requested for the corresponding destination. A destination is the -part on the right-hand side of the right-most \fB@\fR in +part on the right\-hand side of the right\-most \fB@\fR in an email address. -Per-destination logfiles of deferred mail are maintained only for +Per\-destination logfiles of deferred mail are maintained only for eligible destinations. The list of eligible destinations is specified with the \fBfast_flush_domains\fR configuration parameter, which defaults to \fB$relay_domains\fR. @@ -42,22 +42,22 @@ destination. .IP "\fBsend_file\fI queueid\fR" Request delivery of the specified deferred message. .IP \fBrefresh\fR -Refresh non-empty per-destination logfiles that were not read in +Refresh non\-empty per\-destination logfiles that were not read in \fB$fast_flush_refresh_time\fR hours, by simulating send requests (see above) for the corresponding destinations. .sp -Delete empty per-destination logfiles that were not updated in +Delete empty per\-destination logfiles that were not updated in \fB$fast_flush_purge_time\fR days. .sp This request completes in the background. .IP \fBpurge\fR -Do a \fBrefresh\fR for all per-destination logfiles. +Do a \fBrefresh\fR for all per\-destination logfiles. .SH "SECURITY" .na .nf .ad .fi -The \fBflush\fR(8) server is not security-sensitive. It does not +The \fBflush\fR(8) server is not security\-sensitive. It does not talk to the network, and it does not talk to local users. The fast flush server can run chrooted at fixed low privilege. .SH DIAGNOSTICS @@ -96,15 +96,15 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBfast_flush_domains ($relay_domains)\fR" -Optional list of destinations that are eligible for per-destination +Optional list of destinations that are eligible for per\-destination logfiles with mail that is queued to those destinations. .IP "\fBfast_flush_refresh_time (12h)\fR" -The time after which a non-empty but unread per-destination "fast +The time after which a non\-empty but unread per\-destination "fast flush" logfile needs to be refreshed. .IP "\fBfast_flush_purge_time (7d)\fR" -The time after which an empty per-destination "fast flush" logfile +The time after which an empty per\-destination "fast flush" logfile is deleted. .IP "\fBipc_timeout (3600s)\fR" The time limit for sending or receiving information over an internal @@ -119,12 +119,12 @@ process will service before terminating voluntarily. A list of Postfix features where the pattern "example.com" also matches subdomains of example.com, instead of requiring an explicit ".example.com" pattern. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" diff --git a/postfix/man/man8/local.8 b/postfix/man/man8/local.8 index 9feeaa01b..1c198e0a0 100644 --- a/postfix/man/man8/local.8 +++ b/postfix/man/man8/local.8 @@ -37,9 +37,9 @@ See also under ADDRESS EXTENSION below for a few exceptions. .nf .ad .fi -The system administrator can set up one or more system-wide -\fBsendmail\fR-style alias databases. -Users can have \fBsendmail\fR-style ~/.\fBforward\fR files. +The system administrator can set up one or more system\-wide +\fBsendmail\fR\-style alias databases. +Users can have \fBsendmail\fR\-style ~/.\fBforward\fR files. Mail for \fIname\fR is delivered to the alias \fIname\fR, to destinations in ~\fIname\fR/.\fBforward\fR, to the mailbox owned by the user \fIname\fR, or it is sent back as undeliverable. @@ -73,7 +73,7 @@ An alias or ~/.\fBforward\fR file may list any combination of external commands, destination file names, \fB:include:\fR directives, or mail addresses. See \fBaliases\fR(5) for a precise description. Each line in a -user's .\fBforward\fR file has the same syntax as the right-hand part +user's .\fBforward\fR file has the same syntax as the right\-hand part of an alias. When an address is found in its own alias expansion, delivery is @@ -95,30 +95,30 @@ number of remembered recipients. .nf .ad .fi -For the sake of reliability, forwarded mail is re-submitted as -a new message, so that each recipient has a separate on-file +For the sake of reliability, forwarded mail is re\-submitted as +a new message, so that each recipient has a separate on\-file delivery status record. In order to stop mail forwarding loops early, the software adds an optional -\fBDelivered-To:\fR header with the final envelope recipient address. If +\fBDelivered\-To:\fR header with the final envelope recipient address. If mail arrives for a recipient that is already listed in a -\fBDelivered-To:\fR header, the message is bounced. +\fBDelivered\-To:\fR header, the message is bounced. .SH "MAILBOX DELIVERY" .na .nf .ad .fi -The default per-user mailbox is a file in the UNIX mail spool +The default per\-user mailbox is a file in the UNIX mail spool directory (\fB/var/mail/\fIuser\fR or \fB/var/spool/mail/\fIuser\fR); the location can be specified with the \fBmail_spool_directory\fR configuration parameter. Specify a name ending in \fB/\fR for -\fBqmail\fR-compatible \fBmaildir\fR delivery. +\fBqmail\fR\-compatible \fBmaildir\fR delivery. -Alternatively, the per-user mailbox can be a file in the user's home +Alternatively, the per\-user mailbox can be a file in the user's home directory with a name specified via the \fBhome_mailbox\fR configuration parameter. Specify a relative path name. Specify a name -ending in \fB/\fR for \fBqmail\fR-compatible \fBmaildir\fR delivery. +ending in \fB/\fR for \fBqmail\fR\-compatible \fBmaildir\fR delivery. Mailbox delivery can be delegated to an external command specified with the \fBmailbox_command_maps\fR and \fBmailbox_command\fR @@ -139,13 +139,13 @@ message transport for recipients that are not found in the aliases(5) or UNIX passwd database. -In the case of UNIX-style mailbox delivery, +In the case of UNIX\-style mailbox delivery, the \fBlocal\fR(8) daemon prepends a "\fBFrom \fIsender time_stamp\fR" envelope header to each message, prepends an -\fBX-Original-To:\fR header with the recipient address as given to +\fBX\-Original\-To:\fR header with the recipient address as given to Postfix, prepends an -optional \fBDelivered-To:\fR header -with the final envelope recipient address, prepends a \fBReturn-Path:\fR +optional \fBDelivered\-To:\fR header +with the final envelope recipient address, prepends a \fBReturn\-Path:\fR header with the envelope sender address, prepends a \fB>\fR character to lines beginning with "\fBFrom \fR", and appends an empty line. The mailbox is locked for exclusive access while delivery is in @@ -154,11 +154,11 @@ mailbox to its original length. In the case of \fBmaildir\fR delivery, the local daemon prepends an optional -\fBDelivered-To:\fR header with the final envelope recipient address, +\fBDelivered\-To:\fR header with the final envelope recipient address, prepends an -\fBX-Original-To:\fR header with the recipient address as given to +\fBX\-Original\-To:\fR header with the recipient address as given to Postfix, -and prepends a \fBReturn-Path:\fR header with the envelope sender +and prepends a \fBReturn\-Path:\fR header with the envelope sender address. .SH "EXTERNAL COMMAND DELIVERY" .na @@ -191,20 +191,20 @@ parameter. The command is executed directly where possible. Assistance by the shell (\fB/bin/sh\fR on UNIX systems) is used only when the command contains shell magic characters, or when the command invokes a shell -built-in command. +built\-in command. A limited amount of command output (standard output and standard -error) is captured for inclusion with non-delivery status reports. +error) is captured for inclusion with non\-delivery status reports. A command is forcibly terminated if it does not complete within \fBcommand_time_limit\fR seconds. Command exit status codes are expected to follow the conventions defined in <\fBsysexits.h\fR>. Exit status 0 means normal successful completion. -Postfix version 2.3 and later support RFC 3463-style enhanced -status codes. If a command terminates with a non-zero exit +Postfix version 2.3 and later support RFC 3463\-style enhanced +status codes. If a command terminates with a non\-zero exit status, and the command output begins with an enhanced status code, this status code takes precedence over the -non-zero exit status. +non\-zero exit status. A limited amount of message context is exported via environment variables. Characters that may have special meaning to the shell @@ -255,7 +255,7 @@ SASL username specified in the remote client AUTH command. Available as of Postfix 2.2. .PP The \fBPATH\fR environment variable is always reset to a -system-dependent default path, and environment variables +system\-dependent default path, and environment variables whose names are blessed by the \fBexport_environment\fR configuration parameter are exported unchanged. @@ -263,11 +263,11 @@ The current working directory is the mail queue directory. The \fBlocal\fR(8) daemon prepends a "\fBFrom \fIsender time_stamp\fR" envelope header to each message, prepends an -\fBX-Original-To:\fR header with the recipient address as given to +\fBX\-Original\-To:\fR header with the recipient address as given to Postfix, prepends an -optional \fBDelivered-To:\fR +optional \fBDelivered\-To:\fR header with the final recipient envelope address, prepends a -\fBReturn-Path:\fR header with the sender envelope address, +\fBReturn\-Path:\fR header with the sender envelope address, and appends no empty line. .SH "EXTERNAL FILE DELIVERY" .na @@ -275,23 +275,23 @@ and appends no empty line. .ad .fi The delivery format depends on the destination filename syntax. -The default is to use UNIX-style mailbox format. Specify a name -ending in \fB/\fR for \fBqmail\fR-compatible \fBmaildir\fR delivery. +The default is to use UNIX\-style mailbox format. Specify a name +ending in \fB/\fR for \fBqmail\fR\-compatible \fBmaildir\fR delivery. The \fBallow_mail_to_files\fR configuration parameter restricts delivery to external files. The default setting (\fBalias, forward\fR) forbids file destinations in \fB:include:\fR files. -In the case of UNIX-style mailbox delivery, +In the case of UNIX\-style mailbox delivery, the \fBlocal\fR(8) daemon prepends a "\fBFrom \fIsender time_stamp\fR" envelope header to each message, prepends an -\fBX-Original-To:\fR header with the recipient address as given to +\fBX\-Original\-To:\fR header with the recipient address as given to Postfix, prepends an -optional \fBDelivered-To:\fR +optional \fBDelivered\-To:\fR header with the final recipient envelope address, prepends a \fB>\fR character to lines beginning with "\fBFrom \fR", and appends an empty line. -The envelope sender address is available in the \fBReturn-Path:\fR +The envelope sender address is available in the \fBReturn\-Path:\fR header. When the destination is a regular file, it is locked for exclusive access while delivery is in progress. In case of problems, an attempt @@ -299,11 +299,11 @@ is made to truncate a regular file to its original length. In the case of \fBmaildir\fR delivery, the local daemon prepends an optional -\fBDelivered-To:\fR header with the final envelope recipient address, +\fBDelivered\-To:\fR header with the final envelope recipient address, and prepends an -\fBX-Original-To:\fR header with the recipient address as given to +\fBX\-Original\-To:\fR header with the recipient address as given to Postfix. -The envelope sender address is available in the \fBReturn-Path:\fR +The envelope sender address is available in the \fBReturn\-Path:\fR header. .SH "ADDRESS EXTENSION" .na @@ -353,7 +353,7 @@ the postmaster is notified of bounces and of other trouble. .fi The \fBlocal\fR(8) delivery agent needs a dual personality 1) to access the private Postfix queue and IPC mechanisms, -2) to impersonate the recipient and deliver to recipient-specified +2) to impersonate the recipient and deliver to recipient\-specified files or commands. It is therefore security sensitive. The \fBlocal\fR(8) delivery agent disallows regular expression @@ -373,9 +373,9 @@ or of external files is never checkpointed to file. As a result, the program may occasionally deliver more than once to a command or external file. Better safe than sorry. -Mutually-recursive aliases or ~/.\fBforward\fR files are not detected +Mutually\-recursive aliases or ~/.\fBforward\fR files are not detected early. The resulting mail forwarding loop is broken by the use of the -\fBDelivered-To:\fR message header. +\fBDelivered\-To:\fR message header. .SH "CONFIGURATION PARAMETERS" .na .nf @@ -395,32 +395,32 @@ The text below provides only a parameter summary. See .IP "\fBbiff (yes)\fR" Whether or not to use the local biff service. .IP "\fBexpand_owner_alias (no)\fR" -When delivering to an alias "aliasname" that has an "owner-aliasname" +When delivering to an alias "aliasname" that has an "owner\-aliasname" companion alias, set the envelope sender address to the expansion -of the "owner-aliasname" alias. +of the "owner\-aliasname" alias. .IP "\fBowner_request_special (yes)\fR" -Give special treatment to owner-listname and listname-request +Give special treatment to owner\-listname and listname\-request address localparts: don't split such addresses when the -recipient_delimiter is set to "-". +recipient_delimiter is set to "\-". .IP "\fBsun_mailtool_compatibility (no)\fR" Obsolete SUN mailtool compatibility feature. .PP Available in Postfix version 2.3 and later: .IP "\fBfrozen_delivered_to (yes)\fR" -Update the \fBlocal\fR(8) delivery agent's idea of the Delivered-To: +Update the \fBlocal\fR(8) delivery agent's idea of the Delivered\-To: address (see prepend_delivered_header) only once, at the start of -a delivery attempt; do not update the Delivered-To: address while +a delivery attempt; do not update the Delivered\-To: address while expanding aliases or .forward files. .PP Available in Postfix version 2.5.3 and later: .IP "\fBstrict_mailbox_ownership (yes)\fR" Defer delivery when a mailbox file is not owned by its recipient. .IP "\fBreset_owner_alias (no)\fR" -Reset the \fBlocal\fR(8) delivery agent's idea of the owner-alias +Reset the \fBlocal\fR(8) delivery agent's idea of the owner\-alias attribute, when delivering mail to a child alias that does not have its own owner alias. .PP -Available in Postfix version 2.12 and later: +Available in Postfix version 3.0 and later: .IP "\fBlocal_delivery_status_filter ($default_delivery_status_filter)\fR" Optional filter for the \fBlocal\fR(8) delivery agent to change the status code or explanatory text of successful or unsuccessful @@ -439,9 +439,9 @@ fallback_transport, and luser_relay. The alias databases that are used for \fBlocal\fR(8) delivery. .IP "\fBforward_path (see 'postconf -d' output)\fR" The \fBlocal\fR(8) delivery agent search list for finding a .forward -file with user-specified delivery methods. +file with user\-specified delivery methods. .IP "\fBmailbox_transport_maps (empty)\fR" -Optional lookup tables with per-recipient message delivery +Optional lookup tables with per\-recipient message delivery transports to use for \fBlocal\fR(8) mailbox delivery, whether or not the recipients are found in the UNIX passwd database. .IP "\fBmailbox_transport (empty)\fR" @@ -449,7 +449,7 @@ Optional message delivery transport that the \fBlocal\fR(8) delivery agent should use for mailbox delivery to all local recipients, whether or not they are found in the UNIX passwd database. .IP "\fBmailbox_command_maps (empty)\fR" -Optional lookup tables with per-recipient external commands to use +Optional lookup tables with per\-recipient external commands to use for \fBlocal\fR(8) mailbox delivery. .IP "\fBmailbox_command (empty)\fR" Optional external command that the \fBlocal\fR(8) delivery agent should @@ -458,9 +458,9 @@ use for mailbox delivery. Optional pathname of a mailbox file relative to a \fBlocal\fR(8) user's home directory. .IP "\fBmail_spool_directory (see 'postconf -d' output)\fR" -The directory where \fBlocal\fR(8) UNIX-style mailboxes are kept. +The directory where \fBlocal\fR(8) UNIX\-style mailboxes are kept. .IP "\fBfallback_transport_maps (empty)\fR" -Optional lookup tables with per-recipient message delivery +Optional lookup tables with per\-recipient message delivery transports for recipients that the \fBlocal\fR(8) delivery agent could not find in the \fBaliases\fR(5) or UNIX password database. .IP "\fBfallback_transport (empty)\fR" @@ -468,7 +468,7 @@ Optional message delivery transport that the \fBlocal\fR(8) delivery agent should use for names that are not found in the \fBaliases\fR(5) or UNIX password database. .IP "\fBluser_relay (empty)\fR" -Optional catch-all destination for unknown \fBlocal\fR(8) recipients. +Optional catch\-all destination for unknown \fBlocal\fR(8) recipients. .PP Available in Postfix version 2.2 and later: .IP "\fBcommand_execution_directory (empty)\fR" @@ -488,7 +488,7 @@ file or \fBbounce\fR(8) logfile. .IP "\fBstale_lock_time (500s)\fR" The time after which a stale exclusive mailbox lockfile is removed. .IP "\fBmailbox_delivery_lock (see 'postconf -d' output)\fR" -How to lock a UNIX-style \fBlocal\fR(8) mailbox before attempting delivery. +How to lock a UNIX\-style \fBlocal\fR(8) mailbox before attempting delivery. .SH "RESOURCE AND RATE CONTROLS" .na .nf @@ -549,18 +549,18 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBdelay_logging_resolution_limit (2)\fR" The maximal number of digits after the decimal point when logging -sub-second delay values. +sub\-second delay values. .IP "\fBexport_environment (see 'postconf -d' output)\fR" The list of environment variables that a Postfix process will export -to non-Postfix processes. +to non\-Postfix processes. .IP "\fBipc_timeout (3600s)\fR" The time limit for sending or receiving information over an internal communication channel. .IP "\fBlocal_command_shell (empty)\fR" -Optional shell program for \fBlocal\fR(8) delivery to non-Postfix command. +Optional shell program for \fBlocal\fR(8) delivery to non\-Postfix command. .IP "\fBmax_idle (100s)\fR" The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. @@ -569,17 +569,17 @@ The maximal number of incoming connections that a Postfix daemon process will service before terminating voluntarily. .IP "\fBprepend_delivered_header (command, file, forward)\fR" The message delivery contexts where the Postfix \fBlocal\fR(8) delivery -agent prepends a Delivered-To: message header with the address +agent prepends a Delivered\-To: message header with the address that the mail was delivered to. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" What address lookup tables copy an address extension from the lookup key to the lookup result. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBrecipient_delimiter (empty)\fR" The set of characters that can separate a user name from its extension (example: user+foo), or a .forward file name from its @@ -596,8 +596,8 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd". .na .nf The following are examples; details differ between systems. -$HOME/.forward, per-user aliasing -/etc/aliases, system-wide alias database +$HOME/.forward, per\-user aliasing +/etc/aliases, system\-wide alias database /var/spool/mail, system mailboxes .SH "SEE ALSO" .na @@ -621,7 +621,7 @@ The Secure Mailer license must be distributed with this software. .nf .ad .fi -The \fBDelivered-To:\fR message header appears in the \fBqmail\fR +The \fBDelivered\-To:\fR message header appears in the \fBqmail\fR system by Daniel Bernstein. The \fImaildir\fR structure appears in the \fBqmail\fR system diff --git a/postfix/man/man8/master.8 b/postfix/man/man8/master.8 index 45bdbde12..508147b1c 100644 --- a/postfix/man/man8/master.8 +++ b/postfix/man/man8/master.8 @@ -8,7 +8,7 @@ Postfix master process .SH "SYNOPSIS" .na .nf -\fBmaster\fR [\fB-Ddtvw\fR] [\fB-c \fIconfig_dir\fR] [\fB-e \fIexit_time\fR] +\fBmaster\fR [\fB\-Ddtvw\fR] [\fB\-c \fIconfig_dir\fR] [\fB\-e \fIexit_time\fR] .SH DESCRIPTION .ad .fi @@ -21,37 +21,37 @@ Postfix daemons terminate voluntarily, either after being idle for a configurable amount of time, or after having serviced a configurable number of requests. Exceptions to this rule are the resident queue manager, address verification server, and the TLS -session cache and pseudo-random number server. +session cache and pseudo\-random number server. The behavior of the \fBmaster\fR(8) daemon is controlled by the \fBmaster.cf\fR configuration file, as described in \fBmaster\fR(5). Options: -.IP "\fB-c \fIconfig_dir\fR" +.IP "\fB\-c \fIconfig_dir\fR" Read the \fBmain.cf\fR and \fBmaster.cf\fR configuration files in the named directory instead of the default configuration directory. This also overrides the configuration files for other Postfix daemon processes. -.IP \fB-D\fR +.IP \fB\-D\fR After initialization, run a debugger on the master process. The debugging command is specified with the \fBdebugger_command\fR in the \fBmain.cf\fR global configuration file. -.IP \fB-d\fR +.IP \fB\-d\fR Do not redirect stdin, stdout or stderr to /dev/null, and do not discard the controlling terminal. This must be used for debugging only. -.IP "\fB-e \fIexit_time\fR" +.IP "\fB\-e \fIexit_time\fR" Terminate the master process after \fIexit_time\fR seconds. Child processes terminate at their convenience. -.IP \fB-t\fR +.IP \fB\-t\fR Test mode. Return a zero exit status when the \fBmaster.pid\fR lock file does not exist or when that file is not locked. This is evidence that the \fBmaster\fR(8) daemon is not running. -.IP \fB-v\fR +.IP \fB\-v\fR Enable verbose logging for debugging purposes. This option -is passed on to child processes. Multiple \fB-v\fR options +is passed on to child processes. Multiple \fB\-v\fR options make the software increasingly verbose. -.IP \fB-w\fR +.IP \fB\-w\fR Wait in a dummy foreground process, while the real master daemon initializes in a background process. The dummy foreground process returns a zero exit status only if the @@ -63,7 +63,7 @@ This feature is available in Postfix 2.10 and later. Signals: .IP \fBSIGHUP\fR Upon receipt of a \fBHUP\fR signal (e.g., after "\fBpostfix reload\fR"), -the master process re-reads its configuration files. If a service has +the master process re\-reads its configuration files. If a service has been removed from the \fBmaster.cf\fR file, its running processes are terminated immediately. Otherwise, running processes are allowed to terminate as soon @@ -80,7 +80,7 @@ processes to finish what they are doing. .ad .fi Problems are reported to \fBsyslogd\fR(8). The exit status -is non-zero in case of problems, including problems while +is non\-zero in case of problems, including problems while initializing as a master daemon process in the background. .SH "ENVIRONMENT" .na @@ -136,7 +136,7 @@ configuration files. The directory with Postfix support programs and daemon programs. .IP "\fBdebugger_command (empty)\fR" The external command to execute when a Postfix daemon program is -invoked with the -D option. +invoked with the \-D option. .IP "\fBinet_interfaces (all)\fR" The network interface addresses that this mail system receives mail on. @@ -145,16 +145,16 @@ The Internet protocols Postfix will attempt to use when making or accepting connections. .IP "\fBimport_environment (see 'postconf -d' output)\fR" The list of environment parameters that a Postfix process will -import from a non-Postfix parent process. +import from a non\-Postfix parent process. .IP "\fBmail_owner (postfix)\fR" The UNIX system account that owns the Postfix queue and most Postfix daemon processes. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" diff --git a/postfix/man/man8/oqmgr.8 b/postfix/man/man8/oqmgr.8 index 359d6650d..6bd15fe40 100644 --- a/postfix/man/man8/oqmgr.8 +++ b/postfix/man/man8/oqmgr.8 @@ -15,11 +15,11 @@ old Postfix queue manager The \fBoqmgr\fR(8) daemon awaits the arrival of incoming mail and arranges for its delivery via Postfix delivery processes. The actual mail routing strategy is delegated to the -\fBtrivial-rewrite\fR(8) daemon. +\fBtrivial\-rewrite\fR(8) daemon. This program expects to be run from the \fBmaster\fR(8) process manager. -Mail addressed to the local \fBdouble-bounce\fR address is +Mail addressed to the local \fBdouble\-bounce\fR address is logged and discarded. This stops potential loops caused by undeliverable bounce notifications. .SH "MAIL QUEUES" @@ -49,18 +49,18 @@ sets them free. .nf .ad .fi -The \fBoqmgr\fR(8) daemon keeps an eye on per-message delivery status +The \fBoqmgr\fR(8) daemon keeps an eye on per\-message delivery status reports in the following directories. Each status report file has the same name as the corresponding message file: .IP \fBbounce\fR -Per-recipient status information about why mail is bounced. +Per\-recipient status information about why mail is bounced. These files are maintained by the \fBbounce\fR(8) daemon. .IP \fBdefer\fR -Per-recipient status information about why mail is delayed. +Per\-recipient status information about why mail is delayed. These files are maintained by the \fBdefer\fR(8) daemon. .IP \fBtrace\fR -Per-recipient status information as requested with the -Postfix "\fBsendmail -v\fR" or "\fBsendmail -bv\fR" command. +Per\-recipient status information as requested with the +Postfix "\fBsendmail \-v\fR" or "\fBsendmail \-bv\fR" command. These files are maintained by the \fBtrace\fR(8) daemon. .PP The \fBoqmgr\fR(8) daemon is responsible for asking the @@ -87,7 +87,7 @@ This strategy eliminates "thundering herd" problems by slowly adjusting the number of parallel deliveries to the same destination. .IP "\fBround robin\fR The queue manager sorts delivery requests by destination. -Round-robin selection prevents one destination from dominating +Round\-robin selection prevents one destination from dominating deliveries to other destinations. .IP "\fBexponential backoff\fR" Mail that cannot be delivered upon the first attempt is deferred. @@ -95,7 +95,7 @@ The time interval between delivery attempts is doubled after each attempt. .IP "\fBdestination status cache\fR" The queue manager avoids unnecessary delivery attempts by -maintaining a short-term, in-memory list of unreachable destinations. +maintaining a short\-term, in\-memory list of unreachable destinations. .SH "TRIGGERS" .na .nf @@ -103,7 +103,7 @@ maintaining a short-term, in-memory list of unreachable destinations. .fi On an idle system, the queue manager waits for the arrival of trigger events, or it waits for a timer to go off. A trigger -is a one-byte message. +is a one\-byte message. Depending on the message received, the queue manager performs one of the following actions (the message is followed by the symbolic constant used internally by the software): @@ -140,7 +140,7 @@ RFC 3464 (Delivery status notifications) .ad .fi The \fBoqmgr\fR(8) daemon is not security sensitive. It reads -single-character messages from untrusted local users, and thus may +single\-character messages from untrusted local users, and thus may be susceptible to denial of service attacks. The \fBoqmgr\fR(8) daemon does not talk to the outside world, and it can be run at fixed low privilege in a chrooted environment. @@ -157,7 +157,7 @@ the postmaster is notified of bounces and of other trouble. .ad .fi A single queue manager process has to compete for disk access with -multiple front-end processes such as \fBcleanup\fR(8). A sudden burst of +multiple front\-end processes such as \fBcleanup\fR(8). A sudden burst of inbound mail can negatively impact outbound delivery rates. .SH "CONFIGURATION PARAMETERS" .na @@ -181,13 +181,13 @@ In the text below, \fItransport\fR is the first field in a .fi Available before Postfix version 2.5: .IP "\fBallow_min_user (no)\fR" -Allow a sender or recipient address to have `-' as the first +Allow a sender or recipient address to have `\-' as the first character. .PP Available with Postfix version 2.7 and later: .IP "\fBdefault_filter_nexthop (empty)\fR" When a content_filter or FILTER request specifies no explicit -next-hop destination, use $default_filter_nexthop instead; when +next\-hop destination, use $default_filter_nexthop instead; when that value is empty, use the domain in the recipient address. .SH "ACTIVE QUEUE CONTROLS" .na @@ -201,8 +201,8 @@ clogging up the Postfix active queue. The maximal number of messages in the active queue. .IP "\fBqmgr_message_recipient_limit (20000)\fR" The maximal number of recipients held in memory by the Postfix -queue manager, and the maximal size of the short-term, -in-memory "dead" destination status cache. +queue manager, and the maximal size of the short\-term, +in\-memory "dead" destination status cache. .SH "DELIVERY CONCURRENCY CONTROLS" .na .nf @@ -213,7 +213,7 @@ Obsolete feature: the percentage of delivery resources that a busy mail system will use up for delivery of a large mailing list message. .IP "\fBinitial_destination_concurrency (5)\fR" -The initial per-destination concurrency level for parallel delivery +The initial per\-destination concurrency level for parallel delivery to the same destination. .IP "\fBdefault_destination_concurrency_limit (20)\fR" The default maximal number of parallel deliveries to the same @@ -226,19 +226,19 @@ Available in Postfix version 2.5 and later: Initial concurrency for delivery via the named message \fItransport\fR. .IP "\fBdefault_destination_concurrency_failed_cohort_limit (1)\fR" -How many pseudo-cohorts must suffer connection or handshake +How many pseudo\-cohorts must suffer connection or handshake failure before a specific destination is considered unavailable (and further delivery is suspended). .IP "\fItransport\fB_destination_concurrency_failed_cohort_limit ($default_destination_concurrency_failed_cohort_limit)\fR" Idem, for delivery via the named message \fItransport\fR. .IP "\fBdefault_destination_concurrency_negative_feedback (1)\fR" -The per-destination amount of delivery concurrency negative +The per\-destination amount of delivery concurrency negative feedback, after a delivery completes with a connection or handshake failure. .IP "\fItransport\fB_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback)\fR" Idem, for delivery via the named message \fItransport\fR. .IP "\fBdefault_destination_concurrency_positive_feedback (1)\fR" -The per-destination amount of delivery concurrency positive +The per\-destination amount of delivery concurrency positive feedback, after a delivery completes without connection or handshake failure. .IP "\fItransport\fB_destination_concurrency_positive_feedback ($default_destination_concurrency_positive_feedback)\fR" @@ -286,7 +286,7 @@ Available in Postfix version 2.5 and later: .IP "\fBdefault_destination_rate_delay (0s)\fR" The default amount of delay that is inserted between individual deliveries to the same destination; the resulting behavior depends -on the value of the corresponding per-destination recipient limit. +on the value of the corresponding per\-destination recipient limit. .IP "\fItransport\fB_destination_rate_delay $default_destination_rate_delay Idem, for delivery via the named message \fItransport\fR. .SH "SAFETY CONTROLS" @@ -296,7 +296,7 @@ Idem, for delivery via the named message \fItransport\fR. .fi .IP "\fBqmgr_daemon_timeout (1000s)\fR" How much time a Postfix queue manager process may take to handle -a request before it is terminated by a built-in watchdog timer. +a request before it is terminated by a built\-in watchdog timer. .IP "\fBqmgr_ipc_timeout (60s)\fR" The time limit for the queue manager to send or receive information over an internal communication channel. @@ -310,26 +310,26 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdefer_transports (empty)\fR" The names of message delivery transports that should not deliver mail -unless someone issues "\fBsendmail -q\fR" or equivalent. +unless someone issues "\fBsendmail \-q\fR" or equivalent. .IP "\fBdelay_logging_resolution_limit (2)\fR" The maximal number of digits after the decimal point when logging -sub-second delay values. +sub\-second delay values. .IP "\fBhelpful_warnings (yes)\fR" Log warnings about problematic configuration settings, and provide helpful suggestions. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .PP -Available in Postfix version 2.12 and later: +Available in Postfix version 3.0 and later: .IP "\fBconfirm_delay_cleared (no)\fR" After sending a "your message is delayed" notification, inform the sender when the delay clears up. @@ -339,13 +339,13 @@ the sender when the delay clears up. /var/spool/postfix/incoming, incoming queue /var/spool/postfix/active, active queue /var/spool/postfix/deferred, deferred queue -/var/spool/postfix/bounce, non-delivery status -/var/spool/postfix/defer, non-delivery status +/var/spool/postfix/bounce, non\-delivery status +/var/spool/postfix/defer, non\-delivery status /var/spool/postfix/trace, delivery status .SH "SEE ALSO" .na .nf -trivial-rewrite(8), address routing +trivial\-rewrite(8), address routing bounce(8), delivery status reports postconf(5), configuration parameters master(5), generic daemon options diff --git a/postfix/man/man8/pickup.8 b/postfix/man/man8/pickup.8 index 4e0f79af7..8ec313976 100644 --- a/postfix/man/man8/pickup.8 +++ b/postfix/man/man8/pickup.8 @@ -15,7 +15,7 @@ Postfix local mail pickup The \fBpickup\fR(8) daemon waits for hints that new mail has been dropped into the \fBmaildrop\fR directory, and feeds it into the \fBcleanup\fR(8) daemon. -Ill-formatted files are deleted without notifying the originator. +Ill\-formatted files are deleted without notifying the originator. This program expects to be run from the \fBmaster\fR(8) process manager. .SH "STANDARDS" @@ -52,7 +52,7 @@ descriptor instead of file data, but then the already complex .nf .ad .fi -As the \fBpickup\fR(8) daemon is a relatively long-running process, up +As the \fBpickup\fR(8) daemon is a relatively long\-running process, up to an hour may pass before a \fBmain.cf\fR change takes effect. Use the command "\fBpostfix reload\fR" command to speed up a change. @@ -67,7 +67,7 @@ The text below provides only a parameter summary. See After the message is queued, send the entire message to the specified \fItransport:destination\fR. .IP "\fBreceive_override_options (empty)\fR" -Enable or disable recipient validation, built-in content +Enable or disable recipient validation, built\-in content filtering, or address mapping. .SH "MISCELLANEOUS CONTROLS" .na @@ -89,12 +89,12 @@ for an incoming connection before terminating voluntarily. .IP "\fBmax_use (100)\fR" The maximal number of incoming connections that a Postfix daemon process will service before terminating voluntarily. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" @@ -104,7 +104,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd". .na .nf cleanup(8), message canonicalization -sendmail(1), Sendmail-compatible interface +sendmail(1), Sendmail\-compatible interface postdrop(1), mail posting agent postconf(5), configuration parameters master(5), generic daemon options diff --git a/postfix/man/man8/pipe.8 b/postfix/man/man8/pipe.8 index e2951ed95..c172a9c96 100644 --- a/postfix/man/man8/pipe.8 +++ b/postfix/man/man8/pipe.8 @@ -18,7 +18,7 @@ This program expects to be run from the \fBmaster\fR(8) process manager. Message attributes such as sender address, recipient address and -next-hop host name can be specified as command-line macros that are +next\-hop host name can be specified as command\-line macros that are expanded before the external command is executed. The \fBpipe\fR(8) daemon updates queue files and marks recipients @@ -33,8 +33,8 @@ appropriate. .fi Some destinations cannot handle more than one recipient per delivery request. Examples are pagers or fax machines. -In addition, multi-recipient delivery is undesirable when -prepending a \fBDelivered-to:\fR or \fBX-Original-To:\fR +In addition, multi\-recipient delivery is undesirable when +prepending a \fBDelivered\-to:\fR or \fBX\-Original\-To:\fR message header. To prevent Postfix from sending multiple recipients per delivery @@ -46,7 +46,7 @@ request, specify in the Postfix \fBmain.cf\fR file, where \fItransport\fR is the name in the first column of the Postfix \fBmaster.cf\fR -entry for the pipe-based delivery transport. +entry for the pipe\-based delivery transport. .SH "COMMAND ATTRIBUTE SYNTAX" .na .nf @@ -72,7 +72,7 @@ Delivery is deferred in case of failure. This feature is available as of Postfix 2.2. .IP "\fBeol=\fIstring\fR (optional, default: \fB\en\fR)" The output record delimiter. Typically one would use either -\fB\er\en\fR or \fB\en\fR. The usual C-style backslash escape +\fB\er\en\fR or \fB\en\fR. The usual C\-style backslash escape sequences are recognized: \fB\ea \eb \ef \en \er \et \ev \e\fIddd\fR (up to three octal digits) and \fB\e\e\fR. .IP "\fBflags=BDFORXhqu.>\fR (optional)" @@ -84,13 +84,13 @@ Append a blank line at the end of each message. This is required by some mail user agents that recognize "\fBFrom \fR" lines only when preceded by a blank line. .IP \fBD\fR -Prepend a "\fBDelivered-To: \fIrecipient\fR" message header with the +Prepend a "\fBDelivered\-To: \fIrecipient\fR" message header with the envelope recipient address. Note: for this to work, the \fItransport\fB_destination_recipient_limit\fR must be 1 -(see SINGLE-RECIPIENT DELIVERY above for details). +(see SINGLE\-RECIPIENT DELIVERY above for details). .sp The \fBD\fR flag also enforces loop detection (Postfix 2.5 and later): -if a message already contains a \fBDelivered-To:\fR header +if a message already contains a \fBDelivered\-To:\fR header with the same recipient address, then the message is returned as undeliverable. The address comparison is case insensitive. @@ -101,14 +101,14 @@ Prepend a "\fBFrom \fIsender time_stamp\fR" envelope header to the message content. This is expected by, for example, \fBUUCP\fR software. .IP \fBO\fR -Prepend an "\fBX-Original-To: \fIrecipient\fR" message header +Prepend an "\fBX\-Original\-To: \fIrecipient\fR" message header with the recipient address as given to Postfix. Note: for this to work, the \fItransport\fB_destination_recipient_limit\fR must be 1 -(see SINGLE-RECIPIENT DELIVERY above for details). +(see SINGLE\-RECIPIENT DELIVERY above for details). .sp This feature is available as of Postfix 2.0. .IP \fBR\fR -Prepend a \fBReturn-Path:\fR message header with the envelope sender +Prepend a \fBReturn\-Path:\fR message header with the envelope sender address. .IP \fBX\fR Indicate that the external command performs final delivery. @@ -118,30 +118,30 @@ from "relayed" into "delivered". .sp This feature is available as of Postfix 2.5. .IP \fBh\fR -Fold the command-line \fB$original_recipient\fR and +Fold the command\-line \fB$original_recipient\fR and \fB$recipient\fR address domain part -(text to the right of the right-most \fB@\fR character) to -lower case; fold the entire command-line \fB$domain\fR and +(text to the right of the right\-most \fB@\fR character) to +lower case; fold the entire command\-line \fB$domain\fR and \fB$nexthop\fR host or domain information to lower case. This is recommended for delivery via \fBUUCP\fR. .IP \fBq\fR -Quote white space and other special characters in the command-line +Quote white space and other special characters in the command\-line \fB$sender\fR, \fB$original_recipient\fR and \fB$recipient\fR address localparts (text to the -left of the right-most \fB@\fR character), according to an 8-bit +left of the right\-most \fB@\fR character), according to an 8\-bit transparent version of RFC 822. This is recommended for delivery via \fBUUCP\fR or \fBBSMTP\fR. .sp -The result is compatible with the address parsing of command-line +The result is compatible with the address parsing of command\-line recipients by the Postfix \fBsendmail\fR(1) mail submission command. .sp The \fBq\fR flag affects only entire addresses, not the partial address information from the \fB$user\fR, \fB$extension\fR or -\fB$mailbox\fR command-line macros. +\fB$mailbox\fR command\-line macros. .IP \fBu\fR -Fold the command-line \fB$original_recipient\fR and +Fold the command\-line \fB$original_recipient\fR and \fB$recipient\fR address localpart (text to -the left of the right-most \fB@\fR character) to lower case. +the left of the right\-most \fB@\fR character) to lower case. This is recommended for delivery via \fBUUCP\fR. .IP \fB.\fR Prepend "\fB.\fR" to lines starting with "\fB.\fR". This is needed @@ -150,35 +150,35 @@ by, for example, \fBBSMTP\fR software. Prepend "\fB>\fR" to lines starting with "\fBFrom \fR". This is expected by, for example, \fBUUCP\fR software. .RE -.IP "\fBnull_sender\fR=\fIreplacement\fR (default: MAILER-DAEMON)" +.IP "\fBnull_sender\fR=\fIreplacement\fR (default: MAILER\-DAEMON)" Replace the null sender address (typically used for delivery status notifications) with the specified text -when expanding the \fB$sender\fR command-line macro, and -when generating a From_ or Return-Path: message header. +when expanding the \fB$sender\fR command\-line macro, and +when generating a From_ or Return\-Path: message header. -If the null sender replacement text is a non-empty string +If the null sender replacement text is a non\-empty string then it is affected by the \fBq\fR flag for address quoting -in command-line arguments. +in command\-line arguments. The null sender replacement text may be empty; this form is recommended for content filters that feed mail back into Postfix. The empty sender address is not affected by the -\fBq\fR flag for address quoting in command-line arguments. +\fBq\fR flag for address quoting in command\-line arguments. .sp -Caution: a null sender address is easily mis-parsed by +Caution: a null sender address is easily mis\-parsed by naive software. For example, when the \fBpipe\fR(8) daemon executes a command such as: .sp .nf - \fIWrong\fR: command -f$sender -- $recipient + \fIWrong\fR: command \-f$sender \-\- $recipient .fi .IP -the command will mis-parse the -f option value when the +the command will mis\-parse the \-f option value when the sender address is a null string. For correct parsing, specify \fB$sender\fR as an argument by itself: .sp .nf - \fIRight\fR: command -f $sender -- $recipient + \fIRight\fR: command \-f $sender \-\- $recipient .fi .IP This feature is available as of Postfix 2.3. @@ -200,7 +200,7 @@ The command is executed directly, i.e. without interpretation of shell meta characters by a shell command interpreter. .sp Specify "{" and "}" around command arguments that contain -whitespace (Postfix 2.12 and later). Whitespace +whitespace (Postfix 3.0 and later). Whitespace after "{" and before "}" is ignored. .sp In the command argument vector, the following macros are recognized @@ -244,8 +244,8 @@ This macro expands to the extension part of a recipient address. For example, with an address \fIuser+foo@domain\fR the extension is \fIfoo\fR. .sp -A command-line argument that contains \fB${extension}\fR expands -into as many command-line arguments as there are recipients. +A command\-line argument that contains \fB${extension}\fR expands +into as many command\-line arguments as there are recipients. .sp This information is modified by the \fBu\fR flag for case folding. .IP \fB${mailbox}\fR @@ -253,21 +253,21 @@ This macro expands to the complete local part of a recipient address. For example, with an address \fIuser+foo@domain\fR the mailbox is \fIuser+foo\fR. .sp -A command-line argument that contains \fB${mailbox}\fR -expands to as many command-line arguments as there are recipients. +A command\-line argument that contains \fB${mailbox}\fR +expands to as many command\-line arguments as there are recipients. .sp This information is modified by the \fBu\fR flag for case folding. .IP \fB${nexthop}\fR -This macro expands to the next-hop hostname. +This macro expands to the next\-hop hostname. .sp This information is modified by the \fBh\fR flag for case folding. .IP \fB${original_recipient}\fR This macro expands to the complete recipient address before any address rewriting or aliasing. .sp -A command-line argument that contains +A command\-line argument that contains \fB${original_recipient}\fR expands to as many -command-line arguments as there are recipients. +command\-line arguments as there are recipients. .sp This information is modified by the \fBhqu\fR flags for quoting and case folding. @@ -280,8 +280,8 @@ This feature is available as of Postfix 2.11. .IP \fB${recipient}\fR This macro expands to the complete recipient address. .sp -A command-line argument that contains \fB${recipient}\fR -expands to as many command-line arguments as there are recipients. +A command\-line argument that contains \fB${recipient}\fR +expands to as many command\-line arguments as there are recipients. .sp This information is modified by the \fBhqu\fR flags for quoting and case folding. @@ -304,7 +304,7 @@ when the Postfix SMTP server received the message. This feature is available as of Postfix 2.2. .IP \fB${sender}\fR This macro expands to the envelope sender address. By default, -the null sender address expands to MAILER-DAEMON; this can +the null sender address expands to MAILER\-DAEMON; this can be changed with the \fBnull_sender\fR attribute, as described above. .sp @@ -317,8 +317,8 @@ This macro expands to the username part of a recipient address. For example, with an address \fIuser+foo@domain\fR the username part is \fIuser\fR. .sp -A command-line argument that contains \fB${user}\fR expands -into as many command-line arguments as there are recipients. +A command\-line argument that contains \fB${user}\fR expands +into as many command\-line arguments as there are recipients. .sp This information is modified by the \fBu\fR flag for case folding. .RE @@ -333,15 +333,15 @@ Command exit status codes are expected to follow the conventions defined in <\fBsysexits.h\fR>. Exit status 0 means normal successful completion. -In the case of a non-zero exit status, a limited amount of +In the case of a non\-zero exit status, a limited amount of command output is logged, and reported in a delivery status notification. When the output begins with a 4.X.X or 5.X.X enhanced status code, the status code takes precedence over -the non-zero exit status (Postfix version 2.3 and later). +the non\-zero exit status (Postfix version 2.3 and later). After successful delivery (zero exit status) a limited amount of command output is logged, and reported in "success" -delivery status notifications (Postfix 2.12 and later). +delivery status notifications (Postfix 3.0 and later). This command output is not examined for the presence of an enhanced status code. @@ -400,13 +400,13 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBdelay_logging_resolution_limit (2)\fR" The maximal number of digits after the decimal point when logging -sub-second delay values. +sub\-second delay values. .IP "\fBexport_environment (see 'postconf -d' output)\fR" The list of environment variables that a Postfix process will export -to non-Postfix processes. +to non\-Postfix processes. .IP "\fBipc_timeout (3600s)\fR" The time limit for sending or receiving information over an internal communication channel. @@ -419,12 +419,12 @@ for an incoming connection before terminating voluntarily. .IP "\fBmax_use (100)\fR" The maximal number of incoming connections that a Postfix daemon process will service before terminating voluntarily. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBrecipient_delimiter (empty)\fR" The set of characters that can separate a user name from its extension (example: user+foo), or a .forward file name from its @@ -435,7 +435,7 @@ The syslog facility of Postfix logging. The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .PP -Available in Postfix version 2.12 and later: +Available in Postfix version 3.0 and later: .IP "\fBpipe_delivery_status_filter ($default_delivery_status_filter)\fR" Optional filter for the \fBpipe\fR(8) delivery agent to change the delivery status code or explanatory text of successful or unsuccessful diff --git a/postfix/man/man8/postscreen.8 b/postfix/man/man8/postscreen.8 index fd06da2ad..c71f1f777 100644 --- a/postfix/man/man8/postscreen.8 +++ b/postfix/man/man8/postscreen.8 @@ -21,11 +21,11 @@ SMTP server processes available for legitimate clients, and delays the onset of server overload conditions. This program should not be used on SMTP ports that receive -mail from end-user clients (MUAs). In a typical deployment, +mail from end\-user clients (MUAs). In a typical deployment, \fBpostscreen\fR(8) handles the MX service on TCP port 25, while MUA clients submit mail via the \fBsubmission\fR service on TCP port 587 which requires client authentication. -Alternatively, a site could set up a dedicated, non-postscreen, +Alternatively, a site could set up a dedicated, non\-postscreen, "port 25" server that provides \fBsubmission\fR service and client authentication, but no MX service. @@ -38,8 +38,8 @@ process. This minimizes the overhead for legitimate mail. By default, \fBpostscreen\fR(8) logs statistics and hands off every connection to a Postfix SMTP server process, while excluding clients in mynetworks from all tests (primarily, -to avoid problems with non-standard SMTP implementations -in network appliances). This mode is useful for non-destructive +to avoid problems with non\-standard SMTP implementations +in network appliances). This mode is useful for non\-destructive testing. In a typical production setting, \fBpostscreen\fR(8) is @@ -56,7 +56,7 @@ traffic. .nf .ad .fi -The \fBpostscreen\fR(8) server is moderately security-sensitive. +The \fBpostscreen\fR(8) server is moderately security\-sensitive. It talks to untrusted clients on the network. The process can be run chrooted at fixed low privilege. .SH "STANDARDS" @@ -64,7 +64,7 @@ can be run chrooted at fixed low privilege. .nf RFC 821 (SMTP protocol) RFC 1123 (Host requirements) -RFC 1652 (8bit-MIME transport) +RFC 1652 (8bit\-MIME transport) RFC 1869 (SMTP service extensions) RFC 1870 (Message Size Declaration) RFC 1985 (ETRN command) @@ -74,7 +74,7 @@ Not: RFC 2920 (SMTP Pipelining) RFC 3207 (STARTTLS command) RFC 3461 (SMTP DSN Extension) RFC 3463 (Enhanced Status Codes) -RFC 5321 (SMTP protocol, including multi-line 220 banners) +RFC 5321 (SMTP protocol, including multi\-line 220 banners) .SH DIAGNOSTICS .ad .fi @@ -82,16 +82,16 @@ Problems and transactions are logged to \fBsyslogd\fR(8). .SH BUGS .ad .fi -The \fBpostscreen\fR(8) built-in SMTP protocol engine +The \fBpostscreen\fR(8) built\-in SMTP protocol engine currently does not announce support for AUTH, XCLIENT or XFORWARD. If you need to make these services available on port 25, then do not enable the optional "after 220 server greeting" tests, and do not use DNSBLs that reject -traffic from dial-up and residential networks. +traffic from dial\-up and residential networks. The optional "after 220 server greeting" tests involve -\fBpostscreen\fR(8)'s built-in SMTP protocol engine. When +\fBpostscreen\fR(8)'s built\-in SMTP protocol engine. When these tests succeed, \fBpostscreen\fR(8) adds the client to the temporary whitelist, but it cannot not hand off the "live" connection to a Postfix SMTP server process in the @@ -117,10 +117,10 @@ The text below provides only a parameter summary. See \fBpostconf\fR(5) for more details including examples. NOTE: Some \fBpostscreen\fR(8) parameters implement -stress-dependent behavior. This is supported only when the -default parameter value is stress-dependent (that is, it +stress\-dependent behavior. This is supported only when the +default parameter value is stress\-dependent (that is, it looks like ${stress?{X}:{Y}}, or it is the $\fIname\fR -of an smtpd parameter with a stress-dependent default). +of an smtpd parameter with a stress\-dependent default). Other parameters always evaluate as if the \fBstress\fR parameter value is the empty string. .SH "COMPATIBILITY CONTROLS" @@ -161,7 +161,7 @@ the sender. .fi Available in Postfix version 2.10 and later: .IP "\fBpostscreen_upstream_proxy_protocol (empty)\fR" -The name of the proxy protocol used by an optional before-postscreen +The name of the proxy protocol used by an optional before\-postscreen proxy agent. .IP "\fBpostscreen_upstream_proxy_timeout (5s)\fR" The time limit for the proxy protocol specified with the @@ -194,7 +194,7 @@ on the same MTA. Larger sites would have to share the which would introduce a common point of failure. .IP "\fBpostscreen_whitelist_interfaces (static:all)\fR" A list of local \fBpostscreen\fR(8) server IP addresses where a -non-whitelisted remote SMTP client can obtain \fBpostscreen\fR(8)'s temporary +non\-whitelisted remote SMTP client can obtain \fBpostscreen\fR(8)'s temporary whitelist status. .SH "BEFORE 220 GREETING TESTS" .na @@ -229,11 +229,11 @@ The action that \fBpostscreen\fR(8) takes when a remote SMTP client speaks before its turn within the time specified with the postscreen_greet_wait parameter. .IP "\fBpostscreen_greet_banner ($smtpd_banner)\fR" -The \fItext\fR in the optional "220-\fItext\fR..." server +The \fItext\fR in the optional "220\-\fItext\fR..." server response that \fBpostscreen\fR(8) sends ahead of the real Postfix SMTP server's "220 text..." response, in an attempt to confuse bad SMTP clients so -that they speak before their turn (pre-greet). +that they speak before their turn (pre\-greet). .IP "\fBpostscreen_greet_wait (normal: 6s, overload: 2s)\fR" The amount of time that \fBpostscreen\fR(8) will wait for an SMTP client to send a command before its turn, and for DNS blocklist @@ -280,10 +280,10 @@ Require that a remote SMTP client sends HELO or EHLO before commencing a MAIL transaction. .IP "\fBpostscreen_non_smtp_command_action (drop)\fR" The action that \fBpostscreen\fR(8) takes when a remote SMTP client sends -non-SMTP commands as specified with the postscreen_forbidden_commands +non\-SMTP commands as specified with the postscreen_forbidden_commands parameter. .IP "\fBpostscreen_non_smtp_command_enable (no)\fR" -Enable "non-SMTP command" tests in the \fBpostscreen\fR(8) server. +Enable "non\-SMTP command" tests in the \fBpostscreen\fR(8) server. .IP "\fBpostscreen_pipelining_action (enforce)\fR" The action that \fBpostscreen\fR(8) takes when a remote SMTP client sends @@ -333,22 +333,22 @@ allowed to have with the \fBpostscreen\fR(8) daemon. .IP "\fBpostscreen_command_count_limit (20)\fR" The limit on the total number of commands per SMTP session for -\fBpostscreen\fR(8)'s built-in SMTP protocol engine. +\fBpostscreen\fR(8)'s built\-in SMTP protocol engine. .IP "\fBpostscreen_command_time_limit (normal: 300s, overload: 10s)\fR" The time limit to read an entire command line with \fBpostscreen\fR(8)'s -built-in SMTP protocol engine. +built\-in SMTP protocol engine. .IP "\fBpostscreen_post_queue_limit ($default_process_limit)\fR" The number of clients that can be waiting for service from a real Postfix SMTP server process. .IP "\fBpostscreen_pre_queue_limit ($default_process_limit)\fR" -The number of non-whitelisted clients that can be waiting for +The number of non\-whitelisted clients that can be waiting for a decision whether they will receive service from a real Postfix SMTP server process. .IP "\fBpostscreen_watchdog_timeout (10s)\fR" How much time a \fBpostscreen\fR(8) process may take to respond to a remote SMTP client command or to perform a cache operation before it -is terminated by a built-in watchdog timer. +is terminated by a built\-in watchdog timer. .SH "STARTTLS CONTROLS" .na .nf @@ -356,7 +356,7 @@ is terminated by a built-in watchdog timer. .fi .IP "\fBpostscreen_tls_security_level ($smtpd_tls_security_level)\fR" The SMTP TLS security level for the \fBpostscreen\fR(8) server; when -a non-empty value is specified, this overrides the obsolete parameters +a non\-empty value is specified, this overrides the obsolete parameters postscreen_use_tls and postscreen_enforce_tls. .IP "\fBtlsproxy_service_name (tlsproxy)\fR" The name of the \fBtlsproxy\fR(8) service entry in master.cf. @@ -383,15 +383,15 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdelay_logging_resolution_limit (2)\fR" The maximal number of digits after the decimal point when logging -sub-second delay values. +sub\-second delay values. .IP "\fBcommand_directory (see 'postconf -d' output)\fR" The location of all postfix administrative commands. .IP "\fBmax_idle (100s)\fR" The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. diff --git a/postfix/man/man8/proxymap.8 b/postfix/man/man8/proxymap.8 index 4e5f48681..51078ddba 100644 --- a/postfix/man/man8/proxymap.8 +++ b/postfix/man/man8/proxymap.8 @@ -12,14 +12,14 @@ Postfix lookup table proxy server .SH DESCRIPTION .ad .fi -The \fBproxymap\fR(8) server provides read-only or read-write +The \fBproxymap\fR(8) server provides read\-only or read\-write table lookup service to Postfix processes. These services are implemented with distinct service names: \fBproxymap\fR and \fBproxywrite\fR, respectively. The purpose of these services is: .IP \(bu To overcome chroot restrictions. For example, a chrooted SMTP server needs access to the system passwd file in order to -reject mail for non-existent local addresses, but it is not +reject mail for non\-existent local addresses, but it is not practical to maintain a copy of the passwd file in the chroot jail. The solution: .sp @@ -41,9 +41,9 @@ virtual_alias_maps = The total number of connections is limited by the number of proxymap server processes. .IP \(bu -To provide single-updater functionality for lookup tables +To provide single\-updater functionality for lookup tables that do not reliably support multiple writers (i.e. all -file-based tables). +file\-based tables). .PP The \fBproxymap\fR(8) server implements the following requests: .IP "\fBopen\fR \fImaptype:mapname flags\fR" @@ -63,7 +63,7 @@ The reply is the request completion status code. The \fImaptype:mapname\fR and \fIflags\fR are the same as with the \fBopen\fR request. .sp -To implement single-updater maps, specify a process limit +To implement single\-updater maps, specify a process limit of 1 in the master.cf file entry for the \fBproxywrite\fR service. .sp @@ -121,16 +121,16 @@ not be used to look up sensitive information such as UNIX user or group IDs, mailbox file/directory names or external commands. In Postfix version 2.2 and later, the proxymap client recognizes -requests to access a table for security-sensitive purposes, +requests to access a table for security\-sensitive purposes, and opens the table directly. This allows the same main.cf -setting to be used by sensitive and non-sensitive processes. +setting to be used by sensitive and non\-sensitive processes. -Postfix-writable data files should be stored under a dedicated +Postfix\-writable data files should be stored under a dedicated directory that is writable only by the Postfix mail system, -such as the Postfix-owned \fBdata_directory\fR. +such as the Postfix\-owned \fBdata_directory\fR. -In particular, Postfix-writable files should never exist -in root-owned directories. That would open up a particular +In particular, Postfix\-writable files should never exist +in root\-owned directories. That would open up a particular type of security hole where ownership of a file or directory does not match the provider of its content. .SH DIAGNOSTICS @@ -141,13 +141,13 @@ Problems and transactions are logged to \fBsyslogd\fR(8). .ad .fi The \fBproxymap\fR(8) server provides service to multiple clients, -and must therefore not be used for tables that have high-latency +and must therefore not be used for tables that have high\-latency lookups. -The \fBproxymap\fR(8) read-write service does not explicitly +The \fBproxymap\fR(8) read\-write service does not explicitly close lookup tables (even if it did, this could not be relied on, because the process may be terminated between table updates). -The read-write service should therefore not be used with tables that +The read\-write service should therefore not be used with tables that leave persistent storage in an inconsistent state between updates (for example, CDB). Tables that support "sync on update" should be safe (for example, Berkeley DB) as should @@ -168,11 +168,11 @@ The text below provides only a parameter summary. See The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdata_directory (see 'postconf -d' output)\fR" -The directory with Postfix-writable data files (for example: -caches, pseudo-random numbers). +The directory with Postfix\-writable data files (for example: +caches, pseudo\-random numbers). .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBipc_timeout (3600s)\fR" The time limit for sending or receiving information over an internal communication channel. @@ -182,21 +182,21 @@ for an incoming connection before terminating voluntarily. .IP "\fBmax_use (100)\fR" The maximal number of incoming connections that a Postfix daemon process will service before terminating voluntarily. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBproxy_read_maps (see 'postconf -d' output)\fR" The lookup tables that the \fBproxymap\fR(8) server is allowed to -access for the read-only service. +access for the read\-only service. .PP Available in Postfix 2.5 and later: .IP "\fBdata_directory (see 'postconf -d' output)\fR" -The directory with Postfix-writable data files (for example: -caches, pseudo-random numbers). +The directory with Postfix\-writable data files (for example: +caches, pseudo\-random numbers). .IP "\fBproxy_write_maps (see 'postconf -d' output)\fR" The lookup tables that the \fBproxymap\fR(8) server is allowed to -access for the read-write service. +access for the read\-write service. .SH "SEE ALSO" .na .nf diff --git a/postfix/man/man8/qmgr.8 b/postfix/man/man8/qmgr.8 index afc54f4bf..6ecfed563 100644 --- a/postfix/man/man8/qmgr.8 +++ b/postfix/man/man8/qmgr.8 @@ -15,11 +15,11 @@ Postfix queue manager The \fBqmgr\fR(8) daemon awaits the arrival of incoming mail and arranges for its delivery via Postfix delivery processes. The actual mail routing strategy is delegated to the -\fBtrivial-rewrite\fR(8) daemon. +\fBtrivial\-rewrite\fR(8) daemon. This program expects to be run from the \fBmaster\fR(8) process manager. -Mail addressed to the local \fBdouble-bounce\fR address is +Mail addressed to the local \fBdouble\-bounce\fR address is logged and discarded. This stops potential loops caused by undeliverable bounce notifications. .SH "MAIL QUEUES" @@ -49,18 +49,18 @@ sets them free. .nf .ad .fi -The \fBqmgr\fR(8) daemon keeps an eye on per-message delivery status +The \fBqmgr\fR(8) daemon keeps an eye on per\-message delivery status reports in the following directories. Each status report file has the same name as the corresponding message file: .IP \fBbounce\fR -Per-recipient status information about why mail is bounced. +Per\-recipient status information about why mail is bounced. These files are maintained by the \fBbounce\fR(8) daemon. .IP \fBdefer\fR -Per-recipient status information about why mail is delayed. +Per\-recipient status information about why mail is delayed. These files are maintained by the \fBdefer\fR(8) daemon. .IP \fBtrace\fR -Per-recipient status information as requested with the -Postfix "\fBsendmail -v\fR" or "\fBsendmail -bv\fR" command. +Per\-recipient status information as requested with the +Postfix "\fBsendmail \-v\fR" or "\fBsendmail \-bv\fR" command. These files are maintained by the \fBtrace\fR(8) daemon. .PP The \fBqmgr\fR(8) daemon is responsible for asking the @@ -87,7 +87,7 @@ This strategy eliminates "thundering herd" problems by slowly adjusting the number of parallel deliveries to the same destination. .IP "\fBround robin\fR The queue manager sorts delivery requests by destination. -Round-robin selection prevents one destination from dominating +Round\-robin selection prevents one destination from dominating deliveries to other destinations. .IP "\fBexponential backoff\fR" Mail that cannot be delivered upon the first attempt is deferred. @@ -95,10 +95,10 @@ The time interval between delivery attempts is doubled after each attempt. .IP "\fBdestination status cache\fR" The queue manager avoids unnecessary delivery attempts by -maintaining a short-term, in-memory list of unreachable destinations. +maintaining a short\-term, in\-memory list of unreachable destinations. .IP "\fBpreemptive message scheduling\fR" -The queue manager attempts to minimize the average per-recipient delay -while still preserving the correct per-message delays, using +The queue manager attempts to minimize the average per\-recipient delay +while still preserving the correct per\-message delays, using a sophisticated preemptive message scheduling. .SH "TRIGGERS" .na @@ -107,7 +107,7 @@ a sophisticated preemptive message scheduling. .fi On an idle system, the queue manager waits for the arrival of trigger events, or it waits for a timer to go off. A trigger -is a one-byte message. +is a one\-byte message. Depending on the message received, the queue manager performs one of the following actions (the message is followed by the symbolic constant used internally by the software): @@ -144,7 +144,7 @@ RFC 3464 (Delivery status notifications) .ad .fi The \fBqmgr\fR(8) daemon is not security sensitive. It reads -single-character messages from untrusted local users, and thus may +single\-character messages from untrusted local users, and thus may be susceptible to denial of service attacks. The \fBqmgr\fR(8) daemon does not talk to the outside world, and it can be run at fixed low privilege in a chrooted environment. @@ -161,7 +161,7 @@ the postmaster is notified of bounces and of other trouble. .ad .fi A single queue manager process has to compete for disk access with -multiple front-end processes such as \fBcleanup\fR(8). A sudden burst of +multiple front\-end processes such as \fBcleanup\fR(8). A sudden burst of inbound mail can negatively impact outbound delivery rates. .SH "CONFIGURATION PARAMETERS" .na @@ -185,13 +185,13 @@ In the text below, \fItransport\fR is the first field in a .fi Available before Postfix version 2.5: .IP "\fBallow_min_user (no)\fR" -Allow a sender or recipient address to have `-' as the first +Allow a sender or recipient address to have `\-' as the first character. .PP Available with Postfix version 2.7 and later: .IP "\fBdefault_filter_nexthop (empty)\fR" When a content_filter or FILTER request specifies no explicit -next-hop destination, use $default_filter_nexthop instead; when +next\-hop destination, use $default_filter_nexthop instead; when that value is empty, use the domain in the recipient address. .SH "ACTIVE QUEUE CONTROLS" .na @@ -205,29 +205,29 @@ clogging up the Postfix active queue. The maximal number of messages in the active queue. .IP "\fBqmgr_message_recipient_limit (20000)\fR" The maximal number of recipients held in memory by the Postfix -queue manager, and the maximal size of the short-term, -in-memory "dead" destination status cache. +queue manager, and the maximal size of the short\-term, +in\-memory "dead" destination status cache. .IP "\fBqmgr_message_recipient_minimum (10)\fR" -The minimal number of in-memory recipients for any message. +The minimal number of in\-memory recipients for any message. .IP "\fBdefault_recipient_limit (20000)\fR" -The default per-transport upper limit on the number of in-memory +The default per\-transport upper limit on the number of in\-memory recipients. .IP "\fItransport\fB_recipient_limit ($default_recipient_limit)\fR" Idem, for delivery via the named message \fItransport\fR. .IP "\fBdefault_extra_recipient_limit (1000)\fR" -The default value for the extra per-transport limit imposed on the -number of in-memory recipients. +The default value for the extra per\-transport limit imposed on the +number of in\-memory recipients. .IP "\fItransport\fB_extra_recipient_limit ($default_extra_recipient_limit)\fR" Idem, for delivery via the named message \fItransport\fR. .PP Available in Postfix version 2.4 and later: .IP "\fBdefault_recipient_refill_limit (100)\fR" -The default per-transport limit on the number of recipients refilled at +The default per\-transport limit on the number of recipients refilled at once. .IP "\fItransport\fB_recipient_refill_limit ($default_recipient_refill_limit)\fR" Idem, for delivery via the named message \fItransport\fR. .IP "\fBdefault_recipient_refill_delay (5s)\fR" -The default per-transport maximum delay between recipients refills. +The default per\-transport maximum delay between recipients refills. .IP "\fItransport\fB_recipient_refill_delay ($default_recipient_refill_delay)\fR" Idem, for delivery via the named message \fItransport\fR. .SH "DELIVERY CONCURRENCY CONTROLS" @@ -236,7 +236,7 @@ Idem, for delivery via the named message \fItransport\fR. .ad .fi .IP "\fBinitial_destination_concurrency (5)\fR" -The initial per-destination concurrency level for parallel delivery +The initial per\-destination concurrency level for parallel delivery to the same destination. .IP "\fBdefault_destination_concurrency_limit (20)\fR" The default maximal number of parallel deliveries to the same @@ -249,19 +249,19 @@ Available in Postfix version 2.5 and later: Initial concurrency for delivery via the named message \fItransport\fR. .IP "\fBdefault_destination_concurrency_failed_cohort_limit (1)\fR" -How many pseudo-cohorts must suffer connection or handshake +How many pseudo\-cohorts must suffer connection or handshake failure before a specific destination is considered unavailable (and further delivery is suspended). .IP "\fItransport\fB_destination_concurrency_failed_cohort_limit ($default_destination_concurrency_failed_cohort_limit)\fR" Idem, for delivery via the named message \fItransport\fR. .IP "\fBdefault_destination_concurrency_negative_feedback (1)\fR" -The per-destination amount of delivery concurrency negative +The per\-destination amount of delivery concurrency negative feedback, after a delivery completes with a connection or handshake failure. .IP "\fItransport\fB_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback)\fR" Idem, for delivery via the named message \fItransport\fR. .IP "\fBdefault_destination_concurrency_positive_feedback (1)\fR" -The per-destination amount of delivery concurrency positive +The per\-destination amount of delivery concurrency positive feedback, after a delivery completes without connection or handshake failure. .IP "\fItransport\fB_destination_concurrency_positive_feedback ($default_destination_concurrency_positive_feedback)\fR" @@ -294,12 +294,12 @@ Postfix queue manager's scheduling algorithm at all. .IP "\fItransport\fB_minimum_delivery_slots ($default_minimum_delivery_slots)\fR" Idem, for delivery via the named message \fItransport\fR. .IP "\fBdefault_delivery_slot_discount (50)\fR" -The default value for transport-specific _delivery_slot_discount +The default value for transport\-specific _delivery_slot_discount settings. .IP "\fItransport\fB_delivery_slot_discount ($default_delivery_slot_discount)\fR" Idem, for delivery via the named message \fItransport\fR. .IP "\fBdefault_delivery_slot_loan (3)\fR" -The default value for transport-specific _delivery_slot_loan +The default value for transport\-specific _delivery_slot_loan settings. .IP "\fItransport\fB_delivery_slot_loan ($default_delivery_slot_loan)\fR" Idem, for delivery via the named message \fItransport\fR. @@ -334,7 +334,7 @@ Available in Postfix version 2.5 and later: .IP "\fBdefault_destination_rate_delay (0s)\fR" The default amount of delay that is inserted between individual deliveries to the same destination; the resulting behavior depends -on the value of the corresponding per-destination recipient limit. +on the value of the corresponding per\-destination recipient limit. .IP "\fItransport\fB_destination_rate_delay $default_destination_rate_delay Idem, for delivery via the named message \fItransport\fR. .SH "SAFETY CONTROLS" @@ -344,7 +344,7 @@ Idem, for delivery via the named message \fItransport\fR. .fi .IP "\fBqmgr_daemon_timeout (1000s)\fR" How much time a Postfix queue manager process may take to handle -a request before it is terminated by a built-in watchdog timer. +a request before it is terminated by a built\-in watchdog timer. .IP "\fBqmgr_ipc_timeout (60s)\fR" The time limit for the queue manager to send or receive information over an internal communication channel. @@ -358,26 +358,26 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdefer_transports (empty)\fR" The names of message delivery transports that should not deliver mail -unless someone issues "\fBsendmail -q\fR" or equivalent. +unless someone issues "\fBsendmail \-q\fR" or equivalent. .IP "\fBdelay_logging_resolution_limit (2)\fR" The maximal number of digits after the decimal point when logging -sub-second delay values. +sub\-second delay values. .IP "\fBhelpful_warnings (yes)\fR" Log warnings about problematic configuration settings, and provide helpful suggestions. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .PP -Available in Postfix version 2.12 and later: +Available in Postfix version 3.0 and later: .IP "\fBconfirm_delay_cleared (no)\fR" After sending a "your message is delayed" notification, inform the sender when the delay clears up. @@ -387,13 +387,13 @@ the sender when the delay clears up. /var/spool/postfix/incoming, incoming queue /var/spool/postfix/active, active queue /var/spool/postfix/deferred, deferred queue -/var/spool/postfix/bounce, non-delivery status -/var/spool/postfix/defer, non-delivery status +/var/spool/postfix/bounce, non\-delivery status +/var/spool/postfix/defer, non\-delivery status /var/spool/postfix/trace, delivery status .SH "SEE ALSO" .na .nf -trivial-rewrite(8), address routing +trivial\-rewrite(8), address routing bounce(8), delivery status reports postconf(5), configuration parameters master(5), generic daemon options diff --git a/postfix/man/man8/qmqpd.8 b/postfix/man/man8/qmqpd.8 index e5c9e0d70..25d43ed40 100644 --- a/postfix/man/man8/qmqpd.8 +++ b/postfix/man/man8/qmqpd.8 @@ -25,7 +25,7 @@ authorized client hosts are allowed to use the service. .nf .ad .fi -The QMQP server is moderately security-sensitive. It talks to QMQP +The QMQP server is moderately security\-sensitive. It talks to QMQP clients and to DNS servers on the network. The QMQP server can be run chrooted at fixed low privilege. .SH DIAGNOSTICS @@ -64,14 +64,17 @@ The text below provides only a parameter summary. See After the message is queued, send the entire message to the specified \fItransport:destination\fR. .IP "\fBreceive_override_options (empty)\fR" -Enable or disable recipient validation, built-in content +Enable or disable recipient validation, built\-in content filtering, or address mapping. .SH "SMTPUTF8 CONTROLS" .na .nf .ad .fi -Preliminary SMTPUTF8 support is introduced with Postfix 2.12. +Preliminary SMTPUTF8 support is introduced with Postfix 3.0. +.IP "\fBsmtputf8_enable (yes)\fR" +Enable preliminary SMTPUTF8 support for the protocols described +in RFC 6531..6533. .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" Detect that a message requires SMTPUTF8 support for the specified mail origin classes. @@ -123,7 +126,7 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBipc_timeout (3600s)\fR" The time limit for sending or receiving information over an internal communication channel. @@ -133,21 +136,21 @@ for an incoming connection before terminating voluntarily. .IP "\fBmax_use (100)\fR" The maximal number of incoming connections that a Postfix daemon process will service before terminating voluntarily. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqmqpd_authorized_clients (empty)\fR" What remote QMQP clients are allowed to connect to the Postfix QMQP server port. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". -.IP "\fBverp_delimiter_filter (-=+)\fR" +.IP "\fBverp_delimiter_filter (\-=+)\fR" The characters Postfix accepts as VERP delimiter characters on the Postfix \fBsendmail\fR(1) command line and in SMTP commands. .PP @@ -171,7 +174,7 @@ Use "\fBpostconf readme_directory\fR" or "\fBpostconf html_directory\fR" to locate this information. .na .nf -QMQP_README, Postfix ezmlm-idx howto. +QMQP_README, Postfix ezmlm\-idx howto. .SH "LICENSE" .na .nf diff --git a/postfix/man/man8/scache.8 b/postfix/man/man8/scache.8 index 79a635c14..767f0776e 100644 --- a/postfix/man/man8/scache.8 +++ b/postfix/man/man8/scache.8 @@ -12,7 +12,7 @@ Postfix shared connection cache server .SH DESCRIPTION .ad .fi -The \fBscache\fR(8) server maintains a shared multi-connection +The \fBscache\fR(8) server maintains a shared multi\-connection cache. This information can be used by, for example, Postfix SMTP clients or other Postfix delivery agents. @@ -32,8 +32,8 @@ one endpoint may refer to zero or more connections. The exact syntax of a logical destination or endpoint name is application dependent; the \fBscache\fR(8) server does not care. A connection is stored as a file descriptor together -with application-dependent information that is needed to -re-activate a connection object. Again, the \fBscache\fR(8) +with application\-dependent information that is needed to +re\-activate a connection object. Again, the \fBscache\fR(8) server is completely unaware of the details of that information. @@ -45,7 +45,7 @@ This server implements the following requests: .IP "\fBsave_endp\fI ttl endpoint endpoint_properties file_descriptor\fR" Save the specified file descriptor and connection property data under the specified endpoint name. The endpoint properties -are used by the client to re-activate a passivated connection +are used by the client to re\-activate a passivated connection object. .IP "\fBfind_endp\fI endpoint\fR" Look up cached properties and a cached file descriptor for the @@ -54,7 +54,7 @@ specified endpoint. Save the binding between a logical destination and an endpoint under the destination name, together with destination specific connection properties. The destination properties -are used by the client to re-activate a passivated connection +are used by the client to re\-activate a passivated connection object. .IP "\fBfind_dest\fI destination\fR" Look up cached destination properties, cached endpoint properties, @@ -64,7 +64,7 @@ and a cached file descriptor for the specified logical destination. .nf .ad .fi -The \fBscache\fR(8) server is not security-sensitive. It does not +The \fBscache\fR(8) server is not security\-sensitive. It does not talk to the network, and it does not talk to local users. The \fBscache\fR(8) server can run chrooted at fixed low privilege. @@ -98,7 +98,7 @@ The text below provides only a parameter summary. See .ad .fi .IP "\fBconnection_cache_ttl_limit (2s)\fR" -The maximal time-to-live value that the \fBscache\fR(8) connection +The maximal time\-to\-live value that the \fBscache\fR(8) connection cache server allows. .IP "\fBconnection_cache_status_update_time (600s)\fR" @@ -115,16 +115,16 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBipc_timeout (3600s)\fR" The time limit for sending or receiving information over an internal communication channel. .IP "\fBmax_idle (100s)\fR" The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. diff --git a/postfix/man/man8/showq.8 b/postfix/man/man8/showq.8 index a200429e8..fe94231c1 100644 --- a/postfix/man/man8/showq.8 +++ b/postfix/man/man8/showq.8 @@ -15,7 +15,7 @@ list the Postfix mail queue The \fBshowq\fR(8) daemon reports the Postfix mail queue status. It is the program that emulates the sendmail `mailq' command. -The \fBshowq\fR(8) daemon can also be run in stand-alone mode +The \fBshowq\fR(8) daemon can also be run in stand\-alone mode by the superuser. This mode of operation is used to emulate the `mailq' command while the Postfix mail system is down. .SH "SECURITY" @@ -54,12 +54,12 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBduplicate_filter_limit (1000)\fR" The maximal number of addresses remembered by the address duplicate filter for \fBaliases\fR(5) or \fBvirtual\fR(5) alias expansion, or for \fBshowq\fR(8) queue displays. -.IP "\fBempty_address_recipient (MAILER-DAEMON)\fR" +.IP "\fBempty_address_recipient (MAILER\-DAEMON)\fR" The recipient of mail addressed to the null address. .IP "\fBipc_timeout (3600s)\fR" The time limit for sending or receiving information over an internal @@ -70,12 +70,12 @@ for an incoming connection before terminating voluntarily. .IP "\fBmax_use (100)\fR" The maximal number of incoming connections that a Postfix daemon process will service before terminating voluntarily. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" @@ -84,7 +84,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd". .PP Available in Postfix version 2.9 and later: .IP "\fBenable_long_queue_ids (no)\fR" -Enable long, non-repeating, queue IDs (queue file names). +Enable long, non\-repeating, queue IDs (queue file names). .SH "FILES" .na .nf diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index 7b4b04bca..4ec66d8a2 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -67,7 +67,7 @@ must be formatted as [\fBipv6\fR:\fIaddress\fR]. .fi LMTP destinations have the following form: .IP \fBunix\fR:\fIpathname\fR -Connect to the local UNIX-domain server that is bound to the specified +Connect to the local UNIX\-domain server that is bound to the specified \fIpathname\fR. If the process runs chrooted, an absolute pathname is interpreted relative to the Postfix queue directory. .IP \fBinet\fR:\fIhostname\fR @@ -86,7 +86,7 @@ An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR]. .nf .ad .fi -The SMTP+LMTP client is moderately security-sensitive. It +The SMTP+LMTP client is moderately security\-sensitive. It talks to SMTP or LMTP servers and to DNS servers on the network. The SMTP+LMTP client can be run chrooted at fixed low privilege. @@ -96,7 +96,7 @@ low privilege. RFC 821 (SMTP protocol) RFC 822 (ARPA Internet Text Messages) RFC 1651 (SMTP service extensions) -RFC 1652 (8bit-MIME transport) +RFC 1652 (8bit\-MIME transport) RFC 1870 (Message Size Declaration) RFC 2033 (LMTP protocol) RFC 2034 (SMTP Enhanced Error Codes) @@ -126,7 +126,7 @@ other trouble. .ad .fi SMTP and LMTP connection caching does not work with TLS. The necessary -support for TLS object passivation and re-activation does not +support for TLS object passivation and re\-activation does not exist without closing the session, which defeats the purpose. SMTP and LMTP connection caching assumes that SASL credentials @@ -140,12 +140,12 @@ address and TCP port. Before Postfix version 2.3, the LMTP client is a separate program that implements only a subset of the functionality available with SMTP: there is no support for TLS, and -connections are cached in-process, making it ineffective +connections are cached in\-process, making it ineffective when the client is used for multiple domains. Most smtp_\fIxxx\fR configuration parameters have an lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP -feature. This document describes only those LMTP-related +feature. This document describes only those LMTP\-related parameters that aren't simply "mirror" parameters. Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtp\fR(8) @@ -184,7 +184,7 @@ A list that specifies zero or more workarounds for CISCO PIX firewall bugs. .IP "\fBsmtp_pix_workaround_maps (empty)\fR" Lookup tables, indexed by the remote SMTP server address, with -per-destination workarounds for CISCO PIX firewall bugs. +per\-destination workarounds for CISCO PIX firewall bugs. .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR" Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands as required @@ -271,13 +271,13 @@ or receive a complete record (an SMTP command line, SMTP response line, SMTP message content line, or TLS protocol message). .IP "\fBsmtp_send_dummy_mail_auth (no)\fR" Whether or not to append the "AUTH=<>" option to the MAIL -FROM command in SASL-authenticated SMTP sessions. +FROM command in SASL\-authenticated SMTP sessions. .PP Available in Postfix version 2.11 and later: .IP "\fBsmtp_dns_support_level (empty)\fR" Level of DNS support in the Postfix SMTP client. .PP -Available in Postfix version 2.12 and later: +Available in Postfix version 3.0 and later: .IP "\fBsmtp_delivery_status_filter ($default_delivery_status_filter)\fR" Optional filter for the \fBsmtp\fR(8) delivery agent to change the delivery status code or explanatory text of successful or unsuccessful @@ -303,7 +303,7 @@ The maximal recursion level that the MIME processor will handle. .fi Available in Postfix version 2.1 and later: .IP "\fBsmtp_send_xforward_command (no)\fR" -Send the non-standard XFORWARD command when the Postfix SMTP server +Send the non\-standard XFORWARD command when the Postfix SMTP server EHLO response announces XFORWARD support. .SH "SASL AUTHENTICATION CONTROLS" .na @@ -315,7 +315,7 @@ Enable SASL authentication in the Postfix SMTP client. .IP "\fBsmtp_sasl_password_maps (empty)\fR" Optional Postfix SMTP client lookup tables with one username:password entry -per remote hostname or domain, or sender address when sender-dependent +per remote hostname or domain, or sender address when sender\-dependent authentication is enabled. .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR" Postfix SMTP client SASL security options; as of Postfix 2.3 @@ -325,22 +325,22 @@ with \fBsmtp_sasl_type\fR. .PP Available in Postfix version 2.2 and later: .IP "\fBsmtp_sasl_mechanism_filter (empty)\fR" -If non-empty, a Postfix SMTP client filter for the remote SMTP +If non\-empty, a Postfix SMTP client filter for the remote SMTP server's list of offered SASL mechanisms. .PP Available in Postfix version 2.3 and later: .IP "\fBsmtp_sender_dependent_authentication (no)\fR" -Enable sender-dependent authentication in the Postfix SMTP client; this is +Enable sender\-dependent authentication in the Postfix SMTP client; this is available only with SASL authentication, and disables SMTP connection caching to ensure that mail from different senders will use the appropriate credentials. .IP "\fBsmtp_sasl_path (empty)\fR" -Implementation-specific information that the Postfix SMTP client +Implementation\-specific information that the Postfix SMTP client passes through to -the SASL plug-in implementation that is selected with +the SASL plug\-in implementation that is selected with \fBsmtp_sasl_type\fR. .IP "\fBsmtp_sasl_type (cyrus)\fR" -The SASL plug-in type that the Postfix SMTP client should use +The SASL plug\-in type that the Postfix SMTP client should use for authentication. .PP Available in Postfix version 2.5 and later: @@ -359,7 +359,7 @@ mail as undeliverable. Available in Postfix version 2.9 and later: .IP "\fBsmtp_send_dummy_mail_auth (no)\fR" Whether or not to append the "AUTH=<>" option to the MAIL -FROM command in SASL-authenticated SMTP sessions. +FROM command in SASL\-authenticated SMTP sessions. .SH "STARTTLS SUPPORT CONTROLS" .na .nf @@ -369,7 +369,7 @@ Detailed information about STARTTLS configuration may be found in the TLS_README document. .IP "\fBsmtp_tls_security_level (empty)\fR" The default SMTP TLS security level for the Postfix SMTP client; -when a non-empty value is specified, this overrides the obsolete +when a non\-empty value is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR" The SASL authentication security options that the Postfix SMTP @@ -381,7 +381,7 @@ during TLS startup and shutdown handshake procedures. A file containing CA certificates of root CAs trusted to sign either remote SMTP server certificates or intermediate CA certificates. .IP "\fBsmtp_tls_CApath (empty)\fR" -Directory with PEM format certificate authority certificates +Directory with PEM format Certification Authority certificates that the Postfix SMTP client uses to verify a remote SMTP server certificate. .IP "\fBsmtp_tls_cert_file (empty)\fR" @@ -410,14 +410,14 @@ Log the hostname of a remote SMTP server that offers STARTTLS, when TLS is not already enabled for that server. .IP "\fBsmtp_tls_policy_maps (empty)\fR" Optional lookup tables with the Postfix SMTP client TLS security -policy by next-hop destination; when a non-empty value is specified, +policy by next\-hop destination; when a non\-empty value is specified, this overrides the obsolete smtp_tls_per_site parameter. .IP "\fBsmtp_tls_mandatory_protocols (!SSLv2)\fR" List of SSL/TLS protocols that the Postfix SMTP client will use with mandatory TLS encryption. .IP "\fBsmtp_tls_scert_verifydepth (9)\fR" The verification depth for remote SMTP server certificates. -.IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR" +.IP "\fBsmtp_tls_secure_cert_match (nexthop, dot\-nexthop)\fR" How the Postfix SMTP client verifies the server certificate peername for the "secure" TLS security level. .IP "\fBsmtp_tls_session_cache_database (empty)\fR" @@ -431,7 +431,7 @@ How the Postfix SMTP client verifies the server certificate peername for the "verify" TLS security level. .IP "\fBtls_daemon_random_bytes (32)\fR" -The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) +The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) process requests from the \fBtlsmgr\fR(8) server in order to seed its internal pseudo random number generator (PRNG). .IP "\fBtls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)\fR" @@ -476,26 +476,26 @@ File with the Postfix SMTP client ECDSA private key in PEM format. Available in Postfix version 2.7 and later: .IP "\fBsmtp_tls_block_early_mail_reply (no)\fR" Try to detect a mail hijacking attack based on a TLS protocol -vulnerability (CVE-2009-3555), where an attacker prepends malicious +vulnerability (CVE\-2009\-3555), where an attacker prepends malicious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. .PP Available in Postfix version 2.8 and later: .IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR" -List or bit-mask of OpenSSL bug work-arounds to disable. +List or bit\-mask of OpenSSL bug work\-arounds to disable. .PP Available in Postfix version 2.11 and later: .IP "\fBsmtp_tls_trust_anchor_file (empty)\fR" -Zero or more PEM-format files with trust-anchor certificates +Zero or more PEM\-format files with trust\-anchor certificates and/or public keys. .IP "\fBsmtp_tls_force_insecure_host_tlsa_lookup (no)\fR" Lookup the associated DANE TLSA RRset even when a hostname is not an alias and its address records lie in an unsigned zone. .IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR" -RFC 6698 trust-anchor digest support in the Postfix TLS library. +RFC 6698 trust\-anchor digest support in the Postfix TLS library. .IP "\fBtlsmgr_service_name (tlsmgr)\fR" The name of the \fBtlsmgr\fR(8) service entry in master.cf. .PP -Available in Postfix version 2.12 and later: +Available in Postfix version 3.0 and later: .IP "\fBsmtp_tls_wrappermode (no)\fR" Request that the Postfix SMTP client connects using the legacy SMTPS protocol instead of using the STARTTLS command. @@ -519,7 +519,7 @@ server hostname matches the information in the remote SMTP server certificate. .IP "\fBsmtp_tls_per_site (empty)\fR" Optional lookup tables with the Postfix SMTP client TLS usage -policy by next-hop destination and by remote SMTP server hostname. +policy by next\-hop destination and by remote SMTP server hostname. .IP "\fBsmtp_tls_cipherlist (empty)\fR" Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS cipher list. @@ -536,7 +536,7 @@ The maximal number of recipients per message for the smtp message delivery transport. .IP "\fBsmtp_connect_timeout (30s)\fR" The Postfix SMTP client time limit for completing a TCP connection, or -zero (use the operating system built-in time limit). +zero (use the operating system built\-in time limit). .IP "\fBsmtp_helo_timeout (300s)\fR" The Postfix SMTP client time limit for sending the HELO or EHLO command, and for receiving the initial remote SMTP server response. @@ -572,7 +572,7 @@ limit). .IP "\fBsmtp_mx_session_limit (2)\fR" The maximal number of SMTP sessions per delivery request before the Postfix SMTP client -gives up or delivers to a fall-back relay host, or zero (no +gives up or delivers to a fall\-back relay host, or zero (no limit). .IP "\fBsmtp_rset_timeout (20s)\fR" The Postfix SMTP client time limit for sending the RSET command, @@ -619,9 +619,9 @@ limit). .nf .ad .fi -Preliminary SMTPUTF8 support is introduced with Postfix 2.12. +Preliminary SMTPUTF8 support is introduced with Postfix 3.0. .IP "\fBsmtputf8_enable (yes)\fR" -Enable experimental SMTPUTF8 support for the protocols described +Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531..6533. .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" Detect that a message requires SMTPUTF8 support for the specified @@ -643,8 +643,8 @@ The recipient of postmaster notifications about mail delivery problems that are caused by policy, resource, software or protocol errors. .IP "\fBinternal_mail_filter_classes (empty)\fR" -What categories of Postfix-generated mail are subject to -before-queue content inspection by non_smtpd_milters, header_checks +What categories of Postfix\-generated mail are subject to +before\-queue content inspection by non_smtpd_milters, header_checks and body_checks. .IP "\fBnotify_classes (resource, software)\fR" The list of error classes that are reported to the postmaster. @@ -661,10 +661,10 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBdelay_logging_resolution_limit (2)\fR" The maximal number of digits after the decimal point when logging -sub-second delay values. +sub\-second delay values. .IP "\fBdisable_dns_lookups (no)\fR" Disable DNS lookups in the Postfix SMTP and LMTP clients. .IP "\fBinet_interfaces (all)\fR" @@ -689,9 +689,9 @@ for an incoming connection before terminating voluntarily. .IP "\fBmax_use (100)\fR" The maximal number of incoming connections that a Postfix daemon process will service before terminating voluntarily. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBproxy_interfaces (empty)\fR" The network interface addresses that this mail system receives mail @@ -714,7 +714,7 @@ The hostname to send in the LMTP LHLO command. What mechanisms the Postfix SMTP client uses to look up a host's IP address. .IP "\fBsmtp_randomize_addresses (yes)\fR" -Randomize the order of equal-preference MX host addresses. +Randomize the order of equal\-preference MX host addresses. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" @@ -731,7 +731,7 @@ Available with Postfix 2.3 and later: Optional list of relay hosts for SMTP destinations that can't be found or that are unreachable. .PP -Available with Postfix 2.12 and later: +Available with Postfix 3.0 and later: .IP "\fBsmtp_address_verify_target (rcpt)\fR" In the context of email address verification, the SMTP protocol stage that determines whether an email address is deliverable. @@ -791,8 +791,8 @@ TLS support originally by: Lutz Jaenicke BTU Cottbus Allgemeine Elektrotechnik -Universitaetsplatz 3-4 -D-03044 Cottbus, Germany +Universitaetsplatz 3\-4 +D\-03044 Cottbus, Germany Revised TLS and SMTP connection cache support by: Victor Duchovni diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index b050cc0e4..35c45d58a 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -10,7 +10,7 @@ Postfix SMTP server .nf \fBsmtpd\fR [generic Postfix daemon options] -\fBsendmail -bs\fR +\fBsendmail \-bs\fR .SH DESCRIPTION .ad .fi @@ -21,9 +21,9 @@ daemon, and is placed into the \fBincoming\fR queue as one single queue file. For this mode of operation, the program expects to be run from the \fBmaster\fR(8) process manager. -Alternatively, the SMTP server be can run in stand-alone +Alternatively, the SMTP server be can run in stand\-alone mode; this is traditionally obtained with "\fBsendmail --bs\fR". When the SMTP server runs stand-alone with non +\-bs\fR". When the SMTP server runs stand\-alone with non $\fBmail_owner\fR privileges, it receives mail even while the mail system is not running, deposits messages directly into the \fBmaildrop\fR queue, and disables the SMTP server's @@ -40,7 +40,7 @@ and \fBRCPT TO\fR commands. They are detailed below and in the .nf .ad .fi -The SMTP server is moderately security-sensitive. It talks to SMTP +The SMTP server is moderately security\-sensitive. It talks to SMTP clients and to DNS servers on the network. The SMTP server can be run chrooted at fixed low privilege. .SH "STANDARDS" @@ -48,7 +48,7 @@ run chrooted at fixed low privilege. .nf RFC 821 (SMTP protocol) RFC 1123 (Host requirements) -RFC 1652 (8bit-MIME transport) +RFC 1652 (8bit\-MIME transport) RFC 1869 (SMTP service extensions) RFC 1870 (Message size declaration) RFC 1985 (ETRN command) @@ -95,7 +95,7 @@ undesirable use. .ad .fi .IP "\fBbroken_sasl_auth_clients (no)\fR" -Enable inter-operability with remote SMTP clients that implement an obsolete +Enable inter\-operability with remote SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). .IP "\fBdisable_vrfy_command (no)\fR" Disable the SMTP VRFY command. @@ -154,7 +154,7 @@ time limit per read or write system call, to a time limit to send or receive a complete record (an SMTP command line, SMTP response line, SMTP message content line, or TLS protocol message). .PP -Available in Postfix version 2.12 and later: +Available in Postfix version 3.0 and later: .IP "\fBsmtpd_dns_reply_filter (empty)\fR" Optional filter for Postfix SMTP server DNS lookup results. .SH "ADDRESS REWRITING CONTROLS" @@ -165,7 +165,7 @@ Optional filter for Postfix SMTP server DNS lookup results. See the ADDRESS_REWRITING_README document for a detailed discussion of Postfix address rewriting. .IP "\fBreceive_override_options (empty)\fR" -Enable or disable recipient validation, built-in content +Enable or disable recipient validation, built\-in content filtering, or address mapping. .PP Available in Postfix version 2.2 and later: @@ -183,7 +183,7 @@ parameter. .fi Available in Postfix version 2.10 and later: .IP "\fBsmtpd_upstream_proxy_protocol (empty)\fR" -The name of the proxy protocol used by an optional before-smtpd +The name of the proxy protocol used by an optional before\-smtpd proxy agent. .IP "\fBsmtpd_upstream_proxy_timeout (5s)\fR" The time limit for the proxy protocol specified with the @@ -206,7 +206,7 @@ specified \fItransport:destination\fR. .ad .fi As of version 2.1, the Postfix SMTP server can be configured -to send incoming mail to a real-time SMTP-based content filter +to send incoming mail to a real\-time SMTP\-based content filter BEFORE mail is queued. This content filter is expected to inject mail back into Postfix. See the SMTPD_PROXY_README document for details on how to configure and operate this feature. @@ -216,7 +216,7 @@ The hostname and TCP port of the mail filtering proxy server. How the Postfix SMTP server announces itself to the proxy filter. .IP "\fBsmtpd_proxy_options (empty)\fR" List of options that control how the Postfix SMTP server -communicates with a before-queue content filter. +communicates with a before\-queue content filter. .IP "\fBsmtpd_proxy_timeout (100s)\fR" The time limit for connecting to a proxy filter and for sending or receiving information. @@ -239,7 +239,7 @@ for communication with a Milter application; prior to Postfix 2.6 the default protocol is 2. .IP "\fBmilter_default_action (tempfail)\fR" The default action when a Milter (mail filter) application is -unavailable or mis-configured. +unavailable or mis\-configured. .IP "\fBmilter_macro_daemon_name ($myhostname)\fR" The {daemon_name} macro value for Milter (mail filter) applications. .IP "\fBmilter_macro_v ($mail_name $mail_version)\fR" @@ -276,26 +276,26 @@ The macros that are sent to Milter (mail filter) applications after the end of the message header. .IP "\fBmilter_end_of_data_macros (see 'postconf -d' output)\fR" The macros that are sent to Milter (mail filter) applications -after the message end-of-data. +after the message end\-of\-data. .SH "GENERAL CONTENT INSPECTION CONTROLS" .na .nf .ad .fi -The following parameters are applicable for both built-in +The following parameters are applicable for both built\-in and external content filters. .PP Available in Postfix version 2.1 and later: .IP "\fBreceive_override_options (empty)\fR" -Enable or disable recipient validation, built-in content +Enable or disable recipient validation, built\-in content filtering, or address mapping. .SH "EXTERNAL CONTENT INSPECTION CONTROLS" .na .nf .ad .fi -The following parameters are applicable for both before-queue -and after-queue content filtering. +The following parameters are applicable for both before\-queue +and after\-queue content filtering. .PP Available in Postfix version 2.1 and later: .IP "\fBsmtpd_authorized_xforward_hosts (empty)\fR" @@ -310,7 +310,7 @@ SMTP clients to the Postfix SMTP server, and to authenticate the Postfix SMTP client to a remote SMTP server. See the SASL_README document for details. .IP "\fBbroken_sasl_auth_clients (no)\fR" -Enable inter-operability with remote SMTP clients that implement an obsolete +Enable inter\-operability with remote SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). .IP "\fBsmtpd_sasl_auth_enable (no)\fR" Enable SASL authentication in the Postfix SMTP server. @@ -341,12 +341,12 @@ Available in Postfix version 2.3 and later: Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received message header. .IP "\fBsmtpd_sasl_path (smtpd)\fR" -Implementation-specific information that the Postfix SMTP server +Implementation\-specific information that the Postfix SMTP server passes through to -the SASL plug-in implementation that is selected with +the SASL plug\-in implementation that is selected with \fBsmtpd_sasl_type\fR. .IP "\fBsmtpd_sasl_type (cyrus)\fR" -The SASL plug-in type that the Postfix SMTP server should use +The SASL plug\-in type that the Postfix SMTP server should use for authentication. .PP Available in Postfix version 2.5 and later: @@ -356,7 +356,7 @@ currently used only to locate the $smtpd_sasl_path.conf file. .PP Available in Postfix version 2.11 and later: .IP "\fBsmtpd_sasl_service (smtp)\fR" -The service name that is passed to the SASL plug-in that is +The service name that is passed to the SASL plug\-in that is selected with \fBsmtpd_sasl_type\fR and \fBsmtpd_sasl_path\fR. .SH "STARTTLS SUPPORT CONTROLS" .na @@ -367,7 +367,7 @@ Detailed information about STARTTLS configuration may be found in the TLS_README document. .IP "\fBsmtpd_tls_security_level (empty)\fR" The SMTP TLS security level for the Postfix SMTP server; when -a non-empty value is specified, this overrides the obsolete parameters +a non\-empty value is specified, this overrides the obsolete parameters smtpd_use_tls and smtpd_enforce_tls. .IP "\fBsmtpd_sasl_tls_security_options ($smtpd_sasl_security_options)\fR" The SASL authentication security options that the Postfix SMTP @@ -404,10 +404,10 @@ cipher list at all TLS security levels. File with the Postfix SMTP server DSA certificate in PEM format. .IP "\fBsmtpd_tls_dh1024_param_file (empty)\fR" File with DH parameters that the Postfix SMTP server should -use with non-export EDH ciphers. +use with non\-export EDH ciphers. .IP "\fBsmtpd_tls_dh512_param_file (empty)\fR" File with DH parameters that the Postfix SMTP server should -use with export-grade EDH ciphers. +use with export\-grade EDH ciphers. .IP "\fBsmtpd_tls_dkey_file ($smtpd_tls_dcert_file)\fR" File with the Postfix SMTP server DSA private key in PEM format. .IP "\fBsmtpd_tls_key_file ($smtpd_tls_cert_file)\fR" @@ -432,10 +432,10 @@ CommonName. With mandatory TLS encryption, require a trusted remote SMTP client certificate in order to allow TLS connections to proceed. .IP "\fBsmtpd_tls_wrappermode (no)\fR" -Run the Postfix SMTP server in the non-standard "wrapper" mode, +Run the Postfix SMTP server in the non\-standard "wrapper" mode, instead of using the STARTTLS command. .IP "\fBtls_daemon_random_bytes (32)\fR" -The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) +The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) process requests from the \fBtlsmgr\fR(8) server in order to seed its internal pseudo random number generator (PRNG). .IP "\fBtls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)\fR" @@ -453,7 +453,7 @@ authentication without encryption. Available in Postfix version 2.5 and later: .IP "\fBsmtpd_tls_fingerprint_digest (md5)\fR" The message digest algorithm to construct remote SMTP -client-certificate +client\-certificate fingerprints or public key fingerprints (Postfix 2.9 and later) for \fBcheck_ccert_access\fR and \fBpermit_tls_clientcerts\fR. .PP @@ -469,8 +469,8 @@ File with the Postfix SMTP server ECDSA certificate in PEM format. .IP "\fBsmtpd_tls_eckey_file ($smtpd_tls_eccert_file)\fR" File with the Postfix SMTP server ECDSA private key in PEM format. .IP "\fBsmtpd_tls_eecdh_grade (see 'postconf -d' output)\fR" -The Postfix SMTP server security grade for ephemeral elliptic-curve -Diffie-Hellman (EECDH) key exchange. +The Postfix SMTP server security grade for ephemeral elliptic\-curve +Diffie\-Hellman (EECDH) key exchange. .IP "\fBtls_eecdh_strong_curve (prime256v1)\fR" The elliptic curve used by the Postfix SMTP server for sensibly strong @@ -486,14 +486,14 @@ With SSLv3 and later, use the Postfix SMTP server's cipher preference order instead of the remote client's cipher preference order. .IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR" -List or bit-mask of OpenSSL bug work-arounds to disable. +List or bit\-mask of OpenSSL bug work\-arounds to disable. .PP Available in Postfix version 2.11 and later: .IP "\fBtlsmgr_service_name (tlsmgr)\fR" The name of the \fBtlsmgr\fR(8) service entry in master.cf. .PP -Available in Postfix version 2.12 and later: -.IP "\fBtls_session_ticket_cipher (Postfix ≥ 2.12: aes-256-cbc, postfix < 2.12: aes-128-cbc)\fR" +Available in Postfix version 3.0 and later: +.IP "\fBtls_session_ticket_cipher (Postfix >= 3.0: aes\-256\-cbc, Postfix < 3.0: aes\-128\-cbc)\fR" Algorithm used to encrypt RFC5077 TLS session tickets. .SH "OBSOLETE STARTTLS CONTROLS" .na @@ -517,9 +517,9 @@ cipher list. .nf .ad .fi -Preliminary SMTPUTF8 support is introduced with Postfix 2.12. +Preliminary SMTPUTF8 support is introduced with Postfix 3.0. .IP "\fBsmtputf8_enable (yes)\fR" -Enable experimental SMTPUTF8 support for the protocols described +Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531..6533. .IP "\fBstrict_smtputf8 (no)\fR" Enable stricter enforcement of the SMTPUTF8 protocol. @@ -537,11 +537,11 @@ encoded in the envelope sender address. The VERP_README file describes configuration and operation details of Postfix support for variable envelope return path addresses. VERP style delivery is requested with the SMTP XVERP command or with the "sendmail --V" command-line option and is available in Postfix version 1.1 +\-V" command\-line option and is available in Postfix version 1.1 and later. .IP "\fBdefault_verp_delimiters (+=)\fR" The two default VERP delimiter characters. -.IP "\fBverp_delimiter_filter (-=+)\fR" +.IP "\fBverp_delimiter_filter (\-=+)\fR" The characters Postfix accepts as VERP delimiter characters on the Postfix \fBsendmail\fR(1) command line and in SMTP commands. .PP @@ -573,8 +573,8 @@ The recipient of postmaster notifications about mail delivery problems that are caused by policy, resource, software or protocol errors. .IP "\fBinternal_mail_filter_classes (empty)\fR" -What categories of Postfix-generated mail are subject to -before-queue content inspection by non_smtpd_milters, header_checks +What categories of Postfix\-generated mail are subject to +before\-queue content inspection by non_smtpd_milters, header_checks and body_checks. .IP "\fBnotify_classes (resource, software)\fR" The list of error classes that are reported to the postmaster. @@ -602,7 +602,7 @@ not "permit" actions). .fi As of Postfix version 2.0, the SMTP server rejects mail for unknown recipients. This prevents the mail queue from clogging up -with undeliverable MAILER-DAEMON messages. Additional information +with undeliverable MAILER\-DAEMON messages. Additional information on this topic is in the LOCAL_RECIPIENT_README and ADDRESS_CLASS_README documents. .IP "\fBshow_user_unknown_table_name (yes)\fR" @@ -638,7 +638,7 @@ address is local, and $local_recipient_maps specifies a list of lookup tables that does not match the recipient. .PP Parameters concerning known/unknown recipients of relay destinations: -.IP "\fBrelay_domains (Postfix ≥ 2.12: empty, Postfix < 2.12: $mydestination)\fR" +.IP "\fBrelay_domains (Postfix >= 3.0: empty, Postfix < 3.0: $mydestination)\fR" What destination domains (and subdomains thereof) this system will relay mail to. .IP "\fBrelay_recipient_maps (empty)\fR" @@ -706,7 +706,7 @@ Attempt to look up the remote SMTP client hostname, and verify that the name matches the client IP address. .PP The per SMTP client connection count and request rate limits are -implemented in co-operation with the \fBanvil\fR(8) service, and +implemented in co\-operation with the \fBanvil\fR(8) service, and are available in Postfix version 2.2 and later. .IP "\fBsmtpd_client_connection_count_limit (50)\fR" How many simultaneous connections any client is allowed to @@ -746,7 +746,7 @@ line, SMTP message content line, or TLS protocol message). .fi When a remote SMTP client makes errors, the Postfix SMTP server can insert delays before responding. This can help to slow down -run-away software. The behavior is controlled by an error counter +run\-away software. The behavior is controlled by an error counter that counts the number of errors within an SMTP session that a client makes without delivering mail. .IP "\fBsmtpd_error_sleep_time (1s)\fR" @@ -769,7 +769,7 @@ Available in Postfix version 2.1 and later: .IP "\fBsmtpd_recipient_overshoot_limit (1000)\fR" The number of recipients that a remote SMTP client can send in excess of the limit specified with $smtpd_recipient_limit, before -the Postfix SMTP server increments the per-session error count +the Postfix SMTP server increments the per\-session error count for each excess recipient. .SH "ACCESS POLICY DELEGATION CONTROLS" .na @@ -789,7 +789,7 @@ closed. The time limit for connecting to, writing to, or receiving from a delegated SMTPD policy server. .PP -Available in Postfix version 2.12 and later: +Available in Postfix version 3.0 and later: .IP "\fBsmtpd_policy_service_default_action (451 4.3.5 Server configuration problem)\fR" The default action when an SMTPD policy service request fails. .IP "\fBsmtpd_policy_service_request_limit (0)\fR" @@ -837,10 +837,10 @@ context of a client RCPT TO command, after smtpd_relay_restrictions. Optional restrictions that the Postfix SMTP server applies in the context of a client ETRN command. .IP "\fBallow_untrusted_routing (no)\fR" -Forward mail with sender-specified routing (user[@%!]remote[@%!]site) +Forward mail with sender\-specified routing (user[@%!]remote[@%!]site) from untrusted clients to destinations matching $relay_domains. .IP "\fBsmtpd_restriction_classes (empty)\fR" -User-defined aliases for groups of access restrictions. +User\-defined aliases for groups of access restrictions. .IP "\fBsmtpd_null_access_lookup_key (<>)\fR" The lookup key to be used in SMTP \fBaccess\fR(5) tables instead of the null sender address. @@ -869,7 +869,7 @@ access restriction is specified. Available in Postfix version 2.2 and later: .IP "\fBsmtpd_end_of_data_restrictions (empty)\fR" Optional access restrictions that the Postfix SMTP server -applies in the context of the SMTP END-OF-DATA command. +applies in the context of the SMTP END\-OF\-DATA command. .PP Available in Postfix version 2.10 and later: .IP "\fBsmtpd_relay_restrictions (permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination)\fR" @@ -928,7 +928,7 @@ fails due to a temporary error condition. .PP Available with Postfix 2.9 and later: .IP "\fBaddress_verify_sender_ttl (0s)\fR" -The time between changes in the time-dependent portion of address +The time between changes in the time\-dependent portion of address verification probe sender addresses. .SH "ACCESS CONTROL RESPONSES" .na @@ -981,7 +981,7 @@ reject_unknown_helo_hostname restriction. Available in Postfix version 2.0 and later: .IP "\fBdefault_rbl_reply (see 'postconf -d' output)\fR" The default Postfix SMTP server response template for a request that is -rejected by an RBL-based restriction. +rejected by an RBL\-based restriction. .IP "\fBmulti_recipient_bounce_reject_code (550)\fR" The numerical Postfix SMTP server response code when a remote SMTP client request is blocked by the reject_multi_recipient_bounce @@ -995,7 +995,7 @@ The numerical Postfix SMTP server response code for an \fBaccess\fR(5) map "defer" action, including "defer_if_permit" or "defer_if_reject". .IP "\fBreject_tempfail_action (defer_if_permit)\fR" -The Postfix SMTP server's action when a reject-type restriction +The Postfix SMTP server's action when a reject\-type restriction fails due to a temporary error condition. .IP "\fBunknown_helo_hostname_tempfail_action ($reject_tempfail_action)\fR" The Postfix SMTP server's action when reject_unknown_helo_hostname @@ -1014,10 +1014,10 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBcommand_directory (see 'postconf -d' output)\fR" The location of all postfix administrative commands. -.IP "\fBdouble_bounce_sender (double-bounce)\fR" +.IP "\fBdouble_bounce_sender (double\-bounce)\fR" The sender address of postmaster notifications that are generated by the mail system. .IP "\fBipc_timeout (3600s)\fR" @@ -1041,14 +1041,14 @@ The internet hostname of this mail system. The list of "trusted" remote SMTP clients that have more privileges than "strangers". .IP "\fBmyorigin ($myhostname)\fR" -The domain name that locally-posted mail appears to come +The domain name that locally\-posted mail appears to come from, and that locally posted mail is delivered to. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBrecipient_delimiter (empty)\fR" The set of characters that can separate a user name from its extension (example: user+foo), or a .forward file name from its @@ -1077,7 +1077,7 @@ the hostname and IP address. anvil(8), connection/rate limiting cleanup(8), message canonicalization tlsmgr(8), TLS session and PRNG management -trivial-rewrite(8), address resolver +trivial\-rewrite(8), address resolver verify(8), address verification service postconf(5), configuration parameters master(5), generic daemon options @@ -1094,12 +1094,12 @@ Use "\fBpostconf readme_directory\fR" or .nf ADDRESS_CLASS_README, blocking unknown hosted or relay recipients ADDRESS_REWRITING_README Postfix address manipulation -FILTER_README, external after-queue content filter +FILTER_README, external after\-queue content filter LOCAL_RECIPIENT_README, blocking unknown local recipients -MILTER_README, before-queue mail filter applications -SMTPD_ACCESS_README, built-in access policies +MILTER_README, before\-queue mail filter applications +SMTPD_ACCESS_README, built\-in access policies SMTPD_POLICY_README, external policy server -SMTPD_PROXY_README, external before-queue content filter +SMTPD_PROXY_README, external before\-queue content filter SASL_README, Postfix SASL howto TLS_README, Postfix STARTTLS howto VERP_README, Postfix XVERP extension @@ -1128,8 +1128,8 @@ TLS support originally by: Lutz Jaenicke BTU Cottbus Allgemeine Elektrotechnik -Universitaetsplatz 3-4 -D-03044 Cottbus, Germany +Universitaetsplatz 3\-4 +D\-03044 Cottbus, Germany Revised TLS support by: Victor Duchovni diff --git a/postfix/man/man8/spawn.8 b/postfix/man/man8/spawn.8 index ba1ab560b..5967507fa 100644 --- a/postfix/man/man8/spawn.8 +++ b/postfix/man/man8/spawn.8 @@ -16,8 +16,8 @@ The \fBspawn\fR(8) daemon provides the Postfix equivalent of \fBinetd\fR. It listens on a port as specified in the Postfix \fBmaster.cf\fR file and spawns an external command whenever a connection is established. -The connection can be made over local IPC (such as UNIX-domain -sockets) or over non-local IPC (such as TCP sockets). +The connection can be made over local IPC (such as UNIX\-domain +sockets) or over non\-local IPC (such as TCP sockets). The command\'s standard input, output and error streams are connected directly to the communication endpoint. @@ -64,7 +64,7 @@ Problems are logged to \fBsyslogd\fR(8). This program needs root privilege in order to execute external commands as the specified user. It is therefore security sensitive. However the \fBspawn\fR(8) daemon does not talk to the external command -and thus is not vulnerable to data-driven attacks. +and thus is not vulnerable to data\-driven attacks. .SH "CONFIGURATION PARAMETERS" .na .nf @@ -101,10 +101,10 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBexport_environment (see 'postconf -d' output)\fR" The list of environment variables that a Postfix process will export -to non-Postfix processes. +to non\-Postfix processes. .IP "\fBipc_timeout (3600s)\fR" The time limit for sending or receiving information over an internal communication channel. @@ -117,12 +117,12 @@ for an incoming connection before terminating voluntarily. .IP "\fBmax_use (100)\fR" The maximal number of incoming connections that a Postfix daemon process will service before terminating voluntarily. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" diff --git a/postfix/man/man8/tlsmgr.8 b/postfix/man/man8/tlsmgr.8 index da3a5bd8b..468d5cf26 100644 --- a/postfix/man/man8/tlsmgr.8 +++ b/postfix/man/man8/tlsmgr.8 @@ -24,7 +24,7 @@ processes to seed their internal PRNG pools. The \fBtlsmgr\fR(8)'s PRNG pool is initially seeded from an external source (EGD, /dev/urandom, or regular file). -It is updated at configurable pseudo-random intervals with +It is updated at configurable pseudo\-random intervals with data from the external source. It is updated periodically with data from TLS session cache entries and with the time of day, and is updated with the time of day whenever a @@ -38,7 +38,7 @@ the exchange file when initializing its PRNG. .nf .ad .fi -The \fBtlsmgr\fR(8) is not security-sensitive. The code that maintains +The \fBtlsmgr\fR(8) is not security\-sensitive. The code that maintains the external and internal PRNG pools does not "trust" the data that it manipulates, and the code that maintains the TLS session cache does not touch the contents of the cached @@ -51,10 +51,10 @@ session cache files. With Postfix version 2.5 and later, the \fBtlsmgr\fR(8) no longer uses root privileges when opening cache files. These -files should now be stored under the Postfix-owned +files should now be stored under the Postfix\-owned \fBdata_directory\fR. As a migration aid, an attempt to -open a cache file under a non-Postfix directory is redirected -to the Postfix-owned \fBdata_directory\fR, and a warning +open a cache file under a non\-Postfix directory is redirected +to the Postfix\-owned \fBdata_directory\fR, and a warning is logged. .SH DIAGNOSTICS .ad @@ -82,13 +82,13 @@ The text below provides only a parameter summary. See .ad .fi .IP "\fBlmtp_tls_loglevel (0)\fR" -The LMTP-specific version of the smtp_tls_loglevel +The LMTP\-specific version of the smtp_tls_loglevel configuration parameter. .IP "\fBlmtp_tls_session_cache_database (empty)\fR" -The LMTP-specific version of the smtp_tls_session_cache_database +The LMTP\-specific version of the smtp_tls_session_cache_database configuration parameter. .IP "\fBlmtp_tls_session_cache_timeout (3600s)\fR" -The LMTP-specific version of the smtp_tls_session_cache_timeout +The LMTP\-specific version of the smtp_tls_session_cache_timeout configuration parameter. .IP "\fBsmtp_tls_loglevel (0)\fR" Enable additional Postfix SMTP client logging of TLS activity. @@ -112,11 +112,11 @@ information. .ad .fi .IP "\fBtls_random_source (see 'postconf -d' output)\fR" -The external entropy source for the in-memory \fBtlsmgr\fR(8) pseudo +The external entropy source for the in\-memory \fBtlsmgr\fR(8) pseudo random number generator (PRNG) pool. .IP "\fBtls_random_bytes (32)\fR" The number of bytes that \fBtlsmgr\fR(8) reads from $tls_random_source -when (re)seeding the in-memory pseudo random number generator (PRNG) +when (re)seeding the in\-memory pseudo random number generator (PRNG) pool. .IP "\fBtls_random_exchange_name (see 'postconf -d' output)\fR" Name of the pseudo random number generator (PRNG) state file @@ -126,8 +126,8 @@ The time between attempts by \fBtlsmgr\fR(8) to save the state of the pseudo random number generator (PRNG) to the file specified with $tls_random_exchange_name. .IP "\fBtls_random_reseed_period (3600s)\fR" -The maximal time between attempts by \fBtlsmgr\fR(8) to re-seed the -in-memory pseudo random number generator (PRNG) pool from external +The maximal time between attempts by \fBtlsmgr\fR(8) to re\-seed the +in\-memory pseudo random number generator (PRNG) pool from external sources. .SH "MISCELLANEOUS CONTROLS" .na @@ -138,14 +138,14 @@ sources. The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdata_directory (see 'postconf -d' output)\fR" -The directory with Postfix-writable data files (for example: -caches, pseudo-random numbers). +The directory with Postfix\-writable data files (for example: +caches, pseudo\-random numbers). .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. -.IP "\fBprocess_id (read-only)\fR" +request before it is terminated by a built\-in watchdog timer. +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. @@ -187,8 +187,8 @@ This service was introduced with Postfix version 2.2. Lutz Jaenicke BTU Cottbus Allgemeine Elektrotechnik -Universitaetsplatz 3-4 -D-03044 Cottbus, Germany +Universitaetsplatz 3\-4 +D\-03044 Cottbus, Germany Adapted by: Wietse Venema diff --git a/postfix/man/man8/tlsproxy.8 b/postfix/man/man8/tlsproxy.8 index 32644fc1d..06743cefd 100644 --- a/postfix/man/man8/tlsproxy.8 +++ b/postfix/man/man8/tlsproxy.8 @@ -12,11 +12,11 @@ Postfix TLS proxy .SH DESCRIPTION .ad .fi -The \fBtlsproxy\fR(8) server implements a server-side TLS -proxy. It is used by \fBpostscreen\fR(8) to talk SMTP-over-TLS +The \fBtlsproxy\fR(8) server implements a server\-side TLS +proxy. It is used by \fBpostscreen\fR(8) to talk SMTP\-over\-TLS with remote SMTP clients that are not whitelisted (including clients whose whitelist status has expired), -but it should also work for non-SMTP protocols. +but it should also work for non\-SMTP protocols. Although one \fBtlsproxy\fR(8) process can serve multiple sessions at the same time, it is a good idea to allow the @@ -42,7 +42,7 @@ the remote SMTP client file descriptor to \fBtlsproxy\fR(8), and sends the plaintext 220 greeting to the remote SMTP client. This triggers TLS negotiations between the remote SMTP client and \fBtlsproxy\fR(8). Upon completion of the -TLS-level handshake, \fBtlsproxy\fR(8) translates between +TLS\-level handshake, \fBtlsproxy\fR(8) translates between plaintext from/to \fBpostscreen\fR(8) and ciphertext to/from the remote SMTP client. .SH "SECURITY" @@ -50,7 +50,7 @@ the remote SMTP client. .nf .ad .fi -The \fBtlsproxy\fR(8) server is moderately security-sensitive. +The \fBtlsproxy\fR(8) server is moderately security\-sensitive. It talks to untrusted clients on the network. The process can be run chrooted at fixed low privilege. .SH DIAGNOSTICS @@ -100,10 +100,10 @@ File with the Postfix \fBtlsproxy\fR(8) server DSA certificate in PEM format. .IP "\fBtlsproxy_tls_dh1024_param_file ($smtpd_tls_dh1024_param_file)\fR" File with DH parameters that the Postfix \fBtlsproxy\fR(8) server -should use with non-export EDH ciphers. +should use with non\-export EDH ciphers. .IP "\fBtlsproxy_tls_dh512_param_file ($smtpd_tls_dh512_param_file)\fR" File with DH parameters that the Postfix \fBtlsproxy\fR(8) server -should use with export-grade EDH ciphers. +should use with export\-grade EDH ciphers. .IP "\fBtlsproxy_tls_dkey_file ($smtpd_tls_dkey_file)\fR" File with the Postfix \fBtlsproxy\fR(8) server DSA private key in PEM format. @@ -115,13 +115,13 @@ File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in PEM format. .IP "\fBtlsproxy_tls_eecdh_grade ($smtpd_tls_eecdh_grade)\fR" The Postfix \fBtlsproxy\fR(8) server security grade for ephemeral -elliptic-curve Diffie-Hellman (EECDH) key exchange. +elliptic\-curve Diffie\-Hellman (EECDH) key exchange. .IP "\fBtlsproxy_tls_exclude_ciphers ($smtpd_tls_exclude_ciphers)\fR" List of ciphers or cipher types to exclude from the \fBtlsproxy\fR(8) server cipher list at all TLS security levels. .IP "\fBtlsproxy_tls_fingerprint_digest ($smtpd_tls_fingerprint_digest)\fR" The message digest algorithm to construct remote SMTP -client-certificate +client\-certificate fingerprints. .IP "\fBtlsproxy_tls_key_file ($smtpd_tls_key_file)\fR" File with the Postfix \fBtlsproxy\fR(8) server RSA private key in PEM @@ -146,7 +146,7 @@ With mandatory TLS encryption, require a trusted remote SMTP client certificate in order to allow TLS connections to proceed. .IP "\fBtlsproxy_tls_security_level ($smtpd_tls_security_level)\fR" The SMTP TLS security level for the Postfix \fBtlsproxy\fR(8) server; -when a non-empty value is specified, this overrides the obsolete +when a non\-empty value is specified, this overrides the obsolete parameters smtpd_use_tls and smtpd_enforce_tls. .PP Available in Postfix version 2.11 and later: @@ -172,7 +172,7 @@ require that clients use TLS encryption. .fi .IP "\fBtlsproxy_watchdog_timeout (10s)\fR" How much time a \fBtlsproxy\fR(8) process may take to process local -or remote I/O before it is terminated by a built-in watchdog timer. +or remote I/O before it is terminated by a built\-in watchdog timer. .SH "MISCELLANEOUS CONTROLS" .na .nf @@ -181,9 +181,9 @@ or remote I/O before it is terminated by a built-in watchdog timer. .IP "\fBconfig_directory (see 'postconf -d' output)\fR" The default location of the Postfix main.cf and master.cf configuration files. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. diff --git a/postfix/man/man8/trivial-rewrite.8 b/postfix/man/man8/trivial-rewrite.8 index ca81ee7d6..2461d4178 100644 --- a/postfix/man/man8/trivial-rewrite.8 +++ b/postfix/man/man8/trivial-rewrite.8 @@ -8,11 +8,11 @@ Postfix address rewriting and resolving daemon .SH "SYNOPSIS" .na .nf -\fBtrivial-rewrite\fR [generic Postfix daemon options] +\fBtrivial\-rewrite\fR [generic Postfix daemon options] .SH DESCRIPTION .ad .fi -The \fBtrivial-rewrite\fR(8) daemon processes three types of client +The \fBtrivial\-rewrite\fR(8) daemon processes three types of client service requests: .IP "\fBrewrite \fIcontext address\fR" Rewrite an address to standard form, according to the @@ -55,13 +55,13 @@ Resolve the address for address verification purposes. .nf .ad .fi -The \fBtrivial-rewrite\fR(8) servers run under control by +The \fBtrivial\-rewrite\fR(8) servers run under control by the Postfix master server. Each server can handle multiple simultaneous connections. When all servers are busy while a client connects, the master -creates a new server process, provided that the trivial-rewrite +creates a new server process, provided that the trivial\-rewrite server process limit is not exceeded. -Each trivial-rewrite server terminates after +Each trivial\-rewrite server terminates after serving at least \fB$max_use\fR clients of after \fB$max_idle\fR seconds of idle time. .SH "STANDARDS" @@ -75,7 +75,7 @@ None. The command does not interact with the outside world. .nf .ad .fi -The \fBtrivial-rewrite\fR(8) daemon is not security sensitive. +The \fBtrivial\-rewrite\fR(8) daemon is not security sensitive. By default, this daemon does not talk to remote or local users. It can run at a fixed low privilege in a chrooted environment. .SH DIAGNOSTICS @@ -88,7 +88,7 @@ Problems and transactions are logged to \fBsyslogd\fR(8). .ad .fi On busy mail systems a long time may pass before a \fBmain.cf\fR -change affecting \fBtrivial-rewrite\fR(8) is picked up. Use the command +change affecting \fBtrivial\-rewrite\fR(8) is picked up. Use the command "\fBpostfix reload\fR" to speed up a change. The text below provides only a parameter summary. See @@ -115,7 +115,7 @@ rejecting the address as invalid. .PP Available with Postfix version 2.5 and later: .IP "\fBallow_min_user (no)\fR" -Allow a sender or recipient address to have `-' as the first +Allow a sender or recipient address to have `\-' as the first character. .SH "ADDRESS REWRITING CONTROLS" .na @@ -123,14 +123,14 @@ character. .ad .fi .IP "\fBmyorigin ($myhostname)\fR" -The domain name that locally-posted mail appears to come +The domain name that locally\-posted mail appears to come from, and that locally posted mail is delivered to. .IP "\fBallow_percent_hack (yes)\fR" Enable the rewriting of the form "user%domain" to "user@domain". .IP "\fBappend_at_myorigin (yes)\fR" With locally submitted mail, append the string "@$myorigin" to mail addresses without domain information. -.IP "\fBappend_dot_mydomain (Postfix ≥ 2.12: no, Postfix < 2.12: yes)\fR" +.IP "\fBappend_dot_mydomain (Postfix >= 3.0: no, Postfix < 3.0: yes)\fR" With locally submitted mail, append the string ".$mydomain" to addresses that have no ".domain" information. .IP "\fBrecipient_delimiter (empty)\fR" @@ -155,17 +155,17 @@ Earlier versions do not have support for: virtual_transport, relay_transport, virtual_alias_domains, virtual_mailbox_domains or proxy_interfaces. .IP "\fBlocal_transport (local:$myhostname)\fR" -The default mail delivery transport and next-hop destination +The default mail delivery transport and next\-hop destination for final delivery to domains listed with mydestination, and for [ipaddress] destinations that match $inet_interfaces or $proxy_interfaces. .IP "\fBvirtual_transport (virtual)\fR" -The default mail delivery transport and next-hop destination for +The default mail delivery transport and next\-hop destination for final delivery to domains listed with $virtual_mailbox_domains. .IP "\fBrelay_transport (relay)\fR" -The default mail delivery transport and next-hop destination for +The default mail delivery transport and next\-hop destination for remote delivery to domains listed with $relay_domains. .IP "\fBdefault_transport (smtp)\fR" -The default mail delivery transport and next-hop destination for +The default mail delivery transport and next\-hop destination for destinations that do not match $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, or $relay_domains. @@ -174,15 +174,15 @@ A list of Postfix features where the pattern "example.com" also matches subdomains of example.com, instead of requiring an explicit ".example.com" pattern. .IP "\fBrelayhost (empty)\fR" -The next-hop destination of non-local mail; overrides non-local +The next\-hop destination of non\-local mail; overrides non\-local domains in recipient addresses. .IP "\fBtransport_maps (empty)\fR" Optional lookup tables with mappings from recipient address to -(message delivery transport, next-hop destination). +(message delivery transport, next\-hop destination). .PP Available in Postfix version 2.3 and later: .IP "\fBsender_dependent_relayhost_maps (empty)\fR" -A sender-dependent override for the global relayhost parameter +A sender\-dependent override for the global relayhost parameter setting. .PP Available in Postfix version 2.5 and later: @@ -195,7 +195,7 @@ Available in Postfix version 2.7 and later: The sender_dependent_default_transport_maps search string that will be used instead of the null sender address. .IP "\fBsender_dependent_default_transport_maps (empty)\fR" -A sender-dependent override for the global default_transport +A sender\-dependent override for the global default_transport parameter setting. .SH "ADDRESS VERIFICATION CONTROLS" .na @@ -247,8 +247,8 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. -.IP "\fBempty_address_recipient (MAILER-DAEMON)\fR" +request before it is terminated by a built\-in watchdog timer. +.IP "\fBempty_address_recipient (MAILER\-DAEMON)\fR" The recipient of mail addressed to the null address. .IP "\fBipc_timeout (3600s)\fR" The time limit for sending or receiving information over an internal @@ -262,12 +262,12 @@ process will service before terminating voluntarily. .IP "\fBrelocated_maps (empty)\fR" Optional lookup tables with new contact information for users or domains that no longer exist. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBshow_user_unknown_table_name (yes)\fR" Display the name of the recipient table in the "User unknown" responses. diff --git a/postfix/man/man8/verify.8 b/postfix/man/man8/verify.8 index ca1f4a5d1..eeca7446a 100644 --- a/postfix/man/man8/verify.8 +++ b/postfix/man/man8/verify.8 @@ -45,7 +45,7 @@ status is returned. .nf .ad .fi -The address verification server is not security-sensitive. It does +The address verification server is not security\-sensitive. It does not talk to the network, and it does not talk to local users. The verify server can run chrooted at fixed low privilege. @@ -58,9 +58,9 @@ one (poor response time to client requests). With Postfix version 2.5 and later, the \fBverify\fR(8) server no longer uses root privileges when opening the \fBaddress_verify_map\fR cache file. The file should now -be stored under the Postfix-owned \fBdata_directory\fR. As +be stored under the Postfix\-owned \fBdata_directory\fR. As a migration aid, an attempt to open a cache file under a -non-Postfix directory is redirected to the Postfix-owned +non\-Postfix directory is redirected to the Postfix\-owned \fBdata_directory\fR, and a warning is logged. .SH DIAGNOSTICS .ad @@ -72,7 +72,7 @@ Problems and transactions are logged to \fBsyslogd\fR(8). Address verification probe messages add additional traffic to the mail queue. Recipient verification may cause an increased load on -down-stream servers in the case of a dictionary attack or +down\-stream servers in the case of a dictionary attack or a flood of backscatter bounces. Sender address verification may cause your site to be blacklisted by some providers. @@ -87,7 +87,7 @@ a basic Postfix principle. .fi Changes to \fBmain.cf\fR are not picked up automatically, as \fBverify\fR(8) -processes are long-lived. Use the command "\fBpostfix reload\fR" after +processes are long\-lived. Use the command "\fBpostfix reload\fR" after a configuration change. The text below provides only a parameter summary. See @@ -103,7 +103,7 @@ to Postfix 2.5 the default was "postmaster". .PP Available with Postfix 2.9 and later: .IP "\fBaddress_verify_sender_ttl (0s)\fR" -The time between changes in the time-dependent portion of address +The time between changes in the time\-dependent portion of address verification probe sender addresses. .SH "CACHE CONTROLS" .na @@ -173,7 +173,7 @@ setting for address verification probes. .nf .ad .fi -Preliminary SMTPUTF8 support is introduced with Postfix 2.12. +Preliminary SMTPUTF8 support is introduced with Postfix 3.0. .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" Detect that a message requires SMTPUTF8 support for the specified mail origin classes. @@ -187,16 +187,16 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBipc_timeout (3600s)\fR" The time limit for sending or receiving information over an internal communication channel. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" diff --git a/postfix/man/man8/virtual.8 b/postfix/man/man8/virtual.8 index 743992c28..11028263f 100644 --- a/postfix/man/man8/virtual.8 +++ b/postfix/man/man8/virtual.8 @@ -16,11 +16,11 @@ The \fBvirtual\fR(8) delivery agent is designed for virtual mail hosting services. Originally based on the Postfix \fBlocal\fR(8) delivery agent, this agent looks up recipients with map lookups of their -full recipient address, instead of using hard-coded unix password +full recipient address, instead of using hard\-coded unix password file lookups of the address local part only. This delivery agent only delivers mail. Other features such as -mail forwarding, out-of-office notifications, etc., must be +mail forwarding, out\-of\-office notifications, etc., must be configured via virtual_alias maps or via similar lookup mechanisms. .SH "MAILBOX LOCATION" .na @@ -50,11 +50,11 @@ messages in one textfile. The \fBvirtual\fR(8) delivery agent prepends a "\fBFrom \fIsender time_stamp\fR" envelope header to each message, prepends a -\fBDelivered-To:\fR message header with the envelope recipient +\fBDelivered\-To:\fR message header with the envelope recipient address, -prepends an \fBX-Original-To:\fR header with the recipient address as +prepends an \fBX\-Original\-To:\fR header with the recipient address as given to Postfix, -prepends a \fBReturn-Path:\fR message header with the +prepends a \fBReturn\-Path:\fR message header with the envelope sender address, prepends a \fB>\fR character to lines beginning with "\fBFrom \fR", and appends an empty line. @@ -69,13 +69,13 @@ mailbox to its original length. When the mailbox location ends in \fB/\fR, the message is delivered in qmail \fBmaildir\fR format. This format stores one message per file. -The \fBvirtual\fR(8) delivery agent prepends a \fBDelivered-To:\fR +The \fBvirtual\fR(8) delivery agent prepends a \fBDelivered\-To:\fR message header with the final envelope recipient address, -prepends an \fBX-Original-To:\fR header with the recipient address as +prepends an \fBX\-Original\-To:\fR header with the recipient address as given to Postfix, and prepends a -\fBReturn-Path:\fR message header with the envelope sender address. +\fBReturn\-Path:\fR message header with the envelope sender address. -By definition, \fBmaildir\fR format does not require application-level +By definition, \fBmaildir\fR format does not require application\-level file locking during mail delivery or retrieval. .SH "MAILBOX OWNERSHIP" .na @@ -125,9 +125,9 @@ Finally, the recipient \fI@domain\fR is looked up. When the table is provided via other means such as NIS, LDAP or SQL, the same lookups are done as for ordinary indexed files. -Alternatively, a table can be provided as a regular-expression +Alternatively, a table can be provided as a regular\-expression map where patterns are given as regular expressions. In that case, -only the full recipient address is given to the regular-expression +only the full recipient address is given to the regular\-expression map. .SH "SECURITY" .na @@ -200,10 +200,10 @@ match $virtual_mailbox_domains. The minimum user ID value that the \fBvirtual\fR(8) delivery agent accepts as a result from $virtual_uid_maps table lookup. .IP "\fBvirtual_uid_maps (empty)\fR" -Lookup tables with the per-recipient user ID that the \fBvirtual\fR(8) +Lookup tables with the per\-recipient user ID that the \fBvirtual\fR(8) delivery agent uses while writing to the recipient's mailbox. .IP "\fBvirtual_gid_maps (empty)\fR" -Lookup tables with the per-recipient group ID for \fBvirtual\fR(8) mailbox +Lookup tables with the per\-recipient group ID for \fBvirtual\fR(8) mailbox delivery. .PP Available in Postfix version 2.0 and later: @@ -211,7 +211,7 @@ Available in Postfix version 2.0 and later: Postfix is final destination for the specified list of domains; mail is delivered via the $virtual_transport mail delivery transport. .IP "\fBvirtual_transport (virtual)\fR" -The default mail delivery transport and next-hop destination for +The default mail delivery transport and next\-hop destination for final delivery to domains listed with $virtual_mailbox_domains. .PP Available in Postfix version 2.5.3 and later: @@ -223,7 +223,7 @@ Defer delivery when a mailbox file is not owned by its recipient. .ad .fi .IP "\fBvirtual_mailbox_lock (see 'postconf -d' output)\fR" -How to lock a UNIX-style \fBvirtual\fR(8) mailbox before attempting +How to lock a UNIX\-style \fBvirtual\fR(8) mailbox before attempting delivery. .IP "\fBdeliver_lock_attempts (20)\fR" The maximal number of attempts to acquire an exclusive lock on a @@ -257,10 +257,10 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBdaemon_timeout (18000s)\fR" How much time a Postfix daemon process may take to handle a -request before it is terminated by a built-in watchdog timer. +request before it is terminated by a built\-in watchdog timer. .IP "\fBdelay_logging_resolution_limit (2)\fR" The maximal number of digits after the decimal point when logging -sub-second delay values. +sub\-second delay values. .IP "\fBipc_timeout (3600s)\fR" The time limit for sending or receiving information over an internal communication channel. @@ -270,19 +270,19 @@ for an incoming connection before terminating voluntarily. .IP "\fBmax_use (100)\fR" The maximal number of incoming connections that a Postfix daemon process will service before terminating voluntarily. -.IP "\fBprocess_id (read-only)\fR" +.IP "\fBprocess_id (read\-only)\fR" The process ID of a Postfix command or daemon process. -.IP "\fBprocess_name (read-only)\fR" +.IP "\fBprocess_name (read\-only)\fR" The process name of a Postfix command or daemon process. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" -The location of the Postfix top-level queue directory. +The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. .IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .PP -Available in Postfix version 2.12 and later: +Available in Postfix version 3.0 and later: .IP "\fBvirtual_delivery_status_filter ($default_delivery_status_filter)\fR" Optional filter for the \fBvirtual\fR(8) delivery agent to change the delivery status code or explanatory text of successful or unsuccessful @@ -316,7 +316,7 @@ agent. Modifications mainly consisted of removing code that either was not applicable or that was not safe in this context: aliases, ~user/.forward files, delivery to "|command" or to /file/name. -The \fBDelivered-To:\fR message header appears in the \fBqmail\fR +The \fBDelivered\-To:\fR message header appears in the \fBqmail\fR system by Daniel Bernstein. The \fBmaildir\fR structure appears in the \fBqmail\fR system diff --git a/postfix/mantools/double b/postfix/mantools/double index a573a9244..2103969e8 100755 --- a/postfix/mantools/double +++ b/postfix/mantools/double @@ -1,5 +1,8 @@ #!/bin/sh +LC_ALL=C +export LC_ALL + for i in $* do echo === $i === diff --git a/postfix/mantools/fixman b/postfix/mantools/fixman index 635729e64..ff29ab23b 100755 --- a/postfix/mantools/fixman +++ b/postfix/mantools/fixman @@ -89,6 +89,8 @@ sub emit_text $block =~ s/<\/blockquote>/\n.in -4\n.fi\n.ad\n/g; $block =~ s/\n
    /\n.br\n/g; $block =~ s/
    \s*/\n.br\n/g; + $block =~ s/≤/<=/g; + $block =~ s/≥/>=/g; $block =~ s/<//g; @@ -150,6 +152,8 @@ while() { $defval =~ s/\s+/ /g; $defval =~ s/\s+$//; + $defval =~ s/≤/<=/g; + $defval =~ s/≥/>=/g; $defval =~ s/<//g; $defval =~ s/"/'/g; diff --git a/postfix/mantools/makemanidx b/postfix/mantools/makemanidx index 543eae517..1fbdfb998 100755 --- a/postfix/mantools/makemanidx +++ b/postfix/mantools/makemanidx @@ -78,7 +78,7 @@ the following convention:

    EOF -srctoman "$@" | awk ' +srctoman "$@" | sed 's/\\-/-/g' | awk ' NR == 1,/SH "*SEE ALSO"*/ { next } diff --git a/postfix/mantools/man2html b/postfix/mantools/man2html index 020df2e87..2ccb185a1 100755 --- a/postfix/mantools/man2html +++ b/postfix/mantools/man2html @@ -32,25 +32,6 @@ sed ' s;_\([^_]\);\1;g s;.\(.\);\1;g - # Begin incomplete workarounds for grotty SGR escape sequences. - #/'$ESC'\[0m$/{ - # /'$ESC'\[1m[^'$ESC']*'$ESC'\[0m$/{ - # # Here, ESC[0m means end-of-bold. - # s;0m$;22m; - # } - # /'$ESC'\[4m[^'$ESC']*'$ESC'\[0m$/{ - # # Here, ESC[0m means end-of-italic. - # s;0m$;24m; - # } - #} - #s;'$ESC'\[1m;;g - #s;'$ESC'\[22m;;g - #s;'$ESC'\[4m;;g - #s;'$ESC'\[24m;;g - # Undo gratuitous whitespace changes. - #s;\( *\)\(\);\2\1;g - # End workarounds for grotty SGR escape sequences. - s;\( *\);\1;g s;\( *\);\1;g diff --git a/postfix/mantools/postconf2man b/postfix/mantools/postconf2man index 0229019fa..c9aff6d89 100755 --- a/postfix/mantools/postconf2man +++ b/postfix/mantools/postconf2man @@ -72,6 +72,8 @@ while(<>) { $block =~ s/\s*<\/dt>/"/g; $block =~ s/\s*//g; $block =~ s/\s*<\/tt>//g; + # Munge "-" here, so that we don't screw up ".in -4". + $block =~ s/-/\\-/g; $block =~ s/
    /\n.sp\n.in +4\n/g; $block =~ s/<\/blockquote>/\n.in -4\n/g; $block =~ s/\n
    \s*/\n.br\n/g; diff --git a/postfix/mantools/spell b/postfix/mantools/spell index 291064f1f..f4138ed62 100755 --- a/postfix/mantools/spell +++ b/postfix/mantools/spell @@ -1,5 +1,8 @@ #!/bin/sh +LC_ALL=C +export LC_ALL + for i in $* do echo === $i === diff --git a/postfix/mantools/srctoman b/postfix/mantools/srctoman index 42c2291d2..21f16f910 100755 --- a/postfix/mantools/srctoman +++ b/postfix/mantools/srctoman @@ -97,6 +97,12 @@ do s/^ // s/^[ ]*$// /^\\"/d + /^\./{ + s/\([^ ]\)-/\1\\-/g + } + /^[^.]/{ + s/-/\\-/g + } ' $i done | expand diff --git a/postfix/postfix-install b/postfix/postfix-install index 68f83ea72..1662c3dca 100644 --- a/postfix/postfix-install +++ b/postfix/postfix-install @@ -60,14 +60,14 @@ # the postfix-install command line. This mode will replace # the string MAIL_VERSION at the end of a configuration # parameter value with the Postfix release version (Postfix -# 2.12 and later). +# 3.0 and later). # .IP "process environment" # Parameter settings can be given as name=value environment # variables. Environment parameters can also be specified on # the make(1) command line as "make install name=value ...". # This mode will replace the string MAIL_VERSION at the end # of a configuration parameter value with the Postfix release -# version (Postfix 2.12 and later). +# version (Postfix 3.0 and later). # .IP "installed configuration files" # If a parameter is not specified via the command line or via the # process environment, postfix-install will attempt to extract its diff --git a/postfix/proto/ADDRESS_VERIFICATION_README.html b/postfix/proto/ADDRESS_VERIFICATION_README.html index f89befae2..613eeb6fd 100644 --- a/postfix/proto/ADDRESS_VERIFICATION_README.html +++ b/postfix/proto/ADDRESS_VERIFICATION_README.html @@ -202,7 +202,7 @@ details.

    unknown addresses in reply to the RCPT TO command. However, some sites report this in reply to the DATA command. For such sites you may configure a workaround with the smtp_address_verify_target -parameter (Postfix 2.12 and later).

    +parameter (Postfix 3.0 and later).

  • When verifying a remote address, Postfix probes the preferred MTAs for that address, without actually delivering mail. If diff --git a/postfix/proto/CDB_README.html b/postfix/proto/CDB_README.html index 7cd8d7250..352c6adeb 100644 --- a/postfix/proto/CDB_README.html +++ b/postfix/proto/CDB_README.html @@ -84,8 +84,8 @@ like:

    • -

    Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_CDB. -With Postfix 2.12 and later, the old AUXLIBS variable still supports +

    Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_CDB. +With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded CDB database client, but only the new AUXLIBS_CDB variable supports building a dynamically-loaded or statically-loaded CDB database client.

    diff --git a/postfix/proto/COMPATIBILITY_README.html b/postfix/proto/COMPATIBILITY_README.html index 530a269b1..557ca04b6 100644 --- a/postfix/proto/COMPATIBILITY_README.html +++ b/postfix/proto/COMPATIBILITY_README.html @@ -20,7 +20,7 @@ Backwards-Compatibility Safety Net

    Purpose of this document

    -

    Postfix 2.12 introduces a safety net that runs Postfix programs +

    Postfix 3.0 introduces a safety net that runs Postfix programs with backwards-compatible default settings after an upgrade. The safety net will log a warning whenever a "new" default setting could have an negative effect on your mail flow.

    diff --git a/postfix/proto/INSTALL.html b/postfix/proto/INSTALL.html index 8a1b958ef..a31740eaa 100644 --- a/postfix/proto/INSTALL.html +++ b/postfix/proto/INSTALL.html @@ -230,7 +230,7 @@ $ make

    and so on. In some cases, optimization is turned off automatically.

    4.3 - Building with Postfix shared libraries and database plugins -(Postfix ≥ 2.12)

    +(Postfix ≥ 3.0)

    Postfix shared-library and database plugin support exists for recent versions of Linux, FreeBSD and MacOS X. Shared-library builds @@ -298,7 +298,7 @@ database-plugin support

    Additionally, Postfix can be built to support dynamic loading of Postfix database clients (database plugins) with the Debian-style -dynamicmaps feature. Postfix 2.12 supports dynamic loading of cdb:, +dynamicmaps feature. Postfix 3.0 supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Dynamic loading is useful when you distribute or install pre-compiled Postfix packages.

    @@ -327,9 +327,9 @@ such as "cdb" or "ldap".

    -

    NOTE: The Postfix 2.12 build procedure expects that you specify +

    NOTE: The Postfix 3.0 build procedure expects that you specify database library dependencies with variables named AUXLIBS_CDB, -AUXLIBS_LDAP, etc. With Postfix 2.12 and later, the old AUXLIBS +AUXLIBS_LDAP, etc. With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded database client, but only the new AUXLIBS_CDB etc. variables support building a dynamically-loaded or statically-loaded CDB etc. database client. @@ -545,7 +545,7 @@ systems that have IPv6 support. See the IPV6_README file for details.

    4.5 - Overriding built-in parameter default settings

    -

    4.5.1 - Postfix 2.12 and later

    +

    4.5.1 - Postfix 3.0 and later

    All Postfix configuration parameters can be changed by editing a Postfix configuration file, except for one: the parameter that @@ -701,7 +701,7 @@ $ make Name/Value Description AUXLIBS="object_library..." Specifies -one or more non-default object libraries. Postfix 2.12 and later +one or more non-default object libraries. Postfix 3.0 and later specify some of their database library dependencies with AUXLIBS_CDB, AUXLIBS_LDAP, AUXLIBS_LMDB, AUXLIBS_MYSQL, AUXLIBS_PCRE, AUXLIBS_PGSQL, AUXLIBS_SDBM, and AUXLIBS_SQLITE, respectively. diff --git a/postfix/proto/LDAP_README.html b/postfix/proto/LDAP_README.html index 4d63e7101..7b46807ae 100644 --- a/postfix/proto/LDAP_README.html +++ b/postfix/proto/LDAP_README.html @@ -96,8 +96,8 @@ your Postfix source tree should work:

    -

    Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_LDAP. -With Postfix 2.12 and later, the old AUXLIBS variable still supports +

    Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_LDAP. +With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded LDAP database client, but only the new AUXLIBS_LDAP variable supports building a dynamically-loaded or statically-loaded LDAP database client.

    diff --git a/postfix/proto/LMDB_README.html b/postfix/proto/LMDB_README.html index ddbb9f3b2..f380c56b2 100644 --- a/postfix/proto/LMDB_README.html +++ b/postfix/proto/LMDB_README.html @@ -55,8 +55,8 @@ build Postfix with LMDB support, use something like:

    -

    Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_LMDB. -With Postfix 2.12 and later, the old AUXLIBS variable still supports +

    Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_LMDB. +With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded LMDB database client, but only the new AUXLIBS_LMDB variable supports building a dynamically-loaded or statically-loaded LMDB database client.

    diff --git a/postfix/proto/MILTER_README.html b/postfix/proto/MILTER_README.html index 5b634c0dc..72827c457 100644 --- a/postfix/proto/MILTER_README.html +++ b/postfix/proto/MILTER_README.html @@ -286,7 +286,7 @@ applications (not "postfix", not "www", etc.).

    Like Sendmail, Postfix has a lot of configuration options that control how it talks to Milter applications. Besides global options -that apply to all Milter applications, Postfix 2.12 and later +that apply to all Milter applications, Postfix 3.0 and later support per-Milter timeouts, per-Milter error handling, etc.

    Information in this section:

    @@ -430,7 +430,7 @@ will stay in the queue.

    Signing internally-generated bounce messages

    -

  • Postfix normally does not apply content filters to mail +

    Postfix normally does not apply content filters to mail that is generated internally such as bounces or Postmaster notifications. Filtering internally-generated bounces would result in loss of mail when a filter rejects a message, as the resulting @@ -571,7 +571,7 @@ that control time limits and other settings for all Postfix Milter clients. This is sufficient for simple configurations. With more complex configurations it becomes desirable to have different settings for different Milter clients. This is supported with Postfix -2.12 and later.

    +3.0 and later.

    The following example shows a "non-critical" Milter client with a short connect timeout, and with "accept" as default action when diff --git a/postfix/proto/MYSQL_README.html b/postfix/proto/MYSQL_README.html index 43fb08ff9..b15ee6a6c 100644 --- a/postfix/proto/MYSQL_README.html +++ b/postfix/proto/MYSQL_README.html @@ -62,8 +62,8 @@ make -f Makefile.init makefiles \ -

    Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_MYSQL. -With Postfix 2.12 and later, the old AUXLIBS variable still supports +

    Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_MYSQL. +With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded MySQL database client, but only the new AUXLIBS_MYSQL variable supports building a dynamically-loaded or statically-loaded MySQL database client.

    diff --git a/postfix/proto/PACKAGE_README.html b/postfix/proto/PACKAGE_README.html index c7916d1f2..98bffd1a8 100644 --- a/postfix/proto/PACKAGE_README.html +++ b/postfix/proto/PACKAGE_README.html @@ -85,7 +85,7 @@ non-default installation parameters on the command line:

    script directly (% sh post-install -non-interactive install_root...).

    -

    With Postfix 2.12 and later, the command "make package name=value +

    With Postfix 3.0 and later, the command "make package name=value ..." will replace the string MAIL_VERSION in a configuration parameter value with the Postfix release version. Do not try to specify something like $mail_version on this command line. This produces diff --git a/postfix/proto/PCRE_README.html b/postfix/proto/PCRE_README.html index 21cc28844..1f8059b69 100644 --- a/postfix/proto/PCRE_README.html +++ b/postfix/proto/PCRE_README.html @@ -66,8 +66,8 @@ make -f Makefile.init makefiles \ -

    Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_PCRE. -With Postfix 2.12 and later, the old AUXLIBS variable still supports +

    Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_PCRE. +With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded PCRE database client, but only the new AUXLIBS_PCRE variable supports building a dynamically-loaded or statically-loaded PCRE database client.

    diff --git a/postfix/proto/PGSQL_README.html b/postfix/proto/PGSQL_README.html index 449a2e63b..ddbaa3838 100644 --- a/postfix/proto/PGSQL_README.html +++ b/postfix/proto/PGSQL_README.html @@ -57,8 +57,8 @@ the location of the libpq library file.

    -

    Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_PGSQL. -With Postfix 2.12 and later, the old AUXLIBS variable still supports +

    Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_PGSQL. +With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded PostgreSQL database client, but only the new AUXLIBS_PGSQL variable supports building a dynamically-loaded or statically-loaded PostgreSQL database client.

    diff --git a/postfix/proto/POSTSCREEN_README.html b/postfix/proto/POSTSCREEN_README.html index 20d6186ce..d0ad3e7fc 100644 --- a/postfix/proto/POSTSCREEN_README.html +++ b/postfix/proto/POSTSCREEN_README.html @@ -982,16 +982,18 @@ helo/sender/recipient information, and waits for the client to disconnect.

    When the good client comes back in a later session, it is allowed -to talk directly to a Postfix SMTP server. See "after_220 Tests after the 220 SMTP server greeting above -for limitations with AUTH and other features that clients may need. -

    +to talk directly to a Postfix SMTP server. See "Tests +after the 220 SMTP server greeting" above for limitations with +AUTH and other features that clients may need.

    An unexpected benefit from "deep protocol tests" is that some "good" clients don't return after the 4XX -reply; these clients were not so good after all. Wietse enables -"deep protocol tests" on his own internet-facing -mail server.

    +reply; these clients were not so good after all.

    + +

    Unfortunately, some senders will retry requests from different +IP addresses, and may never get whitelisted. For this reason, +Wietse stopped using "deep protocol tests" +on his own internet-facing mail server.

  • There is also support for permanent blacklisting and whitelisting; see the description of the postscreen_access_list diff --git a/postfix/proto/SMTPD_POLICY_README.html b/postfix/proto/SMTPD_POLICY_README.html index 3742e6462..97e75eee0 100644 --- a/postfix/proto/SMTPD_POLICY_README.html +++ b/postfix/proto/SMTPD_POLICY_README.html @@ -106,7 +106,7 @@ etrn_domain= stress= Postfix version 2.9 and later: ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40 -Postfix version 2.12 and later: +Postfix version 3.0 and later: client_port=1234 [empty line] @@ -341,7 +341,7 @@ policy delegation protocol:

  • smtpd_policy_service_default_action (default: 451 4.3.5 Server configuration problem): The default action when an SMTPD -policy service request fails. Available with Postfix 2.12 and +policy service request fails. Available with Postfix 3.0 and later.

  • smtpd_policy_service_max_idle (default: 300s): The amount @@ -354,18 +354,18 @@ client connection.

  • smtpd_policy_service_request_limit (default: 0): The maximal number of requests per policy connection, or zero (no limit). -Available with Postfix 2.12 and later.

    +Available with Postfix 3.0 and later.

  • smtpd_policy_service_timeout (default: 100s): The time limit to connect to, send to or receive from a policy server.

  • smtpd_policy_service_try_limit (default: 2): The maximal number of attempts to send an SMTPD policy service request before -giving up. Available with Postfix 2.12 and later.

    +giving up. Available with Postfix 3.0 and later.

  • smtpd_policy_service_retry_delay (default: 1s): The delay between attempts to resend a failed SMTPD policy service request. -Available with Postfix 2.12 and later.

    +Available with Postfix 3.0 and later.

    @@ -388,7 +388,7 @@ examples, the service name is "policy" or "127.0.0.1:9998".

    that control time limits and other settings for all policy clients. This is sufficient for simple configurations. With more complex configurations it becomes desirable to have different settings per -policy client. This is supported with Postfix 2.12 and later.

    +policy client. This is supported with Postfix 3.0 and later.

    The following example shows a "non-critical" policy service with a short timeout, and with "DUNNO" as default action when the diff --git a/postfix/proto/SMTPUTF8_README.html b/postfix/proto/SMTPUTF8_README.html index 6e4f55139..78d7a24f3 100644 --- a/postfix/proto/SMTPUTF8_README.html +++ b/postfix/proto/SMTPUTF8_README.html @@ -25,7 +25,7 @@ Postfix SMTPUTF8 support Internationalization (EAI) as defined in RFC 6531 (SMTPUTF8 extension), RFC 6532 (Internationalized email headers) and RFC 6533 (Internationalized delivery status notifications). Introduced with Postfix version -2.12, this fully supports UTF-8 email addresses and UTF-8 message +3.0, this fully supports UTF-8 email addresses and UTF-8 message header values.

    Topics covered in this document:

    @@ -92,7 +92,7 @@ servers (Dovecot), and down-stream SMTP servers.

    Postfix SMTPUTF8 support is enabled by default, but it may be disabled as part of a backwards-compatibility safety net (see the -Postfix 2.12 RELEASE_NOTES file).

    +Postfix 3.0 RELEASE_NOTES file).

    SMTPUTF8 support is enabled by setting the smtputf8_enable parameter in main.cf:

    @@ -188,7 +188,7 @@ done (at least that is the default, see autodetection below). Specifically, the Postfix SMTP server does not accept UTF-8 in the envelope sender domain name or envelope recipient domain name, and the Postfix SMTP client does not issue the SMTPUTF8 request when -delivering that message an SMTP or LMTP server that announces +delivering that message to an SMTP or LMTP server that announces SMTPUTF8 support (again, that is the default). Postfix will accept UTF-8 in message header values and in the localpart of envelope sender and recipient addresses, because it has always done that. @@ -283,22 +283,25 @@ at one point in time.

    No automatic conversions between ASCII and UTF-8 domain names.

    Some background: According to RFC 6530 and related documents, -"Internationalized" domain names can appear in two forms: the UTF-8 -form, and the ASCII (xn--mumble) form. "Internationalized" address -localparts must be encoded in UTF-8; the RFCs do not define an ASCII -form for the same information.

    +an internationalized domain name can appear in two forms: the UTF-8 +form, and the ASCII (xn--mumble) form. An internationalized address +localpart must be encoded in UTF-8; the RFCs do not define an ASCII +alternative form.

    Postfix currently does not convert internationalized domain names from UTF-8 into ASCII (or from ASCII into UTF-8) before using -domain names in SMTP commands and responses, before looking up -domain names in mydestination, relay_domains, access tables, etc., -before using domain names in a policy daemon or Milter request, -or before logging domain names.

    +domain names in SMTP commands and responses, before looking up +domain names in lists such as mydestination, relay_domains or in +lookup tables such as access tables, etc., before using domain names +in a policy daemon or Milter request, or before logging events. +

    Postfix does, however, casefold domain names and email addresses -before matching them against a Postfix configuration parameter or +before matching them against a Postfix configuration parameter or lookup table.

    +

    In order to use Postfix SMTPUTF8 support:

    +

    • The Postfix parameters myhostname and mydomain must be in diff --git a/postfix/proto/SQLITE_README.html b/postfix/proto/SQLITE_README.html index 8cde238d1..2cd36ad59 100644 --- a/postfix/proto/SQLITE_README.html +++ b/postfix/proto/SQLITE_README.html @@ -48,8 +48,8 @@ make -f Makefile.init makefiles \ -

      Postfix versions before 2.12 use AUXLIBS instead of AUXLIBS_SQLITE. -With Postfix 2.12 and later, the old AUXLIBS variable still supports +

      Postfix versions before 3.0 use AUXLIBS instead of AUXLIBS_SQLITE. +With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded SQLite database client, but only the new AUXLIBS_SQLITE variable supports building a dynamically-loaded or statically-loaded SQLite database client.

      diff --git a/postfix/proto/TLS_LEGACY_README.html b/postfix/proto/TLS_LEGACY_README.html index c304f7e63..1bc80e833 100644 --- a/postfix/proto/TLS_LEGACY_README.html +++ b/postfix/proto/TLS_LEGACY_README.html @@ -294,8 +294,8 @@ is correctly configured to supply its intermediate CA certificate).

      To verify a remote SMTP client certificate, the Postfix SMTP -server needs to trust the certificates of the issuing certification -authorities. These certificates in "pem" format can be stored in a +server needs to trust the certificates of the issuing Certification +Authorities. These certificates in "pem" format can be stored in a single $smtpd_tls_CAfile or in multiple files, one CA per file in the $smtpd_tls_CApath directory. If you use a directory, don't forget to create the necessary "hash" links with:

      @@ -839,8 +839,8 @@ is correctly configured to supply its intermediate CA certificate).

      To verify a remote SMTP server certificate, the Postfix SMTP -client needs to trust the certificates of the issuing certification -authorities. These certificates in "pem" format can be stored in a +client needs to trust the certificates of the issuing Certification +Authorities. These certificates in "pem" format can be stored in a single $smtp_tls_CAfile or in multiple files, one CA per file in the $smtp_tls_CApath directory. If you use a directory, don't forget to create the necessary "hash" links with:

      @@ -1032,7 +1032,7 @@ the certificate.

      other attacks, mandatory certificate/peername verification is not viable as a default Internet mail delivery policy at this time. A significant fraction of TLS enabled MTAs uses self-signed certificates, -or certificates that are signed by a private certificate authority. +or certificates that are signed by a private Certification Authority. On a machine that delivers mail to the Internet, if you set smtp_enforce_tls = yes, you should probably also set smtp_tls_enforce_peername = no. You can use the per-site TLS @@ -1395,9 +1395,9 @@ sign your own Postfix public key certificate, you get TLS encryption but no TLS authentication. This is sufficient for testing, and for exchanging email with sites that you have no trust relationship with. For real authentication, your Postfix public key certificate -needs to be signed by a recognized Certificate Authority, and +needs to be signed by a recognized Certification Authority, and Postfix needs to be configured with a list of public key certificates -of Certificate Authorities, so that Postfix can verify the public key +of Certification Authorities, so that Postfix can verify the public key certificates of remote hosts.

      In the examples below, user input is shown in bold @@ -1405,7 +1405,7 @@ font, and a "#" prompt indicates a super-user shell.

        -

      • Become your own Certificate Authority, so that you can +

      • Become your own Certification Authority, so that you can sign your own public keys. This example uses the CA.pl script that ships with OpenSSL. By default, OpenSSL installs this as /usr/local/ssl/misc/CA.pl, but your mileage may vary. diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html index 23994123a..b6734d98b 100644 --- a/postfix/proto/TLS_README.html +++ b/postfix/proto/TLS_README.html @@ -1,4 +1,4 @@ - @@ -321,8 +321,8 @@ anonymous-cipher capable clients:

        To verify a remote SMTP client certificate, the Postfix SMTP -server needs to trust the certificates of the issuing certification -authorities. These certificates in "PEM" format can be stored in a +server needs to trust the certificates of the issuing Certification +Authorities. These certificates in "PEM" format can be stored in a single $smtpd_tls_CAfile or in multiple files, one CA per file in the $smtpd_tls_CApath directory. If you use a directory, don't forget to create the necessary "hash" links with:

        @@ -345,8 +345,8 @@ is needed. Thus, the $smtpd_tls_CApath directory needs to be accessible inside the optional chroot jail.

        When you configure the Postfix SMTP server to request client certificates, the DNs of certificate -authorities in $smtpd_tls_CAfile are sent to the client, in order to allow +href="#server_vrfy_client">client certificates, the DNs of Certification +Authorities in $smtpd_tls_CAfile are sent to the client, in order to allow it to choose an identity signed by a CA you trust. If no $smtpd_tls_CAfile is specified, no preferred CA list is sent, and the client is free to choose an identity signed by any CA. Many clients use a fixed identity @@ -1423,8 +1423,8 @@ master.cf:

        Certificate fingerprint verification

        -

        At the fingerprint security level, no trusted certificate -authorities are used or required. The certificate trust chain, +

        At the fingerprint security level, no trusted Certification +Authorities are used or required. The certificate trust chain, expiration date, etc., are not checked. Instead, the smtp_tls_fingerprint_cert_match parameter or the "match" attribute in the policy table lists the @@ -1531,7 +1531,7 @@ to Postfix 2.9.6 or later.

        At the verify TLS security level, messages are sent only over TLS encrypted sessions if the remote SMTP server certificate is valid (not -expired or revoked, and signed by a trusted certificate authority) +expired or revoked, and signed by a trusted Certification Authority) and where the server certificate name matches a known pattern. Mandatory server certificate verification can be configured by setting @@ -1568,7 +1568,7 @@ attacks, mandatory certificate trust chain and subject name verification is not viable as a default Internet mail delivery policy. Most MX hosts do not support TLS at all, and a significant portion of TLS enabled MTAs use self-signed certificates, or certificates that are signed by -a private certificate authority. On a machine that delivers mail to +a private Certification Authority. On a machine that delivers mail to the Internet, you should not configure mandatory server certificate verification as a default policy.

        @@ -1642,7 +1642,7 @@ attacks, mandatory secure server certificate verification is not viable as a default Internet mail delivery policy. Most MX hosts do not support TLS at all, and a significant portion of TLS enabled MTAs use self-signed certificates, or certificates that are signed -by a private certificate authority. On a machine that delivers mail +by a private Certification Authority. On a machine that delivers mail to the Internet, you should not configure secure TLS verification as a default policy.

        @@ -1887,8 +1887,8 @@ $smtp_tls_CAfile or install it in the $smtp_tls_CApath directory.

        To verify a remote SMTP server certificate, the Postfix SMTP -client needs to trust the certificates of the issuing certification -authorities. These certificates in "pem" format can be stored in a +client needs to trust the certificates of the issuing Certification +Authorities. These certificates in "pem" format can be stored in a single $smtp_tls_CAfile or in multiple files, one CA per file in the $smtp_tls_CApath directory. If you use a directory, don't forget to create the necessary "hash" links with:

        @@ -2159,8 +2159,8 @@ DNSSEC support is available with Postfix 2.11 and later.
        fingerprint
        Certificate fingerprint verification. Available with Postfix 2.5 and -later. At this security level, there are no trusted certificate -authorities. The certificate trust chain, expiration date, ... are +later. At this security level, there are no trusted Certification +Authorities. The certificate trust chain, expiration date, ... are not checked. Instead, the optional match attribute, or else the main.cf smtp_tls_fingerprint_cert_match parameter, lists the server certificate fingerprints or public key fingerprints @@ -2176,7 +2176,7 @@ digits.
        server certificate verification. Mail is delivered only if the TLS handshake succeeds, if the remote SMTP server certificate can be validated (not expired or revoked, and signed by a trusted -certificate authority), and if the server certificate name matches +Certification Authority), and if the server certificate name matches the optional "match" attribute (or the main.cf smtp_tls_verify_cert_match parameter value when no optional "match" attribute is specified). With Postfix ≥ 2.11 the "tafile" attribute optionally modifies @@ -2188,7 +2188,7 @@ files.
        secure
        Secure certificate verification. Mail is delivered only if the TLS handshake succeeds, if the remote SMTP server certificate can be validated (not expired -or revoked, and signed by a trusted certificate authority), and if the +or revoked, and signed by a trusted Certification Authority), and if the server certificate name matches the optional "match" attribute (or the main.cf smtp_tls_secure_cert_match parameter value when no optional "match" attribute is specified). With Postfix ≥ 2.11 the "tafile" @@ -2375,13 +2375,13 @@ support STARTTLS, but that provides the deprecated SMTPS service on TCP port 465. Depending on the Postfix version, some additional tooling may be required.

        -

        Postfix ≥ 2.12

        +

        Postfix ≥ 3.0

        The Postfix SMTP client has SMTPS support built-in as of version -2.12. Use one of the following examples, to send all remote mail, -or to send only some remote mail, to an SMTPS server.

        +3.0. Use one of the following examples, to send all remote mail, +or to send only some remote mail, to an SMTPS server.

        -
        Postfix ≥ 2.12: Sending all remote mail to an SMTPS server
        +
        Postfix ≥ 3.0: Sending all remote mail to an SMTPS server

        The first example will send all remote mail over SMTPS through a provider's server called "mail.example.com":

        @@ -2402,7 +2402,7 @@ a provider's server called "mail.example.com":

        See SOHO_README for additional information about SASL authentication.

        -
        Postfix ≥ 2.12: Sending only mail for a specific destination +
        Postfix ≥ 3.0: Sending only mail for a specific destination via SMTPS

        The second example will send only mail for "example.com" via @@ -2431,14 +2431,14 @@ to make the change effective.

        See SOHO_README for additional information about SASL authentication.

        -

        Postfix < 2.12

        +

        Postfix < 3.0

        Although older Postfix SMTP client versions do not support TLS wrapper mode, it is relatively easy to forward a connection through the stunnel program if Postfix needs to deliver mail to some legacy system that doesn't support STARTTLS.

        -
        Postfix < 2.12: Sending all remote mail to an SMTPS server
        +
        Postfix < 3.0: Sending all remote mail to an SMTPS server

        The first example uses SMTPS to send all remote mail to a provider's mail server called "mail.example.com".

        @@ -2484,7 +2484,7 @@ mail through the local stunnel listener on port 11125:

        See SOHO_README for additional information about SASL authentication.

        -

        Postfix < 2.12: Sending only mail for a specific destination via SMTPS

        +

        Postfix < 3.0: Sending only mail for a specific destination via SMTPS

        The second example will use SMTPS to send only mail for "example.com" via SMTPS. It uses the same stunnel configuration @@ -2690,9 +2690,9 @@ sign your own Postfix public key certificate, you get TLS encryption but no TLS authentication. This is sufficient for testing, and for exchanging email with sites that you have no trust relationship with. For real authentication, your Postfix public key certificate -needs to be signed by a recognized Certificate Authority, and +needs to be signed by a recognized Certification Authority, and Postfix needs to be configured with a list of public key certificates -of Certificate Authorities, so that Postfix can verify the public key +of Certification Authorities, so that Postfix can verify the public key certificates of remote hosts.

        In the examples below, user input is shown in bold @@ -2702,7 +2702,7 @@ font, and a "#" prompt indicates a super-user shell.

      • Self-signed server certificate.

        -

      • Private Certificate Authority.

        +

      • Private Certification Authority.

      @@ -2747,11 +2747,11 @@ caching is also enabled in the Postfix SMTP client. With Postfix since session reuse is better handled via RFC 5077 TLS session tickets.

      -

      Private Certificate Authority

      +

      Private Certification Authority

        -

      • Become your own Certificate Authority, so that you can +

      • Become your own Certification Authority, so that you can sign your own certificates, and so that your own systems can authenticate certificates from your own CA. This example uses the CA.pl script that ships with OpenSSL. On some systems, OpenSSL diff --git a/postfix/proto/access b/postfix/proto/access index 7b3c2eb67..2381cf98c 100644 --- a/postfix/proto/access +++ b/postfix/proto/access @@ -351,7 +351,7 @@ # with client information and if available, with helo, sender, # recipient and protocol information. # .sp -# This feature is available in Postfix 2.12 and later. +# This feature is available in Postfix 3.0 and later. # .IP "\fBWARN \fIoptional text...\fR # Log a warning with the optional text, together with client information # and if available, with helo, sender, recipient and protocol information. diff --git a/postfix/proto/bounce b/postfix/proto/bounce index b838f5c3a..1ac009c87 100644 --- a/postfix/proto/bounce +++ b/postfix/proto/bounce @@ -169,13 +169,13 @@ # With "smtputf8_enable = yes", this replaces ACE labels # (xn--mumble) with their UTF-8 equivalent. # .sp -# This feature is available in Postfix 2.12. +# This feature is available in Postfix 3.0. # .IP \fBmyhostname\fR # Expands into the value of the \fBmyhostname\fR parameter. # With "smtputf8_enable = yes", this replaces ACE labels # (xn--mumble) with their UTF-8 equivalent. # .sp -# This feature is available in Postfix 2.12. +# This feature is available in Postfix 3.0. # .PP # The usage and specification of template message text is # subject to the following restrictions: diff --git a/postfix/proto/header_checks b/postfix/proto/header_checks index 531ea2b41..b51e182f9 100644 --- a/postfix/proto/header_checks +++ b/postfix/proto/header_checks @@ -176,7 +176,7 @@ # Note 2: this ignores duplicate addresses (with the same # delivery status notification options). # .sp -# This feature is available in Postfix 2.12 and later. +# This feature is available in Postfix 3.0 and later. # .sp # This feature is not supported with smtp header/body checks. # \" .IP "\fBDELAY \fItime\fR" diff --git a/postfix/proto/ldap_table b/postfix/proto/ldap_table index 32204b8f1..80e073b0e 100644 --- a/postfix/proto/ldap_table +++ b/postfix/proto/ldap_table @@ -594,7 +594,7 @@ # server. Don't set this with LDAP SSL (the SSL session is setup # automatically when the TCP connection is opened). # .IP "\fBtls_ca_cert_dir (No default; set either this or tls_ca_cert_file)\fR" -# Directory containing X509 Certificate Authority certificates +# Directory containing X509 Certification Authority certificates # in PEM format which are to be recognized by the client in # SSL/TLS connections. The files each contain one CA certificate. # The files are looked up by the CA subject name hash value, @@ -606,7 +606,7 @@ # utility (from the OpenSSL distribution) to create the # necessary links. # .IP "\fBtls_ca_cert_file (No default; set either this or tls_ca_cert_dir)\fR" -# File containing the X509 Certificate Authority certificates +# File containing the X509 Certification Authority certificates # in PEM format which are to be recognized by the client in # SSL/TLS connections. This setting takes precedence over # tls_ca_cert_dir. diff --git a/postfix/proto/lmdb_table b/postfix/proto/lmdb_table index 0bd337f0d..944292b95 100644 --- a/postfix/proto/lmdb_table +++ b/postfix/proto/lmdb_table @@ -49,7 +49,7 @@ # at the cost of using more space than some other flat-file # databases. Read operations are memory-mapped for speed. # Write operations are not memory-mapped to avoid silent -# curruption due to stray pointer bugs. +# corruption due to stray pointer bugs. # # Multiple processes can safely update an LMDB database without # serializing requests through the proxymap(8) service. This diff --git a/postfix/proto/master b/postfix/proto/master index 7428cf48a..8f54459c0 100644 --- a/postfix/proto/master +++ b/postfix/proto/master @@ -120,7 +120,7 @@ # .sp # The \fBlocal\fR(8), \fBpipe\fR(8), \fBspawn\fR(8), and # \fBvirtual\fR(8) daemons require privileges. -# .IP "\fBChroot (default: Postfix >= 2.12: n, Postfix <2.12: y)\fR" +# .IP "\fBChroot (default: Postfix >= 3.0: n, Postfix <3.0: y)\fR" # Whether or not the service runs chrooted to the mail queue # directory (pathname is controlled by the \fBqueue_directory\fR # configuration variable in the main.cf file). @@ -176,7 +176,7 @@ # Run the daemon under control by the command specified with # the \fBdebugger_command\fR variable in the main.cf # configuration file. See DEBUG_README for hints and tips. -# .IP "\fB-o { \fIname\fR = \fIvalue\fB }\fR (long form, Postfix >= 2.12)" +# .IP "\fB-o { \fIname\fR = \fIvalue\fB }\fR (long form, Postfix >= 3.0)" # .IP "\fB-o \fIname\fR=\fIvalue\fR (short form)" # Override the named main.cf configuration parameter. The # parameter value can refer to other parameters as \fI$name\fR @@ -212,7 +212,7 @@ # options to make a Postfix daemon process increasingly verbose. # .IP "Other command-line arguments" # Specify "{" and "}" around command arguments that contain -# whitespace (Postfix 2.12 and later). Whitespace +# whitespace (Postfix 3.0 and later). Whitespace # after "{" and before "}" is ignored. # SEE ALSO # master(8), process manager diff --git a/postfix/proto/mysql_table b/postfix/proto/mysql_table index 9300a15dd..1c799c384 100644 --- a/postfix/proto/mysql_table +++ b/postfix/proto/mysql_table @@ -262,19 +262,19 @@ # .sp # This parameter is available with Postfix 2.11 and later. # .IP "\fBtls_CAfile\fR" -# File containing certificates for all of the X509 Certificate +# File containing certificates for all of the X509 Certification # Authorities the client will recognize. Takes precedence over # \fBtls_CApath\fR. # .sp # This parameter is available with Postfix 2.11 and later. # .IP "\fBtls_CApath\fR" -# Directory containing X509 Certificate Authority certificates +# Directory containing X509 Certification Authority certificates # in separate individual files. # .sp # This parameter is available with Postfix 2.11 and later. # .IP "\fBtls_verify_cert (default: no)\fR" # Verify that the server's name matches the common name in the -# certficate. +# certificate. # .sp # This parameter is available with Postfix 2.11 and later. # OBSOLETE QUERY INTERFACE diff --git a/postfix/proto/postconf.html.prolog b/postfix/proto/postconf.html.prolog index a8b415ca1..2c0f3397d 100644 --- a/postfix/proto/postconf.html.prolog +++ b/postfix/proto/postconf.html.prolog @@ -48,17 +48,17 @@ An undefined parameter value is replaced with the empty value.

      • The expressions "${name?value}" and "${name?{value}}" are replaced with "value" when "$name" is non-empty. These forms are -supported with Postfix versions ≥ 2.2 and ≥ 2.12, respectively. +supported with Postfix versions ≥ 2.2 and ≥ 3.0, respectively.

      • The expressions "${name:value}" and "${name?{value}}" are replaced with "value" when "$name" is empty. These forms are supported -with Postfix versions ≥ 2.2 and ≥ 2.12, respectively.

        +with Postfix versions ≥ 2.2 and ≥ 3.0, respectively.

      • The expression "${name?{value1}:{value2}}" is replaced with "value1" when "$name" is non-empty, and with "value2" when "$name" is empty. The "{}" is required for "value1", optional for -"value2". This form is supported with Postfix versions ≥ 2.12. +"value2". This form is supported with Postfix versions ≥ 3.0.

      • The first item inside "${...}" may be a logical expression @@ -66,7 +66,7 @@ of the form: "{value3} == {value4}". Besides the "==" (equality) operator Postfix supports "!=" (inequality), "<", "≤", "≥", and ">". The comparison is numerical when both operands are all digits, otherwise the comparison is lexicographical. These forms -are supported with Postfix versions ≥ 2.12.

        +are supported with Postfix versions ≥ 3.0.

      • Each "value" is subject to recursive named parameter and logical expression evaluation, except where noted.

        diff --git a/postfix/proto/postconf.man.prolog b/postfix/proto/postconf.man.prolog index 47c2d8560..7edda14f5 100644 --- a/postfix/proto/postconf.man.prolog +++ b/postfix/proto/postconf.man.prolog @@ -8,7 +8,7 @@ Postfix configuration parameters .nf \fBpostconf\fR \fIparameter\fR ... -\fBpostconf -e\fR "\fIparameter=value\fR" ... +\fBpostconf \-e\fR "\fIparameter=value\fR" ... .SH DESCRIPTION .ad .fi @@ -38,23 +38,23 @@ replaced with the empty value. .IP \(bu The expressions "${name?value}" and "${name?{value}}" are replaced with "value" when "$name" is non-empty. These forms are supported -with Postfix versions >= 2.2 and >= 2.12, respectively. +with Postfix versions >= 2.2 and >= 3.0, respectively. .IP \(bu The expressions "${name:value}" and "${name:{value}}" are replaced with "value" when "$name" is empty. These forms are supported with -Postfix versions >= 2.2 and >= 2.12, respectively. +Postfix versions >= 2.2 and >= 3.0, respectively. .IP \(bu The expression "${name?{value1}:{value2}}" is replaced with "value1" when "$name" is non-empty, and with "value2" when "$name" is empty. The "{}" is required for "value1", optional for "value2". This form -is supported with Postfix versions >= 2.12. +is supported with Postfix versions >= 3.0. .IP \(bu The first item inside "${...}" may be a logical expression of the form: "{value3} == {value4}". Besides the "==" (equality) operator Postfix supports "!=" (inequality), "<", "<=", ">=", and ">". The comparison is numerical when both operands are all digits, otherwise the comparison is lexicographical. These forms are supported with -Postfix versions >= 2.12. +Postfix versions >= 3.0. .IP \(bu Each "value" is subject to recursive named parameter and logical expression evaluation, except where noted. @@ -74,7 +74,7 @@ Otherwise, the order of main.cf parameter definitions does not matter. The remainder of this document is a description of all Postfix configuration parameters. Default values are shown after the parameter name in parentheses, and can be looked up with the -"\fBpostconf -d\fR" command. +"\fBpostconf \-d\fR" command. .PP Note: this is not an invitation to make changes to Postfix configuration parameters. Unnecessary changes can impair the diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index f830add7a..fda33bcd9 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -1432,7 +1432,7 @@ Specify a list of names and/or name=value pairs, separated by whitespace or comma. Specify "{ name=value }" to protect whitespace or comma in parameter values (whitespace after "{" and before "}" is ignored). The form name=value is supported with Postfix version -2.1 and later; the use of {} is supported with Postfix 2.12 and +2.1 and later; the use of {} is supported with Postfix 3.0 and later.

        @@ -1883,7 +1883,7 @@ parameters: whitespace or comma. Specify "{ name=value }" to protect whitespace or comma in parameter values (whitespace after "{" and before "}" is ignored). The form name=value is supported with Postfix version -2.1 and later; the use of {} is supported with Postfix 2.12 and +2.1 and later; the use of {} is supported with Postfix 3.0 and later.

        %PARAM in_flow_delay 1s @@ -3226,7 +3226,7 @@ smtpd_access_maps, postscreen_access_list -
        Postfix version 2.12 and later
        +
        Postfix version 3.0 and later
        smtpd_client_event_limit_exceptions @@ -3647,7 +3647,7 @@ client request is rejected by the "reject" restriction. Do not change this unless you have a complete understanding of RFC 5321.

        -%PARAM relay_domains Postfix ≥ 2.12: empty, Postfix < 2.12: $mydestination +%PARAM relay_domains Postfix ≥ 3.0: empty, Postfix < 3.0: $mydestination

        What destination domains (and subdomains thereof) this system will relay mail to. For details about how @@ -4856,7 +4856,7 @@ contain the ":" character, and would otherwise be confused with a

        Pattern matching of domain names is controlled by the presence or absence of "smtpd_client_event_limit_exceptions" in the -parent_domain_matches_subdomains parameter value (postfix 2.12 and +parent_domain_matches_subdomains parameter value (postfix 3.0 and later).

        @@ -5054,7 +5054,7 @@ least significant octets. See the access(5) manual page for details.

        client hostname, and execute the corresponding action. Note: a result of "OK" is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. This feature is available -in Postfix 2.12 and later. +in Postfix 3.0 and later.
        check_client_mx_access type:table
        @@ -5088,7 +5088,7 @@ and later. unverified reverse client hostname, and execute the corresponding action. Note: a result of "OK" is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later.
        check_reverse_client_hostname_mx_access type:table
        @@ -5645,7 +5645,7 @@ use DUNNO in order to exclude specific hosts from blacklists. Note 2: specify "smtpd_helo_required = yes" to fully enforce this restriction (without "smtpd_helo_required = yes", a client can simply skip check_helo_a_access by not sending HELO or EHLO). This -feature is available in Postfix 2.12 and later. +feature is available in Postfix 3.0 and later.
        check_helo_mx_access type:table
        @@ -5933,7 +5933,7 @@ corresponding action. the RCPT TO domain, and execute the corresponding action. Note: a result of "OK" is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. This -feature is available in Postfix 2.12 and later. +feature is available in Postfix 3.0 and later.
        check_recipient_mx_access type:table
        @@ -6049,7 +6049,7 @@ record or 2) a malformed MX record such as a record with a zero-length MX hostname (Postfix version 2.3 and later).
        The reply is specified with the unknown_address_reject_code parameter (default: 450), unknown_address_tempfail_action (default: -defer_if_permit), or 556 (nullmx, Postfix 2.12 and +defer_if_permit), or 556 (nullmx, Postfix 3.0 and later). See the respective parameter descriptions for details. @@ -6442,7 +6442,7 @@ corresponding action. the MAIL FROM domain, and execute the corresponding action. Note: a result of "OK" is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. This -feature is available in Postfix 2.12 and later. +feature is available in Postfix 3.0 and later.
        check_sender_mx_access type:table
        @@ -6518,7 +6518,7 @@ record, or 2) a malformed MX record such as a record with a zero-length MX hostname (Postfix version 2.3 and later).
        The reply is specified with the unknown_address_reject_code parameter (default: 450), unknown_address_tempfail_action (default: -defer_if_permit), or 550 (nullmx, Postfix 2.12 and +defer_if_permit), or 550 (nullmx, Postfix 3.0 and later). See the respective parameter descriptions for details. @@ -7118,7 +7118,7 @@ remote_header_rewrite_domain parameter specifies a non-empty value.

        To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all".

        -%PARAM append_dot_mydomain Postfix ≥ 2.12: no, Postfix < 2.12: yes +%PARAM append_dot_mydomain Postfix ≥ 3.0: no, Postfix < 3.0: yes

        With locally submitted mail, append the string ".$mydomain" to @@ -7541,7 +7541,7 @@ and is therefore disabled by default.

        See also: delay_warning_time.

        -

        This feature is available in Postfix 2.12 and later.

        +

        This feature is available in Postfix 3.0 and later.

        %PARAM disable_dns_lookups no @@ -7928,7 +7928,7 @@ Postfix refuses mail that is nested deeper than the specified limit. This feature is available in Postfix 2.0 and later.

        -%PARAM mynetworks_style Postfix ≥ 2.12: host, Postfix < 2.12: subnet +%PARAM mynetworks_style Postfix ≥ 3.0: host, Postfix < 3.0: subnet

        The method to generate the default value for the mynetworks parameter. @@ -8440,7 +8440,7 @@ with policy servers that cannot maintain a persistent connection.

        -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later.

        %PARAM smtpd_reject_unlisted_recipient yes @@ -9302,7 +9302,7 @@ but it is best to include all the required certificates directly in the server certificate file.

        Specify "smtpd_tls_CAfile = /path/to/system_CA_file" to use ONLY -the system-supplied default certificate authority certificates. +the system-supplied default Certification Authority certificates.

        Specify "tls_append_default_CA = no" to prevent Postfix from @@ -9311,10 +9311,10 @@ certificates.

        By default (see smtpd_tls_ask_ccert), client certificates are not requested, and smtpd_tls_CAfile should remain empty. If you do make use -of client certificates, the distinguished names (DNs) of the certificate -authorities listed in smtpd_tls_CAfile are sent to the remote SMTP client +of client certificates, the distinguished names (DNs) of the Certification +Authorities listed in smtpd_tls_CAfile are sent to the remote SMTP client in the client certificate request message. MUAs with multiple client -certificates may use the list of preferred certificate authorities +certificates may use the list of preferred Certification Authorities to select the correct client certificate. You may want to put your "preferred" CA or CAs in this file, and install other trusted CAs in $smtpd_tls_CApath.

        @@ -9337,7 +9337,7 @@ smtpd_tls_CApath in chroot mode, this directory (or a copy) must be inside the chroot jail.

        Specify "smtpd_tls_CApath = /path/to/system_CA_directory" to -use ONLY the system-supplied default certificate authority certificates. +use ONLY the system-supplied default Certification Authority certificates.

        Specify "tls_append_default_CA = no" to prevent Postfix from @@ -9346,10 +9346,10 @@ certificates.

        By default (see smtpd_tls_ask_ccert), client certificates are not requested, and smtpd_tls_CApath should remain empty. In contrast -to smtpd_tls_CAfile, DNs of certificate authorities installed +to smtpd_tls_CAfile, DNs of Certification Authorities installed in $smtpd_tls_CApath are not included in the client certificate request message. MUAs with multiple client certificates may use the -list of preferred certificate authorities to select the correct +list of preferred Certification Authorities to select the correct client certificate. You may want to put your "preferred" CA or CAs in $smtpd_tls_CAfile, and install the remaining trusted CAs in $smtpd_tls_CApath.

        @@ -9742,7 +9742,7 @@ but it is best to include all the required certificates directly in $smtp_tls_cert_file.

        Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use -ONLY the system-supplied default certificate authority certificates. +ONLY the system-supplied default Certification Authority certificates.

        Specify "tls_append_default_CA = no" to prevent Postfix from @@ -9759,7 +9759,7 @@ smtp_tls_CAfile = /etc/postfix/CAcert.pem %PARAM smtp_tls_CApath -

        Directory with PEM format certificate authority certificates +

        Directory with PEM format Certification Authority certificates that the Postfix SMTP client uses to verify a remote SMTP server certificate. Don't forget to create the necessary "hash" links with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". @@ -9769,7 +9769,7 @@ with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". must be inside the chroot jail.

        Specify "smtp_tls_CApath = /path/to/system_CA_directory" to -use ONLY the system-supplied default certificate authority certificates. +use ONLY the system-supplied default Certification Authority certificates.

        Specify "tls_append_default_CA = no" to prevent Postfix from @@ -10075,7 +10075,7 @@ smtp_tls_dcert_file = /etc/postfix/client-dsa.pem %PARAM tls_append_default_CA no -

        Append the system-supplied default certificate authority +

        Append the system-supplied default Certification Authority certificates to the ones specified with *_tls_CApath or *_tls_CAfile. The default is "no"; this prevents Postfix from trusting third-party certificates and giving them relay permission with @@ -10974,7 +10974,7 @@ and later.

        fingerprint
        Certificate fingerprint verification. Available with Postfix 2.5 and later. At this security -level, there are no trusted certificate authorities. The certificate +level, there are no trusted Certification Authorities. The certificate trust chain, expiration date, ... are not checked. Instead, the optional match attribute, or else the main.cf smtp_tls_fingerprint_cert_match parameter, lists the certificate @@ -11378,7 +11378,7 @@ TLSA authentication is required. There is no fallback to "may" or
        fingerprint
        Certificate fingerprint verification. -At this security level, there are no trusted certificate authorities. +At this security level, there are no trusted Certification Authorities. The certificate trust chain, expiration date, etc., are not checked. Instead, the smtp_tls_fingerprint_cert_match parameter lists the certificate fingerprint or public key fingerprint @@ -12202,7 +12202,7 @@ to Postfix 2.9.6 or later.

        List of acceptable remote SMTP server certificate fingerprints for the "fingerprint" TLS security level (smtp_tls_security_level = -fingerprint). At this security level, certificate authorities are not +fingerprint). At this security level, Certification Authorities are not used, and certificate expiration times are ignored. Instead, server certificates are verified directly via their certificate fingerprint or public key fingerprint (Postfix 2.9 and later). The fingerprint @@ -14463,7 +14463,7 @@ the file is read).

        the timeouts in the dnsblog(8) daemon which are defined by system resolver(3) routines.

        -

        This feature is available in Postfix 2.12.

        +

        This feature is available in Postfix 3.0.

        %PARAM postscreen_bare_newline_action ignore

        The action that postscreen(8) takes when a remote SMTP client sends @@ -15449,21 +15449,21 @@ transport_maps to apply this feature selectively:

        -o smtp_address_verify_target=data lmtp-data-target unix - - n - - lmtp -o lmtp_address_verify_target=data -
        -
        +
        +

        Unselective use of the "data" target does no harm, but will result in unnecessary "lost connection after DATA" events at remote SMTP/LMTP servers.

        -

        This feature is available in Postfix 2.12 and later.

        +

        This feature is available in Postfix 3.0 and later.

        %PARAM lmtp_address_verify_target rcpt

        The LMTP-specific version of the smtp_dns_support_level configuration parameter. See there for details.

        -

        This feature is available in Postfix 2.12 and later.

        +

        This feature is available in Postfix 3.0 and later.

        %PARAM daemon_table_open_error_is_fatal no @@ -15947,7 +15947,7 @@ anchor assertion) TLSA records.

        This feature is available in Postfix 2.11 and later.

        -%PARAM tls_session_ticket_cipher Postfix ≥ 2.12: aes-256-cbc, postfix < 2.12: aes-128-cbc +%PARAM tls_session_ticket_cipher Postfix ≥ 3.0: aes-256-cbc, Postfix < 3.0: aes-128-cbc

        Algorithm used to encrypt RFC5077 TLS session tickets. This algorithm must use CBC mode, have a 128-bit block size, and must @@ -15959,7 +15959,7 @@ is discouraged.

        in the Postfix SMTP server. Another way to disable session ticket support is via the tls_ssl_options parameter.

        -

        This feature is available in Postfix 2.12 and later.

        +

        This feature is available in Postfix 3.0 and later.

        %PARAM default_delivery_status_filter @@ -16048,7 +16048,7 @@ sender in delivery confirmation or non-delivery notifications.
      -

      This feature is available in Postfix 2.12 and later.

      +

      This feature is available in Postfix 3.0 and later.

      %PARAM smtp_delivery_status_filter $default_delivery_status_filter @@ -16066,7 +16066,7 @@ remote SMTP server responses only.

      The LMTP-specific version of the smtp_delivery_status_filter configuration parameter. See there for details.

      -

      This feature is available in Postfix 2.12 and later.

      +

      This feature is available in Postfix 3.0 and later.

      %PARAM pipe_delivery_status_filter $default_delivery_status_filter @@ -16074,7 +16074,7 @@ configuration parameter. See there for details.

      delivery status code or explanatory text of successful or unsuccessful deliveries. See default_delivery_status_filter for details.

      -

      This feature is available in Postfix 2.12 and later.

      +

      This feature is available in Postfix 3.0 and later.

      %PARAM virtual_delivery_status_filter $default_delivery_status_filter @@ -16082,7 +16082,7 @@ deliveries. See default_delivery_status_filter for details.

      delivery status code or explanatory text of successful or unsuccessful deliveries. See default_delivery_status_filter for details.

      -

      This feature is available in Postfix 2.12 and later.

      +

      This feature is available in Postfix 3.0 and later.

      %PARAM local_delivery_status_filter $default_delivery_status_filter @@ -16090,7 +16090,7 @@ deliveries. See default_delivery_status_filter for details.

      status code or explanatory text of successful or unsuccessful deliveries. See default_delivery_status_filter for details.

      -

      This feature is available in Postfix 2.12 and later.

      +

      This feature is available in Postfix 3.0 and later.

      %PARAM shlib_directory see 'postconf -d' output @@ -16123,7 +16123,7 @@ files in the compiled-in default $shlib_directory location.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    %PARAM meta_directory see 'postconf -d' output @@ -16140,7 +16140,7 @@ installing or upgrading Postfix, or specify "meta_directory = /path/name" on the "make makefiles", "make install" or "make upgrade" command line.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    %PARAM smtpd_policy_service_default_action 451 4.3.5 Server configuration problem @@ -16163,29 +16163,29 @@ request, that request will have the built-in default action.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    %PARAM smtpd_policy_service_try_limit 2

    The maximal number of attempts to send an SMTPD policy service request before giving up. Specify a value greater than zero.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    %PARAM smtpd_policy_service_retry_delay 1s

    The delay between attempts to resend a failed SMTPD policy service request. Specify a value greater than zero.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    %PARAM smtputf8_enable yes -

    Enable experimental SMTPUTF8 support for the protocols described +

    Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531..6533. This requires that Postfix is built to support these protocols.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    %PARAM strict_smtputf8 no @@ -16193,7 +16193,7 @@ these protocols.

    SMTP server accepts UTF8 sender or recipient addresses only when the client requests an SMTPUTF8 mail transaction.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    %PARAM smtputf8_autodetect_classes sendmail, verify @@ -16251,7 +16251,7 @@ mail. -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    %PARAM compatibility_level 0 @@ -16307,19 +16307,19 @@ warning: To disable backwards compatibility use "postconf -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    %PARAM message_drop_headers bcc, content-length, resent-bcc, return-path

    Names of message headers that the cleanup(8) daemon will remove after applying header_checks(5) and before invoking Milter applications. -The default setting is compatible with Postfix < 2.12.

    +The default setting is compatible with Postfix < 3.0.

    Specify a list of header names, separated by comma or space. Names are matched in a case-insensitive manner. The list of supported header names is limited only by available memory.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    %PARAM nullmx_reject_code 556 @@ -16329,7 +16329,7 @@ record (an MX record with an empty hostname). This is one of the possible replies from the restrictions reject_unknown_sender_domain and reject_unknown_recipient_domain.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    %PARAM smtpd_dns_reply_filter @@ -16337,14 +16337,14 @@ and reject_unknown_recipient_domain.

    See smtp_dns_reply_filter for details including an example.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    %PARAM lmtp_dns_reply_filter

    Optional filter for Postfix LMTP client DNS lookup results. See smtp_dns_reply_filter for details including an example.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    #%PARAM postscreen_dns_reply_filter # @@ -16352,7 +16352,7 @@ See smtp_dns_reply_filter for details including an example.

    #See smtp_dns_reply_filter for details including an example. #

    # -#

    This feature is available in Postfix 2.12 and later.

    +#

    This feature is available in Postfix 3.0 and later.

    %PARAM smtp_dns_reply_filter @@ -16419,7 +16419,7 @@ with valid PTR etc. records.

    /^\S+\.google\.com\.\s+\S+\s+\S+\s+AAAA\s+/ IGNORE -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    %PARAM smtp_tls_wrappermode no @@ -16444,7 +16444,7 @@ stronger.

    More examples are in TLS_README, including examples for older Postfix versions.

    -

    This feature is available in Postfix 2.12 and later.

    +

    This feature is available in Postfix 3.0 and later.

    %PARAM virtual_alias_address_length_limit 1000 @@ -16455,7 +16455,7 @@ exponentially.

    -This feature is available in Postfix 2.12 and later. +This feature is available in Postfix 3.0 and later.

    diff --git a/postfix/proto/socketmap_table b/postfix/proto/socketmap_table index ad0083735..96c7dfca5 100644 --- a/postfix/proto/socketmap_table +++ b/postfix/proto/socketmap_table @@ -17,7 +17,7 @@ # # The Postfix socketmap client expects TCP endpoint names of # the form \fBinet:\fIhost\fB:\fIport\fB:\fIname\fR, or -# UNIX-domain endponts of the form \fBunix:\fIpathname\fB:\fIname\fR. +# UNIX-domain endpoints of the form \fBunix:\fIpathname\fB:\fIname\fR. # In both cases, \fIname\fR specifies the name field in a # socketmap client request (see "REQUEST FORMAT" below). # PROTOCOL diff --git a/postfix/src/bounce/Makefile.in b/postfix/src/bounce/Makefile.in index ef57d240b..5714e5823 100644 --- a/postfix/src/bounce/Makefile.in +++ b/postfix/src/bounce/Makefile.in @@ -199,6 +199,7 @@ bounce_notify_service.o: ../../include/rcpt_buf.h bounce_notify_service.o: ../../include/rec_type.h bounce_notify_service.o: ../../include/recipient_list.h bounce_notify_service.o: ../../include/smtputf8.h +bounce_notify_service.o: ../../include/stringops.h bounce_notify_service.o: ../../include/sys_defs.h bounce_notify_service.o: ../../include/vbuf.h bounce_notify_service.o: ../../include/vstream.h @@ -275,6 +276,7 @@ bounce_notify_verp.o: ../../include/rcpt_buf.h bounce_notify_verp.o: ../../include/rec_type.h bounce_notify_verp.o: ../../include/recipient_list.h bounce_notify_verp.o: ../../include/smtputf8.h +bounce_notify_verp.o: ../../include/stringops.h bounce_notify_verp.o: ../../include/sys_defs.h bounce_notify_verp.o: ../../include/vbuf.h bounce_notify_verp.o: ../../include/verp_sender.h @@ -309,6 +311,7 @@ bounce_one_service.o: ../../include/rcpt_buf.h bounce_one_service.o: ../../include/rec_type.h bounce_one_service.o: ../../include/recipient_list.h bounce_one_service.o: ../../include/smtputf8.h +bounce_one_service.o: ../../include/stringops.h bounce_one_service.o: ../../include/sys_defs.h bounce_one_service.o: ../../include/vbuf.h bounce_one_service.o: ../../include/vstream.h @@ -381,6 +384,7 @@ bounce_trace_service.o: ../../include/rcpt_buf.h bounce_trace_service.o: ../../include/rec_type.h bounce_trace_service.o: ../../include/recipient_list.h bounce_trace_service.o: ../../include/smtputf8.h +bounce_trace_service.o: ../../include/stringops.h bounce_trace_service.o: ../../include/sys_defs.h bounce_trace_service.o: ../../include/vbuf.h bounce_trace_service.o: ../../include/vstream.h @@ -412,6 +416,7 @@ bounce_warn_service.o: ../../include/rcpt_buf.h bounce_warn_service.o: ../../include/rec_type.h bounce_warn_service.o: ../../include/recipient_list.h bounce_warn_service.o: ../../include/smtputf8.h +bounce_warn_service.o: ../../include/stringops.h bounce_warn_service.o: ../../include/sys_defs.h bounce_warn_service.o: ../../include/vbuf.h bounce_warn_service.o: ../../include/vstream.h diff --git a/postfix/src/bounce/bounce.c b/postfix/src/bounce/bounce.c index 3b067cb61..fffec8850 100644 --- a/postfix/src/bounce/bounce.c +++ b/postfix/src/bounce/bounce.c @@ -115,7 +115,7 @@ /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* .PP -/* Available in Postfix 2.12 and later: +/* Available in Postfix 3.0 and later: /* .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" /* Detect that a message requires SMTPUTF8 support for the specified /* mail origin classes. @@ -147,10 +147,6 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include @@ -407,7 +403,8 @@ static int bounce_verp_proto(char *service_name, VSTREAM *client) * Execute the request. Fall back to traditional notification if a bounce * was returned as undeliverable, because we don't want to VERPify those. */ - if (!*STR(sender) || !strcasecmp(STR(sender), mail_addr_double_bounce())) { + if (!*STR(sender) || !strcasecmp_utf8(STR(sender), + mail_addr_double_bounce())) { msg_warn("request to send VERP-style notification of bounced mail"); return (bounce_notify_service(flags, service_name, STR(queue_name), STR(queue_id), STR(encoding), smtputf8, diff --git a/postfix/src/bounce/bounce_append_service.c b/postfix/src/bounce/bounce_append_service.c index 582bb1977..c3cea0beb 100644 --- a/postfix/src/bounce/bounce_append_service.c +++ b/postfix/src/bounce/bounce_append_service.c @@ -41,10 +41,6 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include @@ -122,9 +118,9 @@ int bounce_append_service(int unused_flags, char *service, char *queue_id, dsn->reason); } vstream_fprintf(log, "%s=%s\n", MAIL_ATTR_RECIP, *rcpt->address ? - STR(quote_822_local(in_buf, rcpt->address)) : "<>"); + STR(quote_822_local(in_buf, rcpt->address)) : "<>"); if (NOT_NULL_EMPTY(rcpt->orig_addr) - && strcasecmp(rcpt->address, rcpt->orig_addr) != 0) + && strcasecmp_utf8(rcpt->address, rcpt->orig_addr) != 0) vstream_fprintf(log, "%s=%s\n", MAIL_ATTR_ORCPT, STR(quote_822_local(in_buf, rcpt->orig_addr))); if (rcpt->offset > 0) diff --git a/postfix/src/bounce/bounce_notify_service.c b/postfix/src/bounce/bounce_notify_service.c index 154810421..d6c751f50 100644 --- a/postfix/src/bounce/bounce_notify_service.c +++ b/postfix/src/bounce/bounce_notify_service.c @@ -56,15 +56,12 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include #include #include +#include /* Global library. */ @@ -160,7 +157,7 @@ int bounce_notify_service(int flags, char *service, char *queue_name, * every delivery agent must recognize the double-bounce sender address * and substitute something else so mail does not come back at us. */ - if (strcasecmp(recipient, mail_addr_double_bounce()) == 0) { + if (strcasecmp_utf8(recipient, mail_addr_double_bounce()) == 0) { msg_warn("%s: undeliverable postmaster notification discarded", queue_id); bounce_status = 0; @@ -263,7 +260,7 @@ int bounce_notify_service(int flags, char *service, char *queue_name, #define SEND_POSTMASTER_SINGLE_BOUNCE_NOTICE (notify_mask & MAIL_ERROR_BOUNCE) if (bounce_status == 0 && SEND_POSTMASTER_SINGLE_BOUNCE_NOTICE - && strcasecmp(recipient, mail_addr_double_bounce()) != 0) { + && strcasecmp_utf8(recipient, mail_addr_double_bounce()) != 0) { /* * Send the text with reason for the bounce, and the headers of diff --git a/postfix/src/bounce/bounce_notify_verp.c b/postfix/src/bounce/bounce_notify_verp.c index bf5944bf9..8bfd71b82 100644 --- a/postfix/src/bounce/bounce_notify_verp.c +++ b/postfix/src/bounce/bounce_notify_verp.c @@ -58,15 +58,12 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include #include #include +#include /* Global library. */ @@ -111,7 +108,7 @@ int bounce_notify_verp(int flags, char *service, char *queue_name, */ if (*recipient == 0) msg_panic("%s: attempt to bounce a single bounce", myname); - if (strcasecmp(recipient, mail_addr_double_bounce()) == 0) + if (strcasecmp_utf8(recipient, mail_addr_double_bounce()) == 0) msg_panic("%s: attempt to bounce a double bounce", myname); /* diff --git a/postfix/src/bounce/bounce_one_service.c b/postfix/src/bounce/bounce_one_service.c index c8837ed2c..29c4fc3cc 100644 --- a/postfix/src/bounce/bounce_one_service.c +++ b/postfix/src/bounce/bounce_one_service.c @@ -57,15 +57,12 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include #include #include +#include /* Global library. */ @@ -130,7 +127,7 @@ int bounce_one_service(int flags, char *queue_name, char *queue_id, * address and substitute something else so mail does not come back at * us. */ - if (strcasecmp(orig_sender, mail_addr_double_bounce()) == 0) { + if (strcasecmp_utf8(orig_sender, mail_addr_double_bounce()) == 0) { msg_warn("%s: undeliverable postmaster notification discarded", queue_id); bounce_status = 0; @@ -221,7 +218,7 @@ int bounce_one_service(int flags, char *queue_name, char *queue_id, #define SEND_POSTMASTER_SINGLE_BOUNCE_NOTICE (notify_mask & MAIL_ERROR_BOUNCE) if (bounce_status == 0 && SEND_POSTMASTER_SINGLE_BOUNCE_NOTICE - && strcasecmp(orig_sender, mail_addr_double_bounce()) != 0) { + && strcasecmp_utf8(orig_sender, mail_addr_double_bounce()) != 0) { /* * Send the text with reason for the bounce, and the headers of diff --git a/postfix/src/bounce/bounce_trace_service.c b/postfix/src/bounce/bounce_trace_service.c index 67fe4d229..8a62305fc 100644 --- a/postfix/src/bounce/bounce_trace_service.c +++ b/postfix/src/bounce/bounce_trace_service.c @@ -58,6 +58,7 @@ #include #include +#include /* Global library. */ @@ -102,7 +103,7 @@ int bounce_trace_service(int flags, char *service, char *queue_name, */ #define NULL_SENDER MAIL_ADDR_EMPTY /* special address */ - if (strcasecmp(recipient, mail_addr_double_bounce()) == 0) { + if (strcasecmp_utf8(recipient, mail_addr_double_bounce()) == 0) { msg_info("%s: not sending trace/success notification for " "double-bounce message", queue_id); return (0); diff --git a/postfix/src/bounce/bounce_warn_service.c b/postfix/src/bounce/bounce_warn_service.c index 1a0349588..bbb805d8e 100644 --- a/postfix/src/bounce/bounce_warn_service.c +++ b/postfix/src/bounce/bounce_warn_service.c @@ -57,15 +57,12 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include #include #include +#include /* Global library. */ @@ -149,7 +146,7 @@ int bounce_warn_service(int unused_flags, char *service, char *queue_name, * every delivery agent must recognize the double-bounce sender address * and substitute something else so mail does not come back at us. */ - if (strcasecmp(recipient, mail_addr_double_bounce()) == 0) { + if (strcasecmp_utf8(recipient, mail_addr_double_bounce()) == 0) { msg_warn("%s: undeliverable postmaster notification discarded", queue_id); bounce_status = 0; @@ -247,7 +244,7 @@ int bounce_warn_service(int unused_flags, char *service, char *queue_name, * retransmit the bounce that we just generated, just log a warning. */ if (bounce_status == 0 && SEND_POSTMASTER_DELAY_NOTICE - && strcasecmp(recipient, mail_addr_double_bounce()) != 0) { + && strcasecmp_utf8(recipient, mail_addr_double_bounce()) != 0) { /* * Send the text with reason for the bounce, and the headers of diff --git a/postfix/src/cleanup/Makefile.in b/postfix/src/cleanup/Makefile.in index 3d2e3db0f..ad479d09c 100644 --- a/postfix/src/cleanup/Makefile.in +++ b/postfix/src/cleanup/Makefile.in @@ -92,6 +92,8 @@ root_tests: cleanup_masquerade_test: cleanup_masquerade cleanup_masq.ref rm -f cleanup_masq.tmp $(SHLIB_ENV) ./cleanup_masquerade '' a.b.c,b.c xxx@aa.a.b.c >>cleanup_masq.tmp + $(SHLIB_ENV) ./cleanup_masquerade '' A.B.C,B.C xxx@aa.a.b.c >>cleanup_masq.tmp + $(SHLIB_ENV) ./cleanup_masquerade '' a.b.c,b.c xxx@AA.A.B.C >>cleanup_masq.tmp $(SHLIB_ENV) ./cleanup_masquerade 'xxx' a.b.c,b.c xxx@aa.a.b.c >>cleanup_masq.tmp $(SHLIB_ENV) ./cleanup_masquerade 'yyy' a.b.c,b.c xxx@aa.a.b.c >>cleanup_masq.tmp $(SHLIB_ENV) ./cleanup_masquerade '' !a.b.c,b.c xxx@aa.a.b.c >>cleanup_masq.tmp @@ -922,6 +924,7 @@ cleanup_map11.o: ../../include/quote_822_local.h cleanup_map11.o: ../../include/quote_flags.h cleanup_map11.o: ../../include/resolve_clnt.h cleanup_map11.o: ../../include/string_list.h +cleanup_map11.o: ../../include/stringops.h cleanup_map11.o: ../../include/sys_defs.h cleanup_map11.o: ../../include/tok822.h cleanup_map11.o: ../../include/vbuf.h @@ -955,6 +958,7 @@ cleanup_map1n.o: ../../include/quote_822_local.h cleanup_map1n.o: ../../include/quote_flags.h cleanup_map1n.o: ../../include/resolve_clnt.h cleanup_map1n.o: ../../include/string_list.h +cleanup_map1n.o: ../../include/stringops.h cleanup_map1n.o: ../../include/sys_defs.h cleanup_map1n.o: ../../include/tok822.h cleanup_map1n.o: ../../include/vbuf.h diff --git a/postfix/src/cleanup/cleanup.c b/postfix/src/cleanup/cleanup.c index b83c5c57d..c48a41047 100644 --- a/postfix/src/cleanup/cleanup.c +++ b/postfix/src/cleanup/cleanup.c @@ -92,7 +92,7 @@ /* .IP "\fBenable_long_queue_ids (no)\fR" /* Enable long, non-repeating, queue IDs (queue file names). /* .PP -/* Available in Postfix version 2.12 and later: +/* Available in Postfix version 3.0 and later: /* .IP "\fBmessage_drop_headers (bcc, content-length, resent-bcc, return-path)\fR" /* Names of message headers that the \fBcleanup\fR(8) daemon will remove /* after applying \fBheader_checks\fR(5) and before invoking Milter applications. @@ -321,9 +321,19 @@ /* .IP "\fBvirtual_alias_recursion_limit (1000)\fR" /* The maximal nesting depth of virtual alias expansion. /* .PP -/* Available in Postfix version 2.12 and later: +/* Available in Postfix version 3.0 and later: /* .IP "\fBvirtual_alias_address_length_limit (1000)\fR" /* The maximal length of an email address after virtual alias expansion. +/* SMTPUTF8 CONTROLS +/* .ad +/* .fi +/* Preliminary SMTPUTF8 support is introduced with Postfix 3.0. +/* .IP "\fBsmtputf8_enable (yes)\fR" +/* Enable preliminary SMTPUTF8 support for the protocols described +/* in RFC 6531..6533. +/* .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" +/* Detect that a message requires SMTPUTF8 support for the specified +/* mail origin classes. /* MISCELLANEOUS CONTROLS /* .ad /* .fi diff --git a/postfix/src/cleanup/cleanup_addr.c b/postfix/src/cleanup/cleanup_addr.c index c2fce82e9..f889e1a60 100644 --- a/postfix/src/cleanup/cleanup_addr.c +++ b/postfix/src/cleanup/cleanup_addr.c @@ -70,10 +70,6 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include @@ -121,10 +117,10 @@ void cleanup_addr_sender(CLEANUP_STATE *state, const char *buf) * bounced mail traffic more robustly. */ cleanup_rewrite_internal(MAIL_ATTR_RWR_LOCAL, clean_addr, buf); - if (strncasecmp(STR(clean_addr), MAIL_ADDR_MAIL_DAEMON "@", - sizeof(MAIL_ADDR_MAIL_DAEMON)) == 0) { + if (strncasecmp_utf8(STR(clean_addr), MAIL_ADDR_MAIL_DAEMON "@", + sizeof(MAIL_ADDR_MAIL_DAEMON)) == 0) { canon_addr_internal(state->temp1, MAIL_ADDR_MAIL_DAEMON); - if (strcasecmp(STR(clean_addr), STR(state->temp1)) == 0) + if (strcasecmp_utf8(STR(clean_addr), STR(state->temp1)) == 0) vstring_strcpy(clean_addr, ""); } if (state->flags & CLEANUP_FLAG_MAP_OK) { diff --git a/postfix/src/cleanup/cleanup_map11.c b/postfix/src/cleanup/cleanup_map11.c index 2e892fda0..0f4f25bd2 100644 --- a/postfix/src/cleanup/cleanup_map11.c +++ b/postfix/src/cleanup/cleanup_map11.c @@ -65,16 +65,13 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include #include #include #include +#include /* Global library. */ @@ -114,7 +111,7 @@ int cleanup_map11_external(CLEANUP_STATE *state, VSTRING *addr, saved_addr = mystrdup(STR(addr)); did_rewrite |= strcmp(new_addr->argv[0], STR(addr)); vstring_strcpy(addr, new_addr->argv[0]); - expand_to_self = !strcasecmp(saved_addr, STR(addr)); + expand_to_self = !strcasecmp_utf8(saved_addr, STR(addr)); myfree(saved_addr); argv_free(new_addr); if (expand_to_self) diff --git a/postfix/src/cleanup/cleanup_map1n.c b/postfix/src/cleanup/cleanup_map1n.c index b01971e2d..65a03fc12 100644 --- a/postfix/src/cleanup/cleanup_map1n.c +++ b/postfix/src/cleanup/cleanup_map1n.c @@ -46,10 +46,6 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include @@ -57,6 +53,7 @@ #include #include #include +#include /* Global library. */ @@ -142,7 +139,7 @@ ARGV *cleanup_map1n_internal(CLEANUP_STATE *state, const char *addr, if (strlen(lookup->argv[i]) > var_virt_addrlen_limit) { msg_warn("%s: unreasonable %s result %.300s... -- " "message not accepted, try again later", - state->queue_id, maps->title, lookup->argv[i]); + state->queue_id, maps->title, lookup->argv[i]); state->errs |= CLEANUP_STAT_DEFER; UPDATE(state->reason, "4.6.0 Alias expansion error"); UNEXPAND(argv, addr); @@ -159,7 +156,7 @@ ARGV *cleanup_map1n_internal(CLEANUP_STATE *state, const char *addr, /* * Allow an address to expand into itself once. */ - if (strcasecmp(saved_lhs, STR(state->temp1)) == 0) + if (strcasecmp_utf8(saved_lhs, STR(state->temp1)) == 0) been_here_fixed(been_here, saved_lhs); } myfree(saved_lhs); diff --git a/postfix/src/cleanup/cleanup_masq.ref b/postfix/src/cleanup/cleanup_masq.ref index 80dd26fe5..68388949b 100644 --- a/postfix/src/cleanup/cleanup_masq.ref +++ b/postfix/src/cleanup/cleanup_masq.ref @@ -5,6 +5,18 @@ address: xxx@aa.a.b.c result: xxx@a.b.c errs: 0 ---------- +exceptions: +masq_list: A.B.C,B.C +address: xxx@aa.a.b.c +result: xxx@a.b.c +errs: 0 +---------- +exceptions: +masq_list: a.b.c,b.c +address: xxx@AA.A.B.C +result: xxx@a.b.c +errs: 0 +---------- exceptions: xxx masq_list: a.b.c,b.c address: xxx@aa.a.b.c diff --git a/postfix/src/cleanup/cleanup_masquerade.c b/postfix/src/cleanup/cleanup_masquerade.c index 58053c063..4fc3a1373 100644 --- a/postfix/src/cleanup/cleanup_masquerade.c +++ b/postfix/src/cleanup/cleanup_masquerade.c @@ -51,10 +51,6 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include @@ -92,6 +88,7 @@ int cleanup_masquerade_external(CLEANUP_STATE *state, VSTRING *addr, /* Stuff for excluded names. */ char *name; + ssize_t name_len; int excluded; /* @@ -99,15 +96,16 @@ int cleanup_masquerade_external(CLEANUP_STATE *state, VSTRING *addr, */ if ((domain = strrchr(STR(addr), '@')) == 0) return (0); - domain += 1; + name_len = domain - STR(addr); + domain = casefold(state->temp2, domain + 1); domain_len = strlen(domain); /* * Don't masquerade excluded names (regardless of domain). */ if (*var_masq_exceptions) { - name = mystrndup(STR(addr), domain - 1 - STR(addr)); - excluded = (string_list_match(cleanup_masq_exceptions, lowercase(name)) != 0); + name = mystrndup(STR(addr), name_len); + excluded = (string_list_match(cleanup_masq_exceptions, name) != 0); myfree(name); if (cleanup_masq_exceptions->error) { msg_info("%s: %s map lookup problem -- " @@ -127,19 +125,20 @@ int cleanup_masquerade_external(CLEANUP_STATE *state, VSTRING *addr, for (masqp = masq_domains->argv; (masq = *masqp) != 0; masqp++) { for (truncate = 1; *masq == '!'; masq++) truncate = !truncate; + masq = casefold(state->temp1, masq); masq_len = strlen(masq); if (masq_len == 0) continue; if (masq_len == domain_len) { - if (strcasecmp(masq, domain) == 0) + if (strcmp(masq, domain) == 0) break; } else if (masq_len < domain_len) { parent = domain + domain_len - masq_len; - if (parent[-1] == '.' && strcasecmp(masq, parent) == 0) { + if (parent[-1] == '.' && strcmp(masq, parent) == 0) { if (truncate) { if (msg_verbose) msg_info("masquerade: %s -> %s", domain, masq); - vstring_truncate(addr, domain - STR(addr)); + vstring_truncate(addr, name_len + 1); vstring_strcat(addr, masq); did_rewrite = 1; } @@ -221,12 +220,16 @@ int main(int argc, char **argv) state.errs = 0; state.queue_id = "NOQUEUE"; + state.temp1 = vstring_alloc(100); + state.temp2 = vstring_alloc(100); cleanup_masquerade_external(&state, addr, masq_domains); vstream_printf("result: %s\n", STR(addr)); vstream_printf("errs: %d\n", state.errs); vstream_fflush(VSTREAM_OUT); + vstring_free(state.temp1); + vstring_free(state.temp2); vstring_free(addr); argv_free(masq_domains); diff --git a/postfix/src/discard/discard.c b/postfix/src/discard/discard.c index da40e4a8d..0c2e604eb 100644 --- a/postfix/src/discard/discard.c +++ b/postfix/src/discard/discard.c @@ -21,7 +21,7 @@ /* queue file, and either marks recipients as finished or informs the /* queue manager that delivery should be tried again at a later time. /* -/* Delivery status reports are sent to the \fBtrace\fR(8) +/* Delivery status reports are sent to the \fBtrace\fR(8) /* daemon as appropriate. /* SECURITY /* .ad @@ -39,8 +39,8 @@ /* .ad /* .fi /* Changes to \fBmain.cf\fR are picked up automatically as \fBdiscard\fR(8) -/* processes run for only a limited amount of time. Use the command -/* "\fBpostfix reload\fR" to speed up a change. +/* processes run for only a limited amount of time. Use the command +/* "\fBpostfix reload\fR" to speed up a change. /* /* The text below provides only a parameter summary. See /* \fBpostconf\fR(5) for more details including examples. @@ -89,7 +89,7 @@ /* .fi /* The Secure Mailer license must be distributed with this software. /* HISTORY -/* This service was introduced with Postfix version 2.2. +/* This service was introduced with Postfix version 2.2. /* AUTHOR(S) /* Victor Duchovni /* Morgan Stanley diff --git a/postfix/src/dns/dns_rr_filter.c b/postfix/src/dns/dns_rr_filter.c index 105533e99..a02d3de6a 100644 --- a/postfix/src/dns/dns_rr_filter.c +++ b/postfix/src/dns/dns_rr_filter.c @@ -49,6 +49,10 @@ #include #include +#ifdef STRCASECMP_IN_STRINGS_H +#include +#endif + /* * Utility library. */ diff --git a/postfix/src/error/error.c b/postfix/src/error/error.c index 812147668..894fa8bb9 100644 --- a/postfix/src/error/error.c +++ b/postfix/src/error/error.c @@ -40,8 +40,8 @@ /* .ad /* .fi /* Changes to \fBmain.cf\fR are picked up automatically as \fBerror\fR(8) -/* processes run for only a limited amount of time. Use the command -/* "\fBpostfix reload\fR" to speed up a change. +/* processes run for only a limited amount of time. Use the command +/* "\fBpostfix reload\fR" to speed up a change. /* /* The text below provides only a parameter summary. See /* \fBpostconf\fR(5) for more details including examples. diff --git a/postfix/src/flush/Makefile.in b/postfix/src/flush/Makefile.in index ff94b79e3..df9214def 100644 --- a/postfix/src/flush/Makefile.in +++ b/postfix/src/flush/Makefile.in @@ -79,6 +79,7 @@ flush.o: ../../include/mail_version.h flush.o: ../../include/maps.h flush.o: ../../include/match_list.h flush.o: ../../include/match_parent_style.h +flush.o: ../../include/midna_domain.h flush.o: ../../include/msg.h flush.o: ../../include/myflock.h flush.o: ../../include/mymalloc.h diff --git a/postfix/src/flush/flush.c b/postfix/src/flush/flush.c index fccb61cd7..71e8f3da3 100644 --- a/postfix/src/flush/flush.c +++ b/postfix/src/flush/flush.c @@ -172,6 +172,7 @@ #include #include #include +#include /* Global library. */ @@ -256,6 +257,15 @@ static VSTRING *flush_site_to_path(VSTRING *path, const char *site) const char *ptr; int ch; + /* + * Convert the name to ASCII, so that we don't to end up with non-ASCII + * names in the file system. The IDNA library functions fold case. + */ +#ifndef NO_EAI + if ((site = midna_domain_to_ascii(site)) == 0) + return (0); +#endif + /* * Allocate buffer on the fly; caller still needs to clean up. */ @@ -267,7 +277,7 @@ static VSTRING *flush_site_to_path(VSTRING *path, const char *site) */ for (ptr = site; (ch = *(unsigned const char *) ptr) != 0; ptr++) if (ISALNUM(ch)) - VSTRING_ADDCH(path, ch); + VSTRING_ADDCH(path, tolower(ch)); else VSTRING_ADDCH(path, '_'); VSTRING_TERMINATE(path); @@ -298,7 +308,8 @@ static int flush_add_service(const char *site, const char *queue_id) /* * Map site to path and update log. */ - site_path = flush_site_to_path((VSTRING *) 0, site); + if ((site_path = flush_site_to_path((VSTRING *) 0, site)) == 0) + return (FLUSH_STAT_DENY); status = flush_add_path(STR(site_path), queue_id); vstring_free(site_path); @@ -374,7 +385,8 @@ static int flush_send_service(const char *site, int how) /* * Map site name to path name and flush the log. */ - site_path = flush_site_to_path((VSTRING *) 0, site); + if ((site_path = flush_site_to_path((VSTRING *) 0, site)) == 0) + return (FLUSH_STAT_DENY); status = flush_send_path(STR(site_path), how); vstring_free(site_path); @@ -753,7 +765,7 @@ static void flush_service(VSTREAM *client_stream, char *unused_service, RECV_ATTR_STR(MAIL_ATTR_QUEUEID, queue_id), ATTR_TYPE_END) == 2 && mail_queue_id_ok(STR(queue_id))) - status = flush_add_service(lowercase(STR(site)), STR(queue_id)); + status = flush_add_service(STR(site), STR(queue_id)); attr_print(client_stream, ATTR_FLAG_NONE, SEND_ATTR_INT(MAIL_ATTR_STATUS, status), ATTR_TYPE_END); @@ -762,8 +774,7 @@ static void flush_service(VSTREAM *client_stream, char *unused_service, if (attr_scan(client_stream, ATTR_FLAG_STRICT, RECV_ATTR_STR(MAIL_ATTR_SITE, site), ATTR_TYPE_END) == 1) - status = flush_send_service(lowercase(STR(site)), - UNTHROTTLE_BEFORE); + status = flush_send_service(STR(site), UNTHROTTLE_BEFORE); attr_print(client_stream, ATTR_FLAG_NONE, SEND_ATTR_INT(MAIL_ATTR_STATUS, status), ATTR_TYPE_END); diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in index ab6b8a1ec..dc7f82cff 100644 --- a/postfix/src/global/Makefile.in +++ b/postfix/src/global/Makefile.in @@ -68,41 +68,41 @@ OBJS = abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \ smtp_reply_footer.o safe_ultostr.o verify_sender_addr.o \ dict_memcache.o mail_version.o memcache_proto.o server_acl.o \ mkmap_fail.o haproxy_srvr.o dsn_filter.o dynamicmaps.o uxtext.o \ - smtputf8.o attr_override.o mail_parm_split.o midna_adomain.o \ - $(NON_PLUGIN_MAP_OBJ) - # MAP_OBJ is for maps that may be dynamically loaded with dynamicmaps.cf. - # When hard-linking these maps, makedefs sets NON_PLUGIN_MAP_OBJ=$(MAP_OBJ), - # otherwise it sets the PLUGIN_* macros. - MAP_OBJ = dict_ldap.o dict_mysql.o dict_pgsql.o dict_sqlite.o mkmap_cdb.o \ - mkmap_lmdb.o mkmap_sdbm.o - HDRS = abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \ - canon_addr.h cfg_parser.h cleanup_user.h clnt_stream.h config.h \ - conv_time.h db_common.h debug_peer.h debug_process.h defer.h \ - deliver_completed.h deliver_flock.h deliver_pass.h deliver_request.h \ - dict_ldap.h dict_mysql.h dict_pgsql.h dict_proxy.h dict_sqlite.h domain_list.h \ - dot_lockfile.h dot_lockfile_as.h dsb_scan.h dsn.h dsn_buf.h \ - dsn_mask.h dsn_print.h dsn_util.h ehlo_mask.h ext_prop.h \ - file_id.h flush_clnt.h header_opts.h header_token.h input_transp.h \ - int_filt.h is_header.h lex_822.h log_adhoc.h mail_addr.h \ - mail_addr_crunch.h mail_addr_find.h mail_addr_map.h mail_conf.h \ - mail_copy.h mail_date.h mail_dict.h mail_error.h mail_flush.h \ - mail_open_ok.h mail_params.h mail_proto.h mail_queue.h mail_run.h \ - mail_scan_dir.h mail_stream.h mail_task.h mail_version.h maps.h \ - mark_corrupt.h match_parent_style.h mbox_conf.h mbox_open.h \ - mime_state.h mkmap.h msg_stats.h mynetworks.h mypwd.h namadr_list.h \ - off_cvt.h opened.h own_inet_addr.h pipe_command.h post_mail.h \ - qmgr_user.h qmqp_proto.h quote_821_local.h quote_822_local.h \ - quote_flags.h rcpt_buf.h rcpt_print.h rec_attr_map.h rec_streamlf.h \ - rec_type.h recipient_list.h record.h resolve_clnt.h resolve_local.h \ - rewrite_clnt.h scache.h sent.h smtp_stream.h split_addr.h \ - string_list.h strip_addr.h sys_exits.h timed_ipc.h tok822.h \ - trace.h user_acl.h valid_mailhost_addr.h verify.h verify_clnt.h \ - verp_sender.h wildcard_inet_addr.h xtext.h delivered_hdr.h \ - fold_addr.h header_body_checks.h data_redirect.h match_service.h \ - addr_match_list.h smtp_reply_footer.h safe_ultostr.h \ - verify_sender_addr.h dict_memcache.h memcache_proto.h server_acl.h \ - haproxy_srvr.h dsn_filter.h dynamicmaps.h uxtext.h smtputf8.h \ - attr_override.h mail_parm_split.h midna_adomain.h + smtputf8.o attr_override.o mail_parm_split.o midna_adomain.o \ + $(NON_PLUGIN_MAP_OBJ) +# MAP_OBJ is for maps that may be dynamically loaded with dynamicmaps.cf. +# When hard-linking these maps, makedefs sets NON_PLUGIN_MAP_OBJ=$(MAP_OBJ), +# otherwise it sets the PLUGIN_* macros. +MAP_OBJ = dict_ldap.o dict_mysql.o dict_pgsql.o dict_sqlite.o mkmap_cdb.o \ + mkmap_lmdb.o mkmap_sdbm.o +HDRS = abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \ + canon_addr.h cfg_parser.h cleanup_user.h clnt_stream.h config.h \ + conv_time.h db_common.h debug_peer.h debug_process.h defer.h \ + deliver_completed.h deliver_flock.h deliver_pass.h deliver_request.h \ + dict_ldap.h dict_mysql.h dict_pgsql.h dict_proxy.h dict_sqlite.h domain_list.h \ + dot_lockfile.h dot_lockfile_as.h dsb_scan.h dsn.h dsn_buf.h \ + dsn_mask.h dsn_print.h dsn_util.h ehlo_mask.h ext_prop.h \ + file_id.h flush_clnt.h header_opts.h header_token.h input_transp.h \ + int_filt.h is_header.h lex_822.h log_adhoc.h mail_addr.h \ + mail_addr_crunch.h mail_addr_find.h mail_addr_map.h mail_conf.h \ + mail_copy.h mail_date.h mail_dict.h mail_error.h mail_flush.h \ + mail_open_ok.h mail_params.h mail_proto.h mail_queue.h mail_run.h \ + mail_scan_dir.h mail_stream.h mail_task.h mail_version.h maps.h \ + mark_corrupt.h match_parent_style.h mbox_conf.h mbox_open.h \ + mime_state.h mkmap.h msg_stats.h mynetworks.h mypwd.h namadr_list.h \ + off_cvt.h opened.h own_inet_addr.h pipe_command.h post_mail.h \ + qmgr_user.h qmqp_proto.h quote_821_local.h quote_822_local.h \ + quote_flags.h rcpt_buf.h rcpt_print.h rec_attr_map.h rec_streamlf.h \ + rec_type.h recipient_list.h record.h resolve_clnt.h resolve_local.h \ + rewrite_clnt.h scache.h sent.h smtp_stream.h split_addr.h \ + string_list.h strip_addr.h sys_exits.h timed_ipc.h tok822.h \ + trace.h user_acl.h valid_mailhost_addr.h verify.h verify_clnt.h \ + verp_sender.h wildcard_inet_addr.h xtext.h delivered_hdr.h \ + fold_addr.h header_body_checks.h data_redirect.h match_service.h \ + addr_match_list.h smtp_reply_footer.h safe_ultostr.h \ + verify_sender_addr.h dict_memcache.h memcache_proto.h server_acl.h \ + haproxy_srvr.h dsn_filter.h dynamicmaps.h uxtext.h smtputf8.h \ + attr_override.h mail_parm_split.h midna_adomain.h TESTSRC = rec2stream.c stream2rec.c recdump.c DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE) CFLAGS = $(DEBUG) $(OPT) $(DEFS) @@ -116,7 +116,8 @@ TESTPROG= domain_list dot_lockfile mail_addr_crunch mail_addr_find \ verify_clnt xtext anvil_clnt scache ehlo_mask \ valid_mailhost_addr own_inet_addr header_body_checks \ data_redirect addr_match_list safe_ultostr verify_sender_addr \ - mail_version mail_dict server_acl uxtext mail_parm_split + mail_version mail_dict server_acl uxtext mail_parm_split \ + fold_addr LIBS = ../../lib/lib$(LIB_PREFIX)util$(LIB_SUFFIX) LIB_DIR = ../../lib @@ -369,11 +370,14 @@ server_acl: server_acl.c $(LIB) $(LIBS) mail_parm_split: mail_parm_split.c $(LIB) $(LIBS) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS) +fold_addr: fold_addr.c $(LIB) $(LIBS) + $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS) + tests: tok822_test mime_tests strip_addr_test tok822_limit_test \ xtext_test scache_multi_test ehlo_mask_test \ namadr_list_test mail_conf_time_test header_body_checks_tests \ mail_version_test server_acl_test resolve_local_test maps_test \ - safe_ultostr_test mail_parm_split_test + safe_ultostr_test mail_parm_split_test fold_addr_test mime_tests: mime_test mime_nest mime_8bit mime_dom mime_trunc mime_cvt \ mime_cvt2 mime_cvt3 mime_garb1 mime_garb2 mime_garb3 mime_garb4 @@ -638,6 +642,11 @@ mail_parm_split_test: mail_parm_split mail_parm_split.in mail_parm_split.ref diff mail_parm_split.ref mail_parm_split.tmp rm -f mail_parm_split.tmp +fold_addr_test: fold_addr fold_addr_test.in fold_addr_test.ref + $(SHLIB_ENV) ./fold_addr fold_addr_test.tmp 2>&1 + diff fold_addr_test.ref fold_addr_test.tmp + rm -f fold_addr_test.tmp + printfck: $(OBJS) $(PROG) rm -rf printfck mkdir printfck @@ -1376,6 +1385,7 @@ log_adhoc.o: ../../include/htable.h log_adhoc.o: ../../include/msg.h log_adhoc.o: ../../include/mymalloc.h log_adhoc.o: ../../include/nvtable.h +log_adhoc.o: ../../include/stringops.h log_adhoc.o: ../../include/sys_defs.h log_adhoc.o: ../../include/vbuf.h log_adhoc.o: ../../include/vstream.h @@ -2490,8 +2500,12 @@ smtputf8.o: mail_params.h smtputf8.o: mail_proto.h smtputf8.o: smtputf8.c smtputf8.o: smtputf8.h +split_addr.o: ../../include/check_arg.h split_addr.o: ../../include/split_at.h +split_addr.o: ../../include/stringops.h split_addr.o: ../../include/sys_defs.h +split_addr.o: ../../include/vbuf.h +split_addr.o: ../../include/vstring.h split_addr.o: mail_addr.h split_addr.o: mail_params.h split_addr.o: split_addr.c @@ -2650,6 +2664,7 @@ verify.o: ../../include/iostuff.h verify.o: ../../include/msg.h verify.o: ../../include/mymalloc.h verify.o: ../../include/nvtable.h +verify.o: ../../include/stringops.h verify.o: ../../include/sys_defs.h verify.o: ../../include/vbuf.h verify.o: ../../include/vstream.h @@ -2692,6 +2707,7 @@ verify_sender_addr.o: ../../include/iostuff.h verify_sender_addr.o: ../../include/msg.h verify_sender_addr.o: ../../include/mymalloc.h verify_sender_addr.o: ../../include/nvtable.h +verify_sender_addr.o: ../../include/stringops.h verify_sender_addr.o: ../../include/sys_defs.h verify_sender_addr.o: ../../include/vbuf.h verify_sender_addr.o: ../../include/vstream.h diff --git a/postfix/src/global/been_here.c b/postfix/src/global/been_here.c index 347256be4..302b27739 100644 --- a/postfix/src/global/been_here.c +++ b/postfix/src/global/been_here.c @@ -96,6 +96,8 @@ #include "been_here.h" +#define STR(x) vstring_str(x) + /* been_here_init - initialize duplicate filter */ BH_TABLE *been_here_init(int limit, int flags) @@ -148,7 +150,7 @@ int been_here(BH_TABLE *dup_filter, const char *fmt,...) int been_here_fixed(BH_TABLE *dup_filter, const char *string) { - char *folded_string; + VSTRING *folded_string; const char *lookup_key; int status; @@ -156,8 +158,8 @@ int been_here_fixed(BH_TABLE *dup_filter, const char *string) * Special processing: case insensitive lookup. */ if (dup_filter->flags & BH_FLAG_FOLD) { - folded_string = mystrdup(string); - lookup_key = lowercase(folded_string); + folded_string = vstring_alloc(100); + lookup_key = casefold(folded_string, string); } else { folded_string = 0; lookup_key = string; @@ -181,7 +183,7 @@ int been_here_fixed(BH_TABLE *dup_filter, const char *string) * Cleanup. */ if (folded_string) - myfree(folded_string); + vstring_free(folded_string); return (status); } @@ -217,7 +219,7 @@ int been_here_check(BH_TABLE *dup_filter, const char *fmt,...) int been_here_check_fixed(BH_TABLE *dup_filter, const char *string) { - char *folded_string; + VSTRING *folded_string; const char *lookup_key; int status; @@ -225,8 +227,8 @@ int been_here_check_fixed(BH_TABLE *dup_filter, const char *string) * Special processing: case insensitive lookup. */ if (dup_filter->flags & BH_FLAG_FOLD) { - folded_string = mystrdup(string); - lookup_key = lowercase(folded_string); + folded_string = vstring_alloc(100); + lookup_key = casefold(folded_string, string); } else { folded_string = 0; lookup_key = string; @@ -243,7 +245,7 @@ int been_here_check_fixed(BH_TABLE *dup_filter, const char *string) * Cleanup. */ if (folded_string) - myfree(folded_string); + vstring_free(folded_string); return (status); } diff --git a/postfix/src/global/bounce.c b/postfix/src/global/bounce.c index 134bcd248..3d7821650 100644 --- a/postfix/src/global/bounce.c +++ b/postfix/src/global/bounce.c @@ -236,7 +236,7 @@ int bounce_append(int flags, const char *id, MSG_STATS *stats, } /* - * DSN filter (Postfix 2.12). + * DSN filter (Postfix 3.0). */ if (delivery_status_filter != 0 && (dsn_res = dsn_filter_lookup(delivery_status_filter, &my_dsn)) != 0) { @@ -427,7 +427,7 @@ int bounce_one(int flags, const char *queue, const char *id, } /* - * DSN filter (Postfix 2.12). + * DSN filter (Postfix 3.0). */ if (delivery_status_filter != 0 && (dsn_res = dsn_filter_lookup(delivery_status_filter, &my_dsn)) != 0) { diff --git a/postfix/src/global/defer.c b/postfix/src/global/defer.c index 7b5c0ae8e..83e8d1491 100644 --- a/postfix/src/global/defer.c +++ b/postfix/src/global/defer.c @@ -200,7 +200,7 @@ int defer_append(int flags, const char *id, MSG_STATS *stats, } /* - * DSN filter (Postfix 2.12). + * DSN filter (Postfix 3.0). */ if (delivery_status_filter != 0 && (dsn_res = dsn_filter_lookup(delivery_status_filter, &my_dsn)) != 0) { @@ -361,7 +361,7 @@ int defer_one(int flags, const char *queue, const char *id, } /* - * DSN filter (Postfix 2.12). + * DSN filter (Postfix 3.0). */ if (delivery_status_filter != 0 && (dsn_res = dsn_filter_lookup(delivery_status_filter, &my_dsn)) != 0) { diff --git a/postfix/src/global/delivered_hdr.c b/postfix/src/global/delivered_hdr.c index 612816873..5a0b6f263 100644 --- a/postfix/src/global/delivered_hdr.c +++ b/postfix/src/global/delivered_hdr.c @@ -102,6 +102,7 @@ struct DELIVERED_HDR_INFO { int flags; VSTRING *buf; + VSTRING *fold; HTABLE *table; }; @@ -121,6 +122,7 @@ DELIVERED_HDR_INFO *delivered_hdr_init(VSTREAM *fp, off_t offset, int flags) info = (DELIVERED_HDR_INFO *) mymalloc(sizeof(*info)); info->flags = flags; info->buf = vstring_alloc(10); + info->fold = vstring_alloc(10); info->table = htable_create(0); if (vstream_fseek(fp, offset, SEEK_SET) < 0) @@ -143,8 +145,7 @@ DELIVERED_HDR_INFO *delivered_hdr_init(VSTREAM *fp, off_t offset, int flags) cp = STR(info->buf) + strlen(hdr->name) + 1; while (ISSPACE(*cp)) cp++; - if (info->flags & FOLD_ADDR_ALL) - fold_addr(cp, info->flags); + cp = fold_addr(info->fold, cp, info->flags); if (msg_verbose) msg_info("delivered_hdr_init: %s", cp); htable_enter(info->table, cp, (void *) 0); @@ -163,6 +164,7 @@ DELIVERED_HDR_INFO *delivered_hdr_init(VSTREAM *fp, off_t offset, int flags) int delivered_hdr_find(DELIVERED_HDR_INFO *info, const char *address) { HTABLE_INFO *ht; + const char *addr_key; /* * mail_copy() uses quote_822_local() when writing the Delivered-To: @@ -170,9 +172,8 @@ int delivered_hdr_find(DELIVERED_HDR_INFO *info, const char *address) * up the recipient. Lowercase the delivered-to address for consistency. */ quote_822_local(info->buf, address); - if (info->flags & FOLD_ADDR_ALL) - fold_addr(STR(info->buf), info->flags); - ht = htable_locate(info->table, STR(info->buf)); + addr_key = fold_addr(info->fold, STR(info->buf), info->flags); + ht = htable_locate(info->table, addr_key); return (ht != 0); } @@ -181,6 +182,7 @@ int delivered_hdr_find(DELIVERED_HDR_INFO *info, const char *address) void delivered_hdr_free(DELIVERED_HDR_INFO *info) { vstring_free(info->buf); + vstring_free(info->fold); htable_free(info->table, (void (*) (void *)) 0); myfree((void *) info); } diff --git a/postfix/src/global/dict_ldap.c b/postfix/src/global/dict_ldap.c index 2acf69fe9..3eda3bf95 100644 --- a/postfix/src/global/dict_ldap.c +++ b/postfix/src/global/dict_ldap.c @@ -116,11 +116,11 @@ /* At this time, STARTTLS and LDAP SSL are only available if the /* LDAP client library used is OpenLDAP. Default is \fIno\fR. /* .IP tls_ca_cert_file -/* File containing certificates for all of the X509 Certificate -/* Authorities the client will recognize. Takes precedence over -/* tls_ca_cert_dir. +/* File containing certificates for all of the X509 Certification +/* Authorities the client will recognize. Takes precedence over +/* tls_ca_cert_dir. /* .IP tls_ca_cert_dir -/* Directory containing X509 Certificate Authority certificates +/* Directory containing X509 Certification Authority certificates /* in separate individual files. /* .IP tls_cert /* File containing client's X509 certificate. diff --git a/postfix/src/global/dict_mysql.c b/postfix/src/global/dict_mysql.c index 2a9647e85..ab9fb8890 100644 --- a/postfix/src/global/dict_mysql.c +++ b/postfix/src/global/dict_mysql.c @@ -48,26 +48,26 @@ /* .PP /* Configuration parameters: /* .IP user -/* Username for connecting to the database. +/* Username for connecting to the database. /* .IP password /* Password for the above. /* .IP dbname /* Name of the database. /* .IP domain -/* List of domains the queries should be restricted to. If -/* specified, only FQDN addresses whose domain parts matching this -/* list will be queried against the SQL database. Lookups for -/* partial addresses are also supressed. This can significantly -/* reduce the query load on the server. +/* List of domains the queries should be restricted to. If +/* specified, only FQDN addresses whose domain parts matching this +/* list will be queried against the SQL database. Lookups for +/* partial addresses are also supressed. This can significantly +/* reduce the query load on the server. /* .IP query -/* Query template, before the query is actually issued, variable +/* Query template, before the query is actually issued, variable /* substitutions are performed. See mysql_table(5) for details. If /* No query is specified, the legacy variables \fItable\fR, /* \fIselect_field\fR, \fIwhere_field\fR and \fIadditional_conditions\fR /* are used to construct the query template. /* .IP result_format -/* The format used to expand results from queries. Substitutions -/* are performed as described in mysql_table(5). Defaults to returning +/* The format used to expand results from queries. Substitutions +/* are performed as described in mysql_table(5). Defaults to returning /* the lookup result unchanged. /* .IP expansion_limit /* Limit (if any) on the total number of lookup result values. Lookups which @@ -92,24 +92,24 @@ /* .IP hosts /* List of hosts to connect to. /* .IP option_file -/* Read options from the given file instead of the default my.cnf -/* location. +/* Read options from the given file instead of the default my.cnf +/* location. /* .IP option_group -/* Read options from the given group. +/* Read options from the given group. /* .IP tls_cert_file -/* File containing client's X509 certificate. +/* File containing client's X509 certificate. /* .IP tls_key_file -/* File containing the private key corresponding to \fItls_cert_file\fR. +/* File containing the private key corresponding to \fItls_cert_file\fR. /* .IP tls_CAfile -/* File containing certificates for all of the X509 Certificate -/* Authorities the client will recognize. Takes precedence over -/* \fItls_CApath\fR. +/* File containing certificates for all of the X509 Certification +/* Authorities the client will recognize. Takes precedence over +/* \fItls_CApath\fR. /* .IP tls_CApath -/* Directory containing X509 Certificate Authority certificates -/* in separate individual files. +/* Directory containing X509 Certification Authority certificates +/* in separate individual files. /* .IP tls_verify_cert -/* Verify that the server's name matches the common name of the -/* certficate. +/* Verify that the server's name matches the common name of the +/* certificate. /* .PP /* For example, if you want the map to reference databases of /* the name "your_db" and execute a query like this: select @@ -133,7 +133,7 @@ /* .br /* hosts = host1.some.domain\fR \fBhost2.some.domain /* .IP additional_conditions -/* Backward compatibility when \fIquery\fR is not set, additional +/* Backward compatibility when \fIquery\fR is not set, additional /* conditions to the WHERE clause. /* .IP hosts /* List of hosts to connect to. diff --git a/postfix/src/global/dict_proxy.c b/postfix/src/global/dict_proxy.c index 0fafdb4bb..924c62dcd 100644 --- a/postfix/src/global/dict_proxy.c +++ b/postfix/src/global/dict_proxy.c @@ -23,7 +23,7 @@ /* closed after $ipc_idle seconds of idle time, or after $ipc_ttl /* seconds of activity. /* SECURITY -/* The proxy map server is not meant to be a trusted process. Proxy +/* The proxy map server is not meant to be a trusted process. Proxy /* maps must not be used to look up security sensitive information /* such as user/group IDs, output files, or external commands. /* SEE ALSO diff --git a/postfix/src/global/fold_addr.c b/postfix/src/global/fold_addr.c index 99263dca0..86ee7b5bd 100644 --- a/postfix/src/global/fold_addr.c +++ b/postfix/src/global/fold_addr.c @@ -6,17 +6,21 @@ /* SYNOPSIS /* #include /* -/* char *fold_addr(addr, flags) -/* char *addr; +/* char *fold_addr(result, addr, flags) +/* VSTRING *result; +/* const char *addr; /* int flags; /* DESCRIPTION /* fold_addr() case folds an address according to the options -/* specified with \fIflags\fR. The result value is the address -/* argument. +/* specified with \fIflags\fR. The result value is the output +/* address. /* /* Arguments +/* .IP result +/* Result buffer with the output address. Note: casefolding +/* may change the string length. /* .IP addr -/* Null-terminated writable string with the address. +/* Null-terminated read-only string with the input address. /* .IP flags /* Zero or the bit-wise OR of: /* .RS @@ -29,6 +33,7 @@ /* .RE /* SEE ALSO /* msg(3) diagnostics interface +/* casefold(3) casefold text /* DIAGNOSTICS /* Fatal errors: memory allocation problem. /* LICENSE @@ -55,9 +60,11 @@ #include +#define STR(x) vstring_str(x) + /* fold_addr - case fold mail address */ -char *fold_addr(char *addr, int flags) +char *fold_addr(VSTRING *result, const char *addr, int flags) { char *cp; @@ -66,20 +73,100 @@ char *fold_addr(char *addr, int flags) */ switch (flags & FOLD_ADDR_ALL) { case FOLD_ADDR_HOST: - if ((cp = strrchr(addr, '@')) != 0) - lowercase(cp + 1); + if ((cp = strrchr(addr, '@')) != 0) { + cp += 1; + vstring_strncpy(result, addr, cp - addr); + casefold_append(result, cp); + break; + } + /* FALLTHROUGH */ + case 0: + vstring_strcpy(result, addr); break; case FOLD_ADDR_USER: if ((cp = strrchr(addr, '@')) != 0) { - *cp = 0; - lowercase(addr); - *cp = '@'; + casefold_len(result, addr, cp - addr); + vstring_strcat(result, cp); break; } /* FALLTHROUGH */ case FOLD_ADDR_USER | FOLD_ADDR_HOST: - lowercase(addr); + casefold(result, addr); break; } - return (addr); + return (STR(result)); } + +#ifdef TEST +#include +#include +#include +#include +#include + +int main(int argc, char **argv) +{ + VSTRING *line_buffer = vstring_alloc(1); + VSTRING *fold_buffer = vstring_alloc(1); + ARGV *cmd; + char **args; + + msg_vstream_init(argv[0], VSTREAM_ERR); + util_utf8_enable = 1; + while (vstring_fgets_nonl(line_buffer, VSTREAM_IN)) { + vstream_printf("> %s\n", STR(line_buffer)); + cmd = argv_split(STR(line_buffer), CHARS_SPACE); + if (cmd->argc == 0 || cmd->argv[0][0] == '#') { + argv_free(cmd); + continue; + } + args = cmd->argv; + + /* + * Fold the host. + */ + if (strcmp(args[0], "host") == 0 && cmd->argc == 2) { + vstream_printf("\"%s\" -> \"%s\"\n", args[1], fold_addr(fold_buffer, + args[1], FOLD_ADDR_HOST)); + } + + /* + * Fold the user. + */ + else if (strcmp(args[0], "user") == 0 && cmd->argc == 2) { + vstream_printf("\"%s\" -> \"%s\"\n", args[1], fold_addr(fold_buffer, + args[1], FOLD_ADDR_USER)); + } + + /* + * Fold user and host. + */ + else if (strcmp(args[0], "all") == 0 && cmd->argc == 2) { + vstream_printf("\"%s\" -> \"%s\"\n", args[1], fold_addr(fold_buffer, + args[1], FOLD_ADDR_ALL)); + } + + /* + * Fold none. + */ + else if (strcmp(args[0], "none") == 0 && cmd->argc == 2) { + vstream_printf("\"%s\" -> \"%s\"\n", args[1], fold_addr(fold_buffer, + args[1], 0)); + } + + /* + * Usage. + */ + else { + vstream_printf("Usage: %s host | user | all \n", + argv[0]); + } + vstream_fflush(VSTREAM_OUT); + argv_free(cmd); + } + vstring_free(line_buffer); + vstring_free(fold_buffer); + exit(0); +} + +#endif /* TEST */ diff --git a/postfix/src/global/fold_addr.h b/postfix/src/global/fold_addr.h index 557e830b1..ba8021df2 100644 --- a/postfix/src/global/fold_addr.h +++ b/postfix/src/global/fold_addr.h @@ -19,7 +19,7 @@ #define FOLD_ADDR_ALL (FOLD_ADDR_USER | FOLD_ADDR_HOST) -extern char *fold_addr(char *, int); +extern char *fold_addr(VSTRING *, const char *, int); /* LICENSE /* .ad diff --git a/postfix/src/global/fold_addr_test.in b/postfix/src/global/fold_addr_test.in new file mode 100644 index 000000000..c008587a7 --- /dev/null +++ b/postfix/src/global/fold_addr_test.in @@ -0,0 +1,19 @@ +# Regular cases, ASCII. +host A@B +user A@B +all A@B +none A@B +# Corner cases, ASCII. +host A +host A@ +host @ +user @B +user @ +all @ +user Δημοσθένους@Δημοσθένους.EXAMPLE.COM +host Δημοσθένους@Δημοσθένους.EXAMPLE.COM +all Δημοσθένους@Δημοσθένους.EXAMPLE.COM +user Δημοσθένους@ +user Δημοσθένους +host Δημοσθένους@ +host @Δημοσθένους.EXAMPLE.COM diff --git a/postfix/src/global/fold_addr_test.ref b/postfix/src/global/fold_addr_test.ref new file mode 100644 index 000000000..35bf78c5e --- /dev/null +++ b/postfix/src/global/fold_addr_test.ref @@ -0,0 +1,36 @@ +> # Regular cases, ASCII. +> host A@B +"A@B" -> "A@b" +> user A@B +"A@B" -> "a@B" +> all A@B +"A@B" -> "a@b" +> none A@B +"A@B" -> "A@B" +> # Corner cases, ASCII. +> host A +"A" -> "A" +> host A@ +"A@" -> "A@" +> host @ +"@" -> "@" +> user @B +"@B" -> "@B" +> user @ +"@" -> "@" +> all @ +"@" -> "@" +> user Δημοσθένους@Δημοσθένους.EXAMPLE.COM +"Δημοσθένους@Δημοσθένους.EXAMPLE.COM" -> "δημοσθένουσ@Δημοσθένους.EXAMPLE.COM" +> host Δημοσθένους@Δημοσθένους.EXAMPLE.COM +"Δημοσθένους@Δημοσθένους.EXAMPLE.COM" -> "Δημοσθένους@δημοσθένουσ.example.com" +> all Δημοσθένους@Δημοσθένους.EXAMPLE.COM +"Δημοσθένους@Δημοσθένους.EXAMPLE.COM" -> "δημοσθένουσ@δημοσθένουσ.example.com" +> user Δημοσθένους@ +"Δημοσθένους@" -> "δημοσθένουσ@" +> user Δημοσθένους +"Δημοσθένους" -> "δημοσθένουσ" +> host Δημοσθένους@ +"Δημοσθένους@" -> "Δημοσθένους@" +> host @Δημοσθένους.EXAMPLE.COM +"@Δημοσθένους.EXAMPLE.COM" -> "@δημοσθένουσ.example.com" diff --git a/postfix/src/global/log_adhoc.c b/postfix/src/global/log_adhoc.c index ed867f737..5282c84d2 100644 --- a/postfix/src/global/log_adhoc.c +++ b/postfix/src/global/log_adhoc.c @@ -55,15 +55,12 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include #include #include +#include /* Global library. */ @@ -108,7 +105,7 @@ void log_adhoc(const char *id, MSG_STATS *stats, RECIPIENT *recipient, */ vstring_sprintf(buf, "%s: to=<%s>", id, recipient->address); if (recipient->orig_addr && *recipient->orig_addr - && strcasecmp(recipient->address, recipient->orig_addr) != 0) + && strcasecmp_utf8(recipient->address, recipient->orig_addr) != 0) vstring_sprintf_append(buf, ", orig_to=<%s>", recipient->orig_addr); vstring_sprintf_append(buf, ", relay=%s", relay); if (stats->reuse_count > 0) diff --git a/postfix/src/global/mail_addr_find.c b/postfix/src/global/mail_addr_find.c index f3a478be0..34e77a15a 100644 --- a/postfix/src/global/mail_addr_find.c +++ b/postfix/src/global/mail_addr_find.c @@ -67,10 +67,6 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include @@ -134,7 +130,7 @@ const char *mail_addr_find(MAPS *path, const char *address, char **extp) */ if (result == 0 && path->error == 0 && (ratsign = strrchr(full_key, '@')) != 0 - && (strcasecmp(ratsign + 1, var_myorigin) == 0 + && (strcasecmp_utf8(ratsign + 1, var_myorigin) == 0 || (rc = resolve_local(ratsign + 1)) > 0)) { *ratsign = 0; result = maps_find(path, full_key, PARTIAL); @@ -203,7 +199,7 @@ int main(int argc, char **argv) */ mail_conf_read(); path = maps_create(argv[0], argv[1], DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX \ - | DICT_FLAG_UTF8_REQUEST); + |DICT_FLAG_UTF8_REQUEST); while (vstring_fgets_nonl(buffer, VSTREAM_IN)) { extent = 0; result = mail_addr_find(path, STR(buffer), &extent); diff --git a/postfix/src/global/mail_conf_int.c b/postfix/src/global/mail_conf_int.c index afcfaca22..882e01cde 100644 --- a/postfix/src/global/mail_conf_int.c +++ b/postfix/src/global/mail_conf_int.c @@ -67,7 +67,7 @@ /* identical to get_mail_conf_int(). /* /* check_mail_conf_int() exits with a fatal run-time error -/* when the integer value does not meet its requirements. +/* when the integer value does not meet its requirements. /* DIAGNOSTICS /* Fatal errors: malformed numerical value. /* SEE ALSO diff --git a/postfix/src/global/mail_params.c b/postfix/src/global/mail_params.c index 03c54eb17..7d027faf4 100644 --- a/postfix/src/global/mail_params.c +++ b/postfix/src/global/mail_params.c @@ -180,10 +180,6 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include @@ -897,7 +893,7 @@ void mail_params_init() /* * I have seen this happen just too often. */ - if (strcasecmp(var_myhostname, var_relayhost) == 0) + if (strcasecmp_utf8(var_myhostname, var_relayhost) == 0) msg_fatal("%s and %s parameter settings must not be identical: %s", VAR_MYHOSTNAME, VAR_RELAYHOST, var_myhostname); diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index c6d5867e4..d6a8e867d 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20150122" -#define MAIL_VERSION_NUMBER "2.12" +#define MAIL_RELEASE_DATE "20150129" +#define MAIL_VERSION_NUMBER "3.0" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/global/match_parent_style.c b/postfix/src/global/match_parent_style.c index c3c9db66f..0ec6b2e22 100644 --- a/postfix/src/global/match_parent_style.c +++ b/postfix/src/global/match_parent_style.c @@ -14,7 +14,7 @@ /* postfix lookup mechanisms. /* /* match_parent_style() looks up "name" in the -/* parent_domain_matches_subdomain configuration parameter +/* parent_domain_matches_subdomain configuration parameter /* and returns either MATCH_FLAG_PARENT (parent domain matches /* subdomains) or MATCH_FLAG_NONE. /* DIAGNOSTICS diff --git a/postfix/src/global/memcache_proto.h b/postfix/src/global/memcache_proto.h index e3f850188..b39b3350c 100644 --- a/postfix/src/global/memcache_proto.h +++ b/postfix/src/global/memcache_proto.h @@ -3,11 +3,11 @@ /*++ /* NAME -/* memcache_proto 3h +/* memcache_proto 3h /* SUMMARY /* memcache low-level protocol /* SYNOPSIS -/* #include +/* #include /* DESCRIPTION /* .nf @@ -23,12 +23,12 @@ extern int memcache_fwrite(VSTREAM *, const char *, ssize_t); /* LICENSE /* .ad /* .fi -/* The Secure Mailer license must be distributed with this software. -/* AUTHOR(S) -/* Wietse Venema -/* IBM T.J. Watson Research -/* P.O. Box 704 -/* Yorktown Heights, NY 10598, USA +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA /*--*/ #endif diff --git a/postfix/src/global/rec_type.h b/postfix/src/global/rec_type.h index aab4ab364..a51e828d4 100644 --- a/postfix/src/global/rec_type.h +++ b/postfix/src/global/rec_type.h @@ -130,7 +130,7 @@ #define REC_TYPE_SIZE_CAST3 long /* Postfix 1.0 recipient count */ #define REC_TYPE_SIZE_CAST4 long /* Postfix 2.1 qmgr flags */ #define REC_TYPE_SIZE_CAST5 long /* Postfix 2.4 content length */ -#define REC_TYPE_SIZE_CAST6 long /* Postfix 2.12 smtputf8 flags */ +#define REC_TYPE_SIZE_CAST6 long /* Postfix 3.0 smtputf8 flags */ /* * The warn record specifies when the next warning that the message was diff --git a/postfix/src/global/scache.c b/postfix/src/global/scache.c index 802f62f1c..a3c12f10e 100644 --- a/postfix/src/global/scache.c +++ b/postfix/src/global/scache.c @@ -85,8 +85,8 @@ /* How long the session should be cached. When information /* expires it is purged automatically. /* .IP endp_label -/* The transport name and the physical endpoint name under -/* which the session is stored and looked up. +/* The transport name and the physical endpoint name under +/* which the session is stored and looked up. /* /* In the case of SMTP, the physical endpoint includes the numerical /* IP address, address family information, and the numerical TCP port. diff --git a/postfix/src/global/scache.h b/postfix/src/global/scache.h index 836d76599..46720994d 100644 --- a/postfix/src/global/scache.h +++ b/postfix/src/global/scache.h @@ -3,11 +3,11 @@ /*++ /* NAME -/* scache 3h +/* scache 3h /* SUMMARY -/* generic session cache API +/* generic session cache API /* SYNOPSIS -/* #include +/* #include /* DESCRIPTION /* .nf diff --git a/postfix/src/global/sent.c b/postfix/src/global/sent.c index 8a8ba3037..2a3e6c23b 100644 --- a/postfix/src/global/sent.c +++ b/postfix/src/global/sent.c @@ -109,7 +109,7 @@ int sent(int flags, const char *id, MSG_STATS *stats, } /* - * DSN filter (Postfix 2.12). + * DSN filter (Postfix 3.0). */ if (delivery_status_filter != 0 && (dsn_res = dsn_filter_lookup(delivery_status_filter, &my_dsn)) != 0) diff --git a/postfix/src/global/split_addr.c b/postfix/src/global/split_addr.c index 55b699dbd..435f38c95 100644 --- a/postfix/src/global/split_addr.c +++ b/postfix/src/global/split_addr.c @@ -41,6 +41,7 @@ /* Utility library. */ #include +#include /* Global library. */ @@ -61,7 +62,7 @@ char *split_addr(char *localpart, const char *delimiter_set) return (0); if (strcasecmp(localpart, MAIL_ADDR_MAIL_DAEMON) == 0) return (0); - if (strcasecmp(localpart, var_double_bounce_sender) == 0) + if (strcasecmp_utf8(localpart, var_double_bounce_sender) == 0) return (0); /* diff --git a/postfix/src/global/verify.c b/postfix/src/global/verify.c index df83d4ed0..d6bf36f67 100644 --- a/postfix/src/global/verify.c +++ b/postfix/src/global/verify.c @@ -68,14 +68,11 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include #include +#include /* Global library. */ @@ -105,8 +102,8 @@ int verify_append(const char *queue_id, MSG_STATS *stats, if (var_verify_neg_cache || vrfy_stat == DEL_RCPT_STAT_OK) { req_stat = verify_clnt_update(recipient->orig_addr, vrfy_stat, my_dsn.reason); - if (req_stat == VRFY_STAT_OK && strcasecmp(recipient->address, - recipient->orig_addr) != 0) + if (req_stat == VRFY_STAT_OK + && strcasecmp_utf8(recipient->address, recipient->orig_addr) != 0) req_stat = verify_clnt_update(recipient->address, vrfy_stat, my_dsn.reason); } else { diff --git a/postfix/src/global/verify_sender_addr.c b/postfix/src/global/verify_sender_addr.c index 666f8e656..d23522d09 100644 --- a/postfix/src/global/verify_sender_addr.c +++ b/postfix/src/global/verify_sender_addr.c @@ -58,15 +58,12 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include #include #include +#include /* Global library */ @@ -221,7 +218,7 @@ const char *valid_verify_sender_addr(const char *their_addr) base_len = my_at_domain - STR(time_indep_sender_buf); else base_len = LEN(time_indep_sender_buf); - if (strncasecmp(STR(time_indep_sender_buf), their_addr, base_len) != 0) + if (strncasecmp_utf8(STR(time_indep_sender_buf), their_addr, base_len) != 0) return (0); /* sender localpart mis-match */ /* @@ -230,7 +227,8 @@ const char *valid_verify_sender_addr(const char *their_addr) if ((their_at_domain = strchr(their_addr, '@')) == 0 && my_at_domain != 0) return (0); /* sender domain mis-match */ if (their_at_domain != 0 - && (my_at_domain == 0 || strcasecmp(their_at_domain, my_at_domain) != 0)) + && (my_at_domain == 0 + || strcasecmp_utf8(their_at_domain, my_at_domain) != 0)) return (0); /* sender domain mis-match */ /* diff --git a/postfix/src/local/alias.c b/postfix/src/local/alias.c index ca5546ec9..d84f1d106 100644 --- a/postfix/src/local/alias.c +++ b/postfix/src/local/alias.c @@ -65,10 +65,6 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include @@ -144,7 +140,7 @@ int deliver_alias(LOCAL_STATE state, USER_ATTR usr_attr, * a possible alias loop. */ if (state.msg_attr.exp_from != 0 - && strcasecmp(state.msg_attr.exp_from, name) == 0) + && strcasecmp_utf8(state.msg_attr.exp_from, name) == 0) return (NO); if (state.level > 100) { msg_warn("alias database loop for %s", name); diff --git a/postfix/src/local/forward.c b/postfix/src/local/forward.c index c63027ff9..ac964f32e 100644 --- a/postfix/src/local/forward.c +++ b/postfix/src/local/forward.c @@ -258,6 +258,7 @@ static int forward_send(FORWARD_INFO *info, DELIVER_REQUEST *request, { const char *myname = "forward_send"; VSTRING *buffer = vstring_alloc(100); + VSTRING *folded; int status; int rec_type = 0; @@ -272,9 +273,12 @@ static int forward_send(FORWARD_INFO *info, DELIVER_REQUEST *request, var_myhostname, var_mail_name); rec_fprintf(info->cleanup, REC_TYPE_NORM, "\tid %s; %s", info->queue_id, mail_date(info->posting_time.tv_sec)); - if (local_deliver_hdr_mask & DELIVER_HDR_FWD) + if (local_deliver_hdr_mask & DELIVER_HDR_FWD) { + folded = vstring_alloc(100); rec_fprintf(info->cleanup, REC_TYPE_NORM, "Delivered-To: %s", - lowercase(STR(buffer))); + casefold(folded, (STR(buffer)))); + vstring_free(folded); + } if ((status = vstream_ferror(info->cleanup)) == 0) if (vstream_fseek(attr.fp, attr.offset, SEEK_SET) < 0) msg_fatal("%s: seek queue file %s: %m:", diff --git a/postfix/src/local/local.c b/postfix/src/local/local.c index bd77fbc9d..717cec340 100644 --- a/postfix/src/local/local.c +++ b/postfix/src/local/local.c @@ -386,7 +386,7 @@ /* attribute, when delivering mail to a child alias that does not have /* its own owner alias. /* .PP -/* Available in Postfix version 2.12 and later: +/* Available in Postfix version 3.0 and later: /* .IP "\fBlocal_delivery_status_filter ($default_delivery_status_filter)\fR" /* Optional filter for the \fBlocal\fR(8) delivery agent to change the /* status code or explanatory text of successful or unsuccessful diff --git a/postfix/src/local/recipient.c b/postfix/src/local/recipient.c index 8017942e5..e3f4d1ceb 100644 --- a/postfix/src/local/recipient.c +++ b/postfix/src/local/recipient.c @@ -65,10 +65,6 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include @@ -166,7 +162,7 @@ static int deliver_switch(LOCAL_STATE state, USER_ATTR usr_attr) * recipient domain is local, so we only have to compare local parts. */ if (state.msg_attr.owner != 0 - && strcasecmp(state.msg_attr.owner, state.msg_attr.user) != 0) + && strcasecmp_utf8(state.msg_attr.owner, state.msg_attr.user) != 0) return (deliver_indirect(state)); /* @@ -210,6 +206,7 @@ static int deliver_switch(LOCAL_STATE state, USER_ATTR usr_attr) int deliver_recipient(LOCAL_STATE state, USER_ATTR usr_attr) { const char *myname = "deliver_recipient"; + VSTRING *folded; int rcpt_stat; /* @@ -255,8 +252,8 @@ int deliver_recipient(LOCAL_STATE state, USER_ATTR usr_attr) */ if (state.msg_attr.delivered == 0) state.msg_attr.delivered = state.msg_attr.rcpt.address; - state.msg_attr.local = mystrdup(state.msg_attr.rcpt.address); - lowercase(state.msg_attr.local); + folded = vstring_alloc(100); + state.msg_attr.local = casefold(folded, state.msg_attr.rcpt.address); if ((state.msg_attr.domain = split_at_right(state.msg_attr.local, '@')) == 0) msg_warn("no @ in recipient address: %s", state.msg_attr.local); @@ -303,7 +300,7 @@ int deliver_recipient(LOCAL_STATE state, USER_ATTR usr_attr) /* * Clean up. */ - myfree(state.msg_attr.local); + vstring_free(folded); myfree(state.msg_attr.user); return (rcpt_stat); diff --git a/postfix/src/master/event_server.c b/postfix/src/master/event_server.c index a34e066ca..8923b53b4 100644 --- a/postfix/src/master/event_server.c +++ b/postfix/src/master/event_server.c @@ -295,7 +295,7 @@ static void event_server_timeout(int unused_event, void *unused_context) event_server_exit(); } -/* event_server_drain - stop accepting new clients */ +/* event_server_drain - stop accepting new clients */ int event_server_drain(void) { diff --git a/postfix/src/master/multi_server.c b/postfix/src/master/multi_server.c index 8ad2528cf..5c6235b40 100644 --- a/postfix/src/master/multi_server.c +++ b/postfix/src/master/multi_server.c @@ -277,7 +277,7 @@ static void multi_server_timeout(int unused_event, void *unused_context) multi_server_exit(); } -/* multi_server_drain - stop accepting new clients */ +/* multi_server_drain - stop accepting new clients */ int multi_server_drain(void) { diff --git a/postfix/src/milter/milter8.c b/postfix/src/milter/milter8.c index 3939661da..47966da46 100644 --- a/postfix/src/milter/milter8.c +++ b/postfix/src/milter/milter8.c @@ -70,6 +70,10 @@ #define SHUT_RDWR 2 #endif +#ifdef STRCASECMP_IN_STRINGS_H +#include +#endif + /* Utility library. */ #include diff --git a/postfix/src/oqmgr/qmgr.c b/postfix/src/oqmgr/qmgr.c index 1ff4a46db..b806df3dc 100644 --- a/postfix/src/oqmgr/qmgr.c +++ b/postfix/src/oqmgr/qmgr.c @@ -291,7 +291,7 @@ /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* .PP -/* Available in Postfix version 2.12 and later: +/* Available in Postfix version 3.0 and later: /* .IP "\fBconfirm_delay_cleared (no)\fR" /* After sending a "your message is delayed" notification, inform /* the sender when the delay clears up. diff --git a/postfix/src/oqmgr/qmgr_message.c b/postfix/src/oqmgr/qmgr_message.c index 703336d3a..5b8596b07 100644 --- a/postfix/src/oqmgr/qmgr_message.c +++ b/postfix/src/oqmgr/qmgr_message.c @@ -95,10 +95,6 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include @@ -911,13 +907,13 @@ static int qmgr_message_sort_compare(const void *p1, const void *p2) if (at1 != 0 && at2 == 0) return (-1); if (at1 != 0 && at2 != 0 - && (result = strcasecmp(at1, at2)) != 0) + && (result = strcasecmp_utf8(at1, at2)) != 0) return (result); /* * Compare recipient address. */ - return (strcasecmp(rcpt1->address, rcpt2->address)); + return (strcasecmp_utf8(rcpt1->address, rcpt2->address)); } /* qmgr_message_sort - sort message recipient addresses by domain */ @@ -1075,8 +1071,8 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message) at = strrchr(STR(reply.recipient), '@'); len = (at ? (at - STR(reply.recipient)) : strlen(STR(reply.recipient))); - if (strncasecmp(STR(reply.recipient), var_double_bounce_sender, - len) == 0 + if (strncasecmp_utf8(STR(reply.recipient), + var_double_bounce_sender, len) == 0 && !var_double_bounce_sender[len]) { status = sent(message->tflags, message->queue_id, QMGR_MSG_STATS(&stats, message), recipient, diff --git a/postfix/src/pipe/pipe.c b/postfix/src/pipe/pipe.c index baa727f5a..0db0d3a77 100644 --- a/postfix/src/pipe/pipe.c +++ b/postfix/src/pipe/pipe.c @@ -190,7 +190,7 @@ /* shell meta characters by a shell command interpreter. /* .sp /* Specify "{" and "}" around command arguments that contain -/* whitespace (Postfix 2.12 and later). Whitespace +/* whitespace (Postfix 3.0 and later). Whitespace /* after "{" and before "}" is ignored. /* .sp /* In the command argument vector, the following macros are recognized @@ -327,7 +327,7 @@ /* /* After successful delivery (zero exit status) a limited /* amount of command output is logged, and reported in "success" -/* delivery status notifications (Postfix 2.12 and later). +/* delivery status notifications (Postfix 3.0 and later). /* This command output is not examined for the presence of an /* enhanced status code. /* @@ -413,7 +413,7 @@ /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* .PP -/* Available in Postfix version 2.12 and later: +/* Available in Postfix version 3.0 and later: /* .IP "\fBpipe_delivery_status_filter ($default_delivery_status_filter)\fR" /* Optional filter for the \fBpipe\fR(8) delivery agent to change the /* delivery status code or explanatory text of successful or unsuccessful @@ -656,20 +656,22 @@ static int parse_callback(int type, VSTRING *buf, void *context) static void morph_recipient(VSTRING *buf, const char *address, int flags) { + VSTRING *temp = vstring_alloc(100); /* * Quote the recipient address as appropriate. */ if (flags & PIPE_OPT_QUOTE_LOCAL) - quote_822_local(buf, address); + quote_822_local(temp, address); else - vstring_strcpy(buf, address); + vstring_strcpy(temp, address); /* * Fold the recipient address as appropriate. */ - if (flags & PIPE_OPT_FOLD_ALL) - fold_addr(STR(buf), PIPE_OPT_FOLD_FLAGS(flags)); + fold_addr(buf, STR(temp), PIPE_OPT_FOLD_FLAGS(flags)); + + vstring_free(temp); } /* expand_argv - expand macros in the argument vector */ @@ -1232,8 +1234,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv) } else dict_update(PIPE_DICT_TABLE, PIPE_DICT_SENDER, sender); if (attr.flags & PIPE_OPT_FOLD_HOST) { - vstring_strcpy(buf, request->nexthop); - lowercase(STR(buf)); + casefold(buf, request->nexthop); dict_update(PIPE_DICT_TABLE, PIPE_DICT_NEXTHOP, STR(buf)); } else dict_update(PIPE_DICT_TABLE, PIPE_DICT_NEXTHOP, request->nexthop); diff --git a/postfix/src/postalias/postalias.c b/postfix/src/postalias/postalias.c index c818d8ce2..707240b4a 100644 --- a/postfix/src/postalias/postalias.c +++ b/postfix/src/postalias/postalias.c @@ -181,7 +181,7 @@ /* The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1) /* and \fBpostmap\fR(1) commands. /* .IP "\fBsmtputf8_enable (yes)\fR" -/* Enable experimental SMTPUTF8 support for the protocols described +/* Enable preliminary SMTPUTF8 support for the protocols described /* in RFC 6531..6533. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c index 10147e101..944b66a0d 100644 --- a/postfix/src/postconf/postconf.c +++ b/postfix/src/postconf/postconf.c @@ -62,7 +62,7 @@ /* /* \fBManaging other configuration:\fR /* -/* \fBpostconf\fR \fB-a\fR|\fB-A\fR|\fB-l\fR|\fB-m\fR [\fB-v\fR] +/* \fBpostconf\fR \fB-a\fR|\fB-A\fR|\fB-l\fR|\fB-m\fR [\fB-v\fR] /* [\fB-c \fIconfig_dir\fR] /* DESCRIPTION /* By default, the \fBpostconf\fR(1) command displays the diff --git a/postfix/src/postfix/postfix.c b/postfix/src/postfix/postfix.c index 7e5076ccc..3e2be8f6e 100644 --- a/postfix/src/postfix/postfix.c +++ b/postfix/src/postfix/postfix.c @@ -154,7 +154,7 @@ /* The directory with Postfix-writable data files (for example: /* caches, pseudo-random numbers). /* .PP -/* Available in Postfix version 2.12 and later: +/* Available in Postfix version 3.0 and later: /* .IP "\fBmeta_directory (see 'postconf -d' output)\fR" /* The location of non-executable files that are shared among /* multiple Postfix instances, such as postfix-files, dynamicmaps.cf, diff --git a/postfix/src/postmap/postmap.c b/postfix/src/postmap/postmap.c index f4fd4ac2f..6302781bc 100644 --- a/postfix/src/postmap/postmap.c +++ b/postfix/src/postmap/postmap.c @@ -247,7 +247,7 @@ /* The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1) /* and \fBpostmap\fR(1) commands. /* .IP "\fBsmtputf8_enable (yes)\fR" -/* Enable experimental SMTPUTF8 support for the protocols described +/* Enable preliminary SMTPUTF8 support for the protocols described /* in RFC 6531..6533. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. diff --git a/postfix/src/postmulti/postmulti.c b/postfix/src/postmulti/postmulti.c index 29d88c400..245235802 100644 --- a/postfix/src/postmulti/postmulti.c +++ b/postfix/src/postmulti/postmulti.c @@ -353,7 +353,7 @@ /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* .PP -/* Available in Postfix 2.12 and later: +/* Available in Postfix 3.0 and later: /* .IP "\fBmeta_directory (see 'postconf -d' output)\fR" /* The location of non-executable files that are shared among /* multiple Postfix instances, such as postfix-files, dynamicmaps.cf, diff --git a/postfix/src/posttls-finger/posttls-finger.c b/postfix/src/posttls-finger/posttls-finger.c index 81680f176..76a390ac4 100644 --- a/postfix/src/posttls-finger/posttls-finger.c +++ b/postfix/src/posttls-finger/posttls-finger.c @@ -52,7 +52,7 @@ /* and re-opened after the specified delay, and \fBposttls-finger\fR(1) /* then reports whether the cached TLS session was re-used. /* -/* When the destination is a load-balancer, it may be distributing +/* When the destination is a load balancer, it may be distributing /* load between multiple server caches. Typically, each server returns /* its unique name in its EHLO response. If, upon reconnecting with /* \fB-r\fR, a new server name is detected, another session is cached @@ -166,7 +166,7 @@ /* .IP "\fBuntrusted\fR" /* Logs trust chain verification problems. This is turned on /* automatically at security levels that use peer names signed -/* by certificate authorities to validate certificates. So while +/* by Certification Authorities to validate certificates. So while /* this setting is recognized, you should never need to set it /* explicitly. /* .IP "\fBpeercert\fR" @@ -192,7 +192,7 @@ /* .IP "\fB-m \fIcount\fR (default: \fB5\fR)" /* When the \fB-r \fIdelay\fR option is specified, the \fB-m\fR option /* determines the maximum number of reconnect attempts to use with -/* a server behind a load-balacer, to see whether connection caching +/* a server behind a load balancer, to see whether connection caching /* is likely to be effective for this destination. Some MTAs /* don't expose the underlying server identity in their EHLO /* response; with these servers there will never be more than @@ -210,7 +210,7 @@ /* SMTP server certificate verification. By default no CApath is used /* and no public CAs are trusted. /* .IP "\fB-r \fIdelay\fR" -/* With a cachable TLS session, disconnect and reconnect after \fIdelay\fR +/* With a cacheable TLS session, disconnect and reconnect after \fIdelay\fR /* seconds. Report whether the session is re-used. Retry if a new server /* is encountered, up to 5 times or as specified with the \fB-m\fR option. /* By default reconnection is disabled, specify a positive delay to @@ -226,7 +226,7 @@ /* .IP "\fB-T \fItimeout\fR (default: \fB30\fR)" /* The SMTP/LMTP command timeout for EHLO/LHLO, STARTTLS and QUIT. /* .IP "\fB-v\fR" -/* Enable verose Postfix logging. Specify more than once to increase +/* Enable verbose Postfix logging. Specify more than once to increase /* the level of verbose logging. /* .IP "\fB-w\fR" /* Enable outgoing TLS wrapper mode, or SMTPS support. This is typically @@ -308,6 +308,10 @@ #include #include +#ifdef STRCASECMP_IN_STRINGS_H +#include +#endif + /* * Utility library. */ diff --git a/postfix/src/qmgr/qmgr.c b/postfix/src/qmgr/qmgr.c index b8966cefc..1b44ef1b1 100644 --- a/postfix/src/qmgr/qmgr.c +++ b/postfix/src/qmgr/qmgr.c @@ -337,7 +337,7 @@ /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* .PP -/* Available in Postfix version 2.12 and later: +/* Available in Postfix version 3.0 and later: /* .IP "\fBconfirm_delay_cleared (no)\fR" /* After sending a "your message is delayed" notification, inform /* the sender when the delay clears up. diff --git a/postfix/src/qmgr/qmgr_entry.c b/postfix/src/qmgr/qmgr_entry.c index 729be1ae6..61b343487 100644 --- a/postfix/src/qmgr/qmgr_entry.c +++ b/postfix/src/qmgr/qmgr_entry.c @@ -7,7 +7,7 @@ /* #include "qmgr.h" /* /* QMGR_ENTRY *qmgr_entry_create(peer, message) -/* QMGR_PEER *peer; +/* QMGR_PEER *peer; /* QMGR_MESSAGE *message; /* /* void qmgr_entry_done(entry, which) @@ -29,7 +29,7 @@ /* delivery requests. /* /* qmgr_entry_create() creates an entry for the named peer and message, -/* and appends the entry to the peer's list and its queue's todo list. +/* and appends the entry to the peer's list and its queue's todo list. /* Filling in and cleaning up the recipients is the responsibility /* of the caller. /* @@ -41,7 +41,7 @@ /* for actual delivery). /* /* qmgr_entry_done() discards its peer structure when the peer -/* is not referenced anymore. +/* is not referenced anymore. /* /* qmgr_entry_done() triggers cleanup of the per-site queue when /* the site has no pending deliveries, and the site is either diff --git a/postfix/src/qmgr/qmgr_message.c b/postfix/src/qmgr/qmgr_message.c index df78bc97e..a83e4a0aa 100644 --- a/postfix/src/qmgr/qmgr_message.c +++ b/postfix/src/qmgr/qmgr_message.c @@ -103,10 +103,6 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include @@ -968,7 +964,7 @@ static int qmgr_message_sort_compare(const void *p1, const void *p2) if (at1 != 0 && at2 == 0) return (-1); if (at1 != 0 && at2 != 0 - && (result = strcasecmp(at1, at2)) != 0) + && (result = strcasecmp_utf8(at1, at2)) != 0) return (result); /* @@ -1134,8 +1130,8 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message) at = strrchr(STR(reply.recipient), '@'); len = (at ? (at - STR(reply.recipient)) : strlen(STR(reply.recipient))); - if (strncasecmp(STR(reply.recipient), var_double_bounce_sender, - len) == 0 + if (strncasecmp_utf8(STR(reply.recipient), + var_double_bounce_sender, len) == 0 && !var_double_bounce_sender[len]) { status = sent(message->tflags, message->queue_id, QMGR_MSG_STATS(&stats, message), recipient, diff --git a/postfix/src/qmgr/qmgr_peer.c b/postfix/src/qmgr/qmgr_peer.c index 73bfd3359..ebf963225 100644 --- a/postfix/src/qmgr/qmgr_peer.c +++ b/postfix/src/qmgr/qmgr_peer.c @@ -27,8 +27,8 @@ /* DESCRIPTION /* These routines add/delete/manipulate per-job peers. /* Each peer corresponds to a specific job and destination. -/* It is similar to per-transport queue structure, but groups -/* only the entries of the given job. +/* It is similar to per-transport queue structure, but groups +/* only the entries of the given job. /* /* qmgr_peer_create() creates an empty peer structure for the named /* job and destination. It is an error to call this function diff --git a/postfix/src/qmqpd/qmqpd.c b/postfix/src/qmqpd/qmqpd.c index 2f1347187..452f97b7d 100644 --- a/postfix/src/qmqpd/qmqpd.c +++ b/postfix/src/qmqpd/qmqpd.c @@ -53,7 +53,10 @@ /* SMTPUTF8 CONTROLS /* .ad /* .fi -/* Preliminary SMTPUTF8 support is introduced with Postfix 2.12. +/* Preliminary SMTPUTF8 support is introduced with Postfix 3.0. +/* .IP "\fBsmtputf8_enable (yes)\fR" +/* Enable preliminary SMTPUTF8 support for the protocols described +/* in RFC 6531..6533. /* .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" /* Detect that a message requires SMTPUTF8 support for the specified /* mail origin classes. diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 5692f5d65..29450e1a9 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -255,7 +255,7 @@ /* .IP "\fBsmtp_dns_support_level (empty)\fR" /* Level of DNS support in the Postfix SMTP client. /* .PP -/* Available in Postfix version 2.12 and later: +/* Available in Postfix version 3.0 and later: /* .IP "\fBsmtp_delivery_status_filter ($default_delivery_status_filter)\fR" /* Optional filter for the \fBsmtp\fR(8) delivery agent to change the /* delivery status code or explanatory text of successful or unsuccessful @@ -351,7 +351,7 @@ /* A file containing CA certificates of root CAs trusted to sign /* either remote SMTP server certificates or intermediate CA certificates. /* .IP "\fBsmtp_tls_CApath (empty)\fR" -/* Directory with PEM format certificate authority certificates +/* Directory with PEM format Certification Authority certificates /* that the Postfix SMTP client uses to verify a remote SMTP server /* certificate. /* .IP "\fBsmtp_tls_cert_file (empty)\fR" @@ -465,7 +465,7 @@ /* .IP "\fBtlsmgr_service_name (tlsmgr)\fR" /* The name of the \fBtlsmgr\fR(8) service entry in master.cf. /* .PP -/* Available in Postfix version 2.12 and later: +/* Available in Postfix version 3.0 and later: /* .IP "\fBsmtp_tls_wrappermode (no)\fR" /* Request that the Postfix SMTP client connects using the /* legacy SMTPS protocol instead of using the STARTTLS command. @@ -583,9 +583,9 @@ /* SMTPUTF8 CONTROLS /* .ad /* .fi -/* Preliminary SMTPUTF8 support is introduced with Postfix 2.12. +/* Preliminary SMTPUTF8 support is introduced with Postfix 3.0. /* .IP "\fBsmtputf8_enable (yes)\fR" -/* Enable experimental SMTPUTF8 support for the protocols described +/* Enable preliminary SMTPUTF8 support for the protocols described /* in RFC 6531..6533. /* .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" /* Detect that a message requires SMTPUTF8 support for the specified @@ -691,7 +691,7 @@ /* Optional list of relay hosts for SMTP destinations that can't be /* found or that are unreachable. /* .PP -/* Available with Postfix 2.12 and later: +/* Available with Postfix 3.0 and later: /* .IP "\fBsmtp_address_verify_target (rcpt)\fR" /* In the context of email address verification, the SMTP protocol /* stage that determines whether an email address is deliverable. diff --git a/postfix/src/smtp/smtp_rcpt.c b/postfix/src/smtp/smtp_rcpt.c index e8fe0b324..673f0b4ef 100644 --- a/postfix/src/smtp/smtp_rcpt.c +++ b/postfix/src/smtp/smtp_rcpt.c @@ -95,8 +95,8 @@ /* This abstraction is less convenient when an SMTP client /* must be able to deliver left-over recipients to a backup /* host. It might be more natural to have an input list with -/* recipients to deliver, and an output list with left-over -/* recipients. +/* recipients to deliver, and an output list with left-over +/* recipients. /* LICENSE /* .ad /* .fi diff --git a/postfix/src/smtp/smtp_session.c b/postfix/src/smtp/smtp_session.c index 2ccabf1ff..806d8de06 100644 --- a/postfix/src/smtp/smtp_session.c +++ b/postfix/src/smtp/smtp_session.c @@ -94,10 +94,6 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include diff --git a/postfix/src/smtp/smtp_tls_policy.c b/postfix/src/smtp/smtp_tls_policy.c index deb7e04db..afaaff769 100644 --- a/postfix/src/smtp/smtp_tls_policy.c +++ b/postfix/src/smtp/smtp_tls_policy.c @@ -496,7 +496,7 @@ static void *policy_create(const char *unused_key, void *context) } else if (tls_per_site) { tls_site_lookup(tls, &site_level, dest, "next-hop destination"); if (site_level != TLS_LEV_INVALID - && strcasecmp(dest, host) != 0) + && strcasecmp_utf8(dest, host) != 0) tls_site_lookup(tls, &site_level, host, "server hostname"); /* diff --git a/postfix/src/smtpd/Makefile.in b/postfix/src/smtpd/Makefile.in index 4aee827e2..91106b742 100644 --- a/postfix/src/smtpd/Makefile.in +++ b/postfix/src/smtpd/Makefile.in @@ -447,6 +447,7 @@ smtpd_milter.o: ../../include/quote_flags.h smtpd_milter.o: ../../include/resolve_clnt.h smtpd_milter.o: ../../include/sock_addr.h smtpd_milter.o: ../../include/split_at.h +smtpd_milter.o: ../../include/stringops.h smtpd_milter.o: ../../include/sys_defs.h smtpd_milter.o: ../../include/tls.h smtpd_milter.o: ../../include/vbuf.h diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index ad58afacb..333d5d494 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -138,7 +138,7 @@ /* or receive a complete record (an SMTP command line, SMTP response /* line, SMTP message content line, or TLS protocol message). /* .PP -/* Available in Postfix version 2.12 and later: +/* Available in Postfix version 3.0 and later: /* .IP "\fBsmtpd_dns_reply_filter (empty)\fR" /* Optional filter for Postfix SMTP server DNS lookup results. /* ADDRESS REWRITING CONTROLS @@ -458,8 +458,8 @@ /* .IP "\fBtlsmgr_service_name (tlsmgr)\fR" /* The name of the \fBtlsmgr\fR(8) service entry in master.cf. /* .PP -/* Available in Postfix version 2.12 and later: -/* .IP "\fBtls_session_ticket_cipher (Postfix ≥ 2.12: aes-256-cbc, postfix < 2.12: aes-128-cbc)\fR" +/* Available in Postfix version 3.0 and later: +/* .IP "\fBtls_session_ticket_cipher (Postfix >= 3.0: aes-256-cbc, Postfix < 3.0: aes-128-cbc)\fR" /* Algorithm used to encrypt RFC5077 TLS session tickets. /* OBSOLETE STARTTLS CONTROLS /* .ad @@ -479,9 +479,9 @@ /* SMTPUTF8 CONTROLS /* .ad /* .fi -/* Preliminary SMTPUTF8 support is introduced with Postfix 2.12. +/* Preliminary SMTPUTF8 support is introduced with Postfix 3.0. /* .IP "\fBsmtputf8_enable (yes)\fR" -/* Enable experimental SMTPUTF8 support for the protocols described +/* Enable preliminary SMTPUTF8 support for the protocols described /* in RFC 6531..6533. /* .IP "\fBstrict_smtputf8 (no)\fR" /* Enable stricter enforcement of the SMTPUTF8 protocol. @@ -594,7 +594,7 @@ /* lookup tables that does not match the recipient. /* .PP /* Parameters concerning known/unknown recipients of relay destinations: -/* .IP "\fBrelay_domains (Postfix ≥ 2.12: empty, Postfix < 2.12: $mydestination)\fR" +/* .IP "\fBrelay_domains (Postfix >= 3.0: empty, Postfix < 3.0: $mydestination)\fR" /* What destination domains (and subdomains thereof) this system /* will relay mail to. /* .IP "\fBrelay_recipient_maps (empty)\fR" @@ -739,7 +739,7 @@ /* The time limit for connecting to, writing to, or receiving from a /* delegated SMTPD policy server. /* .PP -/* Available in Postfix version 2.12 and later: +/* Available in Postfix version 3.0 and later: /* .IP "\fBsmtpd_policy_service_default_action (451 4.3.5 Server configuration problem)\fR" /* The default action when an SMTPD policy service request fails. /* .IP "\fBsmtpd_policy_service_request_limit (0)\fR" @@ -1154,6 +1154,10 @@ #include +/* DNS library. */ + +#include + /* Application-specific */ #include @@ -1408,9 +1412,13 @@ int smtpd_input_transp_mask; static void helo_reset(SMTPD_STATE *); static void mail_reset(SMTPD_STATE *); static void rcpt_reset(SMTPD_STATE *); -static void tls_reset(SMTPD_STATE *); static void chat_reset(SMTPD_STATE *, int); +#ifdef USE_TLS +static void tls_reset(SMTPD_STATE *); + +#endif + /* * This filter is applied after printable(). */ @@ -3746,7 +3754,12 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) }; int got_helo = 0; int got_proto = 0; + +#ifdef USE_SASL_AUTH int got_login = 0; + char *saved_username; + +#endif /* * Sanity checks. @@ -4007,6 +4020,21 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) #ifdef USE_SASL_AUTH if (got_login == 0) smtpd_sasl_auth_reset(state); + else + saved_username = mystrdup(state->sasl_username); + if (smtpd_sasl_is_active(state)) { + smtpd_sasl_deactivate(state); + if (state->tls_context == 0) /* TLS from XCLIENT proxy? */ + smtpd_sasl_activate(state, VAR_SMTPD_SASL_OPTS, + var_smtpd_sasl_opts); + else + smtpd_sasl_activate(state, VAR_SMTPD_SASL_TLS_OPTS, + var_smtpd_sasl_tls_opts); + } + if (got_login) { + smtpd_sasl_auth_extern(state, saved_username, XCLIENT_CMD); + myfree(saved_username); + } #endif chat_reset(state, 0); mail_reset(state); @@ -4692,12 +4720,16 @@ static void smtpd_proto(SMTPD_STATE *state) int argc; SMTPD_TOKEN *argv; SMTPD_CMD *cmdp; - int tls_rate; const char *ehlo_words; const char *err; int status; const char *cp; +#ifdef USE_TLS + int tls_rate; + +#endif + /* * Print a greeting banner and run the state machine. Read SMTP commands * one line at a time. According to the standard, a sender or recipient diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 9429595f7..aef680630 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -3790,7 +3790,7 @@ static int reject_auth_sender_login_mismatch(SMTPD_STATE *state, const char *sen STR(reply->recipient), (char **) 0)) != 0) { cp = saved_owners = mystrdup(owners); while ((name = mystrtok(&cp, CHARS_COMMA_SP)) != 0) { - if (strcasecmp(state->sasl_username, name) == 0) { + if (strcasecmp_utf8(state->sasl_username, name) == 0) { found = 1; break; } @@ -4651,7 +4651,7 @@ int smtpd_check_addr(const char *addr, int smtputf8) /* * Backwards compatibility: if the client does not request SMTPUTF8 - * support, then behave like Postfix < 2.12 trivial-rewrite, and don't + * support, then behave like Postfix < 3.0 trivial-rewrite, and don't * allow non-ASCII email domains. Historically, Postfix does not reject * UTF8 etc. in the address localpart. */ @@ -5158,7 +5158,8 @@ static int check_rcpt_maps(SMTPD_STATE *state, const char *recipient, * local delivery, because the virtual delivery agent requires * user@domain style addresses in its user database. */ -#define MATCH_LEFT(l, r, n) (strncasecmp((l), (r), (n)) == 0 && (r)[n] == '@') +#define MATCH_LEFT(l, r, n) \ + (strncasecmp_utf8((l), (r), (n)) == 0 && (r)[n] == '@') switch (reply->flags & RESOLVE_CLASS_MASK) { diff --git a/postfix/src/smtpd/smtpd_milter.c b/postfix/src/smtpd/smtpd_milter.c index 2557b3dcc..833148a7e 100644 --- a/postfix/src/smtpd/smtpd_milter.c +++ b/postfix/src/smtpd/smtpd_milter.c @@ -34,6 +34,7 @@ /* Utility library. */ #include +#include /* Global library. */ @@ -92,7 +93,7 @@ const char *smtpd_milter_eval(const char *name, void *ptr) if (strcmp(name, S8_MAC__) == 0) { vstring_sprintf(state->expand_buf, "%s [%s]", state->reverse_name, state->addr); - if (strcasecmp(state->name, state->reverse_name) != 0) + if (strcasecmp_utf8(state->name, state->reverse_name) != 0) vstring_strcat(state->expand_buf, " (may be forged)"); return (STR(state->expand_buf)); } diff --git a/postfix/src/smtpd/smtpd_peer.c b/postfix/src/smtpd/smtpd_peer.c index 576224d93..90cfd7eea 100644 --- a/postfix/src/smtpd/smtpd_peer.c +++ b/postfix/src/smtpd/smtpd_peer.c @@ -46,7 +46,7 @@ /* .IP namaddr /* String of the form: "name[addr]:port". /* .IP rfc_addr -/* String of the form "ipv4addr" or "ipv6:ipv6addr" for use +/* String of the form "ipv4addr" or "ipv6:ipv6addr" for use /* in Received: message headers. /* .IP dest_addr /* Server address, used by the Dovecot authentication server. diff --git a/postfix/src/smtpd/smtpd_proxy.c b/postfix/src/smtpd/smtpd_proxy.c index 0b9a808d8..b2e765b31 100644 --- a/postfix/src/smtpd/smtpd_proxy.c +++ b/postfix/src/smtpd/smtpd_proxy.c @@ -112,7 +112,7 @@ /* with the state->error_mask, state->err and proxy-buffer /* fields given appropriate values. /* -/* Arguments: +/* Arguments: /* .IP flags /* Zero, or SMTPD_PROXY_FLAG_SPEED_ADJUST to buffer up the entire /* message before contacting a before-queue content filter. diff --git a/postfix/src/smtpd/smtpd_resolve.c b/postfix/src/smtpd/smtpd_resolve.c index 3fd269482..7cd8e4cda 100644 --- a/postfix/src/smtpd/smtpd_resolve.c +++ b/postfix/src/smtpd/smtpd_resolve.c @@ -77,6 +77,7 @@ static void *resolve_pagein(const char *addr, void *unused_context) { static VSTRING *query; RESOLVE_REPLY *reply; + char *tmp; /* * Initialize on the fly. @@ -95,7 +96,9 @@ static void *resolve_pagein(const char *addr, void *unused_context) */ rewrite_clnt_internal(MAIL_ATTR_RWR_LOCAL, addr, query); resolve_clnt_query(STR(query), reply); - lowercase(STR(reply->recipient)); /* XXX */ + tmp = mystrdup(STR(reply->recipient)); + casefold(reply->recipient, tmp); /* XXX */ + myfree(tmp); /* * Save the result. diff --git a/postfix/src/smtpstone/smtp-sink.c b/postfix/src/smtpstone/smtp-sink.c index 82f8e7c79..1195648c2 100644 --- a/postfix/src/smtpstone/smtp-sink.c +++ b/postfix/src/smtpstone/smtp-sink.c @@ -157,7 +157,7 @@ /* An optional string that is prepended to each message that is /* written to a dump file (see the dump file format description /* below). The following C escape sequences are supported: \ea -/* (bell), \eb (backslace), \ef (formfeed), \en (newline), \er +/* (bell), \eb (backspace), \ef (formfeed), \en (newline), \er /* (carriage return), \et (horizontal tab), \ev (vertical tab), /* \e\fIddd\fR (up to three octal digits) and \e\e (the backslash /* character). diff --git a/postfix/src/tls/tls.h b/postfix/src/tls/tls.h index 16e49c58b..8efb03830 100644 --- a/postfix/src/tls/tls.h +++ b/postfix/src/tls/tls.h @@ -3,11 +3,11 @@ /*++ /* NAME -/* tls 3h +/* tls 3h /* SUMMARY -/* libtls internal interfaces +/* libtls internal interfaces /* SYNOPSIS -/* #include +/* #include /* DESCRIPTION /* .nf @@ -106,6 +106,10 @@ extern const NAME_CODE tls_level_table[]; #include #include #include + + /* + * TLS library. + */ #include /* @@ -631,12 +635,12 @@ extern int tls_ext_seed(int); /* LICENSE /* .ad /* .fi -/* The Secure Mailer license must be distributed with this software. +/* The Secure Mailer license must be distributed with this software. /* AUTHOR(S) -/* Wietse Venema -/* IBM T.J. Watson Research -/* P.O. Box 704 -/* Yorktown Heights, NY 10598, USA +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA /* /* Victor Duchovni /* Morgan Stanley diff --git a/postfix/src/tls/tls_certkey.c b/postfix/src/tls/tls_certkey.c index 504c18627..33c9d7a6a 100644 --- a/postfix/src/tls/tls_certkey.c +++ b/postfix/src/tls/tls_certkey.c @@ -79,7 +79,7 @@ #define TLS_INTERNAL #include -/* tls_set_ca_certificate_info - load certificate authority certificates */ +/* tls_set_ca_certificate_info - load Certification Authority certificates */ int tls_set_ca_certificate_info(SSL_CTX *ctx, const char *CAfile, const char *CApath) @@ -90,7 +90,7 @@ int tls_set_ca_certificate_info(SSL_CTX *ctx, const char *CAfile, CApath = 0; if (CAfile || CApath) { if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { - msg_info("cannot load Certificate Authority data: " + msg_info("cannot load Certification Authority data: " "disabling TLS support"); tls_print_errors(); return (-1); diff --git a/postfix/src/tls/tls_dane.c b/postfix/src/tls/tls_dane.c index 66dfdc16d..f55fff9b1 100644 --- a/postfix/src/tls/tls_dane.c +++ b/postfix/src/tls/tls_dane.c @@ -162,6 +162,10 @@ #include #include +#ifdef STRCASECMP_IN_STRINGS_H +#include +#endif + #ifdef USE_TLS #include diff --git a/postfix/src/tls/tls_mgr.c b/postfix/src/tls/tls_mgr.c index 60fc0e705..3936d7714 100644 --- a/postfix/src/tls/tls_mgr.c +++ b/postfix/src/tls/tls_mgr.c @@ -86,15 +86,15 @@ /* DIAGNOSTICS /* All client functions return one of the following status codes: /* .IP TLS_MGR_STAT_OK -/* The request completed, and the requested operation was +/* The request completed, and the requested operation was /* successful (for example, the requested session was found, /* or the specified session was saved or removed). /* .IP TLS_MGR_STAT_ERR -/* The request completed, but the requested operation failed +/* The request completed, but the requested operation failed /* (for example, the requested object was not found or the /* specified session was not saved or removed). /* .IP TLS_MGR_STAT_FAIL -/* The request could not complete (the client could not +/* The request could not complete (the client could not /* communicate with the tlsmgr(8) server). /* SEE ALSO /* tlsmgr(8) TLS session and PRNG management diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c index bd0516e37..31ca37adf 100644 --- a/postfix/src/tlsproxy/tlsproxy.c +++ b/postfix/src/tlsproxy/tlsproxy.c @@ -194,6 +194,10 @@ #include #include +#ifdef STRCASECMP_IN_STRINGS_H +#include +#endif + /* * Utility library. */ diff --git a/postfix/src/trivial-rewrite/resolve.c b/postfix/src/trivial-rewrite/resolve.c index f7c5a6a63..0f8e6bbd0 100644 --- a/postfix/src/trivial-rewrite/resolve.c +++ b/postfix/src/trivial-rewrite/resolve.c @@ -498,7 +498,7 @@ static void resolve_addr(RES_CONTEXT *rp, char *sender, char *addr, rcpt_domain, VAR_VIRT_ALIAS_DOMS, VAR_RELAY_DOMAINS); #if 0 - if (strcasecmp(rcpt_domain, var_myorigin) == 0) + if (strcasecmp_utf8(rcpt_domain, var_myorigin) == 0) msg_warn("do not list $%s (%s) in %s", VAR_MYORIGIN, var_myorigin, VAR_VIRT_ALIAS_DOMS); #endif diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.c b/postfix/src/trivial-rewrite/trivial-rewrite.c index 31ae822e3..1474b77e0 100644 --- a/postfix/src/trivial-rewrite/trivial-rewrite.c +++ b/postfix/src/trivial-rewrite/trivial-rewrite.c @@ -23,12 +23,12 @@ /* \fB$remote_header_rewrite_domain\fR to incomplete /* addresses. Otherwise the result is identical to that of /* the \fBlocal\fR address rewriting context. This prevents -/* Postfix from appending the local domain to spam from poorly +/* Postfix from appending the local domain to spam from poorly /* written remote clients. /* .RE /* .IP "\fBresolve \fIsender\fR \fIaddress\fR" /* Resolve the address to a (\fItransport\fR, \fInexthop\fR, -/* \fIrecipient\fR, \fIflags\fR) quadruple. The meaning of +/* \fIrecipient\fR, \fIflags\fR) quadruple. The meaning of /* the results is as follows: /* .RS /* .IP \fItransport\fR @@ -110,7 +110,7 @@ /* .IP "\fBappend_at_myorigin (yes)\fR" /* With locally submitted mail, append the string "@$myorigin" to mail /* addresses without domain information. -/* .IP "\fBappend_dot_mydomain (Postfix ≥ 2.12: no, Postfix < 2.12: yes)\fR" +/* .IP "\fBappend_dot_mydomain (Postfix >= 3.0: no, Postfix < 3.0: yes)\fR" /* With locally submitted mail, append the string ".$mydomain" to /* addresses that have no ".domain" information. /* .IP "\fBrecipient_delimiter (empty)\fR" diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in index 4dee5e51f..a14bb36b2 100644 --- a/postfix/src/util/Makefile.in +++ b/postfix/src/util/Makefile.in @@ -39,7 +39,7 @@ SRCS = alldig.c allprint.c argv.c argv_split.c attr_clnt.c attr_print0.c \ dict_sockmap.c line_number.c recv_pass_attr.c pass_accept.c \ poll_fd.c timecmp.c slmdb.c dict_pipe.c dict_random.c \ valid_utf8_hostname.c midna_domain.c argv_splitq.c balpar.c dict_union.c \ - extpar.c dict_inline.c casefold.c dict_utf8.c + extpar.c dict_inline.c casefold.c dict_utf8.c strcasecmp_utf8.c OBJS = alldig.o allprint.o argv.o argv_split.o attr_clnt.o attr_print0.o \ attr_print64.o attr_print_plain.o attr_scan0.o attr_scan64.o \ attr_scan_plain.o auto_clnt.o base64_code.o basename.o binhash.o \ @@ -80,7 +80,7 @@ OBJS = alldig.o allprint.o argv.o argv_split.o attr_clnt.o attr_print0.o \ dict_sockmap.o line_number.o recv_pass_attr.o pass_accept.o \ poll_fd.o timecmp.o $(NON_PLUGIN_MAP_OBJ) dict_pipe.o dict_random.o \ valid_utf8_hostname.o midna_domain.o argv_splitq.o balpar.o dict_union.o \ - extpar.o dict_inline.o casefold.o dict_utf8.o + extpar.o dict_inline.o casefold.o dict_utf8.o strcasecmp_utf8.o # MAP_OBJ is for maps that may be dynamically loaded with dynamicmaps.cf. # When hard-linking these, makedefs sets NON_PLUGIN_MAP_OBJ=$(MAP_OBJ), # otherwise it sets the PLUGIN_* macros. @@ -128,7 +128,7 @@ TESTPROG= dict_open dup2_pass_on_exec events exec_command fifo_open \ unix_recv_fd unix_send_fd stream_recv_fd stream_send_fd hex_code \ myaddrinfo myaddrinfo4 inet_proto sane_basename format_tv \ valid_utf8_string ip_match base32_code msg_rate_delay netstring \ - vstream timecmp dict_cache midna_domain casefold + vstream timecmp dict_cache midna_domain casefold strcasecmp_utf8 PLUGIN_MAP_SO = $(LIB_PREFIX)pcre$(LIB_SUFFIX) LIB_DIR = ../../lib @@ -514,6 +514,11 @@ casefold: $(LIB) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS) mv junk $@.o +strcasecmp_utf8: $(LIB) + mv $@.o junk + $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS) + mv junk $@.o + tests: all valid_hostname_test mac_expand_test dict_test unescape_test \ hex_quote_test ctable_test inet_addr_list_test base64_code_test \ attr_scan64_test attr_scan0_test dict_pcre_test host_port_test \ @@ -521,7 +526,7 @@ tests: all valid_hostname_test mac_expand_test dict_test unescape_test \ myaddrinfo_test format_tv_test ip_match_test name_mask_tests \ base32_code_test dict_thash_test surrogate_test timecmp_test \ dict_static_test dict_inline_test midna_domain_test casefold_test \ - dict_utf8_test + dict_utf8_test strcasecmp_utf8_test root_tests: @@ -773,6 +778,12 @@ dict_utf8_test: dict_open dict_utf8_test.in dict_utf8_test.ref diff dict_utf8_test.ref dict_utf8_test.tmp rm -f dict_utf8_test.tmp +strcasecmp_utf8_test: strcasecmp_utf8 strcasecmp_utf8_test.in \ + strcasecmp_utf8_test.ref + $(SHLIB_ENV) ./strcasecmp_utf8 strcasecmp_utf8_test.tmp 2>&1 + diff strcasecmp_utf8_test.ref strcasecmp_utf8_test.tmp + rm -f strcasecmp_utf8_test.tmp + depend: $(MAKES) (sed '1,/^# do not edit/!d' Makefile.in; \ set -e; for i in [a-z][a-z0-9]*.c; do \ @@ -1715,6 +1726,8 @@ load_file.o: vbuf.h load_file.o: vstream.h load_file.o: warn_stat.h load_lib.o: load_lib.c +load_lib.o: load_lib.h +load_lib.o: msg.h load_lib.o: sys_defs.h lowercase.o: check_arg.h lowercase.o: lowercase.c @@ -2120,6 +2133,12 @@ stat_as.o: sys_defs.h stat_as.o: warn_stat.h strcasecmp.o: strcasecmp.c strcasecmp.o: sys_defs.h +strcasecmp_utf8.o: check_arg.h +strcasecmp_utf8.o: strcasecmp_utf8.c +strcasecmp_utf8.o: stringops.h +strcasecmp_utf8.o: sys_defs.h +strcasecmp_utf8.o: vbuf.h +strcasecmp_utf8.o: vstring.h stream_connect.o: connect.h stream_connect.o: iostuff.h stream_connect.o: msg.h diff --git a/postfix/src/util/attr_scan0.c b/postfix/src/util/attr_scan0.c index 41299aef8..89bbd41fe 100644 --- a/postfix/src/util/attr_scan0.c +++ b/postfix/src/util/attr_scan0.c @@ -45,7 +45,7 @@ /* characters including the terminator. /* These formatting rules favor implementations in C. /* -/* Normally, attributes must be received in the sequence as specified with +/* Normally, attributes must be received in the sequence as specified with /* the attr_scan0() argument list. The input stream may contain additional /* attributes at any point in the input stream, including additional /* instances of requested attributes. diff --git a/postfix/src/util/casefold.c b/postfix/src/util/casefold.c index c1260c7b8..15bfa2d38 100644 --- a/postfix/src/util/casefold.c +++ b/postfix/src/util/casefold.c @@ -7,41 +7,73 @@ /* #include /* /* char *casefold( -/* int utf8_request, -/* VSTRING *src, +/* VSTRING *dst, +/* const char *src) +/* +/* char *casefold_append( +/* VSTRING *dst, +/* const char *src) +/* +/* char *casefold_len( +/* VSTRING *dst, +/* const char *src, +/* ssize_t src_len) +/* AUXILIARY FUNCTIONS +/* char *casefoldx( +/* int flags, +/* VSTRING *dst, /* const char *src, -/* CONST_CHAR_STAR *err) +/* ssize_t src_len) /* DESCRIPTION /* casefold() converts text to a form that is suitable for /* caseless comparison, rather than presentation to humans. /* -/* When compiled without EAI support, casefold() implements -/* ASCII case folding, leaving non-ASCII byte values unchanged. -/* This mode has no error returns. +/* When compiled without EAI support or util_utf8_enable is +/* zero, casefold() implements ASCII case folding, leaving +/* non-ASCII byte values unchanged. /* -/* When compiled with EAI support, casefold() implements UTF-8 -/* case folding using the en_US locale, as recommended when -/* the conversion result is not meant to be presented to humans. -/* When conversion fails the result is null, and the pointer -/* referenced by err is updated. +/* When compiled with EAI support and util_utf8_enable is +/* non-zero, casefold() implements UTF-8 case folding using +/* the en_US locale, as recommended when the conversion result +/* is not meant to be presented to humans. /* -/* With the ICU 4.8 library, there is no casefold error for -/* UTF-8 code points U+0000..U+10FFFF (including surrogate -/* range), not even when running inside an empty chroot jail. +/* casefold_len() implements casefold() with a source length +/* argument. +/* +/* casefold_append() implements casefold() without overwriting +/* the result. +/* +/* casefoldx() implements a more complex API that implements +/* all of the above and more. /* /* Arguments: -/* .IP utf8_request -/* Boolean parameter that enables UTF-8 case folding instead -/* of folding only ASCII characters. This flag is ignored when -/* compiled without EAI support. /* .IP src /* Null-terminated input string. /* .IP dest -/* Output buffer, null-terminated if the function completes -/* without reporting an error. -/* .IP err -/* Null pointer, or pointer to "const char *". for descriptive -/* text about errors. +/* Output buffer, null-terminated. Specify a null pointer to +/* use an internal buffer that is overwritten upon each call. +/* .IP len +/* The string length, -1 to determine the length dynamically. +/* .IP flags +/* Bitwise OR of zero or more of the following: +/* .RS +/* .IP CASEF_FLAG_UTF8 +/* Enable UTF-8 support. This flag has no effect when compiled +/* without EAI support. +/* .IP CASEF_FLAG_APPEND +/* Append the result to the buffer, instead of overwriting it. +/* DIAGNOSTICS +/* All errors are fatal. There appear to be no input-dependent +/* errors. +/* +/* With the ICU 4.8 library, there is no casefold error for +/* UTF-8 code points U+0000..U+10FFFF (including surrogate +/* range), not even when running inside an empty chroot jail. +/* Nor does malformed UTF-8 trigger errors; non-UTF-8 bytes +/* are copied verbatim. Based on ICU 4.8 source-code review +/* and experimentation(!) we conclude that UTF-8 casefolding +/* has no data-dependent error cases, and that it is safe to +/* treat all casefolding errors as fatal runtime errors. /* LICENSE /* .ad /* .fi @@ -72,46 +104,70 @@ #define STR(x) vstring_str(x) #define LEN(x) VSTRING_LEN(x) -/* casefold - casefold an UTF-8 string */ +/* casefoldx - casefold an UTF-8 string */ -char *casefold(int utf8_req, VSTRING *dest, const char *src, - CONST_CHAR_STAR *err) +char *casefoldx(int flags, VSTRING *dest, const char *src, ssize_t len) { + size_t old_len; + #ifdef NO_EAI /* * ASCII mode only. */ - vstring_strcpy(dest, src); - return (lowercase(STR(dest))); + if (len < 0) + len = strlen(src); + if ((flags & CASEF_FLAG_APPEND) == 0) + VSTRING_RESET(dest); + old_len = VSTRING_LEN(dest); + vstring_strncat(dest, src, len); + lowercase(STR(dest) + old_len); + return (STR(dest)); #else /* * Unicode mode. */ + const char myname[] = "casefold"; + static VSTRING *fold_buf = 0; static UCaseMap *csm = 0; UErrorCode error; ssize_t space_needed; int n; + /* + * Handle special cases. + */ + if (len < 0) + len = strlen(src); + if (dest == 0) + dest = (fold_buf != 0 ? fold_buf : (fold_buf = vstring_alloc(100))); + if ((flags & CASEF_FLAG_APPEND) == 0) + VSTRING_RESET(dest); + old_len = VSTRING_LEN(dest); + /* * All-ASCII input, or ASCII mode only. */ - if (utf8_req == 0 || allascii(src)) { - vstring_strcpy(dest, src); - return (lowercase(STR(dest))); + if ((flags & CASEF_FLAG_UTF8) == 0 || allascii(src)) { + vstring_strncat(dest, src, len); + lowercase(STR(dest) + old_len); + return (STR(dest)); } /* * ICU 4.8 ucasemap_utf8FoldCase() does not complain about UTF-8 syntax - * errors. XXX Is this behavior guaranteed or accidental? We don't know, - * therefore must check it here. + * errors. XXX Based on source-code review we conclude that non-UTF-8 + * bytes are copied verbatim, and experiments confirm this. Given that + * this behavior is intentional, we assume that it will stay that way. */ - if (valid_utf8_string(src, strlen(src)) == 0) { +#if 0 + if (valid_utf8_string(src, len) == 0) { if (err) *err = "malformed UTF-8 or invalid codepoint"; return (0); } +#endif /* * One-time initialization. With ICU 4.8 this works while chrooted. @@ -126,36 +182,31 @@ char *casefold(int utf8_req, VSTRING *dest, const char *src, /* * Fold the input, adjusting the buffer size if needed. Safety: don't * loop forever. + * + * Note: the requested amount of space for casemapped output (as reported + * with space_needed below) does not include storage for the null + * terminator. The terminator is written only when the output buffer is + * large enough. This is why we overallocate space when the output does + * not fit. But if the output fits exactly, then the ouput will be + * unterminated, and we have to terminate the output ourselves. */ - VSTRING_RESET(dest); for (n = 0; n < 3; n++) { error = U_ZERO_ERROR; - space_needed = - ucasemap_utf8FoldCase(csm, STR(dest), vstring_avail(dest), - src, strlen(src), &error); - if (error == U_BUFFER_OVERFLOW_ERROR) { - VSTRING_SPACE(dest, space_needed); - } else { + space_needed = ucasemap_utf8FoldCase(csm, STR(dest) + old_len, + vstring_avail(dest), src, len, &error); + if (U_SUCCESS(error)) { + VSTRING_AT_OFFSET(dest, old_len + space_needed); + if (vstring_avail(dest) == 0) /* exact fit, no terminator */ + VSTRING_TERMINATE(dest); /* add terminator */ break; + } else if (error == U_BUFFER_OVERFLOW_ERROR) { + VSTRING_SPACE(dest, space_needed + 1); /* for terminator */ + } else { + msg_fatal("%s: conversion error for \"%s\": %s", + myname, src, u_errorName(error)); } } - - /* - * Report the result. With ICU 4.8, there are no casefolding errors for - * the entire RFC 3629 Unicode range (code points U+0000..U+10FFFF - * including surrogates), nor are there casefolding errors for bad UTF-8 - * input. XXX Is this behavior guaranteed or accidental? We don't know, - * therefore we have the UTF-8 syntax check (and range check) above. - */ - if (U_SUCCESS(error) == 0) { - if (err) - *err = u_errorName(error); - return (0); - } else { - /* Position the write pointer at the null terminator. */ - VSTRING_AT_OFFSET(dest, space_needed - 1); - return (STR(dest)); - } + return (STR(dest)); #endif /* NO_EAI */ } @@ -200,18 +251,18 @@ int main(int argc, char **argv) VSTRING *dest = vstring_alloc(1); char *bp; char *conv_res; - const char *fold_err; char *cmd; - int codepoint, first, last, utf8_req; + int codepoint, first, last; + VSTREAM *fp; if (setlocale(LC_ALL, "C") == 0) msg_fatal("setlocale(LC_ALL, C) failed: %m"); msg_vstream_init(argv[0], VSTREAM_ERR); - utf8_req = util_utf8_enable = 1; + util_utf8_enable = 1; - VSTRING_SPACE(buffer, 256); /* chroot pathname */ + VSTRING_SPACE(buffer, 256); /* chroot/file pathname */ while (vstring_fgets_nonl(buffer, VSTREAM_IN)) { bp = STR(buffer); @@ -226,10 +277,8 @@ int main(int argc, char **argv) * Null-terminated string. */ if (strcmp(cmd, "fold") == 0) { - if ((conv_res = casefold(utf8_req, dest, bp, &fold_err)) != 0) - vstream_printf("\"%s\" ->fold \"%s\"\n", bp, conv_res); - else - vstream_printf("cannot casefold \"%s\": %s\n", bp, fold_err); + conv_res = casefold(dest, bp); + vstream_printf("\"%s\" ->fold \"%s\"\n", bp, conv_res); } /* @@ -248,9 +297,7 @@ int main(int argc, char **argv) vstream_printf("U+%X -> %s\n", codepoint, STR(buffer)); if (valid_utf8_string(STR(buffer), LEN(buffer)) == 0) msg_fatal("bad utf-8 encoding for U+%X\n", codepoint); - if (casefold(utf8_req, dest, STR(buffer), &fold_err) == 0) - vstream_printf("casefold error for U+%X: %s\n", - codepoint, fold_err); + casefold(dest, STR(buffer)); } } vstream_printf("range completed: 0x%x..0x%x\n", first, last); @@ -263,13 +310,25 @@ int main(int argc, char **argv) && sscanf(bp, "%255s", STR(buffer)) == 1) { if (geteuid() == 0) { if (chdir(STR(buffer)) < 0) - msg_fatal("chdir(%s): %m\n", STR(buffer)); + msg_fatal("chdir(%s): %m", STR(buffer)); if (chroot(STR(buffer)) < 0) - msg_fatal("chroot(%s): %m\n", STR(buffer)); + msg_fatal("chroot(%s): %m", STR(buffer)); vstream_printf("chroot %s completed\n", STR(buffer)); } } + /* + * File. + */ + else if (strcmp(cmd, "file") == 0 + && sscanf(bp, "%255s", STR(buffer)) == 1) { + if ((fp = vstream_fopen(STR(buffer), O_RDONLY, 0)) == 0) + msg_fatal("open(%s): %m", STR(buffer)); + while (vstring_fgets_nonl(buffer, fp)) + vstream_printf("%s\n", casefold(dest, STR(buffer))); + vstream_fclose(fp); + } + /* * Verbose. */ @@ -282,11 +341,13 @@ int main(int argc, char **argv) * Usage */ else { - vstream_printf("Usage: %s chroot | fold | range | verbose \n", + vstream_printf("Usage: %s chroot | file | fold | range | verbose \n", argv[0]); } vstream_fflush(VSTREAM_OUT); } + vstring_free(buffer); + vstring_free(dest); exit(0); } diff --git a/postfix/src/util/casefold_test.in b/postfix/src/util/casefold_test.in index 9b50e22e2..c1a530e50 100644 --- a/postfix/src/util/casefold_test.in +++ b/postfix/src/util/casefold_test.in @@ -11,6 +11,8 @@ range 0xE000 0xE007 verbose 0 # Upper-case greek -> lower-case greek. fold Δημοσθένους.example.com +# Exact-fit null termination test. +fold Δημοσθένους.exxample.com # Upper-case ASCII -> lower-case ASCII. fold HeLlO.ExAmPlE.CoM # Folding does not change aliases for '.'. @@ -18,5 +20,5 @@ fold x。example.com fold x.example.com fold x。example.com # Bad UTF-8 -fold yyy€€€ -fold €€€xxx +fold YYY€€€ +fold €€€XXX diff --git a/postfix/src/util/casefold_test.ref b/postfix/src/util/casefold_test.ref index 00d6f8d1f..639fe0674 100644 --- a/postfix/src/util/casefold_test.ref +++ b/postfix/src/util/casefold_test.ref @@ -27,6 +27,9 @@ range completed: 0xe000..0xe007 > # Upper-case greek -> lower-case greek. > fold Δημοσθένους.example.com "Δημοσθένους.example.com" ->fold "δημοσθένουσ.example.com" +> # Exact-fit null termination test. +> fold Δημοσθένους.exxample.com +"Δημοσθένους.exxample.com" ->fold "δημοσθένουσ.exxample.com" > # Upper-case ASCII -> lower-case ASCII. > fold HeLlO.ExAmPlE.CoM "HeLlO.ExAmPlE.CoM" ->fold "hello.example.com" @@ -38,7 +41,7 @@ range completed: 0xe000..0xe007 > fold x。example.com "x。example.com" ->fold "x。example.com" > # Bad UTF-8 -> fold yyy€€€ -cannot casefold "yyy€€€": malformed UTF-8 or invalid codepoint -> fold €€€xxx -cannot casefold "€€€xxx": malformed UTF-8 or invalid codepoint +> fold YYY€€€ +"YYY€€€" ->fold "yyy€€€" +> fold €€€XXX +"€€€XXX" ->fold "€€€xxx" diff --git a/postfix/src/util/dict_open.c b/postfix/src/util/dict_open.c index 57df5e46d..bc33174ea 100644 --- a/postfix/src/util/dict_open.c +++ b/postfix/src/util/dict_open.c @@ -236,7 +236,7 @@ /* available for use with dict_longjmp(). Normally, dict_setjmp() /* returns zero. A non-zero result means that dict_setjmp() /* returned through a dict_longjmp() call; the result is the -/* \fIval\fR argment given to dict_longjmp(). dict_isjmp() +/* \fIval\fR argument given to dict_longjmp(). dict_isjmp() /* returns non-zero when dict_setjmp() and dict_longjmp() /* are enabled for a given dictionary. /* @@ -290,10 +290,6 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include diff --git a/postfix/src/util/dict_tcp.c b/postfix/src/util/dict_tcp.c index f65bdd085..922f449a4 100644 --- a/postfix/src/util/dict_tcp.c +++ b/postfix/src/util/dict_tcp.c @@ -42,7 +42,7 @@ /* REPLY FORMAT /* .ad /* .fi -/* Replies must be no longer than 4096 characters including the +/* Replies must be no longer than 4096 characters including the /* newline terminator, and must have the following form: /* .IP "500 SPACE text NEWLINE" /* In case of a lookup request, the requested data does not exist. diff --git a/postfix/src/util/dict_test.c b/postfix/src/util/dict_test.c index 5f394ff81..ead61b20c 100644 --- a/postfix/src/util/dict_test.c +++ b/postfix/src/util/dict_test.c @@ -12,6 +12,10 @@ #include #include +#ifdef STRCASECMP_IN_STRINGS_H +#include +#endif + /* Utility library. */ #include diff --git a/postfix/src/util/dict_utf8.c b/postfix/src/util/dict_utf8.c index 3623cec62..77d308aed 100644 --- a/postfix/src/util/dict_utf8.c +++ b/postfix/src/util/dict_utf8.c @@ -112,17 +112,6 @@ char *dict_utf8_check_fold(DICT *dict, const char *string, { int fold_flag = (dict->flags & DICT_FLAG_FOLD_ANY); - /* - * Casefold and implicitly validate UTF-8. - */ - if (fold_flag != 0 && (fold_flag & (dict->flags & DICT_FLAG_FIXED) ? - DICT_FLAG_FOLD_FIX : DICT_FLAG_FOLD_MUL)) { - if (dict->fold_buf == 0) - dict->fold_buf = vstring_alloc(10); - return (casefold(dict->flags & DICT_FLAG_UTF8_ACTIVE, - dict->fold_buf, string, err)); - } - /* * Validate UTF-8 without casefolding. */ @@ -131,6 +120,16 @@ char *dict_utf8_check_fold(DICT *dict, const char *string, *err = "malformed UTF-8 or invalid codepoint"; return (0); } + + /* + * Casefold UTF-8. + */ + if (fold_flag != 0 && (fold_flag & (dict->flags & DICT_FLAG_FIXED) ? + DICT_FLAG_FOLD_FIX : DICT_FLAG_FOLD_MUL)) { + if (dict->fold_buf == 0) + dict->fold_buf = vstring_alloc(10); + return (casefold(dict->fold_buf, string)); + } return ((char *) string); } diff --git a/postfix/src/util/format_tv.c b/postfix/src/util/format_tv.c index 641461902..a932bdb41 100644 --- a/postfix/src/util/format_tv.c +++ b/postfix/src/util/format_tv.c @@ -39,7 +39,7 @@ /* Specify a number in the range 0..6. /* LICENSE /* .ad -/* fi +/* .fi /* The Secure Mailer license must be distributed with this /* software. /* AUTHOR(S) diff --git a/postfix/src/util/hex_code.c b/postfix/src/util/hex_code.c index 42d844b88..9e890353a 100644 --- a/postfix/src/util/hex_code.c +++ b/postfix/src/util/hex_code.c @@ -17,7 +17,7 @@ /* ssize_t len; /* DESCRIPTION /* hex_encode() takes a block of len bytes and encodes it as one -/* upper-case null-terminated string. The result value is +/* upper-case null-terminated string. The result value is /* the result argument. /* /* hex_decode() performs the opposite transformation on diff --git a/postfix/src/util/inet_proto.c b/postfix/src/util/inet_proto.c index 08fdfdbd6..d0ad6d0d4 100644 --- a/postfix/src/util/inet_proto.c +++ b/postfix/src/util/inet_proto.c @@ -13,7 +13,7 @@ /* unsigned *dns_atype_list;/* TAAAA and/or TA */ /* unsigned char *sa_family_list;/* AF_INET6 and/or AF_INET */ /* .in -4 -/* } INET_PROTO_INFO; +/* } INET_PROTO_INFO; /* /* INET_PROTO_INFO *inet_proto_init(context, protocols) /* diff --git a/postfix/src/util/iostuff.h b/postfix/src/util/iostuff.h index 82c415532..0c54d0399 100644 --- a/postfix/src/util/iostuff.h +++ b/postfix/src/util/iostuff.h @@ -62,10 +62,10 @@ extern void set_unix_pass_fd_fix(const char *); /* .fi /* The Secure Mailer license must be distributed with this software. /* AUTHOR(S) -/* Wietse Venema -/* IBM T.J. Watson Research -/* P.O. Box 704 -/* Yorktown Heights, NY 10598, USA +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA /* CREATION DATE /* Sat Jan 25 16:54:13 EST 1997 /*--*/ diff --git a/postfix/src/util/line_wrap.c b/postfix/src/util/line_wrap.c index 75a72fe27..0f399e8c8 100644 --- a/postfix/src/util/line_wrap.c +++ b/postfix/src/util/line_wrap.c @@ -19,7 +19,7 @@ /* break long words that do not fit on a single line. Upon output, /* trailing whitespace is stripped. /* -/* Arguments +/* Arguments /* .IP string /* The input, which cannot contain any newline characters. /* .IP len diff --git a/postfix/src/util/mac_expand.c b/postfix/src/util/mac_expand.c index 17fa53e60..2a3564151 100644 --- a/postfix/src/util/mac_expand.c +++ b/postfix/src/util/mac_expand.c @@ -16,7 +16,7 @@ /* DESCRIPTION /* This module implements parameter-less named attribute /* expansions, both conditional and unconditional. As of Postfix -/* 2.12 this code supports logical expression evaluation. +/* 3.0 this code supports logical expression evaluation. /* /* In this text, an attribute is considered "undefined" when its value /* is a null pointer. Otherwise, the attribute is considered "defined" @@ -265,7 +265,7 @@ static int PRINTFLIKE(2, 3) mac_exp_parse_error(MAC_EXP_CONTEXT *mc, } while (0) /* - * Postfix 2.12 introduces support for {text} operands. Only with these do + * Postfix 3.0 introduces support for {text} operands. Only with these do * we support the ternary ?: operator and logical operators. * * We cannot support operators in random text, because that would break Postfix diff --git a/postfix/src/util/match_list.c b/postfix/src/util/match_list.c index ecea8c1e6..520485dd0 100644 --- a/postfix/src/util/match_list.c +++ b/postfix/src/util/match_list.c @@ -126,7 +126,6 @@ static ARGV *match_list_parse(MATCH_LIST *match_list, ARGV *pat_list, char *item; char *map_type_name_flags; int match; - const char *utf8_err; /* * We do not use DICT_FLAG_FOLD_FIX, because we casefold the search @@ -184,19 +183,8 @@ static ARGV *match_list_parse(MATCH_LIST *match_list, ARGV *pat_list, dict_open(item, OPEN_FLAGS, DICT_FLAGS)); argv_add(pat_list, STR(buf), (char *) 0); } else { /* other pattern */ - if (casefold(util_utf8_enable, match_list->fold_buf, match ? - item : STR(vstring_sprintf(buf, "!%s", item)), - &utf8_err) == 0) { - /* Replace unusable pattern with pseudo table. */ - vstring_sprintf(match_list->fold_buf, "%s:%s", - DICT_TYPE_NOUTF8, item); - if (dict_handle(STR(match_list->fold_buf)) == 0) - dict_register(STR(match_list->fold_buf), - dict_surrogate(DICT_TYPE_NOUTF8, item, - OPEN_FLAGS, DICT_FLAGS, - "casefold error: %s", - utf8_err)); - } + casefold(match_list->fold_buf, match ? + item : STR(vstring_sprintf(buf, "!%s", item))); argv_add(pat_list, STR(match_list->fold_buf), (char *) 0); } } @@ -252,7 +240,6 @@ int match_list_match(MATCH_LIST *list,...) int match; int i; va_list ap; - const char *utf8_err; /* * Iterate over all patterns in the list, stop at the first match. @@ -267,12 +254,7 @@ int match_list_match(MATCH_LIST *list,...) for (match = 1; *pat == '!'; pat++) match = !match; for (i = 0; i < list->match_count; i++) { - if (casefold(util_utf8_enable, list->fold_buf, - list->match_args[i], &utf8_err) == 0) { - msg_warn("%s: casefold error for \"%s\": %s", - myname, list->match_args[i], utf8_err); - continue; - } + casefold(list->fold_buf, list->match_args[i]); if (list->match_func[i] (list, STR(list->fold_buf), pat)) return (match); else if (list->error != 0) diff --git a/postfix/src/util/match_ops.c b/postfix/src/util/match_ops.c index 6542f4910..35b553ee7 100644 --- a/postfix/src/util/match_ops.c +++ b/postfix/src/util/match_ops.c @@ -68,10 +68,6 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include diff --git a/postfix/src/util/msg.h b/postfix/src/util/msg.h index fef09313a..6c75bafc1 100644 --- a/postfix/src/util/msg.h +++ b/postfix/src/util/msg.h @@ -51,10 +51,10 @@ extern void PRINTFLIKE(4, 5) msg_rate_delay(time_t *, int, /* .fi /* The Secure Mailer license must be distributed with this software. /* AUTHOR(S) -/* Wietse Venema -/* IBM T.J. Watson Research -/* P.O. Box 704 -/* Yorktown Heights, NY 10598, USA +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA /*--*/ #endif diff --git a/postfix/src/util/msg_output.h b/postfix/src/util/msg_output.h index 2ac4739e0..ede7aff41 100644 --- a/postfix/src/util/msg_output.h +++ b/postfix/src/util/msg_output.h @@ -38,10 +38,10 @@ extern void msg_text(int, const char *); /* .fi /* The Secure Mailer license must be distributed with this software. /* AUTHOR(S) -/* Wietse Venema -/* IBM T.J. Watson Research -/* P.O. Box 704 -/* Yorktown Heights, NY 10598, USA +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA /*--*/ #endif diff --git a/postfix/src/util/msg_syslog.h b/postfix/src/util/msg_syslog.h index 863fb2d51..614daaecf 100644 --- a/postfix/src/util/msg_syslog.h +++ b/postfix/src/util/msg_syslog.h @@ -26,10 +26,10 @@ extern int msg_syslog_facility(const char *); /* .fi /* The Secure Mailer license must be distributed with this software. /* AUTHOR(S) -/* Wietse Venema -/* IBM T.J. Watson Research -/* P.O. Box 704 -/* Yorktown Heights, NY 10598, USA +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA /*--*/ #endif diff --git a/postfix/src/util/msg_vstream.h b/postfix/src/util/msg_vstream.h index a0dfc7048..d0679a047 100644 --- a/postfix/src/util/msg_vstream.h +++ b/postfix/src/util/msg_vstream.h @@ -25,10 +25,10 @@ extern void msg_vstream_init(const char *, VSTREAM *); /* .fi /* The Secure Mailer license must be distributed with this software. /* AUTHOR(S) -/* Wietse Venema -/* IBM T.J. Watson Research -/* P.O. Box 704 -/* Yorktown Heights, NY 10598, USA +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA /*--*/ #endif diff --git a/postfix/src/util/name_code.c b/postfix/src/util/name_code.c index 0fd9f99cb..ca6d94a1c 100644 --- a/postfix/src/util/name_code.c +++ b/postfix/src/util/name_code.c @@ -56,10 +56,6 @@ #include #include -#ifdef STRCASECMP_IN_STRINGS_H -#include -#endif - /* Utility library. */ #include diff --git a/postfix/src/util/slmdb.c b/postfix/src/util/slmdb.c index bbb985984..3e283d103 100644 --- a/postfix/src/util/slmdb.c +++ b/postfix/src/util/slmdb.c @@ -95,7 +95,7 @@ /* slmdb_control() specifies optional features. The result is /* an LMDB status code (zero in case of success). /* -/* Arguments: +/* Arguments: /* .IP slmdb /* Pointer to caller-provided storage. /* .IP curr_limit diff --git a/postfix/src/util/strcasecmp_utf8.c b/postfix/src/util/strcasecmp_utf8.c new file mode 100644 index 000000000..f38828e6f --- /dev/null +++ b/postfix/src/util/strcasecmp_utf8.c @@ -0,0 +1,213 @@ +/*++ +/* NAME +/* strcasecmp_utf8 3 +/* SUMMARY +/* caseless string comparison +/* SYNOPSIS +/* #include +/* +/* int strcasecmp_utf8( +/* const char *s1, +/* const char *s2) +/* +/* int strncasecmp_utf8( +/* const char *s1, +/* const char *s2, +/* ssize_t len) +/* AUXILIARY FUNCTIONS +/* int strcasecmp_utf8x( +/* int flags, +/* const char *s1, +/* const char *s2) +/* +/* int strncasecmp_utf8x( +/* int flags, +/* const char *s1, +/* const char *s2, +/* ssize_t len) +/* DESCRIPTION +/* strcasecmp_utf8() implements caseless string comparison for +/* UTF-8 text, with an API similar to strcasecmp(). Only ASCII +/* characters are casefolded when the code is compiled without +/* EAI support or when util_utf8_enable is zero. +/* +/* strncasecmp_utf8() implements caseless string comparison +/* for UTF-8 text, with an API similar to strncasecmp(). Only +/* ASCII characters are casefolded when the code is compiled +/* without EAI support or when util_utf8_enable is zero. +/* +/* strcasecmp_utf8x() and strncasecmp_utf8x() implement a more +/* complex API that provides the above functionality and more. +/* +/* Arguments: +/* .IP "s1, s2" +/* Null-terminated strings to be compared. +/* .IP len +/* String length before casefolding. +/* .IP flags +/* Zero or CASEF_FLAG_UTF8. The latter flag enables UTF-8 case +/* folding instead of folding only ASCII characters. This flag +/* is ignored when compiled without EAI support. +/* SEE ALSO +/* casefold(), casefold text for caseless comparison. +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/*--*/ + + /* + * System library. + */ +#include +#include + +#ifdef STRCASECMP_IN_STRINGS_H +#include +#endif + + /* + * Utility library. + */ +#include + +#define STR(x) vstring_str(x) + +static VSTRING *f1; /* casefold result for s1 */ +static VSTRING *f2; /* casefold result for s2 */ + +/* strcasecmp_utf8_init - initialize */ + +static void strcasecmp_utf8_init(void) +{ + f1 = vstring_alloc(100); + f2 = vstring_alloc(100); +} + +/* strcasecmp_utf8x - caseless string comparison */ + +int strcasecmp_utf8x(int flags, const char *s1, const char *s2) +{ + + /* + * Short-circuit optimization for ASCII-only text. This may be slower + * than using a cache for all results. We must not expose strcasecmp(3) + * to non-ASCII text. + */ + if (allascii(s1) && allascii(s2)) + return (strcasecmp(s1, s2)); + + if (f1 == 0) + strcasecmp_utf8_init(); + + /* + * Cross our fingers and hope that strcmp() remains agnostic of + * charactersets and locales. + */ + flags &= CASEF_FLAG_UTF8; + casefoldx(flags, f1, s1, -1); + casefoldx(flags, f2, s2, -1); + return (strcmp(STR(f1), STR(f2))); +} + +/* strncasecmp_utf8x - caseless string comparison */ + +int strncasecmp_utf8x(int flags, const char *s1, const char *s2, + ssize_t len) +{ + + /* + * Consider using a cache for all results. + */ + if (f1 == 0) + strcasecmp_utf8_init(); + + /* + * Short-circuit optimization for ASCII-only text. This may be slower + * than using a cache for all results. See comments above for limitations + * of strcasecmp(). XXX We could avoid the vstring_strncpy() if + * allascii() had a length argument. + */ + vstring_strncpy(f1, s1, len); + vstring_strncpy(f2, s2, len); + if (allascii(STR(f1)) && allascii(STR(f2))) + return (strncasecmp(STR(f1), STR(f2), len)); + + /* + * Caution: casefolding may change the number of bytes. See comments + * above for concerns about strcpy(). + */ + flags &= CASEF_FLAG_UTF8; + casefoldx(flags, f1, s1, len); + casefoldx(flags, f2, s2, len); + return (strcmp(STR(f1), STR(f2))); +} + +#ifdef TEST +#include +#include +#include +#include +#include + +int main(int argc, char **argv) +{ + VSTRING *buffer = vstring_alloc(1); + ARGV *cmd; + char **args; + int len; + int flags; + int res; + + msg_vstream_init(argv[0], VSTREAM_ERR); + flags = CASEF_FLAG_UTF8; + util_utf8_enable = 1; + while (vstring_fgets_nonl(buffer, VSTREAM_IN)) { + vstream_printf("> %s\n", STR(buffer)); + cmd = argv_split(STR(buffer), CHARS_SPACE); + if (cmd->argc == 0 || cmd->argv[0][0] == '#') + continue; + args = cmd->argv; + + /* + * Compare two strings. + */ + if (strcmp(args[0], "compare") == 0 && cmd->argc == 3) { + res = strcasecmp_utf8x(flags, args[1], args[2]); + vstream_printf("\"%s\" %s \"%s\"\n", + args[1], + res < 0 ? "<" : res == 0 ? "==" : ">", + args[2]); + } + + /* + * Compare two substrings. + */ + else if (strcmp(args[0], "compare-len") == 0 && cmd->argc == 4 + && (len = atoi(args[3])) > 0) { + res = strncasecmp_utf8x(flags, args[1], args[2], len); + vstream_printf("\"%.*s\" %s \"%.*s\"\n", + len, args[1], + res < 0 ? "<" : res == 0 ? "==" : ">", + len, args[2]); + } + + /* + * Usage. + */ + else { + vstream_printf("Usage: %s compare | compare-len \n", + argv[0]); + } + vstream_fflush(VSTREAM_OUT); + argv_free(cmd); + } + exit(0); +} + +#endif /* TEST */ diff --git a/postfix/src/util/strcasecmp_utf8_test.in b/postfix/src/util/strcasecmp_utf8_test.in new file mode 100644 index 000000000..673fff273 --- /dev/null +++ b/postfix/src/util/strcasecmp_utf8_test.in @@ -0,0 +1,9 @@ +compare Δημοσθένους.example.com δημοσθένουσ.example.com +compare Δημοσθένους.example.com ηδμοσθένουσ.example.com +compare ηδμοσθένουσ.example.com Δημοσθένους.example.com +compare HeLlO.ExAmPlE.CoM hello.example.com +compare HeLlO hellp +compare hellp HeLlO +compare-len HeLlO hellp 4 +compare abcde abcdf +compare YYY€€€XXX yyy€€€xxx diff --git a/postfix/src/util/strcasecmp_utf8_test.ref b/postfix/src/util/strcasecmp_utf8_test.ref new file mode 100644 index 000000000..cbb41dd5a --- /dev/null +++ b/postfix/src/util/strcasecmp_utf8_test.ref @@ -0,0 +1,18 @@ +> compare Δημοσθένους.example.com δημοσθένουσ.example.com +"Δημοσθένους.example.com" == "δημοσθένουσ.example.com" +> compare Δημοσθένους.example.com ηδμοσθένουσ.example.com +"Δημοσθένους.example.com" < "ηδμοσθένουσ.example.com" +> compare ηδμοσθένουσ.example.com Δημοσθένους.example.com +"ηδμοσθένουσ.example.com" > "Δημοσθένους.example.com" +> compare HeLlO.ExAmPlE.CoM hello.example.com +"HeLlO.ExAmPlE.CoM" == "hello.example.com" +> compare HeLlO hellp +"HeLlO" < "hellp" +> compare hellp HeLlO +"hellp" > "HeLlO" +> compare-len HeLlO hellp 4 +"HeLl" == "hell" +> compare abcde abcdf +"abcde" < "abcdf" +> compare YYY€€€XXX yyy€€€xxx +"YYY€€€XXX" == "yyy€€€xxx" diff --git a/postfix/src/util/stringops.h b/postfix/src/util/stringops.h index 52938ca30..764fc95f9 100644 --- a/postfix/src/util/stringops.h +++ b/postfix/src/util/stringops.h @@ -23,7 +23,7 @@ extern int util_utf8_enable; extern char *printable(char *, int); extern char *neuter(char *, const char *, int); extern char *lowercase(char *); -extern char *casefold(int, VSTRING *, const char *, CONST_CHAR_STAR *); +extern char *casefoldx(int, VSTRING *, const char *, ssize_t); extern char *uppercase(char *); extern char *skipblanks(const char *); extern char *trimblanks(char *, ssize_t); @@ -31,9 +31,11 @@ extern char *concatenate(const char *,...); extern char *mystrtok(char **, const char *); extern char *mystrtokq(char **, const char *, const char *); extern char *translit(char *, const char *, const char *); + #ifndef HAVE_BASENAME #define basename postfix_basename extern char *basename(const char *); + #endif extern char *sane_basename(VSTRING *, const char *); extern char *sane_dirname(VSTRING *, const char *); @@ -47,11 +49,32 @@ extern const char *split_nameval(char *, char **, char **); extern int valid_utf8_string(const char *, ssize_t); extern size_t balpar(const char *, const char *); extern char *extpar(char **, const char *, int); +extern int strcasecmp_utf8x(int, const char *, const char *); +extern int strncasecmp_utf8x(int, const char *, const char *, ssize_t); -#define EXTPAR_FLAG_NONE (0) +#define EXTPAR_FLAG_NONE (0) #define EXTPAR_FLAG_STRIP (1<<0) /* "{ text }" -> "text" */ #define EXTPAR_FLAG_EXTRACT (1<<1) /* hint from caller's caller */ +#define CASEF_FLAG_UTF8 (1<<0) +#define CASEF_FLAG_APPEND (1<<1) + + /* + * Convenience wrappers for most-common use cases. + */ +#define casefold(dst, src) \ + casefoldx(util_utf8_enable ? CASEF_FLAG_UTF8 : 0, (dst), (src), -1) +#define casefold_len(dst, src, len) \ + casefoldx(util_utf8_enable ? CASEF_FLAG_UTF8 : 0, (dst), (src), (len)) +#define casefold_append(dst, src) \ + casefoldx((util_utf8_enable ? CASEF_FLAG_UTF8 : 0) | CASEF_FLAG_APPEND, \ + (dst), (src), -1) + +#define strcasecmp_utf8(s1, s2) \ + strcasecmp_utf8x(util_utf8_enable ? CASEF_FLAG_UTF8 : 0, (s1), (s2)) +#define strncasecmp_utf8(s1, s2, l) \ + strncasecmp_utf8x(util_utf8_enable ? CASEF_FLAG_UTF8 : 0, (s1), (s2), (l)) + /* LICENSE /* .ad /* .fi diff --git a/postfix/src/util/valid_hostname.c b/postfix/src/util/valid_hostname.c index 5b11ad1b1..07c9eca68 100644 --- a/postfix/src/util/valid_hostname.c +++ b/postfix/src/util/valid_hostname.c @@ -40,8 +40,8 @@ /* valid_ipv4_hostaddr() and valid_ipv6_hostaddr() implement /* protocol-specific address syntax checks. A valid IPv4 /* address is in dotted-quad decimal form. A valid IPv6 address -/* has 16-bit hexadecimal fields separated by ":", and does not -/* include the RFC 2821 style "IPv6:" prefix. +/* has 16-bit hexadecimal fields separated by ":", and does not +/* include the RFC 2821 style "IPv6:" prefix. /* /* These routines operate silently unless the gripe parameter /* specifies a non-zero value. The macros DO_GRIPE and DONT_GRIPE diff --git a/postfix/src/util/vstream.c b/postfix/src/util/vstream.c index 2544c4caf..4f8c185f0 100644 --- a/postfix/src/util/vstream.c +++ b/postfix/src/util/vstream.c @@ -404,7 +404,7 @@ /* vstream_setjmp() saves processing context and makes that context /* available for use with vstream_longjmp(). Normally, vstream_setjmp() /* returns zero. A non-zero result means that vstream_setjmp() returned -/* through a vstream_longjmp() call; the result is the \fIval\fR argment +/* through a vstream_longjmp() call; the result is the \fIval\fR argument /* given to vstream_longjmp(). /* /* NB: non-local jumps such as vstream_longjmp() are not safe diff --git a/postfix/src/util/vstring.h b/postfix/src/util/vstring.h index 27832fb57..f143f9edb 100644 --- a/postfix/src/util/vstring.h +++ b/postfix/src/util/vstring.h @@ -63,7 +63,7 @@ CHECK_VAL_HELPER_DCL(VSTRING_CTL, ssize_t); /* * Macros. Unsafe macros have UPPERCASE names. */ -#define VSTRING_SPACE(vp, len) ((vp)->vbuf.space(&(vp)->vbuf, len)) +#define VSTRING_SPACE(vp, len) ((vp)->vbuf.space(&(vp)->vbuf, (len))) #define vstring_str(vp) ((char *) (vp)->vbuf.data) #define VSTRING_LEN(vp) ((ssize_t) ((vp)->vbuf.ptr - (vp)->vbuf.data)) #define vstring_end(vp) ((char *) (vp)->vbuf.ptr) diff --git a/postfix/src/verify/verify.c b/postfix/src/verify/verify.c index 009396ef9..300bd9ea3 100644 --- a/postfix/src/verify/verify.c +++ b/postfix/src/verify/verify.c @@ -151,7 +151,7 @@ /* SMTPUTF8 CONTROLS /* .ad /* .fi -/* Preliminary SMTPUTF8 support is introduced with Postfix 2.12. +/* Preliminary SMTPUTF8 support is introduced with Postfix 3.0. /* .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" /* Detect that a message requires SMTPUTF8 support for the specified /* mail origin classes. diff --git a/postfix/src/virtual/recipient.c b/postfix/src/virtual/recipient.c index 560a77a49..fd151f235 100644 --- a/postfix/src/virtual/recipient.c +++ b/postfix/src/virtual/recipient.c @@ -57,6 +57,7 @@ int deliver_recipient(LOCAL_STATE state, USER_ATTR usr_attr) { const char *myname = "deliver_recipient"; + VSTRING *folded; int rcpt_stat; /* @@ -72,8 +73,8 @@ int deliver_recipient(LOCAL_STATE state, USER_ATTR usr_attr) */ if (state.msg_attr.delivered == 0) state.msg_attr.delivered = state.msg_attr.rcpt.address; - state.msg_attr.user = mystrdup(state.msg_attr.rcpt.address); - lowercase(state.msg_attr.user); + folded = vstring_alloc(100); + state.msg_attr.user = casefold(folded, state.msg_attr.rcpt.address); /* * Deliver @@ -87,7 +88,7 @@ int deliver_recipient(LOCAL_STATE state, USER_ATTR usr_attr) /* * Cleanup. */ - myfree(state.msg_attr.user); + vstring_free(folded); return (rcpt_stat); } diff --git a/postfix/src/virtual/virtual.c b/postfix/src/virtual/virtual.c index 487b3a2d7..955eeb2d8 100644 --- a/postfix/src/virtual/virtual.c +++ b/postfix/src/virtual/virtual.c @@ -246,7 +246,7 @@ /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* .PP -/* Available in Postfix version 2.12 and later: +/* Available in Postfix version 3.0 and later: /* .IP "\fBvirtual_delivery_status_filter ($default_delivery_status_filter)\fR" /* Optional filter for the \fBvirtual\fR(8) delivery agent to change the /* delivery status code or explanatory text of successful or unsuccessful