1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3<html> <head> 4<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 5<link rel='stylesheet' type='text/css' href='postfix-doc.css'> 6<title> Postfix manual - smtp(8) </title> 7</head> <body> <pre> 8SMTP(8) SMTP(8) 9 10<b>NAME</b> 11 smtp - Postfix SMTP+LMTP client 12 13<b>SYNOPSIS</b> 14 <b>smtp</b> [generic Postfix daemon options] [flags=DORX] 15 16<b>DESCRIPTION</b> 17 The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery 18 protocols. It processes message delivery requests from the queue man- 19 ager. Each request specifies a queue file, a sender address, a domain 20 or host to deliver to, and recipient information. This program expects 21 to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager. 22 23 The SMTP+LMTP client updates the queue file and marks recipients as 24 finished, or it informs the queue manager that delivery should be tried 25 again at a later time. Delivery status reports are sent to the 26 <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate. 27 28 The SMTP+LMTP client looks up a list of mail exchanger addresses for 29 the destination host, sorts the list by preference, and connects to 30 each listed address until it finds a server that responds. 31 32 When a server is not reachable, or when mail delivery fails due to a 33 recoverable error condition, the SMTP+LMTP client will try to deliver 34 the mail to an alternate host. 35 36 After a successful mail transaction, a connection may be saved to the 37 <a href="scache.8.html"><b>scache</b>(8)</a> connection cache server, so that it may be used by any 38 SMTP+LMTP client for a subsequent transaction. 39 40 By default, connection caching is enabled temporarily for destinations 41 that have a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. Connection caching 42 can be enabled permanently for specific destinations. 43 44<b>SMTP DESTINATION SYNTAX</b> 45 The Postfix SMTP+LMTP client supports multiple destinations separated 46 by comma or whitespace (Postfix 3.5 and later). SMTP destinations have 47 the following form: 48 49 <i>domainname</i> 50 51 <i>domainname</i>:<i>port</i> 52 Look up the mail exchangers for the specified domain, and con- 53 nect to the specified port (default: <b>smtp</b>). 54 55 [<i>hostname</i>] 56 57 [<i>hostname</i>]:<i>port</i> 58 Look up the address(es) of the specified host, and connect to 59 the specified port (default: <b>smtp</b>). 60 61 [<i>address</i>] 62 63 [<i>address</i>]:<i>port</i> 64 Connect to the host at the specified address, and connect to the 65 specified port (default: <b>smtp</b>). An IPv6 address must be format- 66 ted as [<b>ipv6</b>:<i>address</i>]. 67 68<b>LMTP DESTINATION SYNTAX</b> 69 The Postfix SMTP+LMTP client supports multiple destinations separated 70 by comma or whitespace (Postfix 3.5 and later). LMTP destinations have 71 the following form: 72 73 <b>unix</b>:<i>pathname</i> 74 Connect to the local UNIX-domain server that is bound to the 75 specified <i>pathname</i>. If the process runs chrooted, an absolute 76 pathname is interpreted relative to the Postfix queue directory. 77 78 <b>inet</b>:<i>hostname</i> 79 80 <b>inet</b>:<i>hostname</i>:<i>port</i> 81 82 <b>inet</b>:[<i>address</i>] 83 84 <b>inet</b>:[<i>address</i>]:<i>port</i> 85 Connect to the specified TCP port on the specified local or 86 remote host. If no port is specified, connect to the port 87 defined as <b>lmtp</b> in <b>services</b>(4). If no such service is found, 88 the <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a></b> configuration parameter (default value of 24) 89 will be used. An IPv6 address must be formatted as 90 [<b>ipv6</b>:<i>address</i>]. 91 92<b>SINGLE-RECIPIENT DELIVERY</b> 93 By default, the Postfix SMTP+LMTP client delivers mail to multiple 94 recipients per delivery request. This is undesirable when prepending a 95 <b>Delivered-to:</b> or <b>X-Original-To:</b> message header. To prevent Postfix from 96 sending multiple recipients per delivery request, specify 97 98 <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> = 1</b> 99 100 in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, where <i>transport</i> is the name in the first 101 column of the Postfix <a href="master.5.html"><b>master.cf</b></a> entry for this mail delivery service. 102 103<b>COMMAND ATTRIBUTE SYNTAX</b> 104 <b>flags=DORX</b> (optional) 105 Optional message processing flags. 106 107 <b>D</b> Prepend a "<b>Delivered-To:</b> <i>recipient</i>" message header with 108 the envelope recipient address. Note: for this to work, 109 the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must be 1 (see 110 SINGLE-RECIPIENT DELIVERY above for details). 111 112 The <b>D</b> flag also enforces loop detection: if a message 113 already contains a <b>Delivered-To:</b> header with the same 114 recipient address, then the message is returned as unde- 115 liverable. The address comparison is case insensitive. 116 117 This feature is available as of Postfix 3.5. 118 119 <b>O</b> Prepend an "<b>X-Original-To:</b> <i>recipient</i>" message header with 120 the recipient address as given to Postfix. Note: for this 121 to work, the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must 122 be 1 (see SINGLE-RECIPIENT DELIVERY above for details). 123 124 This feature is available as of Postfix 3.5. 125 126 <b>R</b> Prepend a "<b>Return-Path:</b> <<i>sender</i>>" message header with the 127 envelope sender address. 128 129 This feature is available as of Postfix 3.5. 130 131 <b>X</b> Indicates that the delivery is final. This flag affects 132 the status reported in "success" DSN (delivery status 133 notification) messages, and changes it from "relayed" 134 into "delivered". 135 136 This feature is available as of Postfix 3.5. 137 138<b>SECURITY</b> 139 The SMTP+LMTP client is moderately security-sensitive. It 140 talks to SMTP or LMTP servers and to DNS servers on the 141 network. The SMTP+LMTP client can be run chrooted at fixed 142 low privilege. 143 144<b>STANDARDS</b> 145 <a href="https://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol) 146 <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages) 147 <a href="https://tools.ietf.org/html/rfc1651">RFC 1651</a> (SMTP service extensions) 148 <a href="https://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport) 149 <a href="https://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration) 150 <a href="https://tools.ietf.org/html/rfc2033">RFC 2033</a> (LMTP protocol) 151 <a href="https://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Error Codes) 152 <a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies) 153 <a href="https://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types) 154 <a href="https://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command) 155 <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol) 156 <a href="https://tools.ietf.org/html/rfc2782">RFC 2782</a> (SRV resource records) 157 <a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining) 158 <a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command) 159 <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension) 160 <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes) 161 <a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command) 162 <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol) 163 <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP) 164 <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications) 165 <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS) 166 167<b>DIAGNOSTICS</b> 168 Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. 169 Corrupted message files are marked so that the queue manager can move 170 them to the <b>corrupt</b> queue for further inspection. 171 172 Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas- 173 ter is notified of bounces, protocol problems, and of other trouble. 174 175<b>BUGS</b> 176 SMTP and LMTP connection reuse for TLS (without closing the SMTP or 177 LMTP connection) is not supported before Postfix 3.4. 178 179 SMTP and LMTP connection reuse assumes that SASL credentials are valid 180 for all destinations that map onto the same IP address and TCP port. 181 182<b>CONFIGURATION PARAMETERS</b> 183 Before Postfix version 2.3, the LMTP client is a separate program that 184 implements only a subset of the functionality available with SMTP: 185 there is no support for TLS, and connections are cached in-process, 186 making it ineffective when the client is used for multiple domains. 187 188 Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param- 189 eter for the equivalent LMTP feature. This document describes only 190 those LMTP-related parameters that aren't simply "mirror" parameters. 191 192 Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes 193 run for only a limited amount of time. Use the command "<b>postfix reload</b>" 194 to speed up a change. 195 196 The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for 197 more details including examples. 198 199<b>COMPATIBILITY CONTROLS</b> 200 <b><a href="postconf.5.html#ignore_mx_lookup_error">ignore_mx_lookup_error</a> (no)</b> 201 Ignore DNS MX lookups that produce no response. 202 203 <b><a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> (yes)</b> 204 Always send EHLO at the start of an SMTP session. 205 206 <b><a href="postconf.5.html#smtp_never_send_ehlo">smtp_never_send_ehlo</a> (no)</b> 207 Never send EHLO at the start of an SMTP session. 208 209 <b><a href="postconf.5.html#smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> (no)</b> 210 Defer mail delivery when no MX record resolves to an IP address. 211 212 <b><a href="postconf.5.html#smtp_line_length_limit">smtp_line_length_limit</a> (998)</b> 213 The maximal length of message header and body lines that Postfix 214 will send via SMTP. 215 216 <b><a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> (10s)</b> 217 How long the Postfix SMTP client pauses before sending 218 ".<CR><LF>" in order to work around the PIX firewall 219 "<CR><LF>.<CR><LF>" bug. 220 221 <b><a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> (500s)</b> 222 How long a message must be queued before the Postfix SMTP client 223 turns on the PIX firewall "<CR><LF>.<CR><LF>" bug workaround for 224 delivery through firewalls with "smtp fixup" mode turned on. 225 226 <b><a href="postconf.5.html#smtp_pix_workarounds">smtp_pix_workarounds</a> (disable_esmtp, delay_dotcrlf)</b> 227 A list that specifies zero or more workarounds for CISCO PIX 228 firewall bugs. 229 230 <b><a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> (empty)</b> 231 Lookup tables, indexed by the remote SMTP server address, with 232 per-destination workarounds for CISCO PIX firewall bugs. 233 234 <b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b> 235 Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO 236 commands as required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 237 238 <b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b> 239 A mechanism to transform replies from remote SMTP servers one 240 line at a time. 241 242 <b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b> 243 Skip remote SMTP servers that greet with a 5XX status code. 244 245 <b><a href="postconf.5.html#smtp_skip_quit_response">smtp_skip_quit_response</a> (yes)</b> 246 Do not wait for the response to the SMTP QUIT command. 247 248 Available in Postfix version 2.0 and earlier: 249 250 <b><a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> (yes)</b> 251 Skip SMTP servers that greet with a 4XX status code (go away, 252 try again later). 253 254 Available in Postfix version 2.2 and later: 255 256 <b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b> 257 Lookup tables, indexed by the remote SMTP server address, with 258 case insensitive lists of EHLO keywords (pipelining, starttls, 259 auth, etc.) that the Postfix SMTP client will ignore in the EHLO 260 response from a remote SMTP server. 261 262 <b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b> 263 A case insensitive list of EHLO keywords (pipelining, starttls, 264 auth, etc.) that the Postfix SMTP client will ignore in the EHLO 265 response from a remote SMTP server. 266 267 <b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b> 268 Optional lookup tables that perform address rewriting in the 269 Postfix SMTP client, typically to transform a locally valid 270 address into a globally valid address when sending mail across 271 the Internet. 272 273 Available in Postfix version 2.2.9 and later: 274 275 <b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b> 276 When the remote SMTP servername is a DNS CNAME, replace the 277 servername with the result from CNAME expansion for the purpose 278 of logging, SASL password lookup, TLS policy decisions, or TLS 279 certificate verification. 280 281 Available in Postfix version 2.3 and later: 282 283 <b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b> 284 Lookup tables, indexed by the remote LMTP server address, with 285 case insensitive lists of LHLO keywords (pipelining, starttls, 286 auth, etc.) that the Postfix LMTP client will ignore in the LHLO 287 response from a remote LMTP server. 288 289 <b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b> 290 A case insensitive list of LHLO keywords (pipelining, starttls, 291 auth, etc.) that the Postfix LMTP client will ignore in the LHLO 292 response from a remote LMTP server. 293 294 Available in Postfix version 2.4.4 and later: 295 296 <b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b> 297 When authenticating to a remote SMTP or LMTP server with the 298 default setting "no", send no SASL authoriZation ID (authzid); 299 send only the SASL authentiCation ID (authcid) plus the auth- 300 cid's password. 301 302 Available in Postfix version 2.5 and later: 303 304 <b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b> 305 Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client. 306 307 <b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b> 308 Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP 309 client. 310 311 <b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b> 312 Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP 313 client. 314 315 <b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b> 316 Restricted <a href="header_checks.5.html"><b>body_checks</b>(5)</a> tables for the Postfix SMTP client. 317 318 Available in Postfix version 2.6 and later: 319 320 <b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b> 321 An optional workaround for routers that break TCP window scal- 322 ing. 323 324 Available in Postfix version 2.8 and later: 325 326 <b><a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a> (empty)</b> 327 DNS Resolver options for the Postfix SMTP client. 328 329 Available in Postfix version 2.9 - 3.6: 330 331 <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b> 332 Change the behavior of the smtp_*_timeout time limits, from a 333 time limit per read or write system call, to a time limit to 334 send or receive a complete record (an SMTP command line, SMTP 335 response line, SMTP message content line, or TLS protocol mes- 336 sage). 337 338 Available in Postfix version 2.9 and later: 339 340 <b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b> 341 Whether or not to append the "AUTH=<>" option to the MAIL FROM 342 command in SASL-authenticated SMTP sessions. 343 344 Available in Postfix version 2.11 and later: 345 346 <b><a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> (empty)</b> 347 Level of DNS support in the Postfix SMTP client. 348 349 Available in Postfix version 3.0 and later: 350 351 <b><a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b> 352 Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the 353 delivery status code or explanatory text of successful or unsuc- 354 cessful deliveries. 355 356 <b><a href="postconf.5.html#smtp_dns_reply_filter">smtp_dns_reply_filter</a> (empty)</b> 357 Optional filter for Postfix SMTP client DNS lookup results. 358 359 Available in Postfix version 3.3 and later: 360 361 <b><a href="postconf.5.html#smtp_balance_inet_protocols">smtp_balance_inet_protocols</a> (yes)</b> 362 When a remote destination resolves to a combination of IPv4 and 363 IPv6 addresses, ensure that the Postfix SMTP client can try both 364 address types before it runs into the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a>. 365 366 Available in Postfix 3.5 and later: 367 368 <b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b> 369 The email address form that will be used in non-debug logging 370 (info, warning, etc.). 371 372 Available in Postfix 3.6 and later: 373 374 <b><a href="postconf.5.html#dnssec_probe">dnssec_probe</a> (ns:.)</b> 375 The DNS query type (default: "ns") and DNS query name (default: 376 ".") that Postfix may use to determine whether DNSSEC validation 377 is available. 378 379 <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b> 380 <b>sion=587)</b> 381 Optional setting that avoids lookups in the <b>services</b>(5) data- 382 base. 383 384 Available in Postfix version 3.7 and later: 385 386 <b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b> 387 Change the behavior of the smtp_*_timeout time limits, from a 388 time limit per plaintext or TLS read or write call, to a com- 389 bined time limit for sending a complete SMTP request and for 390 receiving a complete SMTP response. 391 392 <b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b> 393 The minimum plaintext data transfer rate in bytes/second for 394 DATA requests, when deadlines are enabled with 395 <a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>. 396 397 <b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b> 398 The format of the Postfix-generated <b>From:</b> header. 399 400 Available in Postfix version 3.8 and later: 401 402 <b><a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> (empty)</b> 403 Enables discovery for the specified service(s) using DNS SRV 404 records. 405 406 <b><a href="postconf.5.html#ignore_srv_lookup_error">ignore_srv_lookup_error</a> (no)</b> 407 When SRV record lookup fails, fall back to MX or IP address 408 lookup as if SRV record lookup was not enabled. 409 410 <b><a href="postconf.5.html#allow_srv_lookup_fallback">allow_srv_lookup_fallback</a> (no)</b> 411 When SRV record lookup fails or no SRV record exists, fall back 412 to MX or IP address lookup as if SRV record lookup was not 413 enabled. 414 415<b>MIME PROCESSING CONTROLS</b> 416 Available in Postfix version 2.0 and later: 417 418 <b><a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a> (no)</b> 419 Disable the conversion of 8BITMIME format to 7BIT format. 420 421 <b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b> 422 The maximal length of MIME multipart boundary strings. 423 424 <b><a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> (100)</b> 425 The maximal recursion level that the MIME processor will handle. 426 427<b>EXTERNAL CONTENT INSPECTION CONTROLS</b> 428 Available in Postfix version 2.1 and later: 429 430 <b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b> 431 Send the non-standard XFORWARD command when the Postfix SMTP 432 server EHLO response announces XFORWARD support. 433 434<b>SASL AUTHENTICATION CONTROLS</b> 435 <b><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> (no)</b> 436 Enable SASL authentication in the Postfix SMTP client. 437 438 <b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b> 439 Optional Postfix SMTP client lookup tables with one user- 440 name:password entry per sender, remote hostname or next-hop 441 domain. 442 443 <b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b> 444 Postfix SMTP client SASL security options; as of Postfix 2.3 the 445 list of available features depends on the SASL client implemen- 446 tation that is selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. 447 448 Available in Postfix version 2.2 and later: 449 450 <b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b> 451 If non-empty, a Postfix SMTP client filter for the remote SMTP 452 server's list of offered SASL mechanisms. 453 454 Available in Postfix version 2.3 and later: 455 456 <b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b> 457 Enable sender-dependent authentication in the Postfix SMTP 458 client; this is available only with SASL authentication, and 459 disables SMTP connection caching to ensure that mail from dif- 460 ferent senders will use the appropriate credentials. 461 462 <b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b> 463 Implementation-specific information that the Postfix SMTP client 464 passes through to the SASL plug-in implementation that is 465 selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. 466 467 <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b> 468 The SASL plug-in type that the Postfix SMTP client should use 469 for authentication. 470 471 Available in Postfix version 2.5 and later: 472 473 <b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b> 474 An optional table to prevent repeated SASL authentication fail- 475 ures with the same remote SMTP server hostname, username and 476 password. 477 478 <b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b> 479 The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it 480 is removed. 481 482 <b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b> 483 When a remote SMTP server rejects a SASL authentication request 484 with a 535 reply code, defer mail delivery instead of returning 485 mail as undeliverable. 486 487 Available in Postfix version 2.9 and later: 488 489 <b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b> 490 Whether or not to append the "AUTH=<>" option to the MAIL FROM 491 command in SASL-authenticated SMTP sessions. 492 493<b>STARTTLS SUPPORT CONTROLS</b> 494 Detailed information about STARTTLS configuration may be found in the 495 <a href="TLS_README.html">TLS_README</a> document. 496 497 <b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b> 498 The default SMTP TLS security level for the Postfix SMTP client. 499 500 <b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b> 501 The SASL authentication security options that the Postfix SMTP 502 client uses for TLS encrypted SMTP sessions. 503 504 <b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b> 505 Time limit for Postfix SMTP client write and read operations 506 during TLS startup and shutdown handshake procedures. 507 508 <b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b> 509 A file containing CA certificates of root CAs trusted to sign 510 either remote SMTP server certificates or intermediate CA cer- 511 tificates. 512 513 <b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b> 514 Directory with PEM format Certification Authority certificates 515 that the Postfix SMTP client uses to verify a remote SMTP server 516 certificate. 517 518 <b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b> 519 File with the Postfix SMTP client RSA certificate in PEM format. 520 521 <b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b> 522 The minimum TLS cipher grade that the Postfix SMTP client will 523 use with mandatory TLS encryption. 524 525 <b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b> 526 List of ciphers or cipher types to exclude from the Postfix SMTP 527 client cipher list at all TLS security levels. 528 529 <b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b> 530 Additional list of ciphers or cipher types to exclude from the 531 Postfix SMTP client cipher list at mandatory TLS security lev- 532 els. 533 534 <b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b> 535 File with the Postfix SMTP client DSA certificate in PEM format. 536 537 <b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b> 538 File with the Postfix SMTP client DSA private key in PEM format. 539 540 <b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b> 541 File with the Postfix SMTP client RSA private key in PEM format. 542 543 <b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b> 544 Enable additional Postfix SMTP client logging of TLS activity. 545 546 <b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b> 547 Log the hostname of a remote SMTP server that offers STARTTLS, 548 when TLS is not already enabled for that server. 549 550 <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b> 551 Optional lookup tables with the Postfix SMTP client TLS security 552 policy by next-hop destination; when a non-empty value is speci- 553 fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter. 554 555 <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (see 'postconf -d' output)</b> 556 TLS protocols that the Postfix SMTP client will use with manda- 557 tory TLS encryption. 558 559 <b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b> 560 The verification depth for remote SMTP server certificates. 561 562 <b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b> 563 How the Postfix SMTP client verifies the server certificate 564 peername for the "secure" TLS security level. 565 566 <b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b> 567 Name of the file containing the optional Postfix SMTP client TLS 568 session cache. 569 570 <b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b> 571 The expiration time of Postfix SMTP client TLS session cache 572 information. 573 574 <b><a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> (hostname)</b> 575 How the Postfix SMTP client verifies the server certificate 576 peername for the "verify" TLS security level. 577 578 <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b> 579 The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> 580 process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its 581 internal pseudo random number generator (PRNG). 582 583 <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (see 'postconf -d' output)</b> 584 The OpenSSL cipherlist for "high" grade ciphers. 585 586 <b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (see 'postconf -d' output)</b> 587 The OpenSSL cipherlist for "medium" or higher grade ciphers. 588 589 <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b> 590 The OpenSSL cipherlist for "NULL" grade ciphers that provide 591 authentication without encryption. 592 593 Available in in Postfix version 2.3..3.7: 594 595 <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (see 'postconf -d' output)</b> 596 The OpenSSL cipherlist for "low" or higher grade ciphers. 597 598 <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (see 'postconf -d' output)</b> 599 The OpenSSL cipherlist for "export" or higher grade ciphers. 600 601 Available in Postfix version 2.4 and later: 602 603 <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_secu</a>-</b> 604 <b><a href="postconf.5.html#smtp_sasl_tls_security_options">rity_options</a>)</b> 605 The SASL authentication security options that the Postfix SMTP 606 client uses for TLS encrypted SMTP sessions with a verified 607 server certificate. 608 609 Available in Postfix version 2.5 and later: 610 611 <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b> 612 List of acceptable remote SMTP server certificate fingerprints 613 for the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b> 614 <b><a href="postconf.5.html#smtp_tls_security_level">rity_level</a></b> = fingerprint). 615 616 <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (see 'postconf -d' output)</b> 617 The message digest algorithm used to construct remote SMTP 618 server certificate fingerprints. 619 620 Available in Postfix version 2.6 and later: 621 622 <b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (see postconf -d output)</b> 623 TLS protocols that the Postfix SMTP client will use with oppor- 624 tunistic TLS encryption. 625 626 <b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (medium)</b> 627 The minimum TLS cipher grade that the Postfix SMTP client will 628 use with opportunistic TLS encryption. 629 630 <b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b> 631 File with the Postfix SMTP client ECDSA certificate in PEM for- 632 mat. 633 634 <b><a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b> 635 File with the Postfix SMTP client ECDSA private key in PEM for- 636 mat. 637 638 Available in Postfix version 2.7 and later: 639 640 <b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b> 641 Try to detect a mail hijacking attack based on a TLS protocol 642 vulnerability (CVE-2009-3555), where an attacker prepends mali- 643 cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client 644 TLS session. 645 646 Available in Postfix version 2.8 and later: 647 648 <b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b> 649 List or bit-mask of OpenSSL bug work-arounds to disable. 650 651 Available in Postfix version 2.11-3.1: 652 653 <b><a href="postconf.5.html#tls_dane_digest_agility">tls_dane_digest_agility</a> (on)</b> 654 Configure <a href="https://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility. 655 656 <b><a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> (yes)</b> 657 Enable support for <a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain 658 digests of trust-anchors with certificate usage "2". 659 660 Available in Postfix version 2.11 and later: 661 662 <b><a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> (empty)</b> 663 Zero or more PEM-format files with trust-anchor certificates 664 and/or public keys. 665 666 <b><a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> (no)</b> 667 Lookup the associated DANE TLSA RRset even when a hostname is 668 not an alias and its address records lie in an unsigned zone. 669 670 <b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b> 671 The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>. 672 673 Available in Postfix version 3.0 and later: 674 675 <b><a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> (no)</b> 676 Request that the Postfix SMTP client connects using the SUBMIS- 677 SIONS/SMTPS protocol instead of using the STARTTLS command. 678 679 Available in Postfix version 3.1 and later: 680 681 <b><a href="postconf.5.html#smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a> (see 'postconf -d' output)</b> 682 The TLS policy for MX hosts with "secure" TLSA records when the 683 nexthop destination security level is <b>dane</b>, but the MX record 684 was found via an "insecure" MX lookup. 685 686 Available in Postfix version 3.2 and later: 687 688 <b><a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a> (see 'postconf -d' output)</b> 689 The prioritized list of elliptic curves supported by the Postfix 690 SMTP client and server. 691 692 Available in Postfix version 3.4 and later: 693 694 <b><a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> (no)</b> 695 Try to make multiple deliveries per TLS-encrypted connection. 696 697 <b><a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> (empty)</b> 698 List of one or more PEM files, each holding one or more private 699 keys directly followed by a corresponding certificate chain. 700 701 <b><a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> (empty)</b> 702 Optional name to send to the remote SMTP server in the TLS 703 Server Name Indication (SNI) extension. 704 705 Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later: 706 707 <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b> 708 A workaround for implementations that hang Postfix while shut- 709 ting down a TLS session, until Postfix times out. 710 711 Available in Postfix version 3.8 and later: 712 713 <b><a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a> (see 'postconf -d' output)</b> 714 The prioritized list of finite-field Diffie-Hellman ephemeral 715 (FFDHE) key exchange groups supported by the Postfix SMTP client 716 and server. 717 718 Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: 719 720 <b><a href="postconf.5.html#tls_config_file">tls_config_file</a> (default)</b> 721 Optional configuration file with baseline OpenSSL settings. 722 723 <b><a href="postconf.5.html#tls_config_name">tls_config_name</a> (empty)</b> 724 The application name passed by Postfix to OpenSSL library ini- 725 tialization functions. 726 727<b>OBSOLETE STARTTLS CONTROLS</b> 728 The following configuration parameters exist for compatibility with 729 Postfix versions before 2.3. Support for these will be removed in a 730 future release. 731 732 <b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b> 733 Opportunistic mode: use TLS when a remote SMTP server announces 734 STARTTLS support, otherwise send the mail in the clear. 735 736 <b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b> 737 Enforcement mode: require that remote SMTP servers use TLS 738 encryption, and never send mail in the clear. 739 740 <b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b> 741 With mandatory TLS encryption, require that the remote SMTP 742 server hostname matches the information in the remote SMTP 743 server certificate. 744 745 <b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b> 746 Optional lookup tables with the Postfix SMTP client TLS usage 747 policy by next-hop destination and by remote SMTP server host- 748 name. 749 750 <b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b> 751 Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS 752 cipher list. 753 754<b>RESOURCE AND RATE CONTROLS</b> 755 <b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b> 756 The Postfix SMTP client time limit for completing a TCP connec- 757 tion, or zero (use the operating system built-in time limit). 758 759 <b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b> 760 The Postfix SMTP client time limit for sending the HELO or EHLO 761 command, and for receiving the initial remote SMTP server 762 response. 763 764 <b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b> 765 The Postfix LMTP client time limit for sending the LHLO command, 766 and for receiving the initial remote LMTP server response. 767 768 <b><a href="postconf.5.html#smtp_xforward_timeout">smtp_xforward_timeout</a> (300s)</b> 769 The Postfix SMTP client time limit for sending the XFORWARD com- 770 mand, and for receiving the remote SMTP server response. 771 772 <b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b> 773 The Postfix SMTP client time limit for sending the MAIL FROM 774 command, and for receiving the remote SMTP server response. 775 776 <b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b> 777 The Postfix SMTP client time limit for sending the SMTP RCPT TO 778 command, and for receiving the remote SMTP server response. 779 780 <b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b> 781 The Postfix SMTP client time limit for sending the SMTP DATA 782 command, and for receiving the remote SMTP server response. 783 784 <b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b> 785 The Postfix SMTP client time limit for sending the SMTP message 786 content. 787 788 <b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b> 789 The Postfix SMTP client time limit for sending the SMTP ".", and 790 for receiving the remote SMTP server response. 791 792 <b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b> 793 The Postfix SMTP client time limit for sending the QUIT command, 794 and for receiving the remote SMTP server response. 795 796 Available in Postfix version 2.1 and later: 797 798 <b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b> 799 The maximal number of MX (mail exchanger) IP addresses that can 800 result from Postfix SMTP client mail exchanger lookups, or zero 801 (no limit). 802 803 <b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b> 804 The maximal number of SMTP sessions per delivery request before 805 the Postfix SMTP client gives up or delivers to a fall-back 806 <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit). 807 808 <b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b> 809 The Postfix SMTP client time limit for sending the RSET command, 810 and for receiving the remote SMTP server response. 811 812 Available in Postfix version 2.2 and earlier: 813 814 <b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b> 815 Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a> 816 seconds. 817 818 Available in Postfix version 2.2 and later: 819 820 <b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b> 821 Permanently enable SMTP connection caching for the specified 822 destinations. 823 824 <b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b> 825 Temporarily enable SMTP connection caching while a destination 826 has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. 827 828 <b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b> 829 The amount of time during which Postfix will use an SMTP connec- 830 tion repeatedly. 831 832 <b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b> 833 When SMTP connection caching is enabled, the amount of time that 834 an unused SMTP client socket is kept open before it is closed. 835 836 Available in Postfix version 2.3 and later: 837 838 <b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b> 839 Time limit for connection cache connect, send or receive opera- 840 tions. 841 842 Available in Postfix version 2.9 - 3.6: 843 844 <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b> 845 Change the behavior of the smtp_*_timeout time limits, from a 846 time limit per read or write system call, to a time limit to 847 send or receive a complete record (an SMTP command line, SMTP 848 response line, SMTP message content line, or TLS protocol mes- 849 sage). 850 851 Available in Postfix version 2.11 and later: 852 853 <b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b> 854 When SMTP connection caching is enabled, the number of times 855 that an SMTP session may be reused before it is closed, or zero 856 (no limit). 857 858 Available in Postfix version 3.4 and later: 859 860 <b><a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> (no)</b> 861 Try to make multiple deliveries per TLS-encrypted connection. 862 863 Available in Postfix version 3.7 and later: 864 865 <b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b> 866 Change the behavior of the smtp_*_timeout time limits, from a 867 time limit per plaintext or TLS read or write call, to a com- 868 bined time limit for sending a complete SMTP request and for 869 receiving a complete SMTP response. 870 871 <b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b> 872 The minimum plaintext data transfer rate in bytes/second for 873 DATA requests, when deadlines are enabled with 874 <a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>. 875 876 Implemented in the <a href="qmgr.8.html">qmgr(8)</a> daemon: 877 878 <b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b> 879 <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b> 880 A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>- 881 <a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 882 name of the message delivery transport. 883 884 <b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b> 885 <b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b> 886 A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>- 887 <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 888 name of the message delivery transport. 889 890<b>SMTPUTF8 CONTROLS</b> 891 Preliminary SMTPUTF8 support is introduced with Postfix 3.0. 892 893 <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b> 894 Enable preliminary SMTPUTF8 support for the protocols described 895 in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>. 896 897 <b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b> 898 Detect that a message requires SMTPUTF8 support for the speci- 899 fied mail origin classes. 900 901 Available in Postfix version 3.2 and later: 902 903 <b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b> 904 Enable 'transitional' compatibility between IDNA2003 and 905 IDNA2008, when converting UTF-8 domain names to/from the ASCII 906 form that is used for DNS lookups. 907 908<b>TROUBLE SHOOTING CONTROLS</b> 909 <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b> 910 The increment in verbose logging level when a nexthop destina- 911 tion, remote client or server name or network address matches a 912 pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. 913 914 <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b> 915 Optional list of nexthop destination, remote client or server 916 name or network address patterns that, if matched, cause the 917 verbose logging level to increase by the amount specified in 918 $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>. 919 920 <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b> 921 The recipient of postmaster notifications about mail delivery 922 problems that are caused by policy, resource, software or proto- 923 col errors. 924 925 <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b> 926 What categories of Postfix-generated mail are subject to 927 before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, 928 <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>. 929 930 <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b> 931 The list of error classes that are reported to the postmaster. 932 933<b>MISCELLANEOUS CONTROLS</b> 934 <b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b> 935 Where the Postfix SMTP client should deliver mail when it 936 detects a "mail loops back to myself" error condition. 937 938 <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> 939 The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con- 940 figuration files. 941 942 <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b> 943 How much time a Postfix daemon process may take to handle a 944 request before it is terminated by a built-in watchdog timer. 945 946 <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b> 947 The maximal number of digits after the decimal point when log- 948 ging sub-second delay values. 949 950 <b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b> 951 Disable DNS lookups in the Postfix SMTP and LMTP clients. 952 953 <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b> 954 The local network interface addresses that this mail system 955 receives mail on. 956 957 <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d output')</b> 958 The Internet protocols Postfix will attempt to use when making 959 or accepting connections. 960 961 <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b> 962 The time limit for sending or receiving information over an 963 internal communication channel. 964 965 <b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b> 966 When a remote LMTP server announces no DSN support, assume that 967 the server performs final delivery, and send "delivered" deliv- 968 ery status notifications instead of "relayed". 969 970 <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b> 971 The default TCP port that the Postfix LMTP client connects to. 972 973 <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b> 974 The maximum amount of time that an idle Postfix daemon process 975 waits for an incoming connection before terminating voluntarily. 976 977 <b><a href="postconf.5.html#max_use">max_use</a> (100)</b> 978 The maximal number of incoming connections that a Postfix daemon 979 process will service before terminating voluntarily. 980 981 <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b> 982 The process ID of a Postfix command or daemon process. 983 984 <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b> 985 The process name of a Postfix command or daemon process. 986 987 <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b> 988 The remote network interface addresses that this mail system 989 receives mail on by way of a proxy or network address transla- 990 tion unit. 991 992 <b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b> 993 The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP 994 client will try first, when a destination has IPv6 and IPv4 995 addresses with equal MX preference. 996 997 <b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b> 998 An optional numerical network address that the Postfix SMTP 999 client should bind to when making an IPv4 connection. 1000 1001 <b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b> 1002 An optional numerical network address that the Postfix SMTP 1003 client should bind to when making an IPv6 connection. 1004 1005 <b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> 1006 The hostname to send in the SMTP HELO or EHLO command. 1007 1008 <b><a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> 1009 The hostname to send in the LMTP LHLO command. 1010 1011 <b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b> 1012 What mechanisms the Postfix SMTP client uses to look up a host's 1013 IP address. 1014 1015 <b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b> 1016 Randomize the order of equal-preference MX host addresses. 1017 1018 <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b> 1019 The syslog facility of Postfix logging. 1020 1021 <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b> 1022 A prefix that is prepended to the process name in syslog 1023 records, so that, for example, "smtpd" becomes "prefix/smtpd". 1024 1025 Available with Postfix 2.2 and earlier: 1026 1027 <b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b> 1028 Optional list of relay hosts for SMTP destinations that can't be 1029 found or that are unreachable. 1030 1031 Available with Postfix 2.3 and later: 1032 1033 <b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b> 1034 Optional list of relay destinations that will be used when an 1035 SMTP destination is not found, or when delivery fails due to a 1036 non-permanent error. 1037 1038 Available with Postfix 3.0 and later: 1039 1040 <b><a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> (rcpt)</b> 1041 In the context of email address verification, the SMTP protocol 1042 stage that determines whether an email address is deliverable. 1043 1044 Available with Postfix 3.1 and later: 1045 1046 <b><a href="postconf.5.html#lmtp_fallback_relay">lmtp_fallback_relay</a> (empty)</b> 1047 Optional list of relay hosts for LMTP destinations that can't be 1048 found or that are unreachable. 1049 1050 Available with Postfix 3.2 and later: 1051 1052 <b><a href="postconf.5.html#smtp_tcp_port">smtp_tcp_port</a> (smtp)</b> 1053 The default TCP port that the Postfix SMTP client connects to. 1054 1055 Available in Postfix 3.3 and later: 1056 1057 <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b> 1058 The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process. 1059 1060 Available in Postfix 3.7 and later: 1061 1062 <b><a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> (no)</b> 1063 Defer delivery when the Postfix SMTP client cannot apply the 1064 <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> setting. 1065 1066<b>SEE ALSO</b> 1067 <a href="generic.5.html">generic(5)</a>, output address rewriting 1068 <a href="header_checks.5.html">header_checks(5)</a>, message header content inspection 1069 <a href="header_checks.5.html">body_checks(5)</a>, body parts content inspection 1070 <a href="qmgr.8.html">qmgr(8)</a>, queue manager 1071 <a href="bounce.8.html">bounce(8)</a>, delivery status reports 1072 <a href="scache.8.html">scache(8)</a>, connection cache server 1073 <a href="postconf.5.html">postconf(5)</a>, configuration parameters 1074 <a href="master.5.html">master(5)</a>, generic daemon options 1075 <a href="master.8.html">master(8)</a>, process manager 1076 <a href="tlsmgr.8.html">tlsmgr(8)</a>, TLS session and PRNG management 1077 <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging 1078 syslogd(8), system logging 1079 1080<b>README FILES</b> 1081 <a href="SASL_README.html">SASL_README</a>, Postfix SASL howto 1082 <a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto 1083 1084<b>LICENSE</b> 1085 The Secure Mailer license must be distributed with this software. 1086 1087<b>AUTHOR(S)</b> 1088 Wietse Venema 1089 IBM T.J. Watson Research 1090 P.O. Box 704 1091 Yorktown Heights, NY 10598, USA 1092 1093 Wietse Venema 1094 Google, Inc. 1095 111 8th Avenue 1096 New York, NY 10011, USA 1097 1098 Command pipelining in cooperation with: 1099 Jon Ribbens 1100 Oaktree Internet Solutions Ltd., 1101 Internet House, 1102 Canal Basin, 1103 Coventry, 1104 CV1 4LY, United Kingdom. 1105 1106 SASL support originally by: 1107 Till Franke 1108 SuSE Rhein/Main AG 1109 65760 Eschborn, Germany 1110 1111 TLS support originally by: 1112 Lutz Jaenicke 1113 BTU Cottbus 1114 Allgemeine Elektrotechnik 1115 Universitaetsplatz 3-4 1116 D-03044 Cottbus, Germany 1117 1118 Revised TLS and SMTP connection cache support by: 1119 Victor Duchovni 1120 Morgan Stanley 1121 1122 SMTP(8) 1123</pre> </body> </html> 1124