1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3 4<html> 5 6<head> 7 8<title>Postfix Configuration Parameters </title> 9 10<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 11 12</head> 13 14<body> 15 16<h1><img src="postfix-logo.jpg" width="203" height="98" alt="">Postfix Configuration Parameters </h1> 17 18<hr> 19 20<h2> Postfix main.cf file format </h2> 21 22<p> The Postfix main.cf configuration file specifies a very small 23subset of all the parameters that control the operation of the 24Postfix mail system. Parameters not explicitly specified are left 25at their default values. </p> 26 27<p> The general format of the main.cf file is as follows: </p> 28 29<ul> 30 31<li> <p> Each logical line is in the form "parameter = value". 32Whitespace around the "=" is ignored, as is whitespace at the end 33of a logical line. </p> 34 35<li> <p> Empty lines and whitespace-only lines are ignored, as are 36lines whose first non-whitespace character is a `#'. </p> 37 38<li> <p> A logical line starts with non-whitespace text. A line 39that starts with whitespace continues a logical line. </p> 40 41<li> <p> A parameter value may refer to other parameters. </p> 42 43<ul> 44 45<li> <p> The expressions "$name", "${name}" or "$(name)" are 46recursively replaced by the value of the named parameter. </p> 47 48<li> <p> The expression "${name?value}" expands to "value" when 49"$name" is non-empty. This form is supported with Postfix version 502.2 and later. </p> 51 52<li> <p> The expression "${name:value}" expands to "value" when 53"$name" is empty. This form is supported with Postfix version 2.2 54and later. </p> 55 56<li> <p> Specify "$$" to produce a single "$" character. </p> 57 58</ul> 59 60<li> <p> When the same parameter is defined multiple times, only 61the last instance is remembered. </p> 62 63<li> <p> Otherwise, the order of main.cf parameter definitions does 64not matter. </p> 65 66</ul> 67 68<p> The remainder of this document is a description of all Postfix 69configuration parameters. Default values are shown after the 70parameter name in parentheses, and can be looked up with the 71"<b>postconf -d</b>" command. </p> 72 73<p> Note: this is not an invitation to make changes to Postfix 74configuration parameters. Unnecessary changes are likely to impair 75the operation of the mail system. </p> 76 77<dl> 78<DT><b><a name="2bounce_notice_recipient">2bounce_notice_recipient</a> 79(default: postmaster)</b></DT><DD> 80 81<p> The recipient of undeliverable mail that cannot be returned to 82the sender. This feature is enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a> 83parameter. </p> 84 85 86</DD> 87 88<DT><b><a name="access_map_defer_code">access_map_defer_code</a> 89(default: 450)</b></DT><DD> 90 91<p> 92The numerical Postfix SMTP server response code for 93an <a href="access.5.html">access(5)</a> map "defer" action, including "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" 94or "<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>". Prior to Postfix 2.6, the response 95is hard-coded as "450". 96</p> 97 98<p> 99Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 100</p> 101 102<p> 103This feature is available in Postfix 2.6 and later. 104</p> 105 106 107</DD> 108 109<DT><b><a name="access_map_reject_code">access_map_reject_code</a> 110(default: 554)</b></DT><DD> 111 112<p> 113The numerical Postfix SMTP server response code for 114an <a href="access.5.html">access(5)</a> map "reject" action. 115</p> 116 117<p> 118Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 119</p> 120 121 122</DD> 123 124<DT><b><a name="address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a> 125(default: 12h)</b></DT><DD> 126 127<p> The amount of time between <a href="verify.8.html">verify(8)</a> address verification 128database cleanup runs. This feature requires that the database 129supports the "delete" and "sequence" operators. Specify a zero 130interval to disable database cleanup. </p> 131 132<p> After each database cleanup run, the <a href="verify.8.html">verify(8)</a> daemon logs the 133number of entries that were retained and dropped. A cleanup run is 134logged as "partial" when the daemon terminates early after "<b>postfix 135reload</b>", "<b>postfix stop</b>", or no requests for $<a href="postconf.5.html#max_idle">max_idle</a> 136seconds. </p> 137 138<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 139(weeks). </p> 140 141<p> This feature is available in Postfix 2.7. </p> 142 143 144</DD> 145 146<DT><b><a name="address_verify_default_transport">address_verify_default_transport</a> 147(default: $<a href="postconf.5.html#default_transport">default_transport</a>)</b></DT><DD> 148 149<p> 150Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting for address 151verification probes. 152</p> 153 154<p> 155This feature is available in Postfix 2.1 and later. 156</p> 157 158 159</DD> 160 161<DT><b><a name="address_verify_local_transport">address_verify_local_transport</a> 162(default: $<a href="postconf.5.html#local_transport">local_transport</a>)</b></DT><DD> 163 164<p> 165Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for address 166verification probes. 167</p> 168 169<p> 170This feature is available in Postfix 2.1 and later. 171</p> 172 173 174</DD> 175 176<DT><b><a name="address_verify_map">address_verify_map</a> 177(default: see "postconf -d" output)</b></DT><DD> 178 179<p> 180Lookup table for persistent address verification status 181storage. The table is maintained by the <a href="verify.8.html">verify(8)</a> service, and 182is opened before the process releases privileges. 183</p> 184 185<p> 186The lookup table is persistent by default (Postfix 2.7 and later). 187Specify an empty table name to keep the information in volatile 188memory which is lost after "<b>postfix reload</b>" or "<b>postfix 189stop</b>". This is the default with Postfix version 2.6 and earlier. 190</p> 191 192<p> 193Specify a location in a file system that will not fill up. If the 194database becomes corrupted, the world comes to an end. To recover 195delete (NOT: truncate) the file and do "<b>postfix reload</b>". 196</p> 197 198<p> Postfix daemon processes do not use root privileges when opening 199this file (Postfix 2.5 and later). The file must therefore be 200stored under a Postfix-owned directory such as the <a href="postconf.5.html#data_directory">data_directory</a>. 201As a migration aid, an attempt to open the file under a non-Postfix 202directory is redirected to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a 203warning is logged. </p> 204 205<p> 206Examples: 207</p> 208 209<pre> 210<a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="DATABASE_README.html#types">hash</a>:/var/db/postfix/verify 211<a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="DATABASE_README.html#types">btree</a>:/var/db/postfix/verify 212</pre> 213 214<p> 215This feature is available in Postfix 2.1 and later. 216</p> 217 218 219</DD> 220 221<DT><b><a name="address_verify_negative_cache">address_verify_negative_cache</a> 222(default: yes)</b></DT><DD> 223 224<p> 225Enable caching of failed address verification probe results. When 226this feature is enabled, the cache may pollute quickly with garbage. 227When this feature is disabled, Postfix will generate an address 228probe for every lookup. 229</p> 230 231<p> 232This feature is available in Postfix 2.1 and later. 233</p> 234 235 236</DD> 237 238<DT><b><a name="address_verify_negative_expire_time">address_verify_negative_expire_time</a> 239(default: 3d)</b></DT><DD> 240 241<p> 242The time after which a failed probe expires from the address 243verification cache. 244</p> 245 246<p> 247Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 248</p> 249 250<p> 251This feature is available in Postfix 2.1 and later. 252</p> 253 254 255</DD> 256 257<DT><b><a name="address_verify_negative_refresh_time">address_verify_negative_refresh_time</a> 258(default: 3h)</b></DT><DD> 259 260<p> 261The time after which a failed address verification probe needs to 262be refreshed. 263</p> 264 265<p> 266Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 267</p> 268 269<p> 270This feature is available in Postfix 2.1 and later. 271</p> 272 273 274</DD> 275 276<DT><b><a name="address_verify_poll_count">address_verify_poll_count</a> 277(default: normal: 3, overload: 1)</b></DT><DD> 278 279<p> 280How many times to query the <a href="verify.8.html">verify(8)</a> service for the completion 281of an address verification request in progress. 282</p> 283 284<p> By default, the Postfix SMTP server polls the <a href="verify.8.html">verify(8)</a> service 285up to three times under non-overload conditions, and only once when 286under overload. With Postfix version 2.5 and earlier, the SMTP 287server always polls the <a href="verify.8.html">verify(8)</a> service up to three times by 288default. </p> 289 290<p> 291Specify 1 to implement a crude form of greylisting, that is, always 292defer the first delivery request for a new address. 293</p> 294 295<p> 296Examples: 297</p> 298 299<pre> 300# Postfix ≤ 2.6 default 301<a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> = 3 302# Poor man's greylisting 303<a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> = 1 304</pre> 305 306<p> 307This feature is available in Postfix 2.1 and later. 308</p> 309 310 311</DD> 312 313<DT><b><a name="address_verify_poll_delay">address_verify_poll_delay</a> 314(default: 3s)</b></DT><DD> 315 316<p> 317The delay between queries for the completion of an address 318verification request in progress. 319</p> 320 321<p> 322The default polling delay is 3 seconds. 323</p> 324 325<p> 326Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 327</p> 328 329<p> 330This feature is available in Postfix 2.1 and later. 331</p> 332 333 334</DD> 335 336<DT><b><a name="address_verify_positive_expire_time">address_verify_positive_expire_time</a> 337(default: 31d)</b></DT><DD> 338 339<p> 340The time after which a successful probe expires from the address 341verification cache. 342</p> 343 344<p> 345Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 346</p> 347 348<p> 349This feature is available in Postfix 2.1 and later. 350</p> 351 352 353</DD> 354 355<DT><b><a name="address_verify_positive_refresh_time">address_verify_positive_refresh_time</a> 356(default: 7d)</b></DT><DD> 357 358<p> 359The time after which a successful address verification probe needs 360to be refreshed. The address verification status is not updated 361when the probe fails (optimistic caching). 362</p> 363 364<p> 365Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 366</p> 367 368<p> 369This feature is available in Postfix 2.1 and later. 370</p> 371 372 373</DD> 374 375<DT><b><a name="address_verify_relay_transport">address_verify_relay_transport</a> 376(default: $<a href="postconf.5.html#relay_transport">relay_transport</a>)</b></DT><DD> 377 378<p> 379Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for address 380verification probes. 381</p> 382 383<p> 384This feature is available in Postfix 2.1 and later. 385</p> 386 387 388</DD> 389 390<DT><b><a name="address_verify_relayhost">address_verify_relayhost</a> 391(default: $<a href="postconf.5.html#relayhost">relayhost</a>)</b></DT><DD> 392 393<p> 394Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verification 395probes. This information can be overruled with the <a href="transport.5.html">transport(5)</a> table. 396</p> 397 398<p> 399This feature is available in Postfix 2.1 and later. 400</p> 401 402 403</DD> 404 405<DT><b><a name="address_verify_sender">address_verify_sender</a> 406(default: $<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b></DT><DD> 407 408<p> The sender address to use in address verification probes; prior 409to Postfix 2.5 the default was "postmaster". To 410avoid problems with address probes that are sent in response to 411address probes, the Postfix SMTP server excludes the probe sender 412address from all SMTPD access blocks. </p> 413 414<p> 415Specify an empty value (<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> =) or <> if you want 416to use the null sender address. Beware, some sites reject mail from 417<>, even though RFCs require that such addresses be accepted. 418</p> 419 420<p> 421Examples: 422</p> 423 424<pre> 425<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> = <> 426<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> = postmaster@my.domain 427</pre> 428 429<p> 430This feature is available in Postfix 2.1 and later. 431</p> 432 433 434</DD> 435 436<DT><b><a name="address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a> 437(default: $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>)</b></DT><DD> 438 439<p> Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter 440setting for address verification probes. </p> 441 442<p> This feature is available in Postfix 2.7 and later. </p> 443 444 445</DD> 446 447<DT><b><a name="address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> 448(default: $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>)</b></DT><DD> 449 450<p> 451Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> parameter setting for address 452verification probes. 453</p> 454 455<p> 456This feature is available in Postfix 2.3 and later. 457</p> 458 459 460</DD> 461 462<DT><b><a name="address_verify_sender_ttl">address_verify_sender_ttl</a> 463(default: 0s)</b></DT><DD> 464 465<p> The time between changes in the time-dependent portion of address 466verification probe sender addresses. The time-dependent portion is 467appended to the localpart of the address specified with the 468<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> parameter. This feature is ignored when the 469probe sender addresses is the null sender, i.e. the <a href="postconf.5.html#address_verify_sender">address_verify_sender</a> 470value is empty or <>. </p> 471 472<p> Historically, the probe sender address was fixed. This has 473caused such addresses to end up on spammer mailing lists, and has 474resulted in wasted network and processing resources. </p> 475 476<p> To enable time-dependent probe sender addresses, specify a 477non-zero time value (an integral value plus an optional one-letter 478suffix that specifies the time unit). Specify a value of at least 479several hours, to avoid problems with senders that use greylisting. 480Avoid nice TTL values, to make the result less predictable. Time 481units are: s (seconds), m (minutes), h (hours), d (days), w (weeks). 482</p> 483 484<p> This feature is available in Postfix 2.9 and later. </p> 485 486 487</DD> 488 489<DT><b><a name="address_verify_service_name">address_verify_service_name</a> 490(default: verify)</b></DT><DD> 491 492<p> 493The name of the <a href="verify.8.html">verify(8)</a> address verification service. This service 494maintains the status of sender and/or recipient address verification 495probes, and generates probes on request by other Postfix processes. 496</p> 497 498 499</DD> 500 501<DT><b><a name="address_verify_transport_maps">address_verify_transport_maps</a> 502(default: $<a href="postconf.5.html#transport_maps">transport_maps</a>)</b></DT><DD> 503 504<p> 505Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for address verification 506probes. 507</p> 508 509<p> 510This feature is available in Postfix 2.1 and later. 511</p> 512 513 514</DD> 515 516<DT><b><a name="address_verify_virtual_transport">address_verify_virtual_transport</a> 517(default: $<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b></DT><DD> 518 519<p> 520Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting for address 521verification probes. 522</p> 523 524<p> 525This feature is available in Postfix 2.1 and later. 526</p> 527 528 529</DD> 530 531<DT><b><a name="alias_database">alias_database</a> 532(default: see "postconf -d" output)</b></DT><DD> 533 534<p> 535The alias databases for <a href="local.8.html">local(8)</a> delivery that are updated with 536"<b>newaliases</b>" or with "<b>sendmail -bi</b>". 537</p> 538 539<p> 540This is a separate configuration parameter because not all the 541tables specified with $<a href="postconf.5.html#alias_maps">alias_maps</a> have to be local files. 542</p> 543 544<p> 545Examples: 546</p> 547 548<pre> 549<a href="postconf.5.html#alias_database">alias_database</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases 550<a href="postconf.5.html#alias_database">alias_database</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/mail/aliases 551</pre> 552 553 554</DD> 555 556<DT><b><a name="alias_maps">alias_maps</a> 557(default: see "postconf -d" output)</b></DT><DD> 558 559<p> 560The alias databases that are used for <a href="local.8.html">local(8)</a> delivery. See 561<a href="aliases.5.html">aliases(5)</a> for syntax details. 562</p> 563 564<p> 565The default list is system dependent. On systems with NIS, the 566default is to search the local alias database, then the NIS alias 567database. 568</p> 569 570<p> 571If you change the alias database, run "<b>postalias /etc/aliases</b>" 572(or wherever your system stores the mail alias file), or simply 573run "<b>newaliases</b>" to build the necessary DBM or DB file. 574</p> 575 576<p> 577The <a href="local.8.html">local(8)</a> delivery agent disallows regular expression substitution 578of $1 etc. in <a href="postconf.5.html#alias_maps">alias_maps</a>, because that would open a security hole. 579</p> 580 581<p> 582The <a href="local.8.html">local(8)</a> delivery agent will silently ignore requests to use 583the <a href="proxymap.8.html">proxymap(8)</a> server within <a href="postconf.5.html#alias_maps">alias_maps</a>. Instead it will open the 584table directly. Before Postfix version 2.2, the <a href="local.8.html">local(8)</a> delivery 585agent will terminate with a fatal error. 586</p> 587 588<p> 589Examples: 590</p> 591 592<pre> 593<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases, nis:mail.aliases 594<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases 595</pre> 596 597 598</DD> 599 600<DT><b><a name="allow_mail_to_commands">allow_mail_to_commands</a> 601(default: alias, forward)</b></DT><DD> 602 603<p> 604Restrict <a href="local.8.html">local(8)</a> mail delivery to external commands. The default 605is to disallow delivery to "|command" in :include: files (see 606<a href="aliases.5.html">aliases(5)</a> for the text that defines this terminology). 607</p> 608 609<p> 610Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>, 611in order to allow commands in <a href="aliases.5.html">aliases(5)</a>, .forward files or in 612:include: files, respectively. 613</p> 614 615<p> 616Example: 617</p> 618 619<pre> 620<a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> = alias,forward,include 621</pre> 622 623 624</DD> 625 626<DT><b><a name="allow_mail_to_files">allow_mail_to_files</a> 627(default: alias, forward)</b></DT><DD> 628 629<p> 630Restrict <a href="local.8.html">local(8)</a> mail delivery to external files. The default is 631to disallow "/file/name" destinations in :include: files (see 632<a href="aliases.5.html">aliases(5)</a> for the text that defines this terminology). 633</p> 634 635<p> 636Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>, 637in order to allow "/file/name" destinations in <a href="aliases.5.html">aliases(5)</a>, .forward 638files and in :include: files, respectively. 639</p> 640 641<p> 642Example: 643</p> 644 645<pre> 646<a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a> = alias,forward,include 647</pre> 648 649 650</DD> 651 652<DT><b><a name="allow_min_user">allow_min_user</a> 653(default: no)</b></DT><DD> 654 655<p> 656Allow a sender or recipient address to have `-' as the first 657character. By 658default, this is not allowed, to avoid accidents with software that 659passes email addresses via the command line. Such software 660would not be able to distinguish a malicious address from a 661bona fide command-line option. Although this can be prevented by 662inserting a "--" option terminator into the command line, this is 663difficult to enforce consistently and globally. </p> 664 665<p> As of Postfix version 2.5, this feature is implemented by 666<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>. With earlier versions this feature was implemented 667by <a href="qmgr.8.html">qmgr(8)</a> and was limited to recipient addresses only. </p> 668 669 670</DD> 671 672<DT><b><a name="allow_percent_hack">allow_percent_hack</a> 673(default: yes)</b></DT><DD> 674 675<p> 676Enable the rewriting of the form "user%domain" to "user@domain". 677This is enabled by default. 678</p> 679 680<p> Note: as of Postfix version 2.2, message header address rewriting 681happens only when one of the following conditions is true: </p> 682 683<ul> 684 685<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 686 687<li> The message is received from a network client that matches 688$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 689 690<li> The message is received from the network, and the 691<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 692 693</ul> 694 695<p> To get the behavior before Postfix version 2.2, specify 696"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 697 698<p> 699Example: 700</p> 701 702<pre> 703<a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a> = no 704</pre> 705 706 707</DD> 708 709<DT><b><a name="allow_untrusted_routing">allow_untrusted_routing</a> 710(default: no)</b></DT><DD> 711 712<p> 713Forward mail with sender-specified routing (user[@%!]remote[@%!]site) 714from untrusted clients to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>. 715</p> 716 717<p> 718By default, this feature is turned off. This closes a nasty open 719relay loophole where a backup MX host can be tricked into forwarding 720junk mail to a primary MX host which then spams it out to the world. 721</p> 722 723<p> 724This parameter also controls if non-local addresses with sender-specified 725routing can match Postfix access tables. By default, such addresses 726cannot match Postfix access tables, because the address is ambiguous. 727</p> 728 729 730</DD> 731 732<DT><b><a name="alternate_config_directories">alternate_config_directories</a> 733(default: empty)</b></DT><DD> 734 735<p> 736A list of non-default Postfix configuration directories that may 737be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line, or 738via the MAIL_CONFIG environment parameter. 739</p> 740 741<p> 742This list must be specified in the default Postfix configuration 743directory, and is used by set-gid Postfix commands such as <a href="postqueue.1.html">postqueue(1)</a> 744and <a href="postdrop.1.html">postdrop(1)</a>. 745</p> 746 747 748</DD> 749 750<DT><b><a name="always_add_missing_headers">always_add_missing_headers</a> 751(default: no)</b></DT><DD> 752 753<p> Always add (Resent-) From:, To:, Date: or Message-ID: headers 754when not present. Postfix 2.6 and later add these headers only 755when clients match the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter 756setting. Earlier Postfix versions always add these headers; this 757may break DKIM signatures that cover non-existent headers. </p> 758 759 760</DD> 761 762<DT><b><a name="always_bcc">always_bcc</a> 763(default: empty)</b></DT><DD> 764 765<p> 766Optional address that receives a "blind carbon copy" of each message 767that is received by the Postfix mail system. 768</p> 769 770<p> 771Note: with Postfix 2.3 and later the BCC address is added as if it 772was specified with NOTIFY=NONE. The sender will not be notified 773when the BCC address is undeliverable, as long as all down-stream 774software implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>. 775</p> 776 777<p> 778Note: with Postfix 2.2 and earlier the sender will be notified 779when the BCC address is undeliverable. 780</p> 781 782<p> Note: automatic BCC recipients are produced only for new mail. 783To avoid mailer loops, automatic BCC recipients are not generated 784after Postfix forwards mail internally, or after Postfix generates 785mail itself. </p> 786 787 788</DD> 789 790<DT><b><a name="anvil_rate_time_unit">anvil_rate_time_unit</a> 791(default: 60s)</b></DT><DD> 792 793<p> 794The time unit over which client connection rates and other rates 795are calculated. 796</p> 797 798<p> 799This feature is implemented by the <a href="anvil.8.html">anvil(8)</a> service which is available 800in Postfix version 2.2 and later. 801</p> 802 803<p> 804The default interval is relatively short. Because of the high 805frequency of updates, the <a href="anvil.8.html">anvil(8)</a> server uses volatile memory 806only. Thus, information is lost whenever the process terminates. 807</p> 808 809<p> 810Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 811The default time unit is s (seconds). 812</p> 813 814 815</DD> 816 817<DT><b><a name="anvil_status_update_time">anvil_status_update_time</a> 818(default: 600s)</b></DT><DD> 819 820<p> 821How frequently the <a href="anvil.8.html">anvil(8)</a> connection and rate limiting server 822logs peak usage information. 823</p> 824 825<p> 826This feature is available in Postfix 2.2 and later. 827</p> 828 829<p> 830Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 831The default time unit is s (seconds). 832</p> 833 834 835</DD> 836 837<DT><b><a name="append_at_myorigin">append_at_myorigin</a> 838(default: yes)</b></DT><DD> 839 840<p> 841With locally submitted mail, append the string "@$<a href="postconf.5.html#myorigin">myorigin</a>" to mail 842addresses without domain information. With remotely submitted mail, 843append the string "@$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>" instead. 844</p> 845 846<p> 847Note 1: this feature is enabled by default and must not be turned off. 848Postfix does not support domain-less addresses. 849</p> 850 851<p> Note 2: with Postfix version 2.2, message header address rewriting 852happens only when one of the following conditions is true: </p> 853 854<ul> 855 856<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 857 858<li> The message is received from a network client that matches 859$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 860 861<li> The message is received from the network, and the 862<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 863 864</ul> 865 866<p> To get the behavior before Postfix version 2.2, specify 867"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 868 869 870</DD> 871 872<DT><b><a name="append_dot_mydomain">append_dot_mydomain</a> 873(default: yes)</b></DT><DD> 874 875<p> 876With locally submitted mail, append the string ".$<a href="postconf.5.html#mydomain">mydomain</a>" to 877addresses that have no ".domain" information. With remotely submitted 878mail, append the string ".$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>" 879instead. 880</p> 881 882<p> 883Note 1: this feature is enabled by default. If disabled, users will not be 884able to send mail to "user@partialdomainname" but will have to 885specify full domain names instead. 886</p> 887 888<p> Note 2: with Postfix version 2.2, message header address rewriting 889happens only when one of the following conditions is true: </p> 890 891<ul> 892 893<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 894 895<li> The message is received from a network client that matches 896$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 897 898<li> The message is received from the network, and the 899<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 900 901</ul> 902 903<p> To get the behavior before Postfix version 2.2, specify 904"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 905 906 907</DD> 908 909<DT><b><a name="application_event_drain_time">application_event_drain_time</a> 910(default: 100s)</b></DT><DD> 911 912<p> 913How long the <a href="postkick.1.html">postkick(1)</a> command waits for a request to enter the 914Postfix daemon process input buffer before giving up. 915</p> 916 917<p> 918Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 919The default time unit is s (seconds). 920</p> 921 922<p> 923This feature is available in Postfix 2.1 and later. 924</p> 925 926 927</DD> 928 929<DT><b><a name="authorized_flush_users">authorized_flush_users</a> 930(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD> 931 932<p> 933List of users who are authorized to flush the queue. 934</p> 935 936<p> 937By default, all users are allowed to flush the queue. Access is 938always granted if the invoking user is the super-user or the 939$<a href="postconf.5.html#mail_owner">mail_owner</a> user. Otherwise, the real UID of the process is looked 940up in the system password file, and access is granted only if the 941corresponding login name is on the access list. The username 942"unknown" is used for processes whose real UID is not found in the 943password file. </p> 944 945<p> 946Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns, 947separated by commas and/or whitespace. The list is matched left to 948right, and the search stops on the first match. A "/file/name" 949pattern is replaced 950by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name 951matches a lookup key (the lookup result is ignored). Continue long 952lines by starting the next line with whitespace. Specify "!pattern" 953to exclude a name from the list. The form "!/file/name" is supported 954only in Postfix version 2.4 and later. </p> 955 956<p> 957This feature is available in Postfix 2.2 and later. 958</p> 959 960 961</DD> 962 963<DT><b><a name="authorized_mailq_users">authorized_mailq_users</a> 964(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD> 965 966<p> 967List of users who are authorized to view the queue. 968</p> 969 970<p> 971By default, all users are allowed to view the queue. Access is 972always granted if the invoking user is the super-user or the 973$<a href="postconf.5.html#mail_owner">mail_owner</a> user. Otherwise, the real UID of the process is looked 974up in the system password file, and access is granted only if the 975corresponding login name is on the access list. The username 976"unknown" is used for processes whose real UID is not found in the 977password file. </p> 978 979<p> 980Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns, 981separated by commas and/or whitespace. The list is matched left to 982right, and the search stops on the first match. A "/file/name" 983pattern is replaced 984by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name 985matches a lookup key (the lookup result is ignored). Continue long 986lines by starting the next line with whitespace. Specify "!pattern" 987to exclude a user name from the list. The form "!/file/name" is 988supported only in Postfix version 2.4 and later. </p> 989 990<p> 991This feature is available in Postfix 2.2 and later. 992</p> 993 994 995</DD> 996 997<DT><b><a name="authorized_submit_users">authorized_submit_users</a> 998(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD> 999 1000<p> 1001List of users who are authorized to submit mail with the <a href="sendmail.1.html">sendmail(1)</a> 1002command (and with the privileged <a href="postdrop.1.html">postdrop(1)</a> helper command). 1003</p> 1004 1005<p> 1006By default, all users are allowed to submit mail. Otherwise, the 1007real UID of the process is looked up in the system password file, 1008and access is granted only if the corresponding login name is on 1009the access list. The username "unknown" is used for processes 1010whose real UID is not found in the password file. To deny mail 1011submission access to all users specify an empty list. </p> 1012 1013<p> 1014Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns, 1015separated by commas and/or whitespace. The list is matched left to right, 1016and the search stops on the first match. A "/file/name" pattern is 1017replaced by its contents; 1018a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name matches a lookup key 1019(the lookup result is ignored). Continue long lines by starting the 1020next line with whitespace. Specify "!pattern" to exclude a user 1021name from the list. The form "!/file/name" is supported only in 1022Postfix version 2.4 and later. </p> 1023 1024<p> 1025Example: 1026</p> 1027 1028<pre> 1029<a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> = !www, <a href="DATABASE_README.html#types">static</a>:all 1030</pre> 1031 1032<p> 1033This feature is available in Postfix 2.2 and later. 1034</p> 1035 1036 1037</DD> 1038 1039<DT><b><a name="authorized_verp_clients">authorized_verp_clients</a> 1040(default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)</b></DT><DD> 1041 1042<p> What remote SMTP clients are allowed to specify the XVERP command. 1043This command requests that mail be delivered one recipient at a 1044time with a per recipient return address. </p> 1045 1046<p> By default, only trusted clients are allowed to specify XVERP. 1047</p> 1048 1049<p> This parameter was introduced with Postfix version 1.1. Postfix 1050version 2.1 renamed this parameter to <a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> 1051and changed the default to none. </p> 1052 1053<p> Specify a list of network/netmask patterns, separated by commas 1054and/or whitespace. The mask specifies the number of bits in the 1055network part of a host address. You can also specify hostnames or 1056.domain names (the initial dot causes the domain to match any name 1057below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" 1058pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 1059is matched when a table entry matches a lookup string (the lookup 1060result is ignored). Continue long lines by starting the next line 1061with whitespace. Specify "!pattern" to exclude an address or network 1062block from the list. The form "!/file/name" is supported only in 1063Postfix version 2.4 and later. </p> 1064 1065<p> Note: IP version 6 address information must be specified inside 1066<tt>[]</tt> in the <a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> value, and in files 1067specified with "/file/name". IP version 6 addresses contain the 1068":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 1069pattern. </p> 1070 1071 1072</DD> 1073 1074<DT><b><a name="backwards_bounce_logfile_compatibility">backwards_bounce_logfile_compatibility</a> 1075(default: yes)</b></DT><DD> 1076 1077<p> 1078Produce additional <a href="bounce.8.html">bounce(8)</a> logfile records that can be read by 1079Postfix versions before 2.0. The current and more extensible "name = 1080value" format is needed in order to implement more sophisticated 1081functionality. 1082</p> 1083 1084<p> 1085This feature is available in Postfix 2.1 and later. 1086</p> 1087 1088 1089</DD> 1090 1091<DT><b><a name="berkeley_db_create_buffer_size">berkeley_db_create_buffer_size</a> 1092(default: 16777216)</b></DT><DD> 1093 1094<p> 1095The per-table I/O buffer size for programs that create Berkeley DB 1096hash or btree tables. Specify a byte count. 1097</p> 1098 1099<p> 1100This feature is available in Postfix 2.0 and later. 1101</p> 1102 1103 1104</DD> 1105 1106<DT><b><a name="berkeley_db_read_buffer_size">berkeley_db_read_buffer_size</a> 1107(default: 131072)</b></DT><DD> 1108 1109<p> 1110The per-table I/O buffer size for programs that read Berkeley DB 1111hash or btree tables. Specify a byte count. 1112</p> 1113 1114<p> 1115This feature is available in Postfix 2.0 and later. 1116</p> 1117 1118 1119</DD> 1120 1121<DT><b><a name="best_mx_transport">best_mx_transport</a> 1122(default: empty)</b></DT><DD> 1123 1124<p> 1125Where the Postfix SMTP client should deliver mail when it detects 1126a "mail loops back to myself" error condition. This happens when 1127the local MTA is the best SMTP mail exchanger for a destination 1128not listed in $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, 1129$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. By default, 1130the Postfix SMTP client returns such mail as undeliverable. 1131</p> 1132 1133<p> 1134Specify, for example, "<a href="postconf.5.html#best_mx_transport">best_mx_transport</a> = local" to pass the mail 1135from the Postfix SMTP client to the <a href="local.8.html">local(8)</a> delivery agent. You 1136can specify 1137any message delivery "transport" or "transport:nexthop" that is 1138defined in the <a href="master.5.html">master.cf</a> file. See the <a href="transport.5.html">transport(5)</a> manual page 1139for the syntax and meaning of "transport" or "transport:nexthop". 1140</p> 1141 1142<p> 1143However, this feature is expensive because it ties up a Postfix 1144SMTP client process while the <a href="local.8.html">local(8)</a> delivery agent is doing its 1145work. It is more efficient (for Postfix) to list all <a href="VIRTUAL_README.html#canonical">hosted domains</a> 1146in a table or database. 1147</p> 1148 1149 1150</DD> 1151 1152<DT><b><a name="biff">biff</a> 1153(default: yes)</b></DT><DD> 1154 1155<p> 1156Whether or not to use the local <a href="postconf.5.html#biff">biff</a> service. This service sends 1157"new mail" notifications to users who have requested new mail 1158notification with the UNIX command "<a href="postconf.5.html#biff">biff</a> y". 1159</p> 1160 1161<p> 1162For compatibility reasons this feature is on by default. On systems 1163with lots of interactive users, the <a href="postconf.5.html#biff">biff</a> service can be a performance 1164drain. Specify "<a href="postconf.5.html#biff">biff</a> = no" in <a href="postconf.5.html">main.cf</a> to disable. 1165</p> 1166 1167 1168</DD> 1169 1170<DT><b><a name="body_checks">body_checks</a> 1171(default: empty)</b></DT><DD> 1172 1173<p> Optional lookup tables for content inspection as specified in 1174the <a href="header_checks.5.html">body_checks(5)</a> manual page. </p> 1175 1176<p> Note: with Postfix versions before 2.0, these rules inspect 1177all content after the primary message headers. </p> 1178 1179 1180</DD> 1181 1182<DT><b><a name="body_checks_size_limit">body_checks_size_limit</a> 1183(default: 51200)</b></DT><DD> 1184 1185<p> 1186How much text in a message body segment (or attachment, if you 1187prefer to use that term) is subjected to <a href="postconf.5.html#body_checks">body_checks</a> inspection. 1188The amount of text is limited to avoid scanning huge attachments. 1189</p> 1190 1191<p> 1192This feature is available in Postfix 2.0 and later. 1193</p> 1194 1195 1196</DD> 1197 1198<DT><b><a name="bounce_notice_recipient">bounce_notice_recipient</a> 1199(default: postmaster)</b></DT><DD> 1200 1201<p> 1202The recipient of postmaster notifications with the message headers 1203of mail that Postfix did not deliver and of SMTP conversation 1204transcripts of mail that Postfix did not receive. This feature is 1205enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a> parameter. </p> 1206 1207 1208</DD> 1209 1210<DT><b><a name="bounce_queue_lifetime">bounce_queue_lifetime</a> 1211(default: 5d)</b></DT><DD> 1212 1213<p> 1214Consider a bounce message as undeliverable, when delivery fails 1215with a temporary error, and the time in the queue has reached the 1216<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> limit. By default, this limit is the same 1217as for regular mail. 1218</p> 1219 1220<p> 1221Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 1222The default time unit is d (days). 1223</p> 1224 1225<p> 1226Specify 0 when mail delivery should be tried only once. 1227</p> 1228 1229<p> 1230This feature is available in Postfix 2.1 and later. 1231</p> 1232 1233 1234</DD> 1235 1236<DT><b><a name="bounce_service_name">bounce_service_name</a> 1237(default: bounce)</b></DT><DD> 1238 1239<p> 1240The name of the <a href="bounce.8.html">bounce(8)</a> service. This service maintains a record 1241of failed delivery attempts and generates non-delivery notifications. 1242</p> 1243 1244<p> 1245This feature is available in Postfix 2.0 and later. 1246</p> 1247 1248 1249</DD> 1250 1251<DT><b><a name="bounce_size_limit">bounce_size_limit</a> 1252(default: 50000)</b></DT><DD> 1253 1254<p> The maximal amount of original message text that is sent in a 1255non-delivery notification. Specify a byte count. A message is 1256returned as either message/rfc822 (the complete original) or as 1257text/rfc822-headers (the headers only). With Postfix version 2.4 1258and earlier, a message is always returned as message/rfc822 and is 1259truncated when it exceeds the size limit. 1260</p> 1261 1262<p> Notes: </p> 1263 1264<ul> 1265 1266<li> <p> If you increase this limit, then you should increase the 1267<a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> value proportionally. </p> 1268 1269<li> <p> Be careful when making changes. Excessively large values 1270will result in the loss of non-delivery notifications, when a bounce 1271message size exceeds a local or remote MTA's message size limit. 1272</p> 1273 1274</ul> 1275 1276 1277</DD> 1278 1279<DT><b><a name="bounce_template_file">bounce_template_file</a> 1280(default: empty)</b></DT><DD> 1281 1282<p> Pathname of a configuration file with bounce message templates. 1283These override the built-in templates of delivery status notification 1284(DSN) messages for undeliverable mail, for delayed mail, successful 1285delivery, or delivery verification. The <a href="bounce.5.html">bounce(5)</a> manual page 1286describes how to edit and test template files. </p> 1287 1288<p> Template message body text may contain $name references to 1289Postfix configuration parameters. The result of $name expansion can 1290be previewed with "<b>postconf -b <i>file_name</i></b>" before the file 1291is placed into the Postfix configuration directory. </p> 1292 1293<p> This feature is available in Postfix 2.3 and later. </p> 1294 1295 1296</DD> 1297 1298<DT><b><a name="broken_sasl_auth_clients">broken_sasl_auth_clients</a> 1299(default: no)</b></DT><DD> 1300 1301<p> 1302Enable inter-operability with remote SMTP clients that implement an obsolete 1303version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>). Examples of such clients 1304are MicroSoft Outlook Express version 4 and MicroSoft Exchange 1305version 5.0. 1306</p> 1307 1308<p> 1309Specify "<a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> = yes" to have Postfix advertise 1310AUTH support in a non-standard way. 1311</p> 1312 1313 1314</DD> 1315 1316<DT><b><a name="canonical_classes">canonical_classes</a> 1317(default: envelope_sender, envelope_recipient, header_sender, header_recipient)</b></DT><DD> 1318 1319<p> What addresses are subject to <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping. 1320By default, <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping is applied to envelope 1321sender and recipient addresses, and to header sender and header 1322recipient addresses. </p> 1323 1324<p> Specify one or more of: envelope_sender, envelope_recipient, 1325header_sender, header_recipient </p> 1326 1327<p> This feature is available in Postfix 2.2 and later. </p> 1328 1329 1330</DD> 1331 1332<DT><b><a name="canonical_maps">canonical_maps</a> 1333(default: empty)</b></DT><DD> 1334 1335<p> 1336Optional address mapping lookup tables for message headers and 1337envelopes. The mapping is applied to both sender and recipient 1338addresses, in both envelopes and in headers, as controlled 1339with the <a href="postconf.5.html#canonical_classes">canonical_classes</a> parameter. This is typically used 1340to clean up dirty addresses from legacy mail systems, or to replace 1341login names by Firstname.Lastname. The table format and lookups 1342are documented in <a href="canonical.5.html">canonical(5)</a>. For an overview of Postfix address 1343manipulations see the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document. 1344</p> 1345 1346<p> 1347If you use this feature, run "<b>postmap /etc/postfix/canonical</b>" to 1348build the necessary DBM or DB file after every change. The changes 1349will become visible after a minute or so. Use "<b>postfix reload</b>" 1350to eliminate the delay. 1351</p> 1352 1353<p> Note: with Postfix version 2.2, message header address mapping 1354happens only when message header address rewriting is enabled: </p> 1355 1356<ul> 1357 1358<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 1359 1360<li> The message is received from a network client that matches 1361$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 1362 1363<li> The message is received from the network, and the 1364<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 1365 1366</ul> 1367 1368<p> To get the behavior before Postfix version 2.2, specify 1369"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 1370 1371<p> 1372Examples: 1373</p> 1374 1375<pre> 1376<a href="postconf.5.html#canonical_maps">canonical_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/canonical 1377<a href="postconf.5.html#canonical_maps">canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/canonical 1378</pre> 1379 1380 1381</DD> 1382 1383<DT><b><a name="cleanup_service_name">cleanup_service_name</a> 1384(default: cleanup)</b></DT><DD> 1385 1386<p> 1387The name of the <a href="cleanup.8.html">cleanup(8)</a> service. This service rewrites addresses 1388into the standard form, and performs <a href="canonical.5.html">canonical(5)</a> address mapping 1389and <a href="virtual.5.html">virtual(5)</a> aliasing. 1390</p> 1391 1392<p> 1393This feature is available in Postfix 2.0 and later. 1394</p> 1395 1396 1397</DD> 1398 1399<DT><b><a name="command_directory">command_directory</a> 1400(default: see "postconf -d" output)</b></DT><DD> 1401 1402<p> 1403The location of all postfix administrative commands. 1404</p> 1405 1406 1407</DD> 1408 1409<DT><b><a name="command_execution_directory">command_execution_directory</a> 1410(default: empty)</b></DT><DD> 1411 1412<p> The <a href="local.8.html">local(8)</a> delivery agent working directory for delivery to 1413external command. Failure to change directory causes the delivery 1414to be deferred. </p> 1415 1416<p> The following $name expansions are done on <a href="postconf.5.html#command_execution_directory">command_execution_directory</a> 1417before the directory is changed. Expansion happens in the context 1418of the delivery request. The result of $name expansion is filtered 1419with the character set that is specified with the 1420<a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> parameter. </p> 1421 1422<dl> 1423 1424<dt><b>$user</b></dt> 1425 1426<dd>The recipient's username. </dd> 1427 1428<dt><b>$shell</b></dt> 1429 1430<dd>The recipient's login shell pathname. </dd> 1431 1432<dt><b>$home</b></dt> 1433 1434<dd>The recipient's home directory. </dd> 1435 1436<dt><b>$recipient</b></dt> 1437 1438<dd>The full recipient address. </dd> 1439 1440<dt><b>$extension</b></dt> 1441 1442<dd>The optional recipient address extension. </dd> 1443 1444<dt><b>$domain</b></dt> 1445 1446<dd>The recipient domain. </dd> 1447 1448<dt><b>$local</b></dt> 1449 1450<dd>The entire recipient localpart. </dd> 1451 1452<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt> 1453 1454<dd>The address extension delimiter that was found in the recipient 1455address (Postfix 2.11 and later), or the system-wide recipient 1456address extension delimiter (Postfix 2.10 and earlier). </dd> 1457 1458<dt><b>${name?value}</b></dt> 1459 1460<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd> 1461 1462<dt><b>${name:value}</b></dt> 1463 1464<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd> 1465 1466</dl> 1467 1468<p> 1469Instead of $name you can also specify ${name} or $(name). 1470</p> 1471 1472<p> This feature is available in Postfix 2.2 and later. </p> 1473 1474 1475</DD> 1476 1477<DT><b><a name="command_expansion_filter">command_expansion_filter</a> 1478(default: see "postconf -d" output)</b></DT><DD> 1479 1480<p> 1481Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows in 1482$name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_command</a> and $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>. 1483Characters outside the 1484allowed set are replaced by underscores. 1485</p> 1486 1487 1488</DD> 1489 1490<DT><b><a name="command_time_limit">command_time_limit</a> 1491(default: 1000s)</b></DT><DD> 1492 1493<p> 1494Time limit for delivery to external commands. This limit is used 1495by the <a href="local.8.html">local(8)</a> delivery agent, and is the default time limit for 1496delivery by the <a href="pipe.8.html">pipe(8)</a> delivery agent. 1497</p> 1498 1499<p> 1500Note: if you set this time limit to a large value you must update the 1501global <a href="postconf.5.html#ipc_timeout">ipc_timeout</a> parameter as well. 1502</p> 1503 1504 1505</DD> 1506 1507<DT><b><a name="config_directory">config_directory</a> 1508(default: see "postconf -d" output)</b></DT><DD> 1509 1510<p> The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> 1511configuration files. This can be overruled via the following 1512mechanisms: </p> 1513 1514<ul> 1515 1516<li> <p> The MAIL_CONFIG environment variable (daemon processes 1517and commands). </p> 1518 1519<li> <p> The "-c" command-line option (commands only). </p> 1520 1521</ul> 1522 1523<p> With Postfix command that run with set-gid privileges, a 1524<a href="postconf.5.html#config_directory">config_directory</a> override requires either root privileges, or it 1525requires that the directory is listed with the <a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> 1526parameter in the default <a href="postconf.5.html">main.cf</a> file. </p> 1527 1528 1529</DD> 1530 1531<DT><b><a name="connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> 1532(default: 5s)</b></DT><DD> 1533 1534<p> Time limit for connection cache connect, send or receive 1535operations. The time limit is enforced in the client. </p> 1536 1537<p> This feature is available in Postfix 2.3 and later. </p> 1538 1539 1540</DD> 1541 1542<DT><b><a name="connection_cache_service_name">connection_cache_service_name</a> 1543(default: scache)</b></DT><DD> 1544 1545<p> The name of the <a href="scache.8.html">scache(8)</a> connection cache service. This service 1546maintains a limited pool of cached sessions. </p> 1547 1548<p> This feature is available in Postfix 2.2 and later. </p> 1549 1550 1551</DD> 1552 1553<DT><b><a name="connection_cache_status_update_time">connection_cache_status_update_time</a> 1554(default: 600s)</b></DT><DD> 1555 1556<p> How frequently the <a href="scache.8.html">scache(8)</a> server logs usage statistics with 1557connection cache hit and miss rates for logical destinations and for 1558physical endpoints. </p> 1559 1560 1561</DD> 1562 1563<DT><b><a name="connection_cache_ttl_limit">connection_cache_ttl_limit</a> 1564(default: 2s)</b></DT><DD> 1565 1566<p> The maximal time-to-live value that the <a href="scache.8.html">scache(8)</a> connection 1567cache server 1568allows. Requests that specify a larger TTL will be stored with the 1569maximum allowed TTL. The purpose of this additional control is to 1570protect the infrastructure against careless people. The cache TTL 1571is already bounded by $<a href="postconf.5.html#max_idle">max_idle</a>. </p> 1572 1573 1574</DD> 1575 1576<DT><b><a name="content_filter">content_filter</a> 1577(default: empty)</b></DT><DD> 1578 1579<p> After the message is queued, send the entire message to the 1580specified <i>transport:destination</i>. The <i>transport</i> name 1581specifies the first field of a mail delivery agent definition in 1582<a href="master.5.html">master.cf</a>; the syntax of the next-hop <i>destination</i> is described 1583in the manual page of the corresponding delivery agent. More 1584information about external content filters is in the Postfix 1585<a href="FILTER_README.html">FILTER_README</a> file. </p> 1586 1587<p> Notes: </p> 1588 1589<ul> 1590 1591<li> <p> This setting has lower precedence than a FILTER action 1592that is specified in an <a href="access.5.html">access(5)</a>, <a href="header_checks.5.html">header_checks(5)</a> or <a href="header_checks.5.html">body_checks(5)</a> 1593table. </p> 1594 1595<li> <p> The meaning of an empty next-hop filter <i>destination</i> 1596is version dependent. Postfix 2.7 and later will use the recipient 1597domain; earlier versions will use $<a href="postconf.5.html#myhostname">myhostname</a>. Specify 1598"<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility with Postfix 15992.6 or earlier, or specify a <a href="postconf.5.html#content_filter">content_filter</a> value with an explicit 1600next-hop <i>destination</i>. </p> 1601 1602</ul> 1603 1604 1605</DD> 1606 1607<DT><b><a name="cyrus_sasl_config_path">cyrus_sasl_config_path</a> 1608(default: empty)</b></DT><DD> 1609 1610<p> Search path for Cyrus SASL application configuration files, 1611currently used only to locate the $<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file. 1612Specify zero or more directories separated by a colon character, 1613or an empty value to use Cyrus SASL's built-in search path. </p> 1614 1615<p> This feature is available in Postfix 2.5 and later when compiled 1616with Cyrus SASL 2.1.22 or later. </p> 1617 1618 1619</DD> 1620 1621<DT><b><a name="daemon_directory">daemon_directory</a> 1622(default: see "postconf -d" output)</b></DT><DD> 1623 1624<p> 1625The directory with Postfix support programs and daemon programs. 1626These should not be invoked directly by humans. The directory must 1627be owned by root. 1628</p> 1629 1630 1631</DD> 1632 1633<DT><b><a name="daemon_table_open_error_is_fatal">daemon_table_open_error_is_fatal</a> 1634(default: no)</b></DT><DD> 1635 1636<p> How a Postfix daemon process handles errors while opening lookup 1637tables: gradual degradation or immediate termination. </p> 1638 1639<dl> 1640 1641<dt> <b> no </b> (default) </dt> <dd> <p> Gradual degradation: a 1642daemon process logs a message of type "error" and continues execution 1643with reduced functionality. Features that do not depend on the 1644unavailable table will work normally, while features that depend 1645on the table will result in a type "warning" message. <br> When 1646the <a href="postconf.5.html#notify_classes">notify_classes</a> parameter value contains the "data" class, the 1647Postfix SMTP server and client will report transcripts of sessions 1648with an error because a table is unavailable. </p> </dd> 1649 1650<dt> <b> yes </b> (historical behavior) </dt> <dd> <p> Immediate 1651termination: a daemon process logs a type "fatal" message and 1652terminates immediately. This option reduces the number of possible 1653code paths through Postfix, and may therefore be slightly more 1654secure than the default. </p> </dd> 1655 1656</dl> 1657 1658<p> For the sake of sanity, the number of type "error" messages is 1659limited to 13 over the lifetime of a daemon process. </p> 1660 1661<p> This feature is available in Postfix 2.9 and later. </p> 1662 1663 1664</DD> 1665 1666<DT><b><a name="daemon_timeout">daemon_timeout</a> 1667(default: 18000s)</b></DT><DD> 1668 1669<p> How much time a Postfix daemon process may take to handle a 1670request before it is terminated by a built-in watchdog timer. </p> 1671 1672<p> 1673Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 1674The default time unit is s (seconds). 1675</p> 1676 1677 1678</DD> 1679 1680<DT><b><a name="data_directory">data_directory</a> 1681(default: see "postconf -d" output)</b></DT><DD> 1682 1683<p> The directory with Postfix-writable data files (for example: 1684caches, pseudo-random numbers). This directory must be owned by 1685the <a href="postconf.5.html#mail_owner">mail_owner</a> account, and must not be shared with non-Postfix 1686software. </p> 1687 1688<p> This feature is available in Postfix 2.5 and later. </p> 1689 1690 1691</DD> 1692 1693<DT><b><a name="debug_peer_level">debug_peer_level</a> 1694(default: 2)</b></DT><DD> 1695 1696<p> The increment in verbose logging level when a remote client or 1697server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. </p> 1698 1699 1700</DD> 1701 1702<DT><b><a name="debug_peer_list">debug_peer_list</a> 1703(default: empty)</b></DT><DD> 1704 1705<p> Optional list of remote client or server hostname or network 1706address patterns that cause the verbose logging level to increase 1707by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>. </p> 1708 1709<p> Specify domain names, network/netmask patterns, "/file/name" 1710patterns or "<a href="DATABASE_README.html">type:table</a>" lookup tables. The right-hand side result 1711from "<a href="DATABASE_README.html">type:table</a>" lookups is ignored. </p> 1712 1713<p> Pattern matching of domain names is controlled by the 1714<a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> parameter. </p> 1715 1716<p> 1717Examples: 1718</p> 1719 1720<pre> 1721<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = 127.0.0.1 1722<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = example.com 1723</pre> 1724 1725 1726</DD> 1727 1728<DT><b><a name="debugger_command">debugger_command</a> 1729(default: empty)</b></DT><DD> 1730 1731<p> 1732The external command to execute when a Postfix daemon program is 1733invoked with the -D option. 1734</p> 1735 1736<p> 1737Use "command .. & sleep 5" so that the debugger can attach before 1738the process marches on. If you use an X-based debugger, be sure to 1739set up your XAUTHORITY environment variable before starting Postfix. 1740</p> 1741 1742<p> 1743Note: the command is subject to $name expansion, before it is 1744passed to the default command interpreter. Specify "$$" to 1745produce a single "$" character. 1746</p> 1747 1748<p> 1749Example: 1750</p> 1751 1752<pre> 1753<a href="postconf.5.html#debugger_command">debugger_command</a> = 1754 PATH=/usr/bin:/usr/X11R6/bin 1755 ddd $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/$<a href="postconf.5.html#process_name">process_name</a> $<a href="postconf.5.html#process_id">process_id</a> & sleep 5 1756</pre> 1757 1758 1759</DD> 1760 1761<DT><b><a name="default_database_type">default_database_type</a> 1762(default: see "postconf -d" output)</b></DT><DD> 1763 1764<p> 1765The default database type for use in <a href="newaliases.1.html">newaliases(1)</a>, <a href="postalias.1.html">postalias(1)</a> 1766and <a href="postmap.1.html">postmap(1)</a> commands. On many UNIX systems the default type is 1767either <b>dbm</b> or <b>hash</b>. The default setting is frozen 1768when the Postfix system is built. 1769</p> 1770 1771<p> 1772Examples: 1773</p> 1774 1775<pre> 1776<a href="postconf.5.html#default_database_type">default_database_type</a> = hash 1777<a href="postconf.5.html#default_database_type">default_database_type</a> = dbm 1778</pre> 1779 1780 1781</DD> 1782 1783<DT><b><a name="default_delivery_slot_cost">default_delivery_slot_cost</a> 1784(default: 5)</b></DT><DD> 1785 1786<p> 1787How often the Postfix queue manager's scheduler is allowed to 1788preempt delivery of one message with another. 1789</p> 1790 1791<p> 1792Each transport maintains a so-called "available delivery slot counter" 1793for each message. One message can be preempted by another one when 1794the other message can be delivered using no more delivery slots 1795(i.e., invocations of delivery agents) than the current message 1796counter has accumulated (or will eventually accumulate - see about 1797slot loans below). This parameter controls how often is the counter 1798incremented - it happens after each <a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> 1799recipients have been delivered. 1800</p> 1801 1802<p> 1803The cost of 0 is used to disable the preempting scheduling completely. 1804The minimum value the scheduling algorithm can use is 2 - use it 1805if you want to maximize the message throughput rate. Although there 1806is no maximum, it doesn't make much sense to use values above say 180750. 1808</p> 1809 1810<p> 1811The only reason why the value of 2 is not the default is the way 1812this parameter affects the delivery of mailing-list mail. In the 1813worst case, their delivery can take somewhere between (cost+1/cost) 1814and (cost/cost-1) times more than if the preemptive scheduler was 1815disabled. The default value of 5 turns out to provide reasonable 1816message response times while making sure the mailing-list deliveries 1817are not extended by more than 20-25 percent even in the worst case. 1818</p> 1819 1820<p> Use <a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> to specify a 1821transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 1822name of the message delivery transport. 1823</p> 1824 1825<p> 1826Examples: 1827</p> 1828 1829<pre> 1830<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> = 0 1831<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> = 2 1832</pre> 1833 1834 1835</DD> 1836 1837<DT><b><a name="default_delivery_slot_discount">default_delivery_slot_discount</a> 1838(default: 50)</b></DT><DD> 1839 1840<p> 1841The default value for transport-specific _delivery_slot_discount 1842settings. 1843</p> 1844 1845<p> 1846This parameter speeds up the moment when a message preemption can 1847happen. Instead of waiting until the full amount of delivery slots 1848required is available, the preemption can happen when 1849transport_delivery_slot_discount percent of the required amount 1850plus transport_delivery_slot_loan still remains to be accumulated. 1851Note that the full amount will still have to be accumulated before 1852another preemption can take place later. 1853</p> 1854 1855<p> Use <a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> to specify a 1856transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 1857name of the message delivery transport. 1858</p> 1859 1860 1861</DD> 1862 1863<DT><b><a name="default_delivery_slot_loan">default_delivery_slot_loan</a> 1864(default: 3)</b></DT><DD> 1865 1866<p> 1867The default value for transport-specific _delivery_slot_loan 1868settings. 1869</p> 1870 1871<p> 1872This parameter speeds up the moment when a message preemption can 1873happen. Instead of waiting until the full amount of delivery slots 1874required is available, the preemption can happen when 1875transport_delivery_slot_discount percent of the required amount 1876plus transport_delivery_slot_loan still remains to be accumulated. 1877Note that the full amount will still have to be accumulated before 1878another preemption can take place later. 1879</p> 1880 1881<p> Use <a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> to specify a 1882transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 1883name of the message delivery transport. 1884</p> 1885 1886 1887</DD> 1888 1889<DT><b><a name="default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> 1890(default: 1)</b></DT><DD> 1891 1892<p> How many pseudo-cohorts must suffer connection or handshake 1893failure before a specific destination is considered unavailable 1894(and further delivery is suspended). Specify zero to disable this 1895feature. A destination's pseudo-cohort failure count is reset each 1896time a delivery completes without connection or handshake failure 1897for that specific destination. </p> 1898 1899<p> A pseudo-cohort is the number of deliveries equal to a destination's 1900delivery concurrency. </p> 1901 1902<p> Use <a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> to specify 1903a transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 1904name of the message delivery transport. </p> 1905 1906<p> This feature is available in Postfix 2.5. The default setting 1907is compatible with earlier Postfix versions. </p> 1908 1909 1910</DD> 1911 1912<DT><b><a name="default_destination_concurrency_limit">default_destination_concurrency_limit</a> 1913(default: 20)</b></DT><DD> 1914 1915<p> 1916The default maximal number of parallel deliveries to the same 1917destination. This is the default limit for delivery via the <a href="lmtp.8.html">lmtp(8)</a>, 1918<a href="pipe.8.html">pipe(8)</a>, <a href="smtp.8.html">smtp(8)</a> and <a href="virtual.8.html">virtual(8)</a> delivery agents. 1919With per-destination recipient limit > 1, a destination is a domain, 1920otherwise it is a recipient. 1921</p> 1922 1923<p> Use <a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> to specify a 1924transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 1925name of the message delivery transport. 1926</p> 1927 1928 1929</DD> 1930 1931<DT><b><a name="default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> 1932(default: 1)</b></DT><DD> 1933 1934<p> The per-destination amount of delivery concurrency negative 1935feedback, after a delivery completes with a connection or handshake 1936failure. Feedback values are in the range 0..1 inclusive. With 1937negative feedback, concurrency is decremented at the beginning of 1938a sequence of length 1/feedback. This is unlike positive feedback, 1939where concurrency is incremented at the end of a sequence of length 19401/feedback. </p> 1941 1942<p> As of Postfix version 2.5, negative feedback cannot reduce 1943delivery concurrency to zero. Instead, a destination is marked 1944dead (further delivery suspended) after the failed pseudo-cohort 1945count reaches $<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> 1946(or $<a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a>). 1947To make the scheduler completely immune to connection or handshake 1948failures, specify a zero feedback value and a zero failed pseudo-cohort 1949limit. </p> 1950 1951<p> Specify one of the following forms: </p> 1952 1953<dl> 1954 1955<dt> <b><i>number</i> </b> </dt> 1956 1957<dt> <b><i>number</i> / <i>number</i> </b> </dt> 1958 1959<dd> Constant feedback. The value must be in the range 0..1 inclusive. 1960The default setting of "1" is compatible with Postfix versions 1961before 2.5, where a destination's delivery concurrency is throttled 1962down to zero (and further delivery suspended) after a single failed 1963pseudo-cohort. </dd> 1964 1965<dt> <b><i>number</i> / concurrency </b> </dt> 1966 1967<dd> Variable feedback of "<i>number</i> / (delivery concurrency)". 1968The <i>number</i> must be in the range 0..1 inclusive. With 1969<i>number</i> equal to "1", a destination's delivery concurrency 1970is decremented by 1 after each failed pseudo-cohort. </dd> 1971 1972</dl> 1973 1974<p> A pseudo-cohort is the number of deliveries equal to a destination's 1975delivery concurrency. </p> 1976 1977<p> Use <a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> 1978to specify a transport-specific override, where <i>transport</i> 1979is the <a href="master.5.html">master.cf</a> 1980name of the message delivery transport. </p> 1981 1982<p> This feature is available in Postfix 2.5. The default setting 1983is compatible with earlier Postfix versions. </p> 1984 1985 1986</DD> 1987 1988<DT><b><a name="default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> 1989(default: 1)</b></DT><DD> 1990 1991<p> The per-destination amount of delivery concurrency positive 1992feedback, after a delivery completes without connection or handshake 1993failure. Feedback values are in the range 0..1 inclusive. The 1994concurrency increases until it reaches the per-destination maximal 1995concurrency limit. With positive feedback, concurrency is incremented 1996at the end of a sequence with length 1/feedback. This is unlike 1997negative feedback, where concurrency is decremented at the start 1998of a sequence of length 1/feedback. </p> 1999 2000<p> Specify one of the following forms: </p> 2001 2002<dl> 2003 2004<dt> <b><i>number</i> </b> </dt> 2005 2006<dt> <b><i>number</i> / <i>number</i> </b> </dt> 2007 2008<dd> Constant feedback. The value must be in the range 0..1 2009inclusive. The default setting of "1" is compatible with Postfix 2010versions before 2.5, where a destination's delivery concurrency 2011doubles after each successful pseudo-cohort. </dd> 2012 2013<dt> <b><i>number</i> / concurrency </b> </dt> 2014 2015<dd> Variable feedback of "<i>number</i> / (delivery concurrency)". 2016The <i>number</i> must be in the range 0..1 inclusive. With 2017<i>number</i> equal to "1", a destination's delivery concurrency 2018is incremented by 1 after each successful pseudo-cohort. </dd> 2019 2020</dl> 2021 2022<p> A pseudo-cohort is the number of deliveries equal to a destination's 2023delivery concurrency. </p> 2024 2025<p> Use <a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a> 2026to specify a transport-specific override, where <i>transport</i> 2027is the <a href="master.5.html">master.cf</a> name of the message delivery transport. </p> 2028 2029<p> This feature is available in Postfix 2.5 and later. </p> 2030 2031 2032</DD> 2033 2034<DT><b><a name="default_destination_rate_delay">default_destination_rate_delay</a> 2035(default: 0s)</b></DT><DD> 2036 2037<p> The default amount of delay that is inserted between individual 2038deliveries to the same destination; the resulting behavior depends 2039on the value of the corresponding per-destination recipient limit. 2040</p> 2041 2042<ul> 2043 2044<li> <p> With a corresponding per-destination recipient limit > 20451, the rate delay specifies the time between deliveries to the 2046<i>same domain</i>. Different domains are delivered in parallel, 2047subject to the process limits specified in <a href="master.5.html">master.cf</a>. </p> 2048 2049<li> <p> With a corresponding per-destination recipient limit equal 2050to 1, the rate delay specifies the time between deliveries to the 2051<i>same recipient</i>. Different recipients are delivered in 2052parallel, subject to the process limits specified in <a href="master.5.html">master.cf</a>. 2053</p> 2054 2055</ul> 2056 2057<p> To enable the delay, specify a non-zero time value (an integral 2058value plus an optional one-letter suffix that specifies the time 2059unit). </p> 2060 2061<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 2062(weeks). The default time unit is s (seconds). </p> 2063 2064<p> NOTE: the delay is enforced by the queue manager. The delay 2065timer state does not survive "<b>postfix reload</b>" or "<b>postfix 2066stop</b>". 2067</p> 2068 2069<p> Use <a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> to specify a 2070transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2071name of the message delivery transport. 2072</p> 2073 2074<p> NOTE: with a non-zero _destination_rate_delay, specify a 2075<a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> of 10 2076or more to prevent Postfix from deferring all mail for the same 2077destination after only one connection or handshake error. </p> 2078 2079<p> This feature is available in Postfix 2.5 and later. </p> 2080 2081 2082</DD> 2083 2084<DT><b><a name="default_destination_recipient_limit">default_destination_recipient_limit</a> 2085(default: 50)</b></DT><DD> 2086 2087<p> 2088The default maximal number of recipients per message delivery. 2089This is the default limit for delivery via the <a href="lmtp.8.html">lmtp(8)</a>, <a href="pipe.8.html">pipe(8)</a>, 2090<a href="smtp.8.html">smtp(8)</a> and <a href="virtual.8.html">virtual(8)</a> delivery agents. 2091</p> 2092 2093<p> Setting this parameter to a value of 1 affects email deliveries 2094as follows:</p> 2095 2096<ul> 2097 2098<li> <p> It changes the meaning of the corresponding per-destination 2099concurrency limit, from concurrency of deliveries to the <i>same 2100domain</i> into concurrency of deliveries to the <i>same recipient</i>. 2101Different recipients are delivered in parallel, subject to the 2102process limits specified in <a href="master.5.html">master.cf</a>. </p> 2103 2104<li> <p> It changes the meaning of the corresponding per-destination 2105rate delay, from the delay between deliveries to the <i>same 2106domain</i> into the delay between deliveries to the <i>same 2107recipient</i>. Again, different recipients are delivered in parallel, 2108subject to the process limits specified in <a href="master.5.html">master.cf</a>. </p> 2109 2110<li> <p> It changes the meaning of other corresponding per-destination 2111settings in a similar manner, from settings for delivery to the 2112<i>same domain</i> into settings for delivery to the <i>same 2113recipient</i>. 2114 2115</ul> 2116 2117<p> Use <a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> to specify a 2118transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2119name of the message delivery transport. 2120</p> 2121 2122 2123</DD> 2124 2125<DT><b><a name="default_extra_recipient_limit">default_extra_recipient_limit</a> 2126(default: 1000)</b></DT><DD> 2127 2128<p> 2129The default value for the extra per-transport limit imposed on the 2130number of in-memory recipients. This extra recipient space is 2131reserved for the cases when the Postfix queue manager's scheduler 2132preempts one message with another and suddenly needs some extra 2133recipients slots for the chosen message in order to avoid performance 2134degradation. 2135</p> 2136 2137<p> Use <a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> to specify a 2138transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2139name of the message delivery transport. 2140</p> 2141 2142 2143</DD> 2144 2145<DT><b><a name="default_filter_nexthop">default_filter_nexthop</a> 2146(default: empty)</b></DT><DD> 2147 2148<p> When a <a href="postconf.5.html#content_filter">content_filter</a> or FILTER request specifies no explicit 2149next-hop destination, use $<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> instead; when 2150that value is empty, use the domain in the recipient address. 2151Specify "<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility 2152with Postfix version 2.6 and earlier, or specify an explicit next-hop 2153destination with each <a href="postconf.5.html#content_filter">content_filter</a> value or FILTER action. </p> 2154 2155<p> This feature is available in Postfix 2.7 and later. </p> 2156 2157 2158</DD> 2159 2160<DT><b><a name="default_minimum_delivery_slots">default_minimum_delivery_slots</a> 2161(default: 3)</b></DT><DD> 2162 2163<p> 2164How many recipients a message must have in order to invoke the 2165Postfix queue manager's scheduling algorithm at all. Messages 2166which would never accumulate at least this many delivery slots 2167(subject to slot cost parameter as well) are never preempted. 2168</p> 2169 2170<p> Use <a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> to specify a 2171transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2172name of the message delivery transport. 2173</p> 2174 2175 2176</DD> 2177 2178<DT><b><a name="default_privs">default_privs</a> 2179(default: nobody)</b></DT><DD> 2180 2181<p> 2182The default rights used by the <a href="local.8.html">local(8)</a> delivery agent for delivery 2183to external file or command. These rights are used when delivery 2184is requested from an <a href="aliases.5.html">aliases(5)</a> file that is owned by <b>root</b>, or 2185when delivery is done on behalf of <b>root</b>. <b>DO NOT SPECIFY A 2186PRIVILEGED USER OR THE POSTFIX OWNER</b>. 2187</p> 2188 2189 2190</DD> 2191 2192<DT><b><a name="default_process_limit">default_process_limit</a> 2193(default: 100)</b></DT><DD> 2194 2195<p> 2196The default maximal number of Postfix child processes that provide 2197a given service. This limit can be overruled for specific services 2198in the <a href="master.5.html">master.cf</a> file. 2199</p> 2200 2201 2202</DD> 2203 2204<DT><b><a name="default_rbl_reply">default_rbl_reply</a> 2205(default: see "postconf -d" output)</b></DT><DD> 2206 2207<p> 2208The default Postfix SMTP server response template for a request that is 2209rejected by an RBL-based restriction. This template can be overruled 2210by specific entries in the optional <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> lookup table. 2211</p> 2212 2213<p> 2214This feature is available in Postfix 2.0 and later. 2215</p> 2216 2217<p> 2218The template is subject to exactly one level of $name substitution: 2219</p> 2220 2221<dl> 2222 2223<dt><b>$client</b></dt> 2224 2225<dd>The client hostname and IP address, formatted as name[address]. </dd> 2226 2227<dt><b>$client_address</b></dt> 2228 2229<dd>The client IP address. </dd> 2230 2231<dt><b>$client_name</b></dt> 2232 2233<dd>The client hostname or "unknown". See <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> 2234for more details. </dd> 2235 2236<dt><b>$reverse_client_name</b></dt> 2237 2238<dd>The client hostname from address->name lookup, or "unknown". 2239See <a href="postconf.5.html#reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a> for more details. </dd> 2240 2241<dt><b>$helo_name</b></dt> 2242 2243<dd>The hostname given in HELO or EHLO command or empty string. </dd> 2244 2245<dt><b>$rbl_class</b></dt> 2246 2247<dd>The blacklisted entity type: Client host, Helo command, Sender 2248address, or Recipient address. </dd> 2249 2250<dt><b>$rbl_code</b></dt> 2251 2252<dd>The numerical SMTP response code, as specified with the 2253<a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> configuration parameter. Note: The numerical 2254SMTP response code is required, and must appear at the start of the 2255reply. With Postfix version 2.3 and later this information may be followed 2256by an <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> enhanced status code. </dd> 2257 2258<dt><b>$rbl_domain</b></dt> 2259 2260<dd>The RBL domain where $rbl_what is blacklisted. </dd> 2261 2262<dt><b>$rbl_reason</b></dt> 2263 2264<dd>The reason why $rbl_what is blacklisted, or an empty string. </dd> 2265 2266<dt><b>$rbl_what</b></dt> 2267 2268<dd>The entity that is blacklisted (an IP address, a hostname, a domain 2269name, or an email address whose domain was blacklisted). </dd> 2270 2271<dt><b>$recipient</b></dt> 2272 2273<dd>The recipient address or <> in case of the null address. </dd> 2274 2275<dt><b>$recipient_domain</b></dt> 2276 2277<dd>The recipient domain or empty string. </dd> 2278 2279<dt><b>$recipient_name</b></dt> 2280 2281<dd>The recipient address localpart or <> in case of null address. </dd> 2282 2283<dt><b>$sender</b></dt> 2284 2285<dd>The sender address or <> in case of the null address. </dd> 2286 2287<dt><b>$sender_domain</b></dt> 2288 2289<dd>The sender domain or empty string. </dd> 2290 2291<dt><b>$sender_name</b></dt> 2292 2293<dd>The sender address localpart or <> in case of the null address. </dd> 2294 2295<dt><b>${name?text}</b></dt> 2296 2297<dd>Expands to `text' if $name is not empty. </dd> 2298 2299<dt><b>${name:text}</b></dt> 2300 2301<dd>Expands to `text' if $name is empty. </dd> 2302 2303</dl> 2304 2305<p> 2306Instead of $name you can also specify ${name} or $(name). 2307</p> 2308 2309<p> Note: when an enhanced status code is specified in an RBL reply 2310template, it is subject to modification. The following transformations 2311are needed when the same RBL reply template is used for client, 2312helo, sender, or recipient access restrictions. </p> 2313 2314<ul> 2315 2316<li> <p> When rejecting a sender address, the Postfix SMTP server 2317will transform a recipient DSN status (e.g., 4.1.1-4.1.6) into the 2318corresponding sender DSN status, and vice versa. </p> 2319 2320<li> <p> When rejecting non-address information (such as the HELO 2321command argument or the client hostname/address), the Postfix SMTP 2322server will transform a sender or recipient DSN status into a generic 2323non-address DSN status (e.g., 4.0.0). </p> 2324 2325</ul> 2326 2327 2328</DD> 2329 2330<DT><b><a name="default_recipient_limit">default_recipient_limit</a> 2331(default: 20000)</b></DT><DD> 2332 2333<p> 2334The default per-transport upper limit on the number of in-memory 2335recipients. These limits take priority over the global 2336<a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> after the message has been assigned 2337to the respective transports. See also <a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a> 2338and <a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a>. 2339</p> 2340 2341<p> Use <a href="postconf.5.html#transport_recipient_limit"><i>transport</i>_recipient_limit</a> to specify a 2342transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2343name of the message delivery transport. 2344</p> 2345 2346 2347</DD> 2348 2349<DT><b><a name="default_recipient_refill_delay">default_recipient_refill_delay</a> 2350(default: 5s)</b></DT><DD> 2351 2352<p> 2353The default per-transport maximum delay between recipients refills. 2354When not all message recipients fit into the memory at once, keep loading 2355more of them at least once every this many seconds. This is used to 2356make sure the recipients are refilled in timely manner even when 2357$<a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a> is too high for too slow deliveries. 2358</p> 2359 2360<p> Use <a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a> to specify a 2361transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2362name of the message delivery transport. 2363</p> 2364 2365<p> This feature is available in Postfix 2.4 and later. </p> 2366 2367 2368</DD> 2369 2370<DT><b><a name="default_recipient_refill_limit">default_recipient_refill_limit</a> 2371(default: 100)</b></DT><DD> 2372 2373<p> 2374The default per-transport limit on the number of recipients refilled at 2375once. When not all message recipients fit into the memory at once, keep 2376loading more of them in batches of at least this many at a time. See also 2377$<a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>, which may result in recipient batches 2378lower than this when this limit is too high for too slow deliveries. 2379</p> 2380 2381<p> Use <a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a> to specify a 2382transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2383name of the message delivery transport. 2384</p> 2385 2386<p> This feature is available in Postfix 2.4 and later. </p> 2387 2388 2389</DD> 2390 2391<DT><b><a name="default_transport">default_transport</a> 2392(default: smtp)</b></DT><DD> 2393 2394<p> 2395The default mail delivery transport and next-hop destination for 2396destinations that do not match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, 2397$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, 2398or $<a href="postconf.5.html#relay_domains">relay_domains</a>. This information can be overruled with the 2399<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter and with the 2400<a href="transport.5.html">transport(5)</a> table. </p> 2401 2402<p> 2403In order of decreasing precedence, the nexthop destination is taken 2404from $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, $<a href="postconf.5.html#default_transport">default_transport</a>, 2405$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>, or from the recipient 2406domain. 2407</p> 2408 2409<p> 2410Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 2411is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>. 2412The <i>:nexthop</i> destination is optional; its syntax is documented 2413in the manual page of the corresponding delivery agent. 2414</p> 2415 2416<p> 2417Example: 2418</p> 2419 2420<pre> 2421<a href="postconf.5.html#default_transport">default_transport</a> = uucp:relayhostname 2422</pre> 2423 2424 2425</DD> 2426 2427<DT><b><a name="default_verp_delimiters">default_verp_delimiters</a> 2428(default: +=)</b></DT><DD> 2429 2430<p> The two default VERP delimiter characters. These are used when 2431no explicit delimiters are specified with the SMTP XVERP command 2432or with the "<b>sendmail -V</b>" command-line option. Specify 2433characters that are allowed by the <a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> setting. 2434</p> 2435 2436<p> 2437This feature is available in Postfix 1.1 and later. 2438</p> 2439 2440 2441</DD> 2442 2443<DT><b><a name="defer_code">defer_code</a> 2444(default: 450)</b></DT><DD> 2445 2446<p> 2447The numerical Postfix SMTP server response code when a remote SMTP 2448client request is rejected by the "defer" restriction. 2449</p> 2450 2451<p> 2452Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 2453</p> 2454 2455 2456</DD> 2457 2458<DT><b><a name="defer_service_name">defer_service_name</a> 2459(default: defer)</b></DT><DD> 2460 2461<p> 2462The name of the defer service. This service is implemented by the 2463<a href="bounce.8.html">bounce(8)</a> daemon and maintains a record 2464of failed delivery attempts and generates non-delivery notifications. 2465</p> 2466 2467<p> 2468This feature is available in Postfix 2.0 and later. 2469</p> 2470 2471 2472</DD> 2473 2474<DT><b><a name="defer_transports">defer_transports</a> 2475(default: empty)</b></DT><DD> 2476 2477<p> 2478The names of message delivery transports that should not deliver mail 2479unless someone issues "<b>sendmail -q</b>" or equivalent. Specify zero 2480or more names of mail delivery transports names that appear in the 2481first field of <a href="master.5.html">master.cf</a>. 2482</p> 2483 2484<p> 2485Example: 2486</p> 2487 2488<pre> 2489<a href="postconf.5.html#defer_transports">defer_transports</a> = smtp 2490</pre> 2491 2492 2493</DD> 2494 2495<DT><b><a name="delay_logging_resolution_limit">delay_logging_resolution_limit</a> 2496(default: 2)</b></DT><DD> 2497 2498<p> The maximal number of digits after the decimal point when logging 2499sub-second delay values. Specify a number in the range 0..6. </p> 2500 2501<p> Large delay values are rounded off to an integral number seconds; 2502delay values below the <a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> are logged 2503as "0", and small delay values are logged with at most two-digit 2504precision. </p> 2505 2506<p> The format of the "delays=a/b/c/d" logging is as follows: </p> 2507 2508<ul> 2509 2510<li> a = time from message arrival to last <a href="QSHAPE_README.html#active_queue">active queue</a> entry 2511 2512<li> b = time from last <a href="QSHAPE_README.html#active_queue">active queue</a> entry to connection setup 2513 2514<li> c = time in connection setup, including DNS, EHLO and STARTTLS 2515 2516<li> d = time in message transmission 2517 2518</ul> 2519 2520<p> This feature is available in Postfix 2.3 and later. </p> 2521 2522 2523</DD> 2524 2525<DT><b><a name="delay_notice_recipient">delay_notice_recipient</a> 2526(default: postmaster)</b></DT><DD> 2527 2528<p> 2529The recipient of postmaster notifications with the message headers 2530of mail that cannot be delivered within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a> time 2531units. </p> 2532 2533<p> 2534See also: <a href="postconf.5.html#delay_warning_time">delay_warning_time</a>, <a href="postconf.5.html#notify_classes">notify_classes</a>. 2535</p> 2536 2537 2538</DD> 2539 2540<DT><b><a name="delay_warning_time">delay_warning_time</a> 2541(default: 0h)</b></DT><DD> 2542 2543<p> 2544The time after which the sender receives a copy of the message 2545headers of mail that is still queued. 2546</p> 2547 2548<p> 2549To enable this feature, specify a non-zero time value (an integral 2550value plus an optional one-letter suffix that specifies the time 2551unit). 2552</p> 2553 2554<p> 2555Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2556The default time unit is h (hours). 2557</p> 2558 2559<p> 2560See also: <a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a>, <a href="postconf.5.html#notify_classes">notify_classes</a>. 2561</p> 2562 2563 2564</DD> 2565 2566<DT><b><a name="deliver_lock_attempts">deliver_lock_attempts</a> 2567(default: 20)</b></DT><DD> 2568 2569<p> 2570The maximal number of attempts to acquire an exclusive lock on a 2571mailbox file or <a href="bounce.8.html">bounce(8)</a> logfile. 2572</p> 2573 2574 2575</DD> 2576 2577<DT><b><a name="deliver_lock_delay">deliver_lock_delay</a> 2578(default: 1s)</b></DT><DD> 2579 2580<p> 2581The time between attempts to acquire an exclusive lock on a mailbox 2582file or <a href="bounce.8.html">bounce(8)</a> logfile. 2583</p> 2584 2585<p> 2586Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2587The default time unit is s (seconds). 2588</p> 2589 2590 2591</DD> 2592 2593<DT><b><a name="destination_concurrency_feedback_debug">destination_concurrency_feedback_debug</a> 2594(default: no)</b></DT><DD> 2595 2596<p> Make the queue manager's feedback algorithm verbose for performance 2597analysis purposes. </p> 2598 2599<p> This feature is available in Postfix 2.5 and later. </p> 2600 2601 2602</DD> 2603 2604<DT><b><a name="detect_8bit_encoding_header">detect_8bit_encoding_header</a> 2605(default: yes)</b></DT><DD> 2606 2607<p> Automatically detect 8BITMIME body content by looking at 2608Content-Transfer-Encoding: message headers; historically, this 2609behavior was hard-coded to be "always on". </p> 2610 2611<p> This feature is available in Postfix 2.5 and later. </p> 2612 2613 2614</DD> 2615 2616<DT><b><a name="disable_dns_lookups">disable_dns_lookups</a> 2617(default: no)</b></DT><DD> 2618 2619<p> 2620Disable DNS lookups in the Postfix SMTP and LMTP clients. When 2621disabled, hosts are looked up with the getaddrinfo() system 2622library routine which normally also looks in /etc/hosts. As of 2623Postfix 2.11, this parameter is deprecated; use <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> 2624instead. 2625</p> 2626 2627<p> 2628DNS lookups are enabled by default. 2629</p> 2630 2631 2632</DD> 2633 2634<DT><b><a name="disable_mime_input_processing">disable_mime_input_processing</a> 2635(default: no)</b></DT><DD> 2636 2637<p> 2638Turn off MIME processing while receiving mail. This means that no 2639special treatment is given to Content-Type: message headers, and 2640that all text after the initial message headers is considered to 2641be part of the message body. 2642</p> 2643 2644<p> 2645This feature is available in Postfix 2.0 and later. 2646</p> 2647 2648<p> 2649Mime input processing is enabled by default, and is needed in order 2650to recognize MIME headers in message content. 2651</p> 2652 2653 2654</DD> 2655 2656<DT><b><a name="disable_mime_output_conversion">disable_mime_output_conversion</a> 2657(default: no)</b></DT><DD> 2658 2659<p> 2660Disable the conversion of 8BITMIME format to 7BIT format. Mime 2661output conversion is needed when the destination does not advertise 26628BITMIME support. 2663</p> 2664 2665<p> 2666This feature is available in Postfix 2.0 and later. 2667</p> 2668 2669 2670</DD> 2671 2672<DT><b><a name="disable_verp_bounces">disable_verp_bounces</a> 2673(default: no)</b></DT><DD> 2674 2675<p> 2676Disable sending one bounce report per recipient. 2677</p> 2678 2679<p> 2680The default, one per recipient, is what ezmlm needs. 2681</p> 2682 2683<p> 2684This feature is available in Postfix 1.1 and later. 2685</p> 2686 2687 2688</DD> 2689 2690<DT><b><a name="disable_vrfy_command">disable_vrfy_command</a> 2691(default: no)</b></DT><DD> 2692 2693<p> 2694Disable the SMTP VRFY command. This stops some techniques used to 2695harvest email addresses. 2696</p> 2697 2698<p> 2699Example: 2700</p> 2701 2702<pre> 2703<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> = no 2704</pre> 2705 2706 2707</DD> 2708 2709<DT><b><a name="dnsblog_reply_delay">dnsblog_reply_delay</a> 2710(default: 0s)</b></DT><DD> 2711 2712<p> A debugging aid to artificially delay DNS responses. </p> 2713 2714<p> This feature is available in Postfix 2.8. </p> 2715 2716 2717</DD> 2718 2719<DT><b><a name="dnsblog_service_name">dnsblog_service_name</a> 2720(default: dnsblog)</b></DT><DD> 2721 2722<p> The name of the <a href="dnsblog.8.html">dnsblog(8)</a> service entry in <a href="master.5.html">master.cf</a>. This 2723service performs DNS white/blacklist lookups. </p> 2724 2725<p> This feature is available in Postfix 2.8 and later. </p> 2726 2727 2728</DD> 2729 2730<DT><b><a name="dont_remove">dont_remove</a> 2731(default: 0)</b></DT><DD> 2732 2733<p> 2734Don't remove queue files and save them to the "saved" mail queue. 2735This is a debugging aid. To inspect the envelope information and 2736content of a Postfix queue file, use the <a href="postcat.1.html">postcat(1)</a> command. 2737</p> 2738 2739 2740</DD> 2741 2742<DT><b><a name="double_bounce_sender">double_bounce_sender</a> 2743(default: double-bounce)</b></DT><DD> 2744 2745<p> The sender address of postmaster notifications that are generated 2746by the mail system. All mail to this address is silently discarded, 2747in order to terminate mail bounce loops. </p> 2748 2749 2750</DD> 2751 2752<DT><b><a name="duplicate_filter_limit">duplicate_filter_limit</a> 2753(default: 1000)</b></DT><DD> 2754 2755<p> The maximal number of addresses remembered by the address 2756duplicate filter for <a href="aliases.5.html">aliases(5)</a> or <a href="virtual.5.html">virtual(5)</a> alias expansion, or 2757for <a href="showq.8.html">showq(8)</a> queue displays. </p> 2758 2759 2760</DD> 2761 2762<DT><b><a name="empty_address_default_transport_maps_lookup_key">empty_address_default_transport_maps_lookup_key</a> 2763(default: <>)</b></DT><DD> 2764 2765<p> The <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> search string that 2766will be used instead of the null sender address. </p> 2767 2768<p> This feature is available in Postfix 2.7 and later. </p> 2769 2770 2771</DD> 2772 2773<DT><b><a name="empty_address_recipient">empty_address_recipient</a> 2774(default: MAILER-DAEMON)</b></DT><DD> 2775 2776<p> 2777The recipient of mail addressed to the null address. Postfix does 2778not accept such addresses in SMTP commands, but they may still be 2779created locally as the result of configuration or software error. 2780</p> 2781 2782 2783</DD> 2784 2785<DT><b><a name="empty_address_relayhost_maps_lookup_key">empty_address_relayhost_maps_lookup_key</a> 2786(default: <>)</b></DT><DD> 2787 2788<p> The <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> search string that will be 2789used instead of the null sender address. </p> 2790 2791<p> This feature is available in Postfix 2.5 and later. With 2792earlier versions, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> lookups were 2793skipped for the null sender address. </p> 2794 2795 2796</DD> 2797 2798<DT><b><a name="enable_errors_to">enable_errors_to</a> 2799(default: no)</b></DT><DD> 2800 2801<p> Report mail delivery errors to the address specified with the 2802non-standard Errors-To: message header, instead of the envelope 2803sender address (this feature is removed with Postfix version 2.2, is 2804turned off by default with Postfix version 2.1, and is always turned on 2805with older Postfix versions). </p> 2806 2807 2808</DD> 2809 2810<DT><b><a name="enable_long_queue_ids">enable_long_queue_ids</a> 2811(default: no)</b></DT><DD> 2812 2813<p> Enable long, non-repeating, queue IDs (queue file names). The 2814benefit of non-repeating names is simpler logfile analysis and 2815easier queue migration (there is no need to run "postsuper" to 2816change queue file names that don't match their message file inode 2817number). </p> 2818 2819<p> Note: see below for how to convert long queue file names to 2820Postfix ≤ 2.8. </p> 2821 2822<p> Changing the parameter value to "yes" has the following effects: 2823</p> 2824 2825<ul> 2826 2827<li> <p> Existing queue file names are not affected. </p> 2828 2829<li> <p> New queue files are created with names such as 3Pt2mN2VXxznjll. 2830These are encoded in a 52-character alphabet that contains digits 2831(0-9), upper-case letters (B-Z) and lower-case letters (b-z). For 2832safety reasons the vowels (AEIOUaeiou) are excluded from the alphabet. 2833The name format is: 6 or more characters for the time in seconds, 28344 characters for the time in microseconds, the 'z'; the remainder 2835is the file inode number encoded in the first 51 characters of the 283652-character alphabet. </p> 2837 2838<li> <p> New messages have a Message-ID header with 2839<i>queueID</i>@<i><a href="postconf.5.html#myhostname">myhostname</a></i>. </p> 2840 2841<li> <p> The mailq (postqueue -p) output has a wider Queue ID column. 2842The number of whitespace-separated fields is not changed. <p> 2843 2844<li> <p> The <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> algorithm uses the first characters 2845of the queue file creation time in microseconds, after conversion 2846into hexadecimal representation. This produces the same queue hashing 2847behavior as if the queue file name was created with "<a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> 2848= no". </p> 2849 2850</ul> 2851 2852<p> Changing the parameter value to "no" has the following effects: 2853</p> 2854 2855<ul> 2856 2857<li> <p> Existing long queue file names are renamed to the short 2858form (while running "postfix reload" or "postsuper"). </p> 2859 2860<li> <p> New queue files are created with names such as C3CD21F3E90 2861from a hexadecimal alphabet that contains digits (0-9) and upper-case 2862letters (A-F). The name format is: 5 characters for the time in 2863microseconds; the remainder is the file inode number. </p> 2864 2865<li> <p> New messages have a Message-ID header with 2866<i>YYYYMMDDHHMMSS.queueid</i>@<i><a href="postconf.5.html#myhostname">myhostname</a></i>, where 2867<i>YYYYMMDDHHMMSS</i> are the year, month, day, hour, minute and 2868second. 2869 2870<li> <p> The mailq (postqueue -p) output has the same format as 2871with Postfix ≤ 2.8. <p> 2872 2873<li> <p> The <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> algorithm uses the first characters 2874of the queue file name, with the hexadecimal representation of the 2875file creation time in microseconds. </p> 2876 2877</ul> 2878 2879<p> Before migration to Postfix ≤ 2.8, the following commands 2880are required to convert long queue file names into short names: </p> 2881 2882<pre> 2883# postfix stop 2884# postconf <a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a>=no 2885# postsuper 2886</pre> 2887 2888<p> Repeat the postsuper command until it reports no more queue file 2889name changes. </p> 2890 2891<p> This feature is available in Postfix 2.9 and later. </p> 2892 2893 2894</DD> 2895 2896<DT><b><a name="enable_original_recipient">enable_original_recipient</a> 2897(default: yes)</b></DT><DD> 2898 2899<p> Enable support for the X-Original-To message header. This header 2900is needed for multi-recipient mailboxes. </p> 2901 2902<p> When this parameter is set to yes, the <a href="cleanup.8.html">cleanup(8)</a> daemon performs 2903duplicate elimination on distinct pairs of (original recipient, 2904rewritten recipient), and generates non-empty original recipient 2905queue file records. </p> 2906 2907<p> When this parameter is set to no, the <a href="cleanup.8.html">cleanup(8)</a> daemon performs 2908duplicate elimination on the rewritten recipient address only, and 2909generates empty original recipient queue file records. </p> 2910 2911<p> This feature is available in Postfix 2.1 and later. With Postfix 2912version 2.0, support for the X-Original-To message header is always turned 2913on. Postfix versions before 2.0 have no support for the X-Original-To 2914message header. </p> 2915 2916 2917</DD> 2918 2919<DT><b><a name="error_notice_recipient">error_notice_recipient</a> 2920(default: postmaster)</b></DT><DD> 2921 2922<p> The recipient of postmaster notifications about mail delivery 2923problems that are caused by policy, resource, software or protocol 2924errors. These notifications are enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a> 2925parameter. </p> 2926 2927 2928</DD> 2929 2930<DT><b><a name="error_service_name">error_service_name</a> 2931(default: error)</b></DT><DD> 2932 2933<p> 2934The name of the <a href="error.8.html">error(8)</a> pseudo delivery agent. This service always 2935returns mail as undeliverable. 2936</p> 2937 2938<p> 2939This feature is available in Postfix 2.0 and later. 2940</p> 2941 2942 2943</DD> 2944 2945<DT><b><a name="execution_directory_expansion_filter">execution_directory_expansion_filter</a> 2946(default: see "postconf -d" output)</b></DT><DD> 2947 2948<p> Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows 2949in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>. Characters 2950outside the allowed set are replaced by underscores. </p> 2951 2952<p> This feature is available in Postfix 2.2 and later. </p> 2953 2954 2955</DD> 2956 2957<DT><b><a name="expand_owner_alias">expand_owner_alias</a> 2958(default: no)</b></DT><DD> 2959 2960<p> 2961When delivering to an alias "aliasname" that has an "owner-aliasname" 2962companion alias, set the envelope sender address to the expansion 2963of the "owner-aliasname" alias. Normally, Postfix sets the envelope 2964sender address to the name of the "owner-aliasname" alias. 2965</p> 2966 2967 2968</DD> 2969 2970<DT><b><a name="export_environment">export_environment</a> 2971(default: see "postconf -d" output)</b></DT><DD> 2972 2973<p> 2974The list of environment variables that a Postfix process will export 2975to non-Postfix processes. The TZ variable is needed for sane 2976time keeping on System-V-ish systems. 2977</p> 2978 2979<p> 2980Specify a list of names and/or name=value pairs, separated by 2981whitespace or comma. The name=value form is supported with 2982Postfix version 2.1 and later. 2983</p> 2984 2985<p> 2986Example: 2987</p> 2988 2989<pre> 2990<a href="postconf.5.html#export_environment">export_environment</a> = TZ PATH=/bin:/usr/bin 2991</pre> 2992 2993 2994</DD> 2995 2996<DT><b><a name="extract_recipient_limit">extract_recipient_limit</a> 2997(default: 10240)</b></DT><DD> 2998 2999<p> 3000The maximal number of recipient addresses that Postfix will extract 3001from message headers when mail is submitted with "<b>sendmail -t</b>". 3002</p> 3003 3004<p> 3005This feature was removed in Postfix version 2.1. 3006</p> 3007 3008 3009</DD> 3010 3011<DT><b><a name="fallback_relay">fallback_relay</a> 3012(default: empty)</b></DT><DD> 3013 3014<p> 3015Optional list of relay hosts for SMTP destinations that can't be 3016found or that are unreachable. With Postfix 2.3 this parameter 3017is renamed to <a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a>. </p> 3018 3019<p> 3020By default, mail is returned to the sender when a destination is 3021not found, and delivery is deferred when a destination is unreachable. 3022</p> 3023 3024<p> The fallback relays must be SMTP destinations. Specify a domain, 3025host, host:port, [host]:port, [address] or [address]:port; the form 3026[host] turns off MX lookups. If you specify multiple SMTP 3027destinations, Postfix will try them in the specified order. </p> 3028 3029<p> Note: before Postfix 2.2, do not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature 3030when relaying mail 3031for a backup or primary MX domain. Mail would loop between the 3032Postfix MX host and the <a href="postconf.5.html#fallback_relay">fallback_relay</a> host when the final destination 3033is unavailable. </p> 3034 3035<ul> 3036 3037<li> In <a href="postconf.5.html">main.cf</a> specify "<a href="postconf.5.html#relay_transport">relay_transport</a> = relay", 3038 3039<li> In <a href="master.5.html">master.cf</a> specify "-o <a href="postconf.5.html#fallback_relay">fallback_relay</a> =" (i.e., empty) at 3040the end of the <tt>relay</tt> entry. 3041 3042<li> In transport maps, specify "relay:<i>nexthop...</i>" 3043as the right-hand side for backup or primary MX domain entries. 3044 3045</ul> 3046 3047<p> Postfix version 2.2 and later will not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature 3048for destinations that it is MX host for. 3049</p> 3050 3051 3052</DD> 3053 3054<DT><b><a name="fallback_transport">fallback_transport</a> 3055(default: empty)</b></DT><DD> 3056 3057<p> 3058Optional message delivery transport that the <a href="local.8.html">local(8)</a> delivery 3059agent should use for names that are not found in the <a href="aliases.5.html">aliases(5)</a> 3060or UNIX password database. 3061</p> 3062 3063<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 3064is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 3065<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 3066<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 3067 3068 3069</DD> 3070 3071<DT><b><a name="fallback_transport_maps">fallback_transport_maps</a> 3072(default: empty)</b></DT><DD> 3073 3074<p> Optional lookup tables with per-recipient message delivery 3075transports for recipients that the <a href="local.8.html">local(8)</a> delivery agent could 3076not find in the <a href="aliases.5.html">aliases(5)</a> or UNIX password database. </p> 3077 3078<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 3079is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 3080<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 3081<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 3082 3083<p> For safety reasons, this feature does not allow $number 3084substitutions in regular expression maps. </p> 3085 3086<p> This feature is available in Postfix 2.3 and later. </p> 3087 3088 3089</DD> 3090 3091<DT><b><a name="fast_flush_domains">fast_flush_domains</a> 3092(default: $<a href="postconf.5.html#relay_domains">relay_domains</a>)</b></DT><DD> 3093 3094<p> 3095Optional list of destinations that are eligible for per-destination 3096logfiles with mail that is queued to those destinations. 3097</p> 3098 3099<p> 3100By default, Postfix maintains "fast flush" logfiles only for 3101destinations that the Postfix SMTP server is willing to relay to 3102(i.e. the default is: "<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> = $<a href="postconf.5.html#relay_domains">relay_domains</a>"; see 3103the <a href="postconf.5.html#relay_domains">relay_domains</a> parameter in the <a href="postconf.5.html">postconf(5)</a> manual). 3104</p> 3105 3106<p> Specify a list of hosts or domains, "/file/name" patterns or 3107"<a href="DATABASE_README.html">type:table</a>" lookup tables, separated by commas and/or whitespace. 3108Continue long lines by starting the next line with whitespace. A 3109"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" 3110lookup table is matched when the domain or its parent domain appears 3111as lookup key. </p> 3112 3113<p> 3114Specify "<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> =" (i.e., empty) to disable the feature 3115altogether. 3116</p> 3117 3118 3119</DD> 3120 3121<DT><b><a name="fast_flush_purge_time">fast_flush_purge_time</a> 3122(default: 7d)</b></DT><DD> 3123 3124<p> 3125The time after which an empty per-destination "fast flush" logfile 3126is deleted. 3127</p> 3128 3129<p> 3130You can specify the time as a number, or as a number followed by 3131a letter that indicates the time unit: s=seconds, m=minutes, h=hours, 3132d=days, w=weeks. The default time unit is days. 3133</p> 3134 3135 3136</DD> 3137 3138<DT><b><a name="fast_flush_refresh_time">fast_flush_refresh_time</a> 3139(default: 12h)</b></DT><DD> 3140 3141<p> 3142The time after which a non-empty but unread per-destination "fast 3143flush" logfile needs to be refreshed. The contents of a logfile 3144are refreshed by requesting delivery of all messages listed in the 3145logfile. 3146</p> 3147 3148<p> 3149You can specify the time as a number, or as a number followed by 3150a letter that indicates the time unit: s=seconds, m=minutes, h=hours, 3151d=days, w=weeks. The default time unit is hours. 3152</p> 3153 3154 3155</DD> 3156 3157<DT><b><a name="fault_injection_code">fault_injection_code</a> 3158(default: 0)</b></DT><DD> 3159 3160<p> 3161Force specific internal tests to fail, to test the handling of 3162errors that are difficult to reproduce otherwise. 3163</p> 3164 3165 3166</DD> 3167 3168<DT><b><a name="flush_service_name">flush_service_name</a> 3169(default: flush)</b></DT><DD> 3170 3171<p> 3172The name of the <a href="flush.8.html">flush(8)</a> service. This service maintains per-destination 3173logfiles with the queue file names of mail that is queued for those 3174destinations. 3175</p> 3176 3177<p> 3178This feature is available in Postfix 2.0 and later. 3179</p> 3180 3181 3182</DD> 3183 3184<DT><b><a name="fork_attempts">fork_attempts</a> 3185(default: 5)</b></DT><DD> 3186 3187<p> The maximal number of attempts to fork() a child process. </p> 3188 3189 3190</DD> 3191 3192<DT><b><a name="fork_delay">fork_delay</a> 3193(default: 1s)</b></DT><DD> 3194 3195<p> The delay between attempts to fork() a child process. </p> 3196 3197<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 3198(weeks). The default time unit is s (seconds). </p> 3199 3200 3201</DD> 3202 3203<DT><b><a name="forward_expansion_filter">forward_expansion_filter</a> 3204(default: see "postconf -d" output)</b></DT><DD> 3205 3206<p> 3207Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows in 3208$name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>. Characters outside the 3209allowed set are replaced by underscores. 3210</p> 3211 3212 3213</DD> 3214 3215<DT><b><a name="forward_path">forward_path</a> 3216(default: see "postconf -d" output)</b></DT><DD> 3217 3218<p> The <a href="local.8.html">local(8)</a> delivery agent search list for finding a .forward 3219file with user-specified delivery methods. The first file that is 3220found is used. </p> 3221 3222<p> The following $name expansions are done on <a href="postconf.5.html#forward_path">forward_path</a> before 3223the search actually happens. The result of $name expansion is 3224filtered with the character set that is specified with the 3225<a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> parameter. </p> 3226 3227<dl> 3228 3229<dt><b>$user</b></dt> 3230 3231<dd>The recipient's username. </dd> 3232 3233<dt><b>$shell</b></dt> 3234 3235<dd>The recipient's login shell pathname. </dd> 3236 3237<dt><b>$home</b></dt> 3238 3239<dd>The recipient's home directory. </dd> 3240 3241<dt><b>$recipient</b></dt> 3242 3243<dd>The full recipient address. </dd> 3244 3245<dt><b>$extension</b></dt> 3246 3247<dd>The optional recipient address extension. </dd> 3248 3249<dt><b>$domain</b></dt> 3250 3251<dd>The recipient domain. </dd> 3252 3253<dt><b>$local</b></dt> 3254 3255<dd>The entire recipient localpart. </dd> 3256 3257<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt> 3258 3259<dd>The address extension delimiter that was found in the recipient 3260address (Postfix 2.11 and later), or the system-wide recipient 3261address extension delimiter (Postfix 2.10 and earlier). </dd> 3262 3263<dt><b>${name?value}</b></dt> 3264 3265<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd> 3266 3267<dt><b>${name:value}</b></dt> 3268 3269<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd> 3270 3271</dl> 3272 3273<p> 3274Instead of $name you can also specify ${name} or $(name). 3275</p> 3276 3277<p> 3278Examples: 3279</p> 3280 3281<pre> 3282<a href="postconf.5.html#forward_path">forward_path</a> = /var/forward/$user 3283<a href="postconf.5.html#forward_path">forward_path</a> = 3284 /var/forward/$user/.forward$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>$extension, 3285 /var/forward/$user/.forward 3286</pre> 3287 3288 3289</DD> 3290 3291<DT><b><a name="frozen_delivered_to">frozen_delivered_to</a> 3292(default: yes)</b></DT><DD> 3293 3294<p> Update the <a href="local.8.html">local(8)</a> delivery agent's idea of the Delivered-To: 3295address (see <a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a>) only once, at the start of 3296a delivery attempt; do not update the Delivered-To: address while 3297expanding aliases or .forward files. </p> 3298 3299<p> This feature is available in Postfix 2.3 and later. With older 3300Postfix releases, the behavior is as if this parameter is set to 3301"no". The old setting can be expensive with deeply nested aliases 3302or .forward files. When an alias or .forward file changes the 3303Delivered-To: address, it ties up one queue file and one cleanup 3304process instance while mail is being forwarded. </p> 3305 3306 3307</DD> 3308 3309<DT><b><a name="hash_queue_depth">hash_queue_depth</a> 3310(default: 1)</b></DT><DD> 3311 3312<p> 3313The number of subdirectory levels for queue directories listed with 3314the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> parameter. Queue hashing is implemented by 3315creating one or more levels of directories with one-character names. 3316Originally, these directory names were equal to the first characters 3317of the queue file name, with the hexadecimal representation of the 3318file creation time in microseconds. </p> 3319 3320<p> With long queue file names, queue hashing produces the same 3321results as with short names. The file creation time in microseconds 3322is converted into hexadecimal form before the result is used for 3323queue hashing. The base 16 encoding gives finer control over the 3324number of subdirectories than is possible with the base 52 encoding 3325of long queue file names. </p> 3326 3327<p> 3328After changing the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> or <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> parameter, 3329execute the command "<b>postfix reload</b>". 3330</p> 3331 3332 3333</DD> 3334 3335<DT><b><a name="hash_queue_names">hash_queue_names</a> 3336(default: deferred, defer)</b></DT><DD> 3337 3338<p> 3339The names of queue directories that are split across multiple 3340subdirectory levels. 3341</p> 3342 3343<p> Before Postfix version 2.2, the default list of hashed queues 3344was significantly larger. Claims about improvements in file system 3345technology suggest that hashing of the <a href="QSHAPE_README.html#incoming_queue">incoming</a> and <a href="QSHAPE_README.html#active_queue">active queues</a> 3346is no longer needed. Fewer hashed directories speed up the time 3347needed to restart Postfix. </p> 3348 3349<p> 3350After changing the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> or <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> parameter, 3351execute the command "<b>postfix reload</b>". 3352</p> 3353 3354 3355</DD> 3356 3357<DT><b><a name="header_address_token_limit">header_address_token_limit</a> 3358(default: 10240)</b></DT><DD> 3359 3360<p> 3361The maximal number of address tokens are allowed in an address 3362message header. Information that exceeds the limit is discarded. 3363The limit is enforced by the <a href="cleanup.8.html">cleanup(8)</a> server. 3364</p> 3365 3366 3367</DD> 3368 3369<DT><b><a name="header_checks">header_checks</a> 3370(default: empty)</b></DT><DD> 3371 3372<p> 3373Optional lookup tables for content inspection of primary non-MIME 3374message headers, as specified in the <a href="header_checks.5.html">header_checks(5)</a> manual page. 3375</p> 3376 3377 3378</DD> 3379 3380<DT><b><a name="header_size_limit">header_size_limit</a> 3381(default: 102400)</b></DT><DD> 3382 3383<p> 3384The maximal amount of memory in bytes for storing a message header. 3385If a header is larger, the excess is discarded. The limit is 3386enforced by the <a href="cleanup.8.html">cleanup(8)</a> server. 3387</p> 3388 3389 3390</DD> 3391 3392<DT><b><a name="helpful_warnings">helpful_warnings</a> 3393(default: yes)</b></DT><DD> 3394 3395<p> 3396Log warnings about problematic configuration settings, and provide 3397helpful suggestions. 3398</p> 3399 3400<p> 3401This feature is available in Postfix 2.0 and later. 3402</p> 3403 3404 3405</DD> 3406 3407<DT><b><a name="home_mailbox">home_mailbox</a> 3408(default: empty)</b></DT><DD> 3409 3410<p> 3411Optional pathname of a mailbox file relative to a <a href="local.8.html">local(8)</a> user's 3412home directory. 3413</p> 3414 3415<p> 3416Specify a pathname ending in "/" for qmail-style delivery. 3417</p> 3418 3419<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 3420is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 3421<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 3422<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 3423 3424<p> 3425Examples: 3426</p> 3427 3428<pre> 3429<a href="postconf.5.html#home_mailbox">home_mailbox</a> = Mailbox 3430<a href="postconf.5.html#home_mailbox">home_mailbox</a> = Maildir/ 3431</pre> 3432 3433 3434</DD> 3435 3436<DT><b><a name="hopcount_limit">hopcount_limit</a> 3437(default: 50)</b></DT><DD> 3438 3439<p> 3440The maximal number of Received: message headers that is allowed 3441in the primary message headers. A message that exceeds the limit 3442is bounced, in order to stop a mailer loop. 3443</p> 3444 3445 3446</DD> 3447 3448<DT><b><a name="html_directory">html_directory</a> 3449(default: see "postconf -d" output)</b></DT><DD> 3450 3451<p> 3452The location of Postfix HTML files that describe how to build, 3453configure or operate a specific Postfix subsystem or feature. 3454</p> 3455 3456 3457</DD> 3458 3459<DT><b><a name="ignore_mx_lookup_error">ignore_mx_lookup_error</a> 3460(default: no)</b></DT><DD> 3461 3462<p> Ignore DNS MX lookups that produce no response. By default, 3463the Postfix SMTP client defers delivery and tries again after some 3464delay. This behavior is required by the SMTP standard. </p> 3465 3466<p> 3467Specify "<a href="postconf.5.html#ignore_mx_lookup_error">ignore_mx_lookup_error</a> = yes" to force a DNS A record 3468lookup instead. This violates the SMTP standard and can result in 3469mis-delivery of mail. 3470</p> 3471 3472 3473</DD> 3474 3475<DT><b><a name="import_environment">import_environment</a> 3476(default: see "postconf -d" output)</b></DT><DD> 3477 3478<p> 3479The list of environment parameters that a Postfix process will 3480import from a non-Postfix parent process. Examples of relevant 3481parameters: 3482</p> 3483 3484<dl> 3485 3486<dt><b>TZ</b></dt> 3487 3488<dd>Needed for sane time keeping on most System-V-ish systems. </dd> 3489 3490<dt><b>DISPLAY</b></dt> 3491 3492<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd> 3493 3494<dt><b>XAUTHORITY</b></dt> 3495 3496<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd> 3497 3498<dt><b>MAIL_CONFIG</b></dt> 3499 3500<dd>Needed to make "<b>postfix -c</b>" work. </dd> 3501 3502</dl> 3503 3504<p> Specify a list of names and/or name=value pairs, separated by 3505whitespace or comma. The name=value form is supported with 3506Postfix version 2.1 and later. </p> 3507 3508 3509</DD> 3510 3511<DT><b><a name="in_flow_delay">in_flow_delay</a> 3512(default: 1s)</b></DT><DD> 3513 3514<p> Time to pause before accepting a new message, when the message 3515arrival rate exceeds the message delivery rate. This feature is 3516turned on by default (it's disabled on SCO UNIX due to an SCO bug). 3517</p> 3518 3519<p> 3520With the default 100 Postfix SMTP server process limit, "<a href="postconf.5.html#in_flow_delay">in_flow_delay</a> 3521= 1s" limits the mail inflow to 100 messages per second above the 3522number of messages delivered per second. 3523</p> 3524 3525<p> 3526Specify 0 to disable the feature. Valid delays are 0..10. 3527</p> 3528 3529 3530</DD> 3531 3532<DT><b><a name="inet_interfaces">inet_interfaces</a> 3533(default: all)</b></DT><DD> 3534 3535<p> The network interface addresses that this mail system receives 3536mail on. Specify "all" to receive mail on all network 3537interfaces (default), and "loopback-only" to receive mail 3538on loopback network interfaces only (Postfix version 2.2 and later). The 3539parameter also controls delivery of mail to <tt>user@[ip.address]</tt>. 3540</p> 3541 3542<p> 3543Note 1: you need to stop and start Postfix when this parameter changes. 3544</p> 3545 3546<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 3547but this form is not required here. </p> 3548 3549<p> When <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies just one IPv4 and/or IPv6 address 3550that is not a loopback address, the Postfix SMTP client will use 3551this address as the IP source address for outbound mail. Support 3552for IPv6 is available in Postfix version 2.2 and later. </p> 3553 3554<p> 3555On a multi-homed firewall with separate Postfix instances listening on the 3556"inside" and "outside" interfaces, this can prevent each instance from 3557being able to reach remote SMTP servers on the "other side" of the 3558firewall. Setting 3559<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> to 0.0.0.0 avoids the potential problem for 3560IPv4, and setting <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> to :: solves the problem 3561for IPv6. </p> 3562 3563<p> 3564A better solution for multi-homed firewalls is to leave <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 3565at the default value and instead use explicit IP addresses in 3566the <a href="master.5.html">master.cf</a> SMTP server definitions. This preserves the Postfix 3567SMTP client's 3568loop detection, by ensuring that each side of the firewall knows that the 3569other IP address is still the same host. Setting $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> to a 3570single IPv4 and/or IPV6 address is primarily useful with virtual 3571hosting of domains on 3572secondary IP addresses, when each IP address serves a different domain 3573(and has a different $<a href="postconf.5.html#myhostname">myhostname</a> setting). </p> 3574 3575<p> 3576See also the <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> parameter, for network addresses that 3577are forwarded to Postfix by way of a proxy or address translator. 3578</p> 3579 3580<p> 3581Examples: 3582</p> 3583 3584<pre> 3585<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = all (DEFAULT) 3586<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only (Postfix version 2.2 and later) 3587<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1 3588<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1, [::1] (Postfix version 2.2 and later) 3589<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 192.168.1.2, 127.0.0.1 3590</pre> 3591 3592 3593</DD> 3594 3595<DT><b><a name="inet_protocols">inet_protocols</a> 3596(default: all)</b></DT><DD> 3597 3598<p> The Internet protocols Postfix will attempt to use when making 3599or accepting connections. Specify one or more of "ipv4" 3600or "ipv6", separated by whitespace or commas. The form 3601"all" is equivalent to "ipv4, ipv6" or "ipv4", depending 3602on whether the operating system implements IPv6. </p> 3603 3604<p> With Postfix 2.8 and earlier the default is "ipv4". For backwards 3605compatibility with these releases, the Postfix 2.9 and later upgrade 3606procedure appends an explicit "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4" setting to 3607<a href="postconf.5.html">main.cf</a> when no explicit setting is present. This compatibility 3608workaround will be phased out as IPv6 deployment becomes more common. 3609</p> 3610 3611<p> This feature is available in Postfix 2.2 and later. </p> 3612 3613<p> Note: you MUST stop and start Postfix after changing this 3614parameter. </p> 3615 3616<p> On systems that pre-date IPV6_V6ONLY support (<a href="http://tools.ietf.org/html/rfc3493">RFC 3493</a>), an 3617IPv6 server will also accept IPv4 connections, even when IPv4 is 3618turned off with the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter. On systems with 3619IPV6_V6ONLY support, Postfix will use separate server sockets for 3620IPv6 and IPv4, and each will accept only connections for the 3621corresponding protocol. </p> 3622 3623<p> When IPv4 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter, 3624Postfix will look up DNS type A records, and will convert 3625IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original 3626IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date 3627IPV6_V6ONLY support (<a href="http://tools.ietf.org/html/rfc3493">RFC 3493</a>). </p> 3628 3629<p> When IPv6 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter, 3630Postfix will do DNS type AAAA record lookups. </p> 3631 3632<p> When both IPv4 and IPv6 support are enabled, the Postfix SMTP 3633client will choose the protocol as specified with the 3634<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> parameter. Postfix versions before 2.8 3635attempt to connect via IPv6 before attempting to use IPv4. </p> 3636 3637<p> 3638Examples: 3639</p> 3640 3641<pre> 3642<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4 3643<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all (DEFAULT) 3644<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6 3645<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6 3646</pre> 3647 3648 3649</DD> 3650 3651<DT><b><a name="initial_destination_concurrency">initial_destination_concurrency</a> 3652(default: 5)</b></DT><DD> 3653 3654<p> 3655The initial per-destination concurrency level for parallel delivery 3656to the same destination. 3657With per-destination recipient limit > 1, a destination is a domain, 3658otherwise it is a recipient. 3659</p> 3660 3661<p> Use <a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> to specify 3662a transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 3663name of the message delivery transport (Postfix 2.5 and later). </p> 3664 3665<p> 3666Warning: with concurrency of 1, one bad message can be enough to 3667block all mail to a site. 3668</p> 3669 3670 3671</DD> 3672 3673<DT><b><a name="internal_mail_filter_classes">internal_mail_filter_classes</a> 3674(default: empty)</b></DT><DD> 3675 3676<p> What categories of Postfix-generated mail are subject to 3677before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> 3678and <a href="postconf.5.html#body_checks">body_checks</a>. Specify zero or more of the following, separated 3679by whitespace or comma. </p> 3680 3681<dl> 3682 3683<dt><b>bounce</b></dt> <dd> Inspect the content of delivery 3684status notifications. </dd> 3685 3686<dt><b>notify</b></dt> <dd> Inspect the content of postmaster 3687notifications by the <a href="smtp.8.html">smtp(8)</a> and <a href="smtpd.8.html">smtpd(8)</a> processes. </dd> 3688 3689</dl> 3690 3691<p> NOTE: It's generally not safe to enable content inspection of 3692Postfix-generated email messages. The user is warned. </p> 3693 3694<p> This feature is available in Postfix 2.3 and later. </p> 3695 3696 3697</DD> 3698 3699<DT><b><a name="invalid_hostname_reject_code">invalid_hostname_reject_code</a> 3700(default: 501)</b></DT><DD> 3701 3702<p> 3703The numerical Postfix SMTP server response code when the client 3704HELO or EHLO command parameter is rejected by the <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> 3705restriction. 3706</p> 3707 3708<p> 3709Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 3710</p> 3711 3712 3713</DD> 3714 3715<DT><b><a name="ipc_idle">ipc_idle</a> 3716(default: version dependent)</b></DT><DD> 3717 3718<p> 3719The time after which a client closes an idle internal communication 3720channel. The purpose is to allow Postfix daemon processes to 3721terminate voluntarily after they become idle. This is used, for 3722example, by the Postfix address resolving and rewriting clients. 3723</p> 3724 3725<p> With Postfix 2.4 the default value was reduced from 100s to 5s. </p> 3726 3727<p> 3728Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3729The default time unit is s (seconds). 3730</p> 3731 3732 3733</DD> 3734 3735<DT><b><a name="ipc_timeout">ipc_timeout</a> 3736(default: 3600s)</b></DT><DD> 3737 3738<p> 3739The time limit for sending or receiving information over an internal 3740communication channel. The purpose is to break out of deadlock 3741situations. If the time limit is exceeded the software aborts with a 3742fatal error. 3743</p> 3744 3745<p> 3746Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3747The default time unit is s (seconds). 3748</p> 3749 3750 3751</DD> 3752 3753<DT><b><a name="ipc_ttl">ipc_ttl</a> 3754(default: 1000s)</b></DT><DD> 3755 3756<p> 3757The time after which a client closes an active internal communication 3758channel. The purpose is to allow Postfix daemon processes to 3759terminate voluntarily 3760after reaching their client limit. This is used, for example, by 3761the Postfix address resolving and rewriting clients. 3762</p> 3763 3764<p> 3765Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3766The default time unit is s (seconds). 3767</p> 3768 3769<p> 3770This feature is available in Postfix 2.1 and later. 3771</p> 3772 3773 3774</DD> 3775 3776<DT><b><a name="line_length_limit">line_length_limit</a> 3777(default: 2048)</b></DT><DD> 3778 3779<p> Upon input, long lines are chopped up into pieces of at most 3780this length; upon delivery, long lines are reconstructed. </p> 3781 3782 3783</DD> 3784 3785<DT><b><a name="lmdb_map_size">lmdb_map_size</a> 3786(default: 16777216)</b></DT><DD> 3787 3788<p> 3789The initial OpenLDAP LMDB database size limit in bytes. Each time 3790a database becomes full, its size limit is doubled. 3791</p> 3792 3793<p> 3794This feature is available in Postfix 2.11 and later. 3795</p> 3796 3797 3798</DD> 3799 3800<DT><b><a name="lmtp_address_preference">lmtp_address_preference</a> 3801(default: ipv6)</b></DT><DD> 3802 3803<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> 3804configuration parameter. See there for details. </p> 3805 3806<p> This feature is available in Postfix 2.8 and later. </p> 3807 3808 3809</DD> 3810 3811<DT><b><a name="lmtp_assume_final">lmtp_assume_final</a> 3812(default: no)</b></DT><DD> 3813 3814<p> When a remote LMTP server announces no DSN support, assume that 3815the 3816server performs final delivery, and send "delivered" delivery status 3817notifications instead of "relayed". The default setting is backwards 3818compatible to avoid the infinitesimal possibility of breaking 3819existing LMTP-based content filters. </p> 3820 3821 3822</DD> 3823 3824<DT><b><a name="lmtp_bind_address">lmtp_bind_address</a> 3825(default: empty)</b></DT><DD> 3826 3827<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> configuration 3828parameter. See there for details. </p> 3829 3830<p> This feature is available in Postfix 2.3 and later. </p> 3831 3832 3833</DD> 3834 3835<DT><b><a name="lmtp_bind_address6">lmtp_bind_address6</a> 3836(default: empty)</b></DT><DD> 3837 3838<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> configuration 3839parameter. See there for details. </p> 3840 3841<p> This feature is available in Postfix 2.3 and later. </p> 3842 3843 3844</DD> 3845 3846<DT><b><a name="lmtp_body_checks">lmtp_body_checks</a> 3847(default: empty)</b></DT><DD> 3848 3849<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> configuration 3850parameter. See there for details. </p> 3851 3852<p> This feature is available in Postfix 2.5 and later. </p> 3853 3854 3855</DD> 3856 3857<DT><b><a name="lmtp_cache_connection">lmtp_cache_connection</a> 3858(default: yes)</b></DT><DD> 3859 3860<p> 3861Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a> 3862seconds. When the LMTP client receives a request for the same 3863connection the connection is reused. 3864</p> 3865 3866<p> This parameter is available in Postfix version 2.2 and earlier. 3867With Postfix version 2.3 and later, see <a href="postconf.5.html#lmtp_connection_cache_on_demand">lmtp_connection_cache_on_demand</a>, 3868<a href="postconf.5.html#lmtp_connection_cache_destinations">lmtp_connection_cache_destinations</a>, or <a href="postconf.5.html#lmtp_connection_reuse_time_limit">lmtp_connection_reuse_time_limit</a>. 3869</p> 3870 3871<p> 3872The effectiveness of cached connections will be determined by the 3873number of remote LMTP servers in use, and the concurrency limit specified 3874for the Postfix LMTP client. Cached connections are closed under any of 3875the following conditions: 3876</p> 3877 3878<ul> 3879 3880<li> The Postfix LMTP client idle time limit is reached. This limit is 3881specified with the Postfix <a href="postconf.5.html#max_idle">max_idle</a> configuration parameter. 3882 3883<li> A delivery request specifies a different destination than the 3884one currently cached. 3885 3886<li> The per-process limit on the number of delivery requests is 3887reached. This limit is specified with the Postfix <a href="postconf.5.html#max_use">max_use</a> 3888configuration parameter. 3889 3890<li> Upon the onset of another delivery request, the remote LMTP server 3891associated with the current session does not respond to the RSET 3892command. 3893 3894</ul> 3895 3896<p> 3897Most of these limitations have been with the Postfix 3898a connection cache that is shared among multiple LMTP client 3899programs. 3900</p> 3901 3902 3903</DD> 3904 3905<DT><b><a name="lmtp_cname_overrides_servername">lmtp_cname_overrides_servername</a> 3906(default: yes)</b></DT><DD> 3907 3908<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> 3909configuration parameter. See there for details. </p> 3910 3911<p> This feature is available in Postfix 2.3 and later. </p> 3912 3913 3914</DD> 3915 3916<DT><b><a name="lmtp_connect_timeout">lmtp_connect_timeout</a> 3917(default: 0s)</b></DT><DD> 3918 3919<p> The Postfix LMTP client time limit for completing a TCP connection, or 3920zero (use the operating system built-in time limit). When no 3921connection can be made within the deadline, the LMTP client tries 3922the next address on the mail exchanger list. </p> 3923 3924<p> 3925Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3926The default time unit is s (seconds). 3927</p> 3928 3929<p> 3930Example: 3931</p> 3932 3933<pre> 3934<a href="postconf.5.html#lmtp_connect_timeout">lmtp_connect_timeout</a> = 30s 3935</pre> 3936 3937 3938</DD> 3939 3940<DT><b><a name="lmtp_connection_cache_destinations">lmtp_connection_cache_destinations</a> 3941(default: empty)</b></DT><DD> 3942 3943<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> 3944configuration parameter. See there for details. </p> 3945 3946<p> This feature is available in Postfix 2.3 and later. </p> 3947 3948 3949</DD> 3950 3951<DT><b><a name="lmtp_connection_cache_on_demand">lmtp_connection_cache_on_demand</a> 3952(default: yes)</b></DT><DD> 3953 3954<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> 3955configuration parameter. See there for details. </p> 3956 3957<p> This feature is available in Postfix 2.3 and later. </p> 3958 3959 3960</DD> 3961 3962<DT><b><a name="lmtp_connection_cache_time_limit">lmtp_connection_cache_time_limit</a> 3963(default: 2s)</b></DT><DD> 3964 3965<p> The LMTP-specific version of the 3966<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> configuration parameter. 3967See there for details. </p> 3968 3969<p> This feature is available in Postfix 2.3 and later. </p> 3970 3971 3972</DD> 3973 3974<DT><b><a name="lmtp_connection_reuse_count_limit">lmtp_connection_reuse_count_limit</a> 3975(default: 0)</b></DT><DD> 3976 3977<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> 3978configuration parameter. See there for details. </p> 3979 3980<p> This feature is available in Postfix 2.11 and later. </p> 3981 3982 3983</DD> 3984 3985<DT><b><a name="lmtp_connection_reuse_time_limit">lmtp_connection_reuse_time_limit</a> 3986(default: 300s)</b></DT><DD> 3987 3988<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> 3989configuration parameter. See there for details. </p> 3990 3991<p> This feature is available in Postfix 2.3 and later. </p> 3992 3993 3994</DD> 3995 3996<DT><b><a name="lmtp_data_done_timeout">lmtp_data_done_timeout</a> 3997(default: 600s)</b></DT><DD> 3998 3999<p> The Postfix LMTP client time limit for sending the LMTP ".", 4000and for receiving the remote LMTP server response. When no response 4001is received within the deadline, a warning is logged that the mail 4002may be delivered multiple times. </p> 4003 4004<p> 4005Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4006The default time unit is s (seconds). 4007</p> 4008 4009 4010</DD> 4011 4012<DT><b><a name="lmtp_data_init_timeout">lmtp_data_init_timeout</a> 4013(default: 120s)</b></DT><DD> 4014 4015<p> 4016The Postfix LMTP client time limit for sending the LMTP DATA command, 4017and 4018for receiving the remote LMTP server response. 4019</p> 4020 4021<p> 4022Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4023The default time unit is s (seconds). 4024</p> 4025 4026 4027</DD> 4028 4029<DT><b><a name="lmtp_data_xfer_timeout">lmtp_data_xfer_timeout</a> 4030(default: 180s)</b></DT><DD> 4031 4032<p> 4033The Postfix LMTP client time limit for sending the LMTP message 4034content. 4035When the connection stalls for more than $<a href="postconf.5.html#lmtp_data_xfer_timeout">lmtp_data_xfer_timeout</a> 4036the LMTP client terminates the transfer. 4037</p> 4038 4039<p> 4040Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4041The default time unit is s (seconds). 4042</p> 4043 4044 4045</DD> 4046 4047<DT><b><a name="lmtp_defer_if_no_mx_address_found">lmtp_defer_if_no_mx_address_found</a> 4048(default: no)</b></DT><DD> 4049 4050<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> 4051configuration parameter. See there for details. </p> 4052 4053<p> This feature is available in Postfix 2.3 and later. </p> 4054 4055 4056</DD> 4057 4058<DT><b><a name="lmtp_destination_concurrency_limit">lmtp_destination_concurrency_limit</a> 4059(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 4060 4061<p> The maximal number of parallel deliveries to the same destination 4062via the lmtp message delivery transport. This limit is enforced by 4063the queue manager. The message delivery transport name is the first 4064field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 4065 4066 4067</DD> 4068 4069<DT><b><a name="lmtp_destination_recipient_limit">lmtp_destination_recipient_limit</a> 4070(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 4071 4072<p> The maximal number of recipients per message for the lmtp 4073message delivery transport. This limit is enforced by the queue 4074manager. The message delivery transport name is the first field in 4075the entry in the <a href="master.5.html">master.cf</a> file. </p> 4076 4077<p> Setting this parameter to a value of 1 changes the meaning of 4078<a href="postconf.5.html#lmtp_destination_concurrency_limit">lmtp_destination_concurrency_limit</a> from concurrency per domain into 4079concurrency per recipient. </p> 4080 4081 4082</DD> 4083 4084<DT><b><a name="lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> 4085(default: empty)</b></DT><DD> 4086 4087<p> Lookup tables, indexed by the remote LMTP server address, with 4088case insensitive lists of LHLO keywords (pipelining, starttls, 4089auth, etc.) that the Postfix LMTP client will ignore in the LHLO 4090response 4091from a remote LMTP server. See <a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> for 4092details. The table is not indexed by hostname for consistency with 4093<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>. </p> 4094 4095<p> This feature is available in Postfix 2.3 and later. </p> 4096 4097 4098</DD> 4099 4100<DT><b><a name="lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> 4101(default: empty)</b></DT><DD> 4102 4103<p> A case insensitive list of LHLO keywords (pipelining, starttls, 4104auth, etc.) that the Postfix LMTP client will ignore in the LHLO 4105response 4106from a remote LMTP server. </p> 4107 4108<p> This feature is available in Postfix 2.3 and later. </p> 4109 4110<p> Notes: </p> 4111 4112<ul> 4113 4114<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 4115this action from being logged. </p> 4116 4117<li> <p> Use the <a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> feature to 4118discard LHLO keywords selectively. </p> 4119 4120</ul> 4121 4122 4123</DD> 4124 4125<DT><b><a name="lmtp_dns_resolver_options">lmtp_dns_resolver_options</a> 4126(default: empty)</b></DT><DD> 4127 4128<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a> 4129configuration parameter. See there for details. </p> 4130 4131<p> This feature is available in Postfix 2.8 and later. </p> 4132 4133 4134</DD> 4135 4136<DT><b><a name="lmtp_dns_support_level">lmtp_dns_support_level</a> 4137(default: empty)</b></DT><DD> 4138 4139<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> 4140configuration parameter. See there for details. </p> 4141 4142<p> This feature is available in Postfix 2.11 and later. </p> 4143 4144 4145</DD> 4146 4147<DT><b><a name="lmtp_enforce_tls">lmtp_enforce_tls</a> 4148(default: no)</b></DT><DD> 4149 4150<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> configuration 4151parameter. See there for details. </p> 4152 4153<p> This feature is available in Postfix 2.3 and later. </p> 4154 4155 4156</DD> 4157 4158<DT><b><a name="lmtp_generic_maps">lmtp_generic_maps</a> 4159(default: empty)</b></DT><DD> 4160 4161<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> configuration 4162parameter. See there for details. </p> 4163 4164<p> This feature is available in Postfix 2.3 and later. </p> 4165 4166 4167</DD> 4168 4169<DT><b><a name="lmtp_header_checks">lmtp_header_checks</a> 4170(default: empty)</b></DT><DD> 4171 4172<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> configuration 4173parameter. See there for details. </p> 4174 4175<p> This feature is available in Postfix 2.5 and later. </p> 4176 4177 4178</DD> 4179 4180<DT><b><a name="lmtp_host_lookup">lmtp_host_lookup</a> 4181(default: dns)</b></DT><DD> 4182 4183<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> configuration 4184parameter. See there for details. </p> 4185 4186<p> This feature is available in Postfix 2.3 and later. </p> 4187 4188 4189</DD> 4190 4191<DT><b><a name="lmtp_lhlo_name">lmtp_lhlo_name</a> 4192(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 4193 4194<p> 4195The hostname to send in the LMTP LHLO command. 4196</p> 4197 4198<p> 4199The default value is the machine hostname. Specify a hostname or 4200[ip.add.re.ss]. 4201</p> 4202 4203<p> 4204This information can be specified in the <a href="postconf.5.html">main.cf</a> file for all LMTP 4205clients, or it can be specified in the <a href="master.5.html">master.cf</a> file for a specific 4206client, for example: 4207</p> 4208 4209<blockquote> 4210<pre> 4211/etc/postfix/<a href="master.5.html">master.cf</a>: 4212 mylmtp ... lmtp -o <a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a>=foo.bar.com 4213</pre> 4214</blockquote> 4215 4216<p> 4217This feature is available in Postfix 2.3 and later. 4218</p> 4219 4220 4221</DD> 4222 4223<DT><b><a name="lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> 4224(default: 300s)</b></DT><DD> 4225 4226<p> The Postfix LMTP client time limit for sending the LHLO command, 4227and for receiving the initial remote LMTP server response. </p> 4228 4229<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 4230(weeks). The default time unit is s (seconds). </p> 4231 4232 4233</DD> 4234 4235<DT><b><a name="lmtp_line_length_limit">lmtp_line_length_limit</a> 4236(default: 990)</b></DT><DD> 4237 4238<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_line_length_limit">smtp_line_length_limit</a> 4239configuration parameter. See there for details. </p> 4240 4241<p> This feature is available in Postfix 2.3 and later. </p> 4242 4243 4244</DD> 4245 4246<DT><b><a name="lmtp_mail_timeout">lmtp_mail_timeout</a> 4247(default: 300s)</b></DT><DD> 4248 4249<p> 4250The Postfix LMTP client time limit for sending the MAIL FROM command, 4251and for receiving the remote LMTP server response. 4252</p> 4253 4254<p> 4255Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4256The default time unit is s (seconds). 4257</p> 4258 4259 4260</DD> 4261 4262<DT><b><a name="lmtp_mime_header_checks">lmtp_mime_header_checks</a> 4263(default: empty)</b></DT><DD> 4264 4265<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> 4266configuration parameter. See there for details. </p> 4267 4268<p> This feature is available in Postfix 2.5 and later. </p> 4269 4270 4271</DD> 4272 4273<DT><b><a name="lmtp_mx_address_limit">lmtp_mx_address_limit</a> 4274(default: 5)</b></DT><DD> 4275 4276<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> configuration 4277parameter. See there for details. </p> 4278 4279<p> This feature is available in Postfix 2.3 and later. </p> 4280 4281 4282</DD> 4283 4284<DT><b><a name="lmtp_mx_session_limit">lmtp_mx_session_limit</a> 4285(default: 2)</b></DT><DD> 4286 4287<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> configuration 4288parameter. See there for details. </p> 4289 4290<p> This feature is available in Postfix 2.3 and later. </p> 4291 4292 4293</DD> 4294 4295<DT><b><a name="lmtp_nested_header_checks">lmtp_nested_header_checks</a> 4296(default: empty)</b></DT><DD> 4297 4298<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> 4299configuration parameter. See there for details. </p> 4300 4301<p> This feature is available in Postfix 2.5 and later. </p> 4302 4303 4304</DD> 4305 4306<DT><b><a name="lmtp_per_record_deadline">lmtp_per_record_deadline</a> 4307(default: no)</b></DT><DD> 4308 4309<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> 4310configuration parameter. See there for details. </p> 4311 4312<p> This feature is available in Postfix 2.9 and later. </p> 4313 4314 4315</DD> 4316 4317<DT><b><a name="lmtp_pix_workaround_delay_time">lmtp_pix_workaround_delay_time</a> 4318(default: 10s)</b></DT><DD> 4319 4320<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> 4321configuration parameter. See there for details. </p> 4322 4323<p> This feature is available in Postfix 2.3 and later. </p> 4324 4325 4326</DD> 4327 4328<DT><b><a name="lmtp_pix_workaround_maps">lmtp_pix_workaround_maps</a> 4329(default: empty)</b></DT><DD> 4330 4331<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> 4332configuration parameter. See there for details. </p> 4333 4334<p> This feature is available in Postfix 2.4 and later. </p> 4335 4336 4337</DD> 4338 4339<DT><b><a name="lmtp_pix_workaround_threshold_time">lmtp_pix_workaround_threshold_time</a> 4340(default: 500s)</b></DT><DD> 4341 4342<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> 4343configuration parameter. See there for details. </p> 4344 4345<p> This feature is available in Postfix 2.3 and later. </p> 4346 4347 4348</DD> 4349 4350<DT><b><a name="lmtp_pix_workarounds">lmtp_pix_workarounds</a> 4351(default: empty)</b></DT><DD> 4352 4353<p> The LMTP-specific version of the smtp_pix_workaround 4354configuration parameter. See there for details. </p> 4355 4356<p> This feature is available in Postfix 2.4 and later. </p> 4357 4358 4359</DD> 4360 4361<DT><b><a name="lmtp_quit_timeout">lmtp_quit_timeout</a> 4362(default: 300s)</b></DT><DD> 4363 4364<p> 4365The Postfix LMTP client time limit for sending the QUIT command, 4366and for receiving the remote LMTP server response. 4367</p> 4368 4369<p> 4370Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4371The default time unit is s (seconds). 4372</p> 4373 4374 4375</DD> 4376 4377<DT><b><a name="lmtp_quote_rfc821_envelope">lmtp_quote_rfc821_envelope</a> 4378(default: yes)</b></DT><DD> 4379 4380<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> 4381configuration parameter. See there for details. </p> 4382 4383<p> This feature is available in Postfix 2.3 and later. </p> 4384 4385 4386</DD> 4387 4388<DT><b><a name="lmtp_randomize_addresses">lmtp_randomize_addresses</a> 4389(default: yes)</b></DT><DD> 4390 4391<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> 4392configuration parameter. See there for details. </p> 4393 4394<p> This feature is available in Postfix 2.3 and later. </p> 4395 4396 4397</DD> 4398 4399<DT><b><a name="lmtp_rcpt_timeout">lmtp_rcpt_timeout</a> 4400(default: 300s)</b></DT><DD> 4401 4402<p> 4403The Postfix LMTP client time limit for sending the RCPT TO command, 4404and for receiving the remote LMTP server response. 4405</p> 4406 4407<p> 4408Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4409The default time unit is s (seconds). 4410</p> 4411 4412 4413</DD> 4414 4415<DT><b><a name="lmtp_reply_filter">lmtp_reply_filter</a> 4416(default: empty)</b></DT><DD> 4417 4418<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> 4419configuration parameter. See there for details. </p> 4420 4421<p> This feature is available in Postfix 2.7 and later. </p> 4422 4423 4424</DD> 4425 4426<DT><b><a name="lmtp_rset_timeout">lmtp_rset_timeout</a> 4427(default: 20s)</b></DT><DD> 4428 4429<p> The Postfix LMTP client time limit for sending the RSET command, 4430and for receiving the remote LMTP server response. The LMTP client 4431sends RSET in 4432order to finish a recipient address probe, or to verify that a 4433cached connection is still alive. </p> 4434 4435<p> 4436Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4437The default time unit is s (seconds). 4438</p> 4439 4440 4441</DD> 4442 4443<DT><b><a name="lmtp_sasl_auth_cache_name">lmtp_sasl_auth_cache_name</a> 4444(default: empty)</b></DT><DD> 4445 4446<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> 4447configuration parameter. See there for details. </p> 4448 4449<p> This feature is available in Postfix 2.5 and later. </p> 4450 4451 4452</DD> 4453 4454<DT><b><a name="lmtp_sasl_auth_cache_time">lmtp_sasl_auth_cache_time</a> 4455(default: 90d)</b></DT><DD> 4456 4457<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> 4458configuration parameter. See there for details. </p> 4459 4460<p> This feature is available in Postfix 2.5 and later. </p> 4461 4462 4463</DD> 4464 4465<DT><b><a name="lmtp_sasl_auth_enable">lmtp_sasl_auth_enable</a> 4466(default: no)</b></DT><DD> 4467 4468<p> 4469Enable SASL authentication in the Postfix LMTP client. 4470</p> 4471 4472 4473</DD> 4474 4475<DT><b><a name="lmtp_sasl_auth_soft_bounce">lmtp_sasl_auth_soft_bounce</a> 4476(default: yes)</b></DT><DD> 4477 4478<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> 4479configuration parameter. See there for details. </p> 4480 4481<p> This feature is available in Postfix 2.5 and later. </p> 4482 4483 4484</DD> 4485 4486<DT><b><a name="lmtp_sasl_mechanism_filter">lmtp_sasl_mechanism_filter</a> 4487(default: empty)</b></DT><DD> 4488 4489<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> 4490configuration parameter. See there for details. </p> 4491 4492<p> This feature is available in Postfix 2.3 and later. </p> 4493 4494 4495</DD> 4496 4497<DT><b><a name="lmtp_sasl_password_maps">lmtp_sasl_password_maps</a> 4498(default: empty)</b></DT><DD> 4499 4500<p> 4501Optional Postfix LMTP client lookup tables with one username:password entry 4502per host or domain. If a remote host or domain has no username:password 4503entry, then the Postfix LMTP client will not attempt to authenticate 4504to the remote host. 4505</p> 4506 4507 4508</DD> 4509 4510<DT><b><a name="lmtp_sasl_path">lmtp_sasl_path</a> 4511(default: empty)</b></DT><DD> 4512 4513<p> Implementation-specific information that is passed through to 4514the SASL plug-in implementation that is selected with 4515<b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b>. Typically this specifies the name of a 4516configuration file or rendezvous point. </p> 4517 4518<p> This feature is available in Postfix 2.3 and later. </p> 4519 4520 4521</DD> 4522 4523<DT><b><a name="lmtp_sasl_security_options">lmtp_sasl_security_options</a> 4524(default: noplaintext, noanonymous)</b></DT><DD> 4525 4526<p> SASL security options; as of Postfix 2.3 the list of available 4527features depends on the SASL client implementation that is selected 4528with <b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b>. </p> 4529 4530<p> The following security features are defined for the <b>cyrus</b> 4531client SASL implementation: </p> 4532 4533<dl> 4534 4535<dt><b>noplaintext</b></dt> 4536 4537<dd>Disallow authentication methods that use plaintext passwords. </dd> 4538 4539<dt><b>noactive</b></dt> 4540 4541<dd>Disallow authentication methods that are vulnerable to non-dictionary 4542active attacks. </dd> 4543 4544<dt><b>nodictionary</b></dt> 4545 4546<dd>Disallow authentication methods that are vulnerable to passive 4547dictionary attack. </dd> 4548 4549<dt><b>noanonymous</b></dt> 4550 4551<dd>Disallow anonymous logins. </dd> 4552 4553</dl> 4554 4555<p> 4556Example: 4557</p> 4558 4559<pre> 4560<a href="postconf.5.html#lmtp_sasl_security_options">lmtp_sasl_security_options</a> = noplaintext 4561</pre> 4562 4563 4564</DD> 4565 4566<DT><b><a name="lmtp_sasl_tls_security_options">lmtp_sasl_tls_security_options</a> 4567(default: $<a href="postconf.5.html#lmtp_sasl_security_options">lmtp_sasl_security_options</a>)</b></DT><DD> 4568 4569<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> 4570configuration parameter. See there for details. </p> 4571 4572<p> This feature is available in Postfix 2.3 and later. </p> 4573 4574 4575</DD> 4576 4577<DT><b><a name="lmtp_sasl_tls_verified_security_options">lmtp_sasl_tls_verified_security_options</a> 4578(default: $<a href="postconf.5.html#lmtp_sasl_tls_security_options">lmtp_sasl_tls_security_options</a>)</b></DT><DD> 4579 4580<p> The LMTP-specific version of the 4581<a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> configuration parameter. 4582See there for details. </p> 4583 4584<p> This feature is available in Postfix 2.3 and later. </p> 4585 4586 4587</DD> 4588 4589<DT><b><a name="lmtp_sasl_type">lmtp_sasl_type</a> 4590(default: cyrus)</b></DT><DD> 4591 4592<p> The SASL plug-in type that the Postfix LMTP client should use 4593for authentication. The available types are listed with the 4594"<b>postconf -A</b>" command. </p> 4595 4596<p> This feature is available in Postfix 2.3 and later. </p> 4597 4598 4599</DD> 4600 4601<DT><b><a name="lmtp_send_dummy_mail_auth">lmtp_send_dummy_mail_auth</a> 4602(default: no)</b></DT><DD> 4603 4604<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> 4605configuration parameter. See there for details. </p> 4606 4607<p> This feature is available in Postfix 2.9 and later. </p> 4608 4609 4610</DD> 4611 4612<DT><b><a name="lmtp_send_xforward_command">lmtp_send_xforward_command</a> 4613(default: no)</b></DT><DD> 4614 4615<p> 4616Send an XFORWARD command to the remote LMTP server when the LMTP LHLO 4617server response announces XFORWARD support. This allows an <a href="lmtp.8.html">lmtp(8)</a> 4618delivery agent, used for content filter message injection, to 4619forward the name, address, protocol and HELO name of the original 4620client to the content filter and downstream queuing LMTP server. 4621Before you change the value to yes, it is best to make sure that 4622your content filter supports this command. 4623</p> 4624 4625<p> 4626This feature is available in Postfix 2.1 and later. 4627</p> 4628 4629 4630</DD> 4631 4632<DT><b><a name="lmtp_sender_dependent_authentication">lmtp_sender_dependent_authentication</a> 4633(default: no)</b></DT><DD> 4634 4635<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> 4636configuration parameter. See there for details. </p> 4637 4638<p> This feature is available in Postfix 2.3 and later. </p> 4639 4640 4641</DD> 4642 4643<DT><b><a name="lmtp_skip_5xx_greeting">lmtp_skip_5xx_greeting</a> 4644(default: yes)</b></DT><DD> 4645 4646<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> 4647configuration parameter. See there for details. </p> 4648 4649<p> This feature is available in Postfix 2.3 and later. </p> 4650 4651 4652</DD> 4653 4654<DT><b><a name="lmtp_skip_quit_response">lmtp_skip_quit_response</a> 4655(default: no)</b></DT><DD> 4656 4657<p> 4658Wait for the response to the LMTP QUIT command. 4659</p> 4660 4661 4662</DD> 4663 4664<DT><b><a name="lmtp_starttls_timeout">lmtp_starttls_timeout</a> 4665(default: 300s)</b></DT><DD> 4666 4667<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> configuration 4668parameter. See there for details. </p> 4669 4670<p> This feature is available in Postfix 2.3 and later. </p> 4671 4672 4673</DD> 4674 4675<DT><b><a name="lmtp_tcp_port">lmtp_tcp_port</a> 4676(default: 24)</b></DT><DD> 4677 4678<p> 4679The default TCP port that the Postfix LMTP client connects to. 4680</p> 4681 4682 4683</DD> 4684 4685<DT><b><a name="lmtp_tls_CAfile">lmtp_tls_CAfile</a> 4686(default: empty)</b></DT><DD> 4687 4688<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> 4689configuration parameter. See there for details. </p> 4690 4691<p> This feature is available in Postfix 2.3 and later. </p> 4692 4693 4694</DD> 4695 4696<DT><b><a name="lmtp_tls_CApath">lmtp_tls_CApath</a> 4697(default: empty)</b></DT><DD> 4698 4699<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> 4700configuration parameter. See there for details. </p> 4701 4702<p> This feature is available in Postfix 2.3 and later. </p> 4703 4704 4705</DD> 4706 4707<DT><b><a name="lmtp_tls_block_early_mail_reply">lmtp_tls_block_early_mail_reply</a> 4708(default: empty)</b></DT><DD> 4709 4710<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> 4711configuration parameter. See there for details. </p> 4712 4713<p> This feature is available in Postfix 2.7 and later. </p> 4714 4715 4716</DD> 4717 4718<DT><b><a name="lmtp_tls_cert_file">lmtp_tls_cert_file</a> 4719(default: empty)</b></DT><DD> 4720 4721<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> 4722configuration parameter. See there for details. </p> 4723 4724<p> This feature is available in Postfix 2.3 and later. </p> 4725 4726 4727</DD> 4728 4729<DT><b><a name="lmtp_tls_ciphers">lmtp_tls_ciphers</a> 4730(default: export)</b></DT><DD> 4731 4732<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> configuration 4733parameter. See there for details. </p> 4734 4735<p> This feature is available in Postfix 2.6 and later. </p> 4736 4737 4738</DD> 4739 4740<DT><b><a name="lmtp_tls_dcert_file">lmtp_tls_dcert_file</a> 4741(default: empty)</b></DT><DD> 4742 4743<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> 4744configuration parameter. See there for details. </p> 4745 4746<p> This feature is available in Postfix 2.3 and later. </p> 4747 4748 4749</DD> 4750 4751<DT><b><a name="lmtp_tls_dkey_file">lmtp_tls_dkey_file</a> 4752(default: $<a href="postconf.5.html#lmtp_tls_dcert_file">lmtp_tls_dcert_file</a>)</b></DT><DD> 4753 4754<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> 4755configuration parameter. See there for details. </p> 4756 4757<p> This feature is available in Postfix 2.3 and later. </p> 4758 4759 4760</DD> 4761 4762<DT><b><a name="lmtp_tls_eccert_file">lmtp_tls_eccert_file</a> 4763(default: empty)</b></DT><DD> 4764 4765<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> configuration 4766parameter. See there for details. </p> 4767 4768<p> This feature is available in Postfix 2.6 and later, when Postfix is 4769compiled and linked with OpenSSL 1.0.0 or later. </p> 4770 4771 4772</DD> 4773 4774<DT><b><a name="lmtp_tls_eckey_file">lmtp_tls_eckey_file</a> 4775(default: empty)</b></DT><DD> 4776 4777<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> configuration 4778parameter. See there for details. </p> 4779 4780<p> This feature is available in Postfix 2.6 and later, when Postfix is 4781compiled and linked with OpenSSL 1.0.0 or later. </p> 4782 4783 4784</DD> 4785 4786<DT><b><a name="lmtp_tls_enforce_peername">lmtp_tls_enforce_peername</a> 4787(default: yes)</b></DT><DD> 4788 4789<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> 4790configuration parameter. See there for details. </p> 4791 4792<p> This feature is available in Postfix 2.3 and later. </p> 4793 4794 4795</DD> 4796 4797<DT><b><a name="lmtp_tls_exclude_ciphers">lmtp_tls_exclude_ciphers</a> 4798(default: empty)</b></DT><DD> 4799 4800<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> 4801configuration parameter. See there for details. </p> 4802 4803<p> This feature is available in Postfix 2.3 and later. </p> 4804 4805 4806</DD> 4807 4808<DT><b><a name="lmtp_tls_fingerprint_cert_match">lmtp_tls_fingerprint_cert_match</a> 4809(default: empty)</b></DT><DD> 4810 4811<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> 4812configuration parameter. See there for details. </p> 4813 4814<p> This feature is available in Postfix 2.5 and later. </p> 4815 4816 4817</DD> 4818 4819<DT><b><a name="lmtp_tls_fingerprint_digest">lmtp_tls_fingerprint_digest</a> 4820(default: md5)</b></DT><DD> 4821 4822<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> 4823configuration parameter. See there for details. </p> 4824 4825<p> This feature is available in Postfix 2.5 and later. </p> 4826 4827 4828</DD> 4829 4830<DT><b><a name="lmtp_tls_force_insecure_host_tlsa_lookup">lmtp_tls_force_insecure_host_tlsa_lookup</a> 4831(default: no)</b></DT><DD> 4832 4833<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> 4834configuration parameter. See there for details. </p> 4835 4836<p> This feature is available in Postfix 2.11 and later. </p> 4837 4838 4839</DD> 4840 4841<DT><b><a name="lmtp_tls_key_file">lmtp_tls_key_file</a> 4842(default: $<a href="postconf.5.html#lmtp_tls_cert_file">lmtp_tls_cert_file</a>)</b></DT><DD> 4843 4844<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> 4845configuration parameter. See there for details. </p> 4846 4847<p> This feature is available in Postfix 2.3 and later. </p> 4848 4849 4850</DD> 4851 4852<DT><b><a name="lmtp_tls_loglevel">lmtp_tls_loglevel</a> 4853(default: 0)</b></DT><DD> 4854 4855<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> 4856configuration parameter. See there for details. </p> 4857 4858<p> This feature is available in Postfix 2.3 and later. </p> 4859 4860 4861</DD> 4862 4863<DT><b><a name="lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a> 4864(default: empty)</b></DT><DD> 4865 4866<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> 4867configuration parameter. See there for details. </p> 4868 4869<p> This feature is available in Postfix 2.3 and later. </p> 4870 4871 4872</DD> 4873 4874<DT><b><a name="lmtp_tls_mandatory_exclude_ciphers">lmtp_tls_mandatory_exclude_ciphers</a> 4875(default: empty)</b></DT><DD> 4876 4877<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> 4878configuration parameter. See there for details. </p> 4879 4880<p> This feature is available in Postfix 2.3 and later. </p> 4881 4882 4883</DD> 4884 4885<DT><b><a name="lmtp_tls_mandatory_protocols">lmtp_tls_mandatory_protocols</a> 4886(default: !SSLv2)</b></DT><DD> 4887 4888<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> 4889configuration parameter. See there for details. </p> 4890 4891<p> This feature is available in Postfix 2.3 and later. </p> 4892 4893 4894</DD> 4895 4896<DT><b><a name="lmtp_tls_note_starttls_offer">lmtp_tls_note_starttls_offer</a> 4897(default: no)</b></DT><DD> 4898 4899<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> 4900configuration parameter. See there for details. </p> 4901 4902<p> This feature is available in Postfix 2.3 and later. </p> 4903 4904 4905</DD> 4906 4907<DT><b><a name="lmtp_tls_per_site">lmtp_tls_per_site</a> 4908(default: empty)</b></DT><DD> 4909 4910<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> configuration 4911parameter. See there for details. </p> 4912 4913<p> This feature is available in Postfix 2.3 and later. </p> 4914 4915 4916</DD> 4917 4918<DT><b><a name="lmtp_tls_policy_maps">lmtp_tls_policy_maps</a> 4919(default: empty)</b></DT><DD> 4920 4921<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> 4922configuration parameter. See there for details. </p> 4923 4924<p> This feature is available in Postfix 2.3 and later. </p> 4925 4926 4927</DD> 4928 4929<DT><b><a name="lmtp_tls_protocols">lmtp_tls_protocols</a> 4930(default: empty)</b></DT><DD> 4931 4932<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> configuration 4933parameter. See there for details. </p> 4934 4935<p> This feature is available in Postfix 2.6 and later. </p> 4936 4937 4938</DD> 4939 4940<DT><b><a name="lmtp_tls_scert_verifydepth">lmtp_tls_scert_verifydepth</a> 4941(default: 9)</b></DT><DD> 4942 4943<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> 4944configuration parameter. See there for details. </p> 4945 4946<p> This feature is available in Postfix 2.3 and later. </p> 4947 4948 4949</DD> 4950 4951<DT><b><a name="lmtp_tls_secure_cert_match">lmtp_tls_secure_cert_match</a> 4952(default: nexthop)</b></DT><DD> 4953 4954<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> 4955configuration parameter. See there for details. </p> 4956 4957<p> This feature is available in Postfix 2.3 and later. </p> 4958 4959 4960</DD> 4961 4962<DT><b><a name="lmtp_tls_security_level">lmtp_tls_security_level</a> 4963(default: empty)</b></DT><DD> 4964 4965<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> configuration 4966parameter. See there for details. </p> 4967 4968<p> This feature is available in Postfix 2.3 and later. </p> 4969 4970 4971</DD> 4972 4973<DT><b><a name="lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a> 4974(default: empty)</b></DT><DD> 4975 4976<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> 4977configuration parameter. See there for details. </p> 4978 4979<p> This feature is available in Postfix 2.3 and later. </p> 4980 4981 4982</DD> 4983 4984<DT><b><a name="lmtp_tls_session_cache_timeout">lmtp_tls_session_cache_timeout</a> 4985(default: 3600s)</b></DT><DD> 4986 4987<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> 4988configuration parameter. See there for details. </p> 4989 4990<p> This feature is available in Postfix 2.3 and later. </p> 4991 4992 4993</DD> 4994 4995<DT><b><a name="lmtp_tls_trust_anchor_file">lmtp_tls_trust_anchor_file</a> 4996(default: empty)</b></DT><DD> 4997 4998<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> 4999configuration parameter. See there for details. </p> 5000 5001<p> This feature is available in Postfix 2.11 and later. </p> 5002 5003 5004</DD> 5005 5006<DT><b><a name="lmtp_tls_verify_cert_match">lmtp_tls_verify_cert_match</a> 5007(default: hostname)</b></DT><DD> 5008 5009<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> 5010configuration parameter. See there for details. </p> 5011 5012<p> This feature is available in Postfix 2.3 and later. </p> 5013 5014 5015</DD> 5016 5017<DT><b><a name="lmtp_use_tls">lmtp_use_tls</a> 5018(default: no)</b></DT><DD> 5019 5020<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> configuration 5021parameter. See there for details. </p> 5022 5023<p> This feature is available in Postfix 2.3 and later. </p> 5024 5025 5026</DD> 5027 5028<DT><b><a name="lmtp_xforward_timeout">lmtp_xforward_timeout</a> 5029(default: 300s)</b></DT><DD> 5030 5031<p> 5032The Postfix LMTP client time limit for sending the XFORWARD command, 5033and for receiving the remote LMTP server response. 5034</p> 5035 5036<p> 5037In case of problems the client does NOT try the next address on 5038the mail exchanger list. 5039</p> 5040 5041<p> 5042Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 5043The default time unit is s (seconds). 5044</p> 5045 5046<p> 5047This feature is available in Postfix 2.1 and later. 5048</p> 5049 5050 5051</DD> 5052 5053<DT><b><a name="local_command_shell">local_command_shell</a> 5054(default: empty)</b></DT><DD> 5055 5056<p> 5057Optional shell program for <a href="local.8.html">local(8)</a> delivery to non-Postfix command. 5058By default, non-Postfix commands are executed directly; commands 5059are given to given to the default shell (typically, /bin/sh) only 5060when they contain shell meta characters or shell built-in commands. 5061</p> 5062 5063<p> "sendmail's restricted shell" (smrsh) is what most people will 5064use in order to restrict what programs can be run from e.g. .forward 5065files (smrsh is part of the Sendmail distribution). </p> 5066 5067<p> Note: when a shell program is specified, it is invoked even 5068when the command contains no shell built-in commands or meta 5069characters. </p> 5070 5071<p> 5072Example: 5073</p> 5074 5075<pre> 5076<a href="postconf.5.html#local_command_shell">local_command_shell</a> = /some/where/smrsh -c 5077<a href="postconf.5.html#local_command_shell">local_command_shell</a> = /bin/bash -c 5078</pre> 5079 5080 5081</DD> 5082 5083<DT><b><a name="local_destination_concurrency_limit">local_destination_concurrency_limit</a> 5084(default: 2)</b></DT><DD> 5085 5086<p> The maximal number of parallel deliveries via the local mail 5087delivery transport to the same recipient (when 5088"<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or the maximal number of 5089parallel deliveries to the same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when 5090"<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> > 1"). This limit is enforced by 5091the queue manager. The message delivery transport name is the first 5092field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 5093 5094<p> A low limit of 2 is recommended, just in case someone has an 5095expensive shell command in a .forward file or in an alias (e.g., 5096a mailing list manager). You don't want to run lots of those at 5097the same time. </p> 5098 5099 5100</DD> 5101 5102<DT><b><a name="local_destination_recipient_limit">local_destination_recipient_limit</a> 5103(default: 1)</b></DT><DD> 5104 5105<p> The maximal number of recipients per message delivery via the 5106local mail delivery transport. This limit is enforced by the queue 5107manager. The message delivery transport name is the first field in 5108the entry in the <a href="master.5.html">master.cf</a> file. </p> 5109 5110<p> Setting this parameter to a value > 1 changes the meaning of 5111<a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> from concurrency per recipient 5112into concurrency per domain. </p> 5113 5114 5115</DD> 5116 5117<DT><b><a name="local_header_rewrite_clients">local_header_rewrite_clients</a> 5118(default: <a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b></DT><DD> 5119 5120<p> Rewrite message header addresses in mail from these clients and 5121update incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or 5122$<a href="postconf.5.html#mydomain">mydomain</a>; either don't rewrite message headers from other clients 5123at all, or rewrite message headers and update incomplete addresses 5124with the domain specified in the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> 5125parameter. </p> 5126 5127<p> See the <a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a> and <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> parameters 5128for details of how domain names are appended to incomplete addresses. 5129</p> 5130 5131<p> Specify a list of zero or more of the following: </p> 5132 5133<dl> 5134 5135<dt><b><a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a></b></dt> 5136 5137<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5138client IP address matches $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. This is enabled by 5139default. </dd> 5140 5141<dt><b><a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a></b></dt> 5142 5143<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5144client IP address matches any network or network address listed in 5145$<a href="postconf.5.html#mynetworks">mynetworks</a>. This setting will not prevent remote mail header 5146address rewriting when mail from a remote client is forwarded by 5147a neighboring system. </dd> 5148 5149<dt><b><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> </b></dt> 5150 5151<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5152client is successfully authenticated via the <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH) 5153protocol. </dd> 5154 5155<dt><b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> </b></dt> 5156 5157<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5158remote SMTP client TLS certificate fingerprint or public key fingerprint 5159(Postfix 2.9 and later) is listed in $<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a>. 5160The fingerprint digest algorithm is configurable via the 5161<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to 5162Postfix version 2.5). </dd> 5163 5164<dt><b><a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> </b></dt> 5165 5166<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5167remote SMTP client TLS certificate is successfully verified, regardless of 5168whether it is listed on the server, and regardless of the certifying 5169authority. </dd> 5170 5171<dt><b><a name="check_address_map">check_address_map</a> <i><a href="DATABASE_README.html">type:table</a></i> </b></dt> 5172 5173<dt><b><i><a href="DATABASE_README.html">type:table</a></i> </b></dt> 5174 5175<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5176client IP address matches the specified lookup table. 5177The lookup result is ignored, and no subnet lookup is done. This 5178is suitable for, e.g., pop-before-smtp lookup tables. </dd> 5179 5180</dl> 5181 5182<p> Examples: </p> 5183 5184<p> The Postfix < 2.2 backwards compatible setting: always rewrite 5185message headers, and always append my own domain to incomplete 5186header addresses. </p> 5187 5188<blockquote> 5189<pre> 5190<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all 5191</pre> 5192</blockquote> 5193 5194<p> The purist (and default) setting: rewrite headers only in mail 5195from Postfix sendmail and in SMTP mail from this machine. </p> 5196 5197<blockquote> 5198<pre> 5199<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a> 5200</pre> 5201</blockquote> 5202 5203<p> The intermediate setting: rewrite header addresses and append 5204$<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> information only with mail from Postfix 5205sendmail, from local clients, or from authorized SMTP clients. </p> 5206 5207<p> Note: this setting will not prevent remote mail header address 5208rewriting when mail from a remote client is forwarded by a neighboring 5209system. </p> 5210 5211<blockquote> 5212<pre> 5213<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, 5214 <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> 5215 <a href="postconf.5.html#check_address_map">check_address_map</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/pop-before-smtp 5216</pre> 5217</blockquote> 5218 5219 5220</DD> 5221 5222<DT><b><a name="local_recipient_maps">local_recipient_maps</a> 5223(default: <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b></DT><DD> 5224 5225<p> Lookup tables with all names or addresses of local recipients: 5226a recipient address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, 5227$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. Specify @domain as a 5228wild-card for domains that do not have a valid recipient list. 5229Technically, tables listed with $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> are used as 5230lists: Postfix needs to know only if a lookup string is found or 5231not, but it does not use the result from table lookup. </p> 5232 5233<p> 5234If this parameter is non-empty (the default), then the Postfix SMTP 5235server will reject mail for unknown local users. 5236</p> 5237 5238<p> 5239To turn off local recipient checking in the Postfix SMTP server, 5240specify "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =" (i.e. empty). 5241</p> 5242 5243<p> 5244The default setting assumes that you use the default Postfix local 5245delivery agent for local delivery. You need to update the 5246<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> setting if: 5247</p> 5248 5249<ul> 5250 5251<li>You redefine the local delivery agent in <a href="master.5.html">master.cf</a>. 5252 5253<li>You redefine the "<a href="postconf.5.html#local_transport">local_transport</a>" setting in <a href="postconf.5.html">main.cf</a>. 5254 5255<li>You use the "<a href="postconf.5.html#luser_relay">luser_relay</a>", "<a href="postconf.5.html#mailbox_transport">mailbox_transport</a>", or "<a href="postconf.5.html#fallback_transport">fallback_transport</a>" 5256feature of the Postfix <a href="local.8.html">local(8)</a> delivery agent. 5257 5258</ul> 5259 5260<p> 5261Details are described in the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> file. 5262</p> 5263 5264<p> 5265Beware: if the Postfix SMTP server runs chrooted, you need to access 5266the passwd file via the <a href="proxymap.8.html">proxymap(8)</a> service, in order to overcome 5267chroot access restrictions. The alternative, maintaining a copy of 5268the system password file in the chroot jail is not practical. 5269</p> 5270 5271<p> 5272Examples: 5273</p> 5274 5275<pre> 5276<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = 5277</pre> 5278 5279 5280</DD> 5281 5282<DT><b><a name="local_transport">local_transport</a> 5283(default: <a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 5284 5285<p> The default mail delivery transport and next-hop destination 5286for final delivery to domains listed with <a href="postconf.5.html#mydestination">mydestination</a>, and for 5287[ipaddress] destinations that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 5288This information can be overruled with the <a href="transport.5.html">transport(5)</a> table. </p> 5289 5290<p> 5291By default, local mail is delivered to the transport called "local", 5292which is just the name of a service that is defined the <a href="master.5.html">master.cf</a> file. 5293</p> 5294 5295<p> 5296Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 5297is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>. 5298The <i>:nexthop</i> destination is optional; its syntax is documented 5299in the manual page of the corresponding delivery agent. 5300</p> 5301 5302<p> 5303Beware: if you override the default local delivery agent then you 5304need to review the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> document, otherwise the 5305SMTP server may reject mail for local recipients. 5306</p> 5307 5308 5309</DD> 5310 5311<DT><b><a name="luser_relay">luser_relay</a> 5312(default: empty)</b></DT><DD> 5313 5314<p> 5315Optional catch-all destination for unknown <a href="local.8.html">local(8)</a> recipients. 5316By default, mail for unknown recipients in domains that match 5317$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> is returned 5318as undeliverable. 5319</p> 5320 5321<p> 5322The following $name expansions are done on <a href="postconf.5.html#luser_relay">luser_relay</a>: 5323</p> 5324 5325<dl> 5326 5327<dt><b>$domain</b></dt> 5328 5329<dd>The recipient domain. </dd> 5330 5331<dt><b>$extension</b></dt> 5332 5333<dd>The recipient address extension. </dd> 5334 5335<dt><b>$home</b></dt> 5336 5337<dd>The recipient's home directory. </dd> 5338 5339<dt><b>$local</b></dt> 5340 5341<dd>The entire recipient address localpart. </dd> 5342 5343<dt><b>$recipient</b></dt> 5344 5345<dd>The full recipient address. </dd> 5346 5347<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt> 5348 5349<dd>The address extension delimiter that was found in the recipient 5350address (Postfix 2.11 and later), or the system-wide recipient 5351address extension delimiter (Postfix 2.10 and earlier). </dd> 5352 5353<dt><b>$shell</b></dt> 5354 5355<dd>The recipient's login shell. </dd> 5356 5357<dt><b>$user</b></dt> 5358 5359<dd>The recipient username. </dd> 5360 5361<dt><b>${name?value}</b></dt> 5362 5363<dd>Expands to <i>value</i> when <i>$name</i> has a non-empty value. </dd> 5364 5365<dt><b>${name:value}</b></dt> 5366 5367<dd>Expands to <i>value</i> when <i>$name</i> has an empty value. </dd> 5368 5369</dl> 5370 5371<p> 5372Instead of $name you can also specify ${name} or $(name). 5373</p> 5374 5375<p> 5376Note: <a href="postconf.5.html#luser_relay">luser_relay</a> works only for the Postfix <a href="local.8.html">local(8)</a> delivery agent. 5377</p> 5378 5379<p> 5380Note: if you use this feature for accounts not in the UNIX password 5381file, then you must specify "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =" (i.e. empty) 5382in the <a href="postconf.5.html">main.cf</a> file, otherwise the Postfix SMTP server will reject mail 5383for non-UNIX accounts with "User unknown in local recipient table". 5384</p> 5385 5386<p> 5387Examples: 5388</p> 5389 5390<pre> 5391<a href="postconf.5.html#luser_relay">luser_relay</a> = $user@other.host 5392<a href="postconf.5.html#luser_relay">luser_relay</a> = $local@other.host 5393<a href="postconf.5.html#luser_relay">luser_relay</a> = admin+$local 5394</pre> 5395 5396 5397</DD> 5398 5399<DT><b><a name="mail_name">mail_name</a> 5400(default: Postfix)</b></DT><DD> 5401 5402<p> 5403The mail system name that is displayed in Received: headers, in 5404the SMTP greeting banner, and in bounced mail. 5405</p> 5406 5407 5408</DD> 5409 5410<DT><b><a name="mail_owner">mail_owner</a> 5411(default: postfix)</b></DT><DD> 5412 5413<p> 5414The UNIX system account that owns the Postfix queue and most Postfix 5415daemon processes. Specify the name of an unprivileged user account 5416that does not share a user or group ID with other accounts, and that 5417owns no other files 5418or processes on the system. In particular, don't specify nobody 5419or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID. 5420</p> 5421 5422<p> 5423When this parameter value is changed you need to re-run "<b>postfix 5424set-permissions</b>" (with Postfix version 2.0 and earlier: 5425"<b>/etc/postfix/post-install set-permissions</b>". 5426</p> 5427 5428 5429</DD> 5430 5431<DT><b><a name="mail_release_date">mail_release_date</a> 5432(default: see "postconf -d" output)</b></DT><DD> 5433 5434<p> 5435The Postfix release date, in "YYYYMMDD" format. 5436</p> 5437 5438 5439</DD> 5440 5441<DT><b><a name="mail_spool_directory">mail_spool_directory</a> 5442(default: see "postconf -d" output)</b></DT><DD> 5443 5444<p> 5445The directory where <a href="local.8.html">local(8)</a> UNIX-style mailboxes are kept. The 5446default setting depends on the system type. Specify a name ending 5447in / for maildir-style delivery. 5448</p> 5449 5450<p> 5451Note: maildir delivery is done with the privileges of the recipient. 5452If you use the <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> setting for maildir style 5453delivery, then you must create the top-level maildir directory in 5454advance. Postfix will not create it. 5455</p> 5456 5457<p> 5458Examples: 5459</p> 5460 5461<pre> 5462<a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> = /var/mail 5463<a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> = /var/spool/mail 5464</pre> 5465 5466 5467</DD> 5468 5469<DT><b><a name="mail_version">mail_version</a> 5470(default: see "postconf -d" output)</b></DT><DD> 5471 5472<p> 5473The version of the mail system. Stable releases are named 5474<i>major</i>.<i>minor</i>.<i>patchlevel</i>. Experimental releases 5475also include the release date. The version string can be used in, 5476for example, the SMTP greeting banner. 5477</p> 5478 5479 5480</DD> 5481 5482<DT><b><a name="mailbox_command">mailbox_command</a> 5483(default: empty)</b></DT><DD> 5484 5485<p> 5486Optional external command that the <a href="local.8.html">local(8)</a> delivery agent should 5487use for mailbox delivery. The command is run with the user ID and 5488the primary group ID privileges of the recipient. Exception: 5489command delivery for root executes with $<a href="postconf.5.html#default_privs">default_privs</a> privileges. 5490This is not a problem, because 1) mail for root should always be 5491aliased to a real user and 2) don't log in as root, use "su" instead. 5492</p> 5493 5494<p> 5495The following environment variables are exported to the command: 5496</p> 5497 5498<dl> 5499 5500<dt><b>CLIENT_ADDRESS</b></dt> 5501 5502<dd>Remote client network address. Available in Postfix version 2.2 and 5503later. </dd> 5504 5505<dt><b>CLIENT_HELO</b></dt> 5506 5507<dd>Remote client EHLO command parameter. Available in Postfix version 2.2 5508and later.</dd> 5509 5510<dt><b>CLIENT_HOSTNAME</b></dt> 5511 5512<dd>Remote client hostname. Available in Postfix version 2.2 and later. 5513</dd> 5514 5515<dt><b>CLIENT_PROTOCOL</b></dt> 5516 5517<dd>Remote client protocol. Available in Postfix version 2.2 and later. 5518</dd> 5519 5520<dt><b>DOMAIN</b></dt> 5521 5522<dd>The domain part of the recipient address. </dd> 5523 5524<dt><b>EXTENSION</b></dt> 5525 5526<dd>The optional address extension. </dd> 5527 5528<dt><b>HOME</b></dt> 5529 5530<dd>The recipient home directory. </dd> 5531 5532<dt><b>LOCAL</b></dt> 5533 5534<dd>The recipient address localpart. </dd> 5535 5536<dt><b>LOGNAME</b></dt> 5537 5538<dd>The recipient's username. </dd> 5539 5540<dt><b>ORIGINAL_RECIPIENT</b></dt> 5541 5542<dd>The entire recipient address, before any address rewriting or 5543aliasing. </dd> 5544 5545<dt><b>RECIPIENT</b></dt> 5546 5547<dd>The full recipient address. </dd> 5548 5549<dt><b>SASL_METHOD</b></dt> 5550 5551<dd>SASL authentication method specified in the remote client AUTH 5552command. Available in Postfix version 2.2 and later. </dd> 5553 5554<dt><b>SASL_SENDER</b></dt> 5555 5556<dd>SASL sender address specified in the remote client MAIL FROM 5557command. Available in Postfix version 2.2 and later. </dd> 5558 5559<dt><b>SASL_USER</b></dt> 5560 5561<dd>SASL username specified in the remote client AUTH command. 5562Available in Postfix version 2.2 and later. </dd> 5563 5564<dt><b>SENDER</b></dt> 5565 5566<dd>The full sender address. </dd> 5567 5568<dt><b>SHELL</b></dt> 5569 5570<dd>The recipient's login shell. </dd> 5571 5572<dt><b>USER</b></dt> 5573 5574<dd>The recipient username. </dd> 5575 5576</dl> 5577 5578<p> 5579Unlike other Postfix configuration parameters, the <a href="postconf.5.html#mailbox_command">mailbox_command</a> 5580parameter is not subjected to $name substitutions. This is to make 5581it easier to specify shell syntax (see example below). 5582</p> 5583 5584<p> 5585If you can, avoid shell meta characters because they will force 5586Postfix to run an expensive shell process. If you're delivering 5587via Procmail then running a shell won't make a noticeable difference 5588in the total cost. 5589</p> 5590 5591<p> 5592Note: if you use the <a href="postconf.5.html#mailbox_command">mailbox_command</a> feature to deliver mail 5593system-wide, you must set up an alias that forwards mail for root 5594to a real user. 5595</p> 5596 5597<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 5598is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 5599<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 5600<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 5601 5602<p> 5603Examples: 5604</p> 5605 5606<pre> 5607<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/procmail 5608<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/procmail -a "$EXTENSION" 5609<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/maildrop -d "$USER" 5610 -f "$SENDER" "$EXTENSION" 5611</pre> 5612 5613 5614</DD> 5615 5616<DT><b><a name="mailbox_command_maps">mailbox_command_maps</a> 5617(default: empty)</b></DT><DD> 5618 5619<p> 5620Optional lookup tables with per-recipient external commands to use 5621for <a href="local.8.html">local(8)</a> mailbox delivery. Behavior is as with <a href="postconf.5.html#mailbox_command">mailbox_command</a>. 5622</p> 5623 5624<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 5625is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 5626<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 5627<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 5628 5629 5630</DD> 5631 5632<DT><b><a name="mailbox_delivery_lock">mailbox_delivery_lock</a> 5633(default: see "postconf -d" output)</b></DT><DD> 5634 5635<p> 5636How to lock a UNIX-style <a href="local.8.html">local(8)</a> mailbox before attempting delivery. 5637For a list of available file locking methods, use the "<b>postconf 5638-l</b>" command. 5639</p> 5640 5641<p> 5642This setting is ignored with <b>maildir</b> style delivery, 5643because such deliveries are safe without explicit locks. 5644</p> 5645 5646<p> 5647Note: The <b>dotlock</b> method requires that the recipient UID or 5648GID has write access to the parent directory of the mailbox file. 5649</p> 5650 5651<p> 5652Note: the default setting of this parameter is system dependent. 5653</p> 5654 5655 5656</DD> 5657 5658<DT><b><a name="mailbox_size_limit">mailbox_size_limit</a> 5659(default: 51200000)</b></DT><DD> 5660 5661<p> The maximal size of any <a href="local.8.html">local(8)</a> individual mailbox or maildir 5662file, or zero (no limit). In fact, this limits the size of any 5663file that is written to upon local delivery, including files written 5664by external commands that are executed by the <a href="local.8.html">local(8)</a> delivery 5665agent. </p> 5666 5667<p> 5668This limit must not be smaller than the message size limit. 5669</p> 5670 5671 5672</DD> 5673 5674<DT><b><a name="mailbox_transport">mailbox_transport</a> 5675(default: empty)</b></DT><DD> 5676 5677<p> 5678Optional message delivery transport that the <a href="local.8.html">local(8)</a> delivery 5679agent should use for mailbox delivery to all local recipients, 5680whether or not they are found in the UNIX passwd database. 5681</p> 5682 5683<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 5684is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 5685<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 5686<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 5687 5688 5689</DD> 5690 5691<DT><b><a name="mailbox_transport_maps">mailbox_transport_maps</a> 5692(default: empty)</b></DT><DD> 5693 5694<p> Optional lookup tables with per-recipient message delivery 5695transports to use for <a href="local.8.html">local(8)</a> mailbox delivery, whether or not the 5696recipients are found in the UNIX passwd database. </p> 5697 5698<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 5699is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 5700<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 5701<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 5702 5703<p> For safety reasons, this feature does not allow $number 5704substitutions in regular expression maps. </p> 5705 5706<p> This feature is available in Postfix 2.3 and later. </p> 5707 5708 5709</DD> 5710 5711<DT><b><a name="mailq_path">mailq_path</a> 5712(default: see "postconf -d" output)</b></DT><DD> 5713 5714<p> 5715Sendmail compatibility feature that specifies where the Postfix 5716<a href="mailq.1.html">mailq(1)</a> command is installed. This command can be used to 5717list the Postfix mail queue. 5718</p> 5719 5720 5721</DD> 5722 5723<DT><b><a name="manpage_directory">manpage_directory</a> 5724(default: see "postconf -d" output)</b></DT><DD> 5725 5726<p> 5727Where the Postfix manual pages are installed. 5728</p> 5729 5730 5731</DD> 5732 5733<DT><b><a name="maps_rbl_domains">maps_rbl_domains</a> 5734(default: empty)</b></DT><DD> 5735 5736<p> 5737Obsolete feature: use the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> feature instead. 5738</p> 5739 5740 5741</DD> 5742 5743<DT><b><a name="maps_rbl_reject_code">maps_rbl_reject_code</a> 5744(default: 554)</b></DT><DD> 5745 5746<p> 5747The numerical Postfix SMTP server response code when a remote SMTP 5748client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>, 5749<a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>, <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or 5750<a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction. 5751</p> 5752 5753<p> 5754Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 5755</p> 5756 5757 5758</DD> 5759 5760<DT><b><a name="masquerade_classes">masquerade_classes</a> 5761(default: envelope_sender, header_sender, header_recipient)</b></DT><DD> 5762 5763<p> 5764What addresses are subject to address masquerading. 5765</p> 5766 5767<p> 5768By default, address masquerading is limited to envelope sender 5769addresses, and to header sender and header recipient addresses. 5770This allows you to use address masquerading on a mail gateway while 5771still being able to forward mail to users on individual machines. 5772</p> 5773 5774<p> 5775Specify zero or more of: envelope_sender, envelope_recipient, 5776header_sender, header_recipient 5777</p> 5778 5779 5780</DD> 5781 5782<DT><b><a name="masquerade_domains">masquerade_domains</a> 5783(default: empty)</b></DT><DD> 5784 5785<p> 5786Optional list of domains whose subdomain structure will be stripped 5787off in email addresses. 5788</p> 5789 5790<p> 5791The list is processed left to right, and processing stops at the 5792first match. Thus, 5793</p> 5794 5795<blockquote> 5796<pre> 5797<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = foo.example.com example.com 5798</pre> 5799</blockquote> 5800 5801<p> 5802strips "user@any.thing.foo.example.com" to "user@foo.example.com", 5803but strips "user@any.thing.else.example.com" to "user@example.com". 5804</p> 5805 5806<p> 5807A domain name prefixed with ! means do not masquerade this domain 5808or its subdomains. Thus, 5809</p> 5810 5811<blockquote> 5812<pre> 5813<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = !foo.example.com example.com 5814</pre> 5815</blockquote> 5816 5817<p> 5818does not change "user@any.thing.foo.example.com" or "user@foo.example.com", 5819but strips "user@any.thing.else.example.com" to "user@example.com". 5820</p> 5821 5822<p> Note: with Postfix version 2.2, message header address masquerading 5823happens only when message header address rewriting is enabled: </p> 5824 5825<ul> 5826 5827<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 5828 5829<li> The message is received from a network client that matches 5830$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 5831 5832<li> The message is received from the network, and the 5833<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 5834 5835</ul> 5836 5837<p> To get the behavior before Postfix version 2.2, specify 5838"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 5839 5840<p> 5841Example: 5842</p> 5843 5844<pre> 5845<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = $<a href="postconf.5.html#mydomain">mydomain</a> 5846</pre> 5847 5848 5849</DD> 5850 5851<DT><b><a name="masquerade_exceptions">masquerade_exceptions</a> 5852(default: empty)</b></DT><DD> 5853 5854<p> 5855Optional list of user names that are not subjected to address 5856masquerading, even when their address matches $<a href="postconf.5.html#masquerade_domains">masquerade_domains</a>. 5857</p> 5858 5859<p> 5860By default, address masquerading makes no exceptions. 5861</p> 5862 5863<p> 5864Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns, 5865separated by commas and/or whitespace. The list is matched left to 5866right, and the search stops on the first match. A "/file/name" 5867pattern is replaced 5868by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name 5869matches a lookup key (the lookup result is ignored). Continue long 5870lines by starting the next line with whitespace. Specify "!pattern" 5871to exclude a name from the list. The form "!/file/name" is supported 5872only in Postfix version 2.4 and later. </p> 5873 5874<p> 5875Examples: 5876</p> 5877 5878<pre> 5879<a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> = root, mailer-daemon 5880<a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> = root 5881</pre> 5882 5883 5884</DD> 5885 5886<DT><b><a name="master_service_disable">master_service_disable</a> 5887(default: empty)</b></DT><DD> 5888 5889<p> Selectively disable <a href="master.8.html">master(8)</a> listener ports by service type 5890or by service name and type. Specify a list of service types 5891("inet", "unix", "fifo", or "pass") or "name/type" tuples, where 5892"name" is the first field of a <a href="master.5.html">master.cf</a> entry and "type" is a 5893service type. As with other Postfix matchlists, a search stops at 5894the first match. Specify "!pattern" to exclude a service from the 5895list. By default, all <a href="master.8.html">master(8)</a> listener ports are enabled. </p> 5896 5897<p> Note: this feature does not support "/file/name" or "<a href="DATABASE_README.html">type:table</a>" 5898patterns, nor does it support wildcards such as "*" or "all". This 5899is intentional. </p> 5900 5901<p> Examples: </p> 5902 5903<pre> 5904# With Postfix 2.6..2.10 use '.' instead of '/'. 5905# Turn on all <a href="master.8.html">master(8)</a> listener ports (the default). 5906<a href="postconf.5.html#master_service_disable">master_service_disable</a> = 5907# Turn off only the main SMTP listener port. 5908<a href="postconf.5.html#master_service_disable">master_service_disable</a> = smtp/inet 5909# Turn off all TCP/IP listener ports. 5910<a href="postconf.5.html#master_service_disable">master_service_disable</a> = inet 5911# Turn off all TCP/IP listener ports except "foo". 5912<a href="postconf.5.html#master_service_disable">master_service_disable</a> = !foo/inet, inet 5913</pre> 5914 5915<p> This feature is available in Postfix 2.6 and later. </p> 5916 5917 5918</DD> 5919 5920<DT><b><a name="max_idle">max_idle</a> 5921(default: 100s)</b></DT><DD> 5922 5923<p> 5924The maximum amount of time that an idle Postfix daemon process waits 5925for an incoming connection before terminating voluntarily. This 5926parameter 5927is ignored by the Postfix queue manager and by other long-lived 5928Postfix daemon processes. 5929</p> 5930 5931<p> 5932Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 5933The default time unit is s (seconds). 5934</p> 5935 5936 5937</DD> 5938 5939<DT><b><a name="max_use">max_use</a> 5940(default: 100)</b></DT><DD> 5941 5942<p> 5943The maximal number of incoming connections that a Postfix daemon 5944process will service before terminating voluntarily. This parameter 5945is ignored by the Postfix queue 5946manager and by other long-lived Postfix daemon processes. 5947</p> 5948 5949 5950</DD> 5951 5952<DT><b><a name="maximal_backoff_time">maximal_backoff_time</a> 5953(default: 4000s)</b></DT><DD> 5954 5955<p> 5956The maximal time between attempts to deliver a deferred message. 5957</p> 5958 5959<p> This parameter should be set to a value greater than or equal 5960to $<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a>. See also $<a href="postconf.5.html#queue_run_delay">queue_run_delay</a>. </p> 5961 5962<p> 5963Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 5964The default time unit is s (seconds). 5965</p> 5966 5967 5968</DD> 5969 5970<DT><b><a name="maximal_queue_lifetime">maximal_queue_lifetime</a> 5971(default: 5d)</b></DT><DD> 5972 5973<p> 5974Consider a message as undeliverable, when delivery fails with a 5975temporary error, and the time in the queue has reached the 5976<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> limit. 5977</p> 5978 5979<p> 5980Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 5981The default time unit is d (days). 5982</p> 5983 5984<p> 5985Specify 0 when mail delivery should be tried only once. 5986</p> 5987 5988 5989</DD> 5990 5991<DT><b><a name="message_reject_characters">message_reject_characters</a> 5992(default: empty)</b></DT><DD> 5993 5994<p> The set of characters that Postfix will reject in message 5995content. The usual C-like escape sequences are recognized: <tt>\a 5996\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and 5997<tt>\\</tt>. </p> 5998 5999<p> Note 1: this feature does not recognize text that requires MIME 6000decoding. It inspects raw message content, just like <a href="postconf.5.html#header_checks">header_checks</a> 6001and <a href="postconf.5.html#body_checks">body_checks</a>. </p> 6002 6003<p> Note 2: this feature is disabled with "<a href="postconf.5.html#receive_override_options">receive_override_options</a> 6004= <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>". </p> 6005 6006<p> Example: </p> 6007 6008<pre> 6009<a href="postconf.5.html#message_reject_characters">message_reject_characters</a> = \0 6010</pre> 6011 6012<p> This feature is available in Postfix 2.3 and later. </p> 6013 6014 6015</DD> 6016 6017<DT><b><a name="message_size_limit">message_size_limit</a> 6018(default: 10240000)</b></DT><DD> 6019 6020<p> 6021The maximal size in bytes of a message, including envelope information. 6022</p> 6023 6024<p> Note: be careful when making changes. Excessively small values 6025will result in the loss of non-delivery notifications, when a bounce 6026message size exceeds the local or remote MTA's message size limit. 6027</p> 6028 6029 6030</DD> 6031 6032<DT><b><a name="message_strip_characters">message_strip_characters</a> 6033(default: empty)</b></DT><DD> 6034 6035<p> The set of characters that Postfix will remove from message 6036content. The usual C-like escape sequences are recognized: <tt>\a 6037\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and 6038<tt>\\</tt>. </p> 6039 6040<p> Note 1: this feature does not recognize text that requires MIME 6041decoding. It inspects raw message content, just like <a href="postconf.5.html#header_checks">header_checks</a> 6042and <a href="postconf.5.html#body_checks">body_checks</a>. </p> 6043 6044<p> Note 2: this feature is disabled with "<a href="postconf.5.html#receive_override_options">receive_override_options</a> 6045= <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>". </p> 6046 6047<p> Example: </p> 6048 6049<pre> 6050<a href="postconf.5.html#message_strip_characters">message_strip_characters</a> = \0 6051</pre> 6052 6053<p> This feature is available in Postfix 2.3 and later. </p> 6054 6055 6056</DD> 6057 6058<DT><b><a name="milter_command_timeout">milter_command_timeout</a> 6059(default: 30s)</b></DT><DD> 6060 6061<p> The time limit for sending an SMTP command to a Milter (mail 6062filter) application, and for receiving the response. </p> 6063 6064<p> Specify a non-zero time value (an integral value plus an optional 6065one-letter suffix that specifies the time unit). </p> 6066 6067<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 6068(weeks). The default time unit is s (seconds). </p> 6069 6070<p> This feature is available in Postfix 2.3 and later. </p> 6071 6072 6073</DD> 6074 6075<DT><b><a name="milter_connect_macros">milter_connect_macros</a> 6076(default: see "postconf -d" output)</b></DT><DD> 6077 6078<p> The macros that are sent to Milter (mail filter) applications 6079after completion of an SMTP connection. See <a href="MILTER_README.html">MILTER_README</a> 6080for a list of available macro names and their meanings. </p> 6081 6082<p> This feature is available in Postfix 2.3 and later. </p> 6083 6084 6085</DD> 6086 6087<DT><b><a name="milter_connect_timeout">milter_connect_timeout</a> 6088(default: 30s)</b></DT><DD> 6089 6090<p> The time limit for connecting to a Milter (mail filter) 6091application, and for negotiating protocol options. </p> 6092 6093<p> Specify a non-zero time value (an integral value plus an optional 6094one-letter suffix that specifies the time unit). </p> 6095 6096<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 6097(weeks). The default time unit is s (seconds). </p> 6098 6099<p> This feature is available in Postfix 2.3 and later. </p> 6100 6101 6102</DD> 6103 6104<DT><b><a name="milter_content_timeout">milter_content_timeout</a> 6105(default: 300s)</b></DT><DD> 6106 6107<p> The time limit for sending message content to a Milter (mail 6108filter) application, and for receiving the response. </p> 6109 6110<p> Specify a non-zero time value (an integral value plus an optional 6111one-letter suffix that specifies the time unit). </p> 6112 6113<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 6114(weeks). The default time unit is s (seconds). </p> 6115 6116<p> This feature is available in Postfix 2.3 and later. </p> 6117 6118 6119</DD> 6120 6121<DT><b><a name="milter_data_macros">milter_data_macros</a> 6122(default: see "postconf -d" output)</b></DT><DD> 6123 6124<p> The macros that are sent to version 4 or higher Milter (mail 6125filter) applications after the SMTP DATA command. See <a href="MILTER_README.html">MILTER_README</a> 6126for a list of available macro names and their meanings. </p> 6127 6128<p> This feature is available in Postfix 2.3 and later. </p> 6129 6130 6131</DD> 6132 6133<DT><b><a name="milter_default_action">milter_default_action</a> 6134(default: tempfail)</b></DT><DD> 6135 6136<p> The default action when a Milter (mail filter) application is 6137unavailable or mis-configured. Specify one of the following: </p> 6138 6139<dl compact> 6140 6141<dt>accept</dt> <dd>Proceed as if the mail filter was not present. 6142</dd> 6143 6144<dt>reject</dt> <dd>Reject all further commands in this session 6145with a permanent status code.</dd> 6146 6147<dt>tempfail</dt> <dd>Reject all further commands in this session 6148with a temporary status code. </dd> 6149 6150<dt>quarantine</dt> <dd>Like "accept", but freeze the message in 6151the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a>. Available with Postfix 2.6 and later. </dd> 6152 6153</dl> 6154 6155<p> This feature is available in Postfix 2.3 and later. </p> 6156 6157 6158</DD> 6159 6160<DT><b><a name="milter_end_of_data_macros">milter_end_of_data_macros</a> 6161(default: see "postconf -d" output)</b></DT><DD> 6162 6163<p> The macros that are sent to Milter (mail filter) applications 6164after the message end-of-data. See <a href="MILTER_README.html">MILTER_README</a> for a list of 6165available macro names and their meanings. </p> 6166 6167<p> This feature is available in Postfix 2.3 and later. </p> 6168 6169 6170</DD> 6171 6172<DT><b><a name="milter_end_of_header_macros">milter_end_of_header_macros</a> 6173(default: see "postconf -d" output)</b></DT><DD> 6174 6175<p> The macros that are sent to Milter (mail filter) applications 6176after the end of the message header. See <a href="MILTER_README.html">MILTER_README</a> for a list 6177of available macro names and their meanings. </p> 6178 6179<p> This feature is available in Postfix 2.5 and later. </p> 6180 6181 6182</DD> 6183 6184<DT><b><a name="milter_header_checks">milter_header_checks</a> 6185(default: empty)</b></DT><DD> 6186 6187<p> Optional lookup tables for content inspection of message headers 6188that are produced by Milter applications. See the <a href="header_checks.5.html">header_checks(5)</a> 6189manual page available actions. Currently, PREPEND is not implemented. 6190</p> 6191 6192<p> The following example sends all mail that is marked as SPAM to 6193a spam handling machine. Note that matches are case-insensitive 6194by default. </p> 6195 6196<pre> 6197/etc/postfix/<a href="postconf.5.html">main.cf</a>: 6198 <a href="postconf.5.html#milter_header_checks">milter_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/<a href="postconf.5.html#milter_header_checks">milter_header_checks</a> 6199</pre> 6200 6201<pre> 6202/etc/postfix/<a href="postconf.5.html#milter_header_checks">milter_header_checks</a>: 6203 /^X-SPAM-FLAG:\s+YES/ FILTER mysmtp:sanitizer.example.com:25 6204</pre> 6205 6206<p> The <a href="postconf.5.html#milter_header_checks">milter_header_checks</a> mechanism could also be used for 6207whitelisting. For example it could be used to skip heavy content 6208inspection for DKIM-signed mail from known friendly domains. </p> 6209 6210<p> This feature is available in Postfix 2.7, and as an optional 6211patch for Postfix 2.6. </p> 6212 6213 6214</DD> 6215 6216<DT><b><a name="milter_helo_macros">milter_helo_macros</a> 6217(default: see "postconf -d" output)</b></DT><DD> 6218 6219<p> The macros that are sent to Milter (mail filter) applications 6220after the SMTP HELO or EHLO command. See 6221<a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their meanings. 6222</p> 6223 6224<p> This feature is available in Postfix 2.3 and later. </p> 6225 6226 6227</DD> 6228 6229<DT><b><a name="milter_macro_daemon_name">milter_macro_daemon_name</a> 6230(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 6231 6232<p> The {daemon_name} macro value for Milter (mail filter) applications. 6233See <a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their 6234meanings. </p> 6235 6236<p> This feature is available in Postfix 2.3 and later. </p> 6237 6238 6239</DD> 6240 6241<DT><b><a name="milter_macro_v">milter_macro_v</a> 6242(default: $<a href="postconf.5.html#mail_name">mail_name</a> $<a href="postconf.5.html#mail_version">mail_version</a>)</b></DT><DD> 6243 6244<p> The {v} macro value for Milter (mail filter) applications. 6245See <a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their 6246meanings. </p> 6247 6248<p> This feature is available in Postfix 2.3 and later. </p> 6249 6250 6251</DD> 6252 6253<DT><b><a name="milter_mail_macros">milter_mail_macros</a> 6254(default: see "postconf -d" output)</b></DT><DD> 6255 6256<p> The macros that are sent to Milter (mail filter) applications 6257after the SMTP MAIL FROM command. See <a href="MILTER_README.html">MILTER_README</a> 6258for a list of available macro names and their meanings. </p> 6259 6260<p> This feature is available in Postfix 2.3 and later. </p> 6261 6262 6263</DD> 6264 6265<DT><b><a name="milter_protocol">milter_protocol</a> 6266(default: 6)</b></DT><DD> 6267 6268<p> The mail filter protocol version and optional protocol extensions 6269for communication with a Milter application; prior to Postfix 2.6 6270the default protocol is 2. Postfix 6271sends this version number during the initial protocol handshake. 6272It should match the version number that is expected by the mail 6273filter application (or by its Milter library). </p> 6274 6275<p>Protocol versions: </p> 6276 6277<dl compact> 6278 6279<dt>2</dt> <dd>Use Sendmail 8 mail filter protocol version 2 (default 6280with Sendmail version 8.11 .. 8.13 and Postfix version 2.3 .. 62812.5).</dd> 6282 6283<dt>3</dt> <dd>Use Sendmail 8 mail filter protocol version 3.</dd> 6284 6285<dt>4</dt> <dd>Use Sendmail 8 mail filter protocol version 4.</dd> 6286 6287<dt>6</dt> <dd>Use Sendmail 8 mail filter protocol version 6 (default 6288with Sendmail version 8.14 and Postfix version 2.6).</dd> 6289 6290</dl> 6291 6292<p>Protocol extensions: </p> 6293 6294<dl compact> 6295 6296<dt>no_header_reply</dt> <dd> Specify this when the Milter application 6297will not reply for each individual message header.</dd> 6298 6299</dl> 6300 6301<p> This feature is available in Postfix 2.3 and later. </p> 6302 6303 6304</DD> 6305 6306<DT><b><a name="milter_rcpt_macros">milter_rcpt_macros</a> 6307(default: see "postconf -d" output)</b></DT><DD> 6308 6309<p> The macros that are sent to Milter (mail filter) applications 6310after the SMTP RCPT TO command. See <a href="MILTER_README.html">MILTER_README</a> 6311for a list of available macro names and their meanings. </p> 6312 6313<p> This feature is available in Postfix 2.3 and later. </p> 6314 6315 6316</DD> 6317 6318<DT><b><a name="milter_unknown_command_macros">milter_unknown_command_macros</a> 6319(default: see "postconf -d" output)</b></DT><DD> 6320 6321<p> The macros that are sent to version 3 or higher Milter (mail 6322filter) applications after an unknown SMTP command. See <a href="MILTER_README.html">MILTER_README</a> 6323for a list of available macro names and their meanings. </p> 6324 6325<p> This feature is available in Postfix 2.3 and later. </p> 6326 6327 6328</DD> 6329 6330<DT><b><a name="mime_boundary_length_limit">mime_boundary_length_limit</a> 6331(default: 2048)</b></DT><DD> 6332 6333<p> 6334The maximal length of MIME multipart boundary strings. The MIME 6335processor is unable to distinguish between boundary strings that 6336do not differ in the first $<a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> characters. 6337</p> 6338 6339<p> 6340This feature is available in Postfix 2.0 and later. 6341</p> 6342 6343 6344</DD> 6345 6346<DT><b><a name="mime_header_checks">mime_header_checks</a> 6347(default: $<a href="postconf.5.html#header_checks">header_checks</a>)</b></DT><DD> 6348 6349<p> 6350Optional lookup tables for content inspection of MIME related 6351message headers, as described in the <a href="header_checks.5.html">header_checks(5)</a> manual page. 6352</p> 6353 6354<p> 6355This feature is available in Postfix 2.0 and later. 6356</p> 6357 6358 6359</DD> 6360 6361<DT><b><a name="mime_nesting_limit">mime_nesting_limit</a> 6362(default: 100)</b></DT><DD> 6363 6364<p> 6365The maximal recursion level that the MIME processor will handle. 6366Postfix refuses mail that is nested deeper than the specified limit. 6367</p> 6368 6369<p> 6370This feature is available in Postfix 2.0 and later. 6371</p> 6372 6373 6374</DD> 6375 6376<DT><b><a name="minimal_backoff_time">minimal_backoff_time</a> 6377(default: 300s)</b></DT><DD> 6378 6379<p> 6380The minimal time between attempts to deliver a deferred message; 6381prior to Postfix 2.4 the default value was 1000s. 6382</p> 6383 6384<p> 6385This parameter also limits the time an unreachable destination is 6386kept in the short-term, in-memory, destination status cache. 6387</p> 6388 6389<p> This parameter should be set greater than or equal to 6390$<a href="postconf.5.html#queue_run_delay">queue_run_delay</a>. See also $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>. </p> 6391 6392<p> 6393Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6394The default time unit is s (seconds). 6395</p> 6396 6397 6398</DD> 6399 6400<DT><b><a name="multi_instance_directories">multi_instance_directories</a> 6401(default: empty)</b></DT><DD> 6402 6403<p> An optional list of non-default Postfix configuration directories; 6404these directories belong to additional Postfix instances that share 6405the Postfix executable files and documentation with the default 6406Postfix instance, and that are started, stopped, etc., together 6407with the default Postfix instance. Specify a list of pathnames 6408separated by comma or whitespace. </p> 6409 6410<p> When $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> is empty, the <a href="postfix.1.html">postfix(1)</a> command 6411runs in single-instance mode and operates on a single Postfix 6412instance only. Otherwise, the <a href="postfix.1.html">postfix(1)</a> command runs in multi-instance 6413mode and invokes the multi-instance manager specified with the 6414<a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> parameter. The multi-instance manager in 6415turn executes <a href="postfix.1.html">postfix(1)</a> commands for the default instance and for 6416all Postfix instances in $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>. </p> 6417 6418<p> Currently, this parameter setting is ignored except for the 6419default <a href="postconf.5.html">main.cf</a> file. </p> 6420 6421<p> This feature is available in Postfix 2.6 and later. </p> 6422 6423 6424</DD> 6425 6426<DT><b><a name="multi_instance_enable">multi_instance_enable</a> 6427(default: no)</b></DT><DD> 6428 6429<p> Allow this Postfix instance to be started, stopped, etc., by a 6430multi-instance manager. By default, new instances are created in 6431a safe state that prevents them from being started inadvertently. 6432This parameter is reserved for the multi-instance manager. </p> 6433 6434<p> This feature is available in Postfix 2.6 and later. </p> 6435 6436 6437</DD> 6438 6439<DT><b><a name="multi_instance_group">multi_instance_group</a> 6440(default: empty)</b></DT><DD> 6441 6442<p> The optional instance group name of this Postfix instance. A 6443group identifies closely-related Postfix instances that the 6444multi-instance manager can start, stop, etc., as a unit. This 6445parameter is reserved for the multi-instance manager. </p> 6446 6447<p> This feature is available in Postfix 2.6 and later. </p> 6448 6449 6450</DD> 6451 6452<DT><b><a name="multi_instance_name">multi_instance_name</a> 6453(default: empty)</b></DT><DD> 6454 6455<p> The optional instance name of this Postfix instance. This name 6456becomes also the default value for the <a href="postconf.5.html#syslog_name">syslog_name</a> parameter. </p> 6457 6458<p> This feature is available in Postfix 2.6 and later. </p> 6459 6460 6461</DD> 6462 6463<DT><b><a name="multi_instance_wrapper">multi_instance_wrapper</a> 6464(default: empty)</b></DT><DD> 6465 6466<p> The pathname of a multi-instance manager command that the 6467<a href="postfix.1.html">postfix(1)</a> command invokes when the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> 6468parameter value is non-empty. The pathname may be followed by 6469initial command arguments separated by whitespace; shell 6470metacharacters such as quotes are not supported in this context. 6471</p> 6472 6473<p> The <a href="postfix.1.html">postfix(1)</a> command invokes the manager command with the 6474<a href="postfix.1.html">postfix(1)</a> non-option command arguments on the manager command line, 6475and with all installation configuration parameters exported into 6476the manager command process environment. The manager command in 6477turn invokes the <a href="postfix.1.html">postfix(1)</a> command for individual Postfix instances 6478as "postfix -c <i><a href="postconf.5.html#config_directory">config_directory</a></i> <i>command</i>". </p> 6479 6480<p> This feature is available in Postfix 2.6 and later. </p> 6481 6482 6483</DD> 6484 6485<DT><b><a name="multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> 6486(default: 550)</b></DT><DD> 6487 6488<p> 6489The numerical Postfix SMTP server response code when a remote SMTP 6490client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> 6491restriction. 6492</p> 6493 6494<p> 6495Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 6496</p> 6497 6498<p> 6499This feature is available in Postfix 2.1 and later. 6500</p> 6501 6502 6503</DD> 6504 6505<DT><b><a name="mydestination">mydestination</a> 6506(default: $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b></DT><DD> 6507 6508<p> The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a> 6509mail delivery transport. By default this is the Postfix <a href="local.8.html">local(8)</a> 6510delivery agent which looks up all recipients in /etc/passwd and 6511/etc/aliases. The SMTP server validates recipient addresses with 6512$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> and rejects non-existent recipients. See also 6513the <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. 6514</p> 6515 6516<p> 6517The default <a href="postconf.5.html#mydestination">mydestination</a> value specifies names for the local 6518machine only. On a mail domain gateway, you should also include 6519$<a href="postconf.5.html#mydomain">mydomain</a>. 6520</p> 6521 6522<p> 6523The $<a href="postconf.5.html#local_transport">local_transport</a> delivery method is also selected for mail 6524addressed to user@[the.net.work.address] of the mail system (the 6525IP addresses specified with the <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> and <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> 6526parameters). 6527</p> 6528 6529<p> 6530Warnings: 6531</p> 6532 6533<ul> 6534 6535<li><p>Do not specify the names of virtual domains - those domains 6536are specified elsewhere. See <a href="VIRTUAL_README.html">VIRTUAL_README</a> for more information. </p> 6537 6538<li><p>Do not specify the names of domains that this machine is 6539backup MX host for. See <a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> for how to 6540set up backup MX hosts. </p> 6541 6542<li><p>By default, the Postfix SMTP server rejects mail for recipients 6543not listed with the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> parameter. See the 6544<a href="postconf.5.html">postconf(5)</a> manual for a description of the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> 6545and <a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> parameters. </p> 6546 6547</ul> 6548 6549<p> 6550Specify a list of host or domain names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" 6551patterns, separated by commas and/or whitespace. A "/file/name" 6552pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 6553is matched when a name matches a lookup key (the lookup result is 6554ignored). Continue long lines by starting the next line with 6555whitespace. </p> 6556 6557<p> 6558Examples: 6559</p> 6560 6561<pre> 6562<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a> $<a href="postconf.5.html#mydomain">mydomain</a> 6563<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a> www.$<a href="postconf.5.html#mydomain">mydomain</a>, ftp.$<a href="postconf.5.html#mydomain">mydomain</a> 6564</pre> 6565 6566 6567</DD> 6568 6569<DT><b><a name="mydomain">mydomain</a> 6570(default: see "postconf -d" output)</b></DT><DD> 6571 6572<p> 6573The internet domain name of this mail system. The default is to 6574use $<a href="postconf.5.html#myhostname">myhostname</a> minus the first component, or "localdomain" (Postfix 65752.3 and later). $<a href="postconf.5.html#mydomain">mydomain</a> is used as 6576a default value for many other configuration parameters. 6577</p> 6578 6579<p> 6580Example: 6581</p> 6582 6583<pre> 6584<a href="postconf.5.html#mydomain">mydomain</a> = domain.tld 6585</pre> 6586 6587 6588</DD> 6589 6590<DT><b><a name="myhostname">myhostname</a> 6591(default: see "postconf -d" output)</b></DT><DD> 6592 6593<p> 6594The internet hostname of this mail system. The default is to use 6595the fully-qualified domain name (FQDN) from gethostname(), or to 6596use the non-FQDN result from gethostname() and append ".$<a href="postconf.5.html#mydomain">mydomain</a>". 6597$<a href="postconf.5.html#myhostname">myhostname</a> is used as a default value for many other configuration 6598parameters. </p> 6599 6600<p> 6601Example: 6602</p> 6603 6604<pre> 6605<a href="postconf.5.html#myhostname">myhostname</a> = host.example.com 6606</pre> 6607 6608 6609</DD> 6610 6611<DT><b><a name="mynetworks">mynetworks</a> 6612(default: see "postconf -d" output)</b></DT><DD> 6613 6614<p> 6615The list of "trusted" remote SMTP clients that have more privileges than 6616"strangers". 6617</p> 6618 6619<p> 6620In particular, "trusted" SMTP clients are allowed to relay mail 6621through Postfix. See the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> parameter 6622description in the <a href="postconf.5.html">postconf(5)</a> manual. 6623</p> 6624 6625<p> 6626You can specify the list of "trusted" network addresses by hand 6627or you can let Postfix do it for you (which is the default). 6628See the description of the <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> parameter for more 6629information. 6630</p> 6631 6632<p> 6633If you specify the <a href="postconf.5.html#mynetworks">mynetworks</a> list by hand, 6634Postfix ignores the <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> setting. 6635</p> 6636 6637<p> Specify a list of network addresses or network/netmask patterns, 6638separated by commas and/or whitespace. Continue long lines by 6639starting the next line with whitespace. </p> 6640 6641<p> The netmask specifies the number of bits in the network part 6642of a host address. You can also specify "/file/name" or "<a href="DATABASE_README.html">type:table</a>" 6643patterns. A "/file/name" pattern is replaced by its contents; a 6644"<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a table entry matches a 6645lookup string (the lookup result is ignored). </p> 6646 6647<p> The list is matched left to right, and the search stops on the 6648first match. Specify "!pattern" to exclude an address or network 6649block from the list. The form "!/file/name" is supported only 6650in Postfix version 2.4 and later. </p> 6651 6652<p> Note: IP version 6 address information must be specified inside 6653<tt>[]</tt> in the <a href="postconf.5.html#mynetworks">mynetworks</a> value, and in files specified with 6654"/file/name". IP version 6 addresses contain the ":" character, 6655and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" pattern. </p> 6656 6657<p> Examples: </p> 6658 6659<pre> 6660<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 6661<a href="postconf.5.html#mynetworks">mynetworks</a> = !192.168.0.1, 192.168.0.0/28 6662<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64 6663<a href="postconf.5.html#mynetworks">mynetworks</a> = $<a href="postconf.5.html#config_directory">config_directory</a>/mynetworks 6664<a href="postconf.5.html#mynetworks">mynetworks</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/network_table 6665</pre> 6666 6667 6668</DD> 6669 6670<DT><b><a name="mynetworks_style">mynetworks_style</a> 6671(default: subnet)</b></DT><DD> 6672 6673<p> 6674The method to generate the default value for the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter. 6675This is the list of trusted networks for relay access control etc. 6676</p> 6677 6678<ul> 6679 6680<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host" when Postfix should 6681"trust" only the local machine. </p> 6682 6683<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" when Postfix 6684should "trust" remote SMTP clients in the same IP subnetworks as the local 6685machine. On Linux, this works correctly only with interfaces 6686specified with the "ifconfig" command. </p> 6687 6688<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" when Postfix should 6689"trust" remote SMTP clients in the same IP class A/B/C networks as the 6690local machine. Don't do this with a dialup site - it would cause 6691Postfix to "trust" your entire provider's network. Instead, specify 6692an explicit <a href="postconf.5.html#mynetworks">mynetworks</a> list by hand, as described with the <a href="postconf.5.html#mynetworks">mynetworks</a> 6693configuration parameter. </p> 6694 6695</ul> 6696 6697 6698</DD> 6699 6700<DT><b><a name="myorigin">myorigin</a> 6701(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 6702 6703<p> 6704The domain name that locally-posted mail appears to come 6705from, and that locally posted mail is delivered to. The default, 6706$<a href="postconf.5.html#myhostname">myhostname</a>, is adequate for small sites. If you run a domain with 6707multiple machines, you should (1) change this to $<a href="postconf.5.html#mydomain">mydomain</a> and (2) 6708set up a domain-wide alias database that aliases each user to 6709user@that.users.mailhost. 6710</p> 6711 6712<p> 6713Example: 6714</p> 6715 6716<pre> 6717<a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a> 6718</pre> 6719 6720 6721</DD> 6722 6723<DT><b><a name="nested_header_checks">nested_header_checks</a> 6724(default: $<a href="postconf.5.html#header_checks">header_checks</a>)</b></DT><DD> 6725 6726<p> 6727Optional lookup tables for content inspection of non-MIME message 6728headers in attached messages, as described in the <a href="header_checks.5.html">header_checks(5)</a> 6729manual page. 6730</p> 6731 6732<p> 6733This feature is available in Postfix 2.0 and later. 6734</p> 6735 6736 6737</DD> 6738 6739<DT><b><a name="newaliases_path">newaliases_path</a> 6740(default: see "postconf -d" output)</b></DT><DD> 6741 6742<p> 6743Sendmail compatibility feature that specifies the location of the 6744<a href="newaliases.1.html">newaliases(1)</a> command. This command can be used to rebuild the 6745<a href="local.8.html">local(8)</a> <a href="aliases.5.html">aliases(5)</a> database. 6746</p> 6747 6748 6749</DD> 6750 6751<DT><b><a name="non_fqdn_reject_code">non_fqdn_reject_code</a> 6752(default: 504)</b></DT><DD> 6753 6754<p> 6755The numerical Postfix SMTP server reply code when a client request 6756is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>, <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> 6757or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction. 6758</p> 6759 6760 6761</DD> 6762 6763<DT><b><a name="non_smtpd_milters">non_smtpd_milters</a> 6764(default: empty)</b></DT><DD> 6765 6766<p> A list of Milter (mail filter) applications for new mail that 6767does not arrive via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server. This includes local 6768submission via the <a href="sendmail.1.html">sendmail(1)</a> command line, new mail that arrives 6769via the Postfix <a href="qmqpd.8.html">qmqpd(8)</a> server, and old mail that is re-injected 6770into the queue with "postsuper -r". Specify space or comma as 6771separator. See the <a href="MILTER_README.html">MILTER_README</a> document for details. </p> 6772 6773<p> This feature is available in Postfix 2.3 and later. </p> 6774 6775 6776</DD> 6777 6778<DT><b><a name="notify_classes">notify_classes</a> 6779(default: resource, software)</b></DT><DD> 6780 6781<p> 6782The list of error classes that are reported to the postmaster. The 6783default is to report only the most serious problems. The paranoid 6784may wish to turn on the policy (UCE and mail relaying) and protocol 6785error (broken mail software) reports. 6786</p> 6787 6788<p> NOTE: postmaster notifications may contain confidential information 6789such as SASL passwords or message content. It is the system 6790administrator's responsibility to treat such information with care. 6791</p> 6792 6793<p> 6794The error classes are: 6795</p> 6796 6797<dl> 6798 6799<dt><b>bounce</b> (also implies <b>2bounce</b>)</dt> 6800 6801<dd>Send the postmaster copies of the headers of bounced mail, and 6802send transcripts of SMTP sessions when Postfix rejects mail. The 6803notification is sent to the address specified with the 6804<a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> configuration parameter (default: postmaster). 6805</dd> 6806 6807<dt><b>2bounce</b></dt> 6808 6809<dd>Send undeliverable bounced mail to the postmaster. The notification 6810is sent to the address specified with the <a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> 6811configuration parameter (default: postmaster). </dd> 6812 6813<dt><b>data</b></dt> 6814 6815<dd>Send the postmaster a transcript of the SMTP session with an 6816error because a critical data file was unavailable. The notification 6817is sent to the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> 6818configuration parameter (default: postmaster). <br> This feature 6819is available in Postfix 2.9 and later. </dd> 6820 6821<dt><b>delay</b></dt> 6822 6823<dd>Send the postmaster copies of the headers of delayed mail (see 6824<a href="postconf.5.html#delay_warning_time">delay_warning_time</a>). The 6825notification is sent to the address specified with the 6826<a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> configuration parameter (default: postmaster). 6827</dd> 6828 6829<dt><b>policy</b></dt> 6830 6831<dd>Send the postmaster a transcript of the SMTP session when a 6832client request was rejected because of (UCE) policy. The notification 6833is sent to the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> 6834configuration parameter (default: postmaster). </dd> 6835 6836<dt><b>protocol</b></dt> 6837 6838<dd>Send the postmaster a transcript of the SMTP session in case 6839of client or server protocol errors. The notification is sent to 6840the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration 6841parameter (default: postmaster). </dd> 6842 6843<dt><b>resource</b></dt> 6844 6845<dd>Inform the postmaster of mail not delivered due to resource 6846problems. The notification is sent to the address specified with 6847the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration parameter (default: 6848postmaster). </dd> 6849 6850<dt><b>software</b></dt> 6851 6852<dd>Inform the postmaster of mail not delivered due to software 6853problems. The notification is sent to the address specified with 6854the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration parameter (default: 6855postmaster). </dd> 6856 6857</dl> 6858 6859<p> 6860Examples: 6861</p> 6862 6863<pre> 6864<a href="postconf.5.html#notify_classes">notify_classes</a> = bounce, delay, policy, protocol, resource, software 6865<a href="postconf.5.html#notify_classes">notify_classes</a> = 2bounce, resource, software 6866</pre> 6867 6868 6869</DD> 6870 6871<DT><b><a name="owner_request_special">owner_request_special</a> 6872(default: yes)</b></DT><DD> 6873 6874<p> 6875Give special treatment to owner-listname and listname-request 6876address localparts: don't split such addresses when the 6877<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is set to "-". This feature is useful for 6878mailing lists. 6879</p> 6880 6881 6882</DD> 6883 6884<DT><b><a name="parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> 6885(default: see "postconf -d" output)</b></DT><DD> 6886 6887<p> 6888What Postfix features match subdomains of "domain.tld" automatically, 6889instead of requiring an explicit ".domain.tld" pattern. This is 6890planned backwards compatibility: eventually, all Postfix features 6891are expected to require explicit ".domain.tld" style patterns when 6892you really want to match subdomains. 6893</p> 6894 6895 6896</DD> 6897 6898<DT><b><a name="permit_mx_backup_networks">permit_mx_backup_networks</a> 6899(default: empty)</b></DT><DD> 6900 6901<p> 6902Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to 6903only domains whose primary MX hosts match the listed networks. 6904The parameter value syntax is the same as with the <a href="postconf.5.html#mynetworks">mynetworks</a> 6905parameter; note, however, that the default value is empty. </p> 6906 6907 6908</DD> 6909 6910<DT><b><a name="pickup_service_name">pickup_service_name</a> 6911(default: pickup)</b></DT><DD> 6912 6913<p> 6914The name of the <a href="pickup.8.html">pickup(8)</a> service. This service picks up local mail 6915submissions from the Postfix <a href="QSHAPE_README.html#maildrop_queue">maildrop queue</a>. 6916</p> 6917 6918<p> 6919This feature is available in Postfix 2.0 and later. 6920</p> 6921 6922 6923</DD> 6924 6925<DT><b><a name="plaintext_reject_code">plaintext_reject_code</a> 6926(default: 450)</b></DT><DD> 6927 6928<p> 6929The numerical Postfix SMTP server response code when a request 6930is rejected by the <b><a href="postconf.5.html#reject_plaintext_session">reject_plaintext_session</a></b> restriction. 6931</p> 6932 6933<p> This feature is available in Postfix 2.3 and later. </p> 6934 6935 6936</DD> 6937 6938<DT><b><a name="postmulti_control_commands">postmulti_control_commands</a> 6939(default: reload flush)</b></DT><DD> 6940 6941<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager 6942treats as "control" commands, that operate on running instances. For 6943these commands, disabled instances are skipped. </p> 6944 6945<p> This feature is available in Postfix 2.6 and later. </p> 6946 6947 6948</DD> 6949 6950<DT><b><a name="postmulti_start_commands">postmulti_start_commands</a> 6951(default: start)</b></DT><DD> 6952 6953<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager treats 6954as "start" commands. For these commands, disabled instances are "checked" 6955rather than "started", and failure to "start" a member instance of an 6956instance group will abort the start-up of later instances. </p> 6957 6958<p> This feature is available in Postfix 2.6 and later. </p> 6959 6960 6961</DD> 6962 6963<DT><b><a name="postmulti_stop_commands">postmulti_stop_commands</a> 6964(default: see "postconf -d" output)</b></DT><DD> 6965 6966<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager treats 6967as "stop" commands. For these commands, disabled instances are skipped, 6968and enabled instances are processed in reverse order. </p> 6969 6970<p> This feature is available in Postfix 2.6 and later. </p> 6971 6972 6973</DD> 6974 6975<DT><b><a name="postscreen_access_list">postscreen_access_list</a> 6976(default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>)</b></DT><DD> 6977 6978<p> Permanent white/blacklist for remote SMTP client IP addresses. 6979<a href="postscreen.8.html">postscreen(8)</a> searches this list immediately after a remote SMTP 6980client connects. Specify a comma- or whitespace-separated list of 6981commands (in upper or lower case) or lookup tables. The search stops 6982upon the first command that fires for the client IP address. </p> 6983 6984<dl> 6985 6986<dt> <b> <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> </b> </dt> <dd> Whitelist the client and 6987terminate the search if the client IP address matches $<a href="postconf.5.html#mynetworks">mynetworks</a>. 6988Do not subject the client to any before/after 220 greeting tests. 6989Pass the connection immediately to a Postfix SMTP server process. 6990</dd> 6991 6992<dt> <b> <a href="DATABASE_README.html">type:table</a> </b> </dt> <dd> Query the specified lookup 6993table. Each table lookup result is an access list, except that 6994access lists inside a table cannot specify <a href="DATABASE_README.html">type:table</a> entries. <br> 6995To discourage the use of hash, btree, etc. tables, there is no 6996support for substring matching like <a href="smtpd.8.html">smtpd(8)</a>. Use CIDR tables 6997instead. </dd> 6998 6999<dt> <b> permit </b> </dt> <dd> Whitelist the client and terminate 7000the search. Do not subject the client to any before/after 220 7001greeting tests. Pass the connection immediately to a Postfix SMTP 7002server process. </dd> 7003 7004<dt> <b> reject </b> </dt> <dd> Blacklist the client and terminate 7005the search. Subject the client to the action configured with the 7006<a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> configuration parameter. </dd> 7007 7008<dt> <b> dunno </b> </dt> <dd> All <a href="postscreen.8.html">postscreen(8)</a> access lists 7009implicitly have this command at the end. <br> When <b> dunno </b> 7010is executed inside a lookup table, return from the lookup table and 7011evaluate the next command. <br> When <b> dunno </b> is executed 7012outside a lookup table, terminate the search, and subject the client 7013to the configured before/after 220 greeting tests. </dd> 7014 7015</dl> 7016 7017<p> Example: </p> 7018 7019<pre> 7020/etc/postfix/<a href="postconf.5.html">main.cf</a>: 7021 <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, 7022 <a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr 7023 <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> = enforce 7024</pre> 7025 7026<pre> 7027/etc/postfix/postscreen_access.<a href="cidr_table.5.html">cidr</a>: 7028 # Rules are evaluated in the order as specified. 7029 # Blacklist 192.168.* except 192.168.0.1. 7030 192.168.0.1 dunno 7031 192.168.0.0/16 reject 7032</pre> 7033 7034<p> This feature is available in Postfix 2.8. </p> 7035 7036 7037</DD> 7038 7039<DT><b><a name="postscreen_bare_newline_action">postscreen_bare_newline_action</a> 7040(default: ignore)</b></DT><DD> 7041 7042<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client sends 7043a bare newline character, that is, a newline not preceded by carriage 7044return. Specify one of the following: </p> 7045 7046<dl> 7047 7048<dt> <b>ignore</b> </dt> 7049 7050<dd> Ignore the failure of this test. Allow other tests to complete. 7051Do <i>not</i> repeat this test before some the result from some 7052other test expires. 7053This option is useful for testing and collecting statistics 7054without blocking mail permanently. </dd> 7055 7056<dt> <b>enforce</b> </dt> 7057 7058<dd> Allow other tests to complete. Reject attempts to deliver mail 7059with a 550 SMTP reply, and log the helo/sender/recipient information. 7060Repeat this test the next time the client connects. </dd> 7061 7062<dt> <b>drop</b> </dt> 7063 7064<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7065this test the next time the client connects. </dd> 7066 7067</dl> 7068 7069<p> This feature is available in Postfix 2.8. </p> 7070 7071 7072</DD> 7073 7074<DT><b><a name="postscreen_bare_newline_enable">postscreen_bare_newline_enable</a> 7075(default: no)</b></DT><DD> 7076 7077<p> Enable "bare newline" SMTP protocol tests in the <a href="postscreen.8.html">postscreen(8)</a> 7078server. These tests are expensive: a remote SMTP client must 7079disconnect after 7080it passes the test, before it can talk to a real Postfix SMTP server. 7081</p> 7082 7083<p> This feature is available in Postfix 2.8. </p> 7084 7085 7086</DD> 7087 7088<DT><b><a name="postscreen_bare_newline_ttl">postscreen_bare_newline_ttl</a> 7089(default: 30d)</b></DT><DD> 7090 7091<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from 7092a successful "bare newline" SMTP protocol test. During this 7093time, the client IP address is excluded from this test. The default 7094is long because a remote SMTP client must disconnect after it passes 7095the test, 7096before it can talk to a real Postfix SMTP server. </p> 7097 7098<p> Specify a non-zero time value (an integral value plus an optional 7099one-letter suffix that specifies the time unit). Time units: s 7100(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7101 7102<p> This feature is available in Postfix 2.8. </p> 7103 7104 7105</DD> 7106 7107<DT><b><a name="postscreen_blacklist_action">postscreen_blacklist_action</a> 7108(default: ignore)</b></DT><DD> 7109 7110<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client is 7111permanently blacklisted with the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parameter. 7112Specify one of the following: </p> 7113 7114<dl> 7115 7116<dt> <b>ignore</b> (default) </dt> 7117 7118<dd> Ignore this result. Allow other tests to complete. Repeat 7119this test the next time the client connects. 7120This option is useful for testing and collecting statistics 7121without blocking mail. </dd> 7122 7123<dt> <b>enforce</b> </dt> 7124 7125<dd> Allow other tests to complete. Reject attempts to deliver mail 7126with a 550 SMTP reply, and log the helo/sender/recipient information. 7127Repeat this test the next time the client connects. </dd> 7128 7129<dt> <b>drop</b> </dt> 7130 7131<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7132this test the next time the client connects. </dd> 7133 7134</dl> 7135 7136<p> This feature is available in Postfix 2.8. </p> 7137 7138 7139</DD> 7140 7141<DT><b><a name="postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> 7142(default: 12h)</b></DT><DD> 7143 7144<p> The amount of time between <a href="postscreen.8.html">postscreen(8)</a> cache cleanup runs. 7145Cache cleanup increases the load on the cache database and should 7146therefore not be run frequently. This feature requires that the 7147cache database supports the "delete" and "sequence" operators. 7148Specify a zero interval to disable cache cleanup. </p> 7149 7150<p> After each cache cleanup run, the <a href="postscreen.8.html">postscreen(8)</a> daemon logs the 7151number of entries that were retained and dropped. A cleanup run is 7152logged as "partial" when the daemon terminates early after "<b>postfix 7153reload</b>", "<b>postfix stop</b>", or no requests for $<a href="postconf.5.html#max_idle">max_idle</a> 7154seconds. </p> 7155 7156<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 7157(weeks). </p> 7158 7159<p> This feature is available in Postfix 2.8. </p> 7160 7161 7162</DD> 7163 7164<DT><b><a name="postscreen_cache_map">postscreen_cache_map</a> 7165(default: <a href="DATABASE_README.html#types">btree</a>:$<a href="postconf.5.html#data_directory">data_directory</a>/postscreen_cache)</b></DT><DD> 7166 7167<p> Persistent storage for the <a href="postscreen.8.html">postscreen(8)</a> server decisions. </p> 7168 7169<p> To share a <a href="postscreen.8.html">postscreen(8)</a> cache between multiple <a href="postscreen.8.html">postscreen(8)</a> 7170instances, use "<a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> = <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/path/to/file". 7171This requires Postfix version 2.9 or later; earlier <a href="proxymap.8.html">proxymap(8)</a> 7172implementations don't support cache cleanup. For an alternative 7173approach see the <a href="memcache_table.5.html">memcache_table(5)</a> manpage. </p> 7174 7175<p> This feature is available in Postfix 2.8. </p> 7176 7177 7178</DD> 7179 7180<DT><b><a name="postscreen_cache_retention_time">postscreen_cache_retention_time</a> 7181(default: 7d)</b></DT><DD> 7182 7183<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will cache an expired 7184temporary whitelist entry before it is removed. This prevents clients 7185from being logged as "NEW" just because their cache entry expired 7186an hour ago. It also prevents the cache from filling up with clients 7187that passed some deep protocol test once and never came back. </p> 7188 7189<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 7190(weeks). </p> 7191 7192<p> This feature is available in Postfix 2.8. </p> 7193 7194 7195</DD> 7196 7197<DT><b><a name="postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a> 7198(default: $<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>)</b></DT><DD> 7199 7200<p> How many simultaneous connections any remote SMTP client is 7201allowed to have 7202with the <a href="postscreen.8.html">postscreen(8)</a> daemon. By default, this limit is the same 7203as with the Postfix SMTP server. Note that the triage process can 7204take several seconds, with the time spent in <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> 7205delay, and with the time spent talking to the <a href="postscreen.8.html">postscreen(8)</a> built-in 7206dummy SMTP protocol engine. </p> 7207 7208<p> This feature is available in Postfix 2.8. </p> 7209 7210 7211</DD> 7212 7213<DT><b><a name="postscreen_command_count_limit">postscreen_command_count_limit</a> 7214(default: 20)</b></DT><DD> 7215 7216<p> The limit on the total number of commands per SMTP session for 7217<a href="postscreen.8.html">postscreen(8)</a>'s built-in SMTP protocol engine. This SMTP engine 7218defers or rejects all attempts to deliver mail, therefore there is 7219no need to enforce separate limits on the number of junk commands 7220and error commands. </p> 7221 7222<p> This feature is available in Postfix 2.8. </p> 7223 7224 7225</DD> 7226 7227<DT><b><a name="postscreen_command_filter">postscreen_command_filter</a> 7228(default: $<a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>)</b></DT><DD> 7229 7230<p> A mechanism to transform commands from remote SMTP clients. 7231See <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> for further details. </p> 7232 7233<p> This feature is available in Postfix 2.8 and later. </p> 7234 7235 7236</DD> 7237 7238<DT><b><a name="postscreen_command_time_limit">postscreen_command_time_limit</a> 7239(default: ${stress?10}${stress:300}s)</b></DT><DD> 7240 7241<p> The time limit to read an entire command line with <a href="postscreen.8.html">postscreen(8)</a>'s 7242built-in SMTP protocol engine. </p> 7243 7244<p> This feature is available in Postfix 2.8. </p> 7245 7246 7247</DD> 7248 7249<DT><b><a name="postscreen_disable_vrfy_command">postscreen_disable_vrfy_command</a> 7250(default: $<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a>)</b></DT><DD> 7251 7252<p> Disable the SMTP VRFY command in the <a href="postscreen.8.html">postscreen(8)</a> daemon. See 7253<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> for details. </p> 7254 7255<p> This feature is available in Postfix 2.8. </p> 7256 7257 7258</DD> 7259 7260<DT><b><a name="postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a> 7261(default: $<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>)</b></DT><DD> 7262 7263<p> Lookup tables, indexed by the remote SMTP client address, with 7264case insensitive lists of EHLO keywords (pipelining, starttls, auth, 7265etc.) that the <a href="postscreen.8.html">postscreen(8)</a> server will not send in the EHLO response 7266to a remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> for details. 7267The table is not searched by hostname for robustness reasons. </p> 7268 7269<p> This feature is available in Postfix 2.8 and later. </p> 7270 7271 7272</DD> 7273 7274<DT><b><a name="postscreen_discard_ehlo_keywords">postscreen_discard_ehlo_keywords</a> 7275(default: $<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>)</b></DT><DD> 7276 7277<p> A case insensitive list of EHLO keywords (pipelining, starttls, 7278auth, etc.) that the <a href="postscreen.8.html">postscreen(8)</a> server will not send in the EHLO 7279response to a remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> 7280for details. </p> 7281 7282<p> This feature is available in Postfix 2.8 and later. </p> 7283 7284 7285</DD> 7286 7287<DT><b><a name="postscreen_dnsbl_action">postscreen_dnsbl_action</a> 7288(default: ignore)</b></DT><DD> 7289 7290<p>The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client's combined 7291DNSBL score is equal to or greater than a threshold (as defined 7292with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> 7293parameters). Specify one of the following: </p> 7294 7295<dl> 7296 7297<dt> <b>ignore</b> (default) </dt> 7298 7299<dd> Ignore the failure of this test. Allow other tests to complete. 7300Repeat this test the next time the client connects. 7301This option is useful for testing and collecting statistics 7302without blocking mail. </dd> 7303 7304<dt> <b>enforce</b> </dt> 7305 7306<dd> Allow other tests to complete. Reject attempts to deliver mail 7307with a 550 SMTP reply, and log the helo/sender/recipient information. 7308Repeat this test the next time the client connects. </dd> 7309 7310<dt> <b>drop</b> </dt> 7311 7312<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7313this test the next time the client connects. </dd> 7314 7315</dl> 7316 7317<p> This feature is available in Postfix 2.8. </p> 7318 7319 7320</DD> 7321 7322<DT><b><a name="postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> 7323(default: empty)</b></DT><DD> 7324 7325<p> A mapping from actual DNSBL domain name which includes a secret 7326password, to the DNSBL domain name that postscreen will reply with 7327when it rejects mail. When no mapping is found, the actual DNSBL 7328domain will be used. </p> 7329 7330<p> For maximal stability it is best to use a file that is read 7331into memory such as <a href="pcre_table.5.html">pcre</a>:, <a href="regexp_table.5.html">regexp</a>: or <a href="DATABASE_README.html#types">texthash</a>: (<a href="DATABASE_README.html#types">texthash</a>: is similar 7332to <a href="DATABASE_README.html#types">hash</a>:, except a) there is no need to run <a href="postmap.1.html">postmap(1)</a> before the 7333file can be used, and b) <a href="DATABASE_README.html#types">texthash</a>: does not detect changes after 7334the file is read). </p> 7335 7336<p> Example: </p> 7337 7338<pre> 7339/etc/postfix/<a href="postconf.5.html">main.cf</a>: 7340 <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> = <a href="DATABASE_README.html#types">texthash</a>:/etc/postfix/dnsbl_reply 7341</pre> 7342 7343<pre> 7344/etc/postfix/dnsbl_reply: 7345 secret.zen.spamhaus.org zen.spamhaus.org 7346</pre> 7347 7348<p> This feature is available in Postfix 2.8. </p> 7349 7350 7351</DD> 7352 7353<DT><b><a name="postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> 7354(default: empty)</b></DT><DD> 7355 7356<p>Optional list of DNS white/blacklist domains, filters and weight 7357factors. When the list is non-empty, the <a href="dnsblog.8.html">dnsblog(8)</a> daemon will 7358query these domains with the IP addresses of remote SMTP clients, 7359and <a href="postscreen.8.html">postscreen(8)</a> will update an SMTP client's DNSBL score with 7360each non-error reply. </p> 7361 7362<p> Caution: when postscreen rejects mail, it replies with the DNSBL 7363domain name. Use the <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> feature to hide 7364"password" information in DNSBL domain names. </p> 7365 7366<p> When a client's score is equal to or greater than the threshold 7367specified with <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a>, <a href="postscreen.8.html">postscreen(8)</a> can drop 7368the connection with the remote SMTP client. </p> 7369 7370<p> Specify a list of domain=filter*weight entries, separated by 7371comma or whitespace. </p> 7372 7373<ul> 7374 7375<li> <p> When no "=filter" is specified, <a href="postscreen.8.html">postscreen(8)</a> will use any 7376non-error DNSBL reply. Otherwise, <a href="postscreen.8.html">postscreen(8)</a> uses only DNSBL 7377replies that match the filter. The filter has the form d.d.d.d, 7378where each d is a number, or a pattern inside [] that contains one 7379or more ";"-separated numbers or number..number ranges. </p> 7380 7381<li> <p> When no "*weight" is specified, <a href="postscreen.8.html">postscreen(8)</a> increments 7382the remote SMTP client's DNSBL score by 1. Otherwise, the weight must be 7383an integral number, and <a href="postscreen.8.html">postscreen(8)</a> adds the specified weight to 7384the remote SMTP client's DNSBL score. Specify a negative number for 7385whitelisting. </p> 7386 7387<li> <p> When one <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> entry produces multiple 7388DNSBL responses, <a href="postscreen.8.html">postscreen(8)</a> applies the weight at most once. 7389</p> 7390 7391</ul> 7392 7393<p> Examples: </p> 7394 7395<p> To use example.com as a high-confidence blocklist, and to 7396block mail with example.net and example.org only when both agree: 7397</p> 7398 7399<pre> 7400<a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> = 2 7401<a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = example.com*2, example.net, example.org 7402</pre> 7403 7404<p> To filter only DNSBL replies containing 127.0.0.4: </p> 7405 7406<pre> 7407<a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = example.com=127.0.0.4 7408</pre> 7409 7410<p> This feature is available in Postfix 2.8. </p> 7411 7412 7413</DD> 7414 7415<DT><b><a name="postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> 7416(default: 1)</b></DT><DD> 7417 7418<p> The inclusive lower bound for blocking a remote SMTP client, based on 7419its combined DNSBL score as defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> 7420parameter. </p> 7421 7422<p> This feature is available in Postfix 2.8. </p> 7423 7424 7425</DD> 7426 7427<DT><b><a name="postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a> 7428(default: 1h)</b></DT><DD> 7429 7430<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from 7431a successful DNS blocklist test. During this time, the client IP address 7432is excluded from this test. The default is relatively short, because a 7433good client can immediately talk to a real Postfix SMTP server. 7434</p> 7435 7436<p> Specify a non-zero time value (an integral value plus an optional 7437one-letter suffix that specifies the time unit). Time units: s 7438(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7439 7440<p> This feature is available in Postfix 2.8. </p> 7441 7442 7443</DD> 7444 7445<DT><b><a name="postscreen_dnsbl_whitelist_threshold">postscreen_dnsbl_whitelist_threshold</a> 7446(default: 0)</b></DT><DD> 7447 7448<p> Allow a remote SMTP client to skip "before" and "after 220 7449greeting" protocol tests, based on its combined DNSBL score as 7450defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter. </p> 7451 7452<p> Specify a negative value to enable this feature. When a client 7453passes the <a href="postconf.5.html#postscreen_dnsbl_whitelist_threshold">postscreen_dnsbl_whitelist_threshold</a> without having 7454failed other tests, all pending or disabled tests are flagged as 7455completed with a time-to-live value equal to <a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>. 7456When a test was already completed, its time-to-live value is updated 7457if it was less than <a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>. </p> 7458 7459<p> This feature is available in Postfix 2.11. </p> 7460 7461 7462</DD> 7463 7464<DT><b><a name="postscreen_enforce_tls">postscreen_enforce_tls</a> 7465(default: $<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b></DT><DD> 7466 7467<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, and 7468require that clients use TLS encryption. See smtpd_postscreen_enforce_tls 7469for details. </p> 7470 7471<p> This feature is available in Postfix 2.8 and later. 7472Preferably, use <a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> instead. </p> 7473 7474 7475</DD> 7476 7477<DT><b><a name="postscreen_expansion_filter">postscreen_expansion_filter</a> 7478(default: see "postconf -d" output)</b></DT><DD> 7479 7480<p> List of characters that are permitted in <a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> 7481attribute expansions. See <a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> for further 7482details. </p> 7483 7484<p> This feature is available in Postfix 2.8 and later. </p> 7485 7486 7487</DD> 7488 7489<DT><b><a name="postscreen_forbidden_commands">postscreen_forbidden_commands</a> 7490(default: $<a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>)</b></DT><DD> 7491 7492<p> List of commands that the <a href="postscreen.8.html">postscreen(8)</a> server considers in 7493violation of the SMTP protocol. See <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> for 7494syntax, and <a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> for possible actions. 7495</p> 7496 7497<p> This feature is available in Postfix 2.8. </p> 7498 7499 7500</DD> 7501 7502<DT><b><a name="postscreen_greet_action">postscreen_greet_action</a> 7503(default: ignore)</b></DT><DD> 7504 7505<p>The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client speaks 7506before its turn within the time specified with the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> 7507parameter. Specify one of the following: </p> 7508 7509<dl> 7510 7511<dt> <b>ignore</b> (default) </dt> 7512 7513<dd> Ignore the failure of this test. Allow other tests to complete. 7514Repeat this test the next time the client connects. 7515This option is useful for testing and collecting statistics 7516without blocking mail. </dd> 7517 7518<dt> <b>enforce</b> </dt> 7519 7520<dd> Allow other tests to complete. Reject attempts to deliver mail 7521with a 550 SMTP reply, and log the helo/sender/recipient information. 7522Repeat this test the next time the client connects. </dd> 7523 7524<dt> <b>drop</b> </dt> 7525 7526<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7527this test the next time the client connects. </dd> 7528 7529</dl> 7530 7531<p> In either case, <a href="postscreen.8.html">postscreen(8)</a> will not whitelist the remote SMTP client 7532IP address. </p> 7533 7534<p> This feature is available in Postfix 2.8. </p> 7535 7536 7537</DD> 7538 7539<DT><b><a name="postscreen_greet_banner">postscreen_greet_banner</a> 7540(default: $<a href="postconf.5.html#smtpd_banner">smtpd_banner</a>)</b></DT><DD> 7541 7542<p> The <i>text</i> in the optional "220-<i>text</i>..." server 7543response that 7544<a href="postscreen.8.html">postscreen(8)</a> sends ahead of the real Postfix SMTP server's "220 7545text..." response, in an attempt to confuse bad SMTP clients so 7546that they speak before their turn (pre-greet). Specify an empty 7547value to disable this feature. </p> 7548 7549<p> This feature is available in Postfix 2.8. </p> 7550 7551 7552</DD> 7553 7554<DT><b><a name="postscreen_greet_ttl">postscreen_greet_ttl</a> 7555(default: 1d)</b></DT><DD> 7556 7557<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from 7558a successful PREGREET test. During this time, the client IP address 7559is excluded from this test. The default is relatively short, because 7560a good client can immediately talk to a real Postfix SMTP server. </p> 7561 7562<p> Specify a non-zero time value (an integral value plus an optional 7563one-letter suffix that specifies the time unit). Time units: s 7564(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7565 7566<p> This feature is available in Postfix 2.8. </p> 7567 7568 7569</DD> 7570 7571<DT><b><a name="postscreen_greet_wait">postscreen_greet_wait</a> 7572(default: ${stress?2}${stress:6}s)</b></DT><DD> 7573 7574<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will wait for an SMTP 7575client to send a command before its turn, and for DNS blocklist 7576lookup results to arrive (default: up to 2 seconds under stress, 7577up to 6 seconds otherwise). <p> 7578 7579<p> Specify a non-zero time value (an integral value plus an optional 7580one-letter suffix that specifies the time unit). </p> 7581 7582<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 7583(weeks). </p> 7584 7585<p> This feature is available in Postfix 2.8. </p> 7586 7587 7588</DD> 7589 7590<DT><b><a name="postscreen_helo_required">postscreen_helo_required</a> 7591(default: $<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a>)</b></DT><DD> 7592 7593<p> Require that a remote SMTP client sends HELO or EHLO before 7594commencing a MAIL transaction. </p> 7595 7596<p> This feature is available in Postfix 2.8. </p> 7597 7598 7599</DD> 7600 7601<DT><b><a name="postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> 7602(default: drop)</b></DT><DD> 7603 7604<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client sends 7605non-SMTP commands as specified with the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> 7606parameter. Specify one of the following: </p> 7607 7608<dl> 7609 7610<dt> <b>ignore</b> </dt> 7611 7612<dd> Ignore the failure of this test. Allow other tests to complete. 7613Do <i>not</i> repeat this test before some the result from some 7614other test expires. 7615This option is useful for testing and collecting statistics 7616without blocking mail permanently. </dd> 7617 7618<dt> <b>enforce</b> </dt> 7619 7620<dd> Allow other tests to complete. Reject attempts to deliver mail 7621with a 550 SMTP reply, and log the helo/sender/recipient information. 7622Repeat this test the next time the client connects. </dd> 7623 7624<dt> <b>drop</b> </dt> 7625 7626<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7627this test the next time the client connects. This action is the 7628same as with the Postfix SMTP server's <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> 7629feature. </dd> 7630 7631</dl> 7632 7633<p> This feature is available in Postfix 2.8. </p> 7634 7635 7636</DD> 7637 7638<DT><b><a name="postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> 7639(default: no)</b></DT><DD> 7640 7641<p> Enable "non-SMTP command" tests in the <a href="postscreen.8.html">postscreen(8)</a> server. These 7642tests are expensive: a client must disconnect after it passes the 7643test, before it can talk to a real Postfix SMTP server. </p> 7644 7645<p> This feature is available in Postfix 2.8. </p> 7646 7647 7648</DD> 7649 7650<DT><b><a name="postscreen_non_smtp_command_ttl">postscreen_non_smtp_command_ttl</a> 7651(default: 30d)</b></DT><DD> 7652 7653<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from 7654a successful "non_smtp_command" SMTP protocol test. During this 7655time, the client IP address is excluded from this test. The default 7656is long because a client must disconnect after it passes the test, 7657before it can talk to a real Postfix SMTP server. </p> 7658 7659<p> Specify a non-zero time value (an integral value plus an optional 7660one-letter suffix that specifies the time unit). Time units: s 7661(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7662 7663<p> This feature is available in Postfix 2.8. </p> 7664 7665 7666</DD> 7667 7668<DT><b><a name="postscreen_pipelining_action">postscreen_pipelining_action</a> 7669(default: enforce)</b></DT><DD> 7670 7671<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client 7672sends 7673multiple commands instead of sending one command and waiting for 7674the server to respond. Specify one of the following: </p> 7675 7676<dl> 7677 7678<dt> <b>ignore</b> </dt> 7679 7680<dd> Ignore the failure of this test. Allow other tests to complete. 7681Do <i>not</i> repeat this test before some the result from some 7682other test expires. 7683This option is useful for testing and collecting statistics 7684without blocking mail permanently. </dd> 7685 7686<dt> <b>enforce</b> </dt> 7687 7688<dd> Allow other tests to complete. Reject attempts to deliver mail 7689with a 550 SMTP reply, and log the helo/sender/recipient information. 7690Repeat this test the next time the client connects. </dd> 7691 7692<dt> <b>drop</b> </dt> 7693 7694<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7695this test the next time the client connects. </dd> 7696 7697</dl> 7698 7699<p> This feature is available in Postfix 2.8. </p> 7700 7701 7702</DD> 7703 7704<DT><b><a name="postscreen_pipelining_enable">postscreen_pipelining_enable</a> 7705(default: no)</b></DT><DD> 7706 7707<p> Enable "pipelining" SMTP protocol tests in the <a href="postscreen.8.html">postscreen(8)</a> 7708server. These tests are expensive: a good client must disconnect 7709after it passes the test, before it can talk to a real Postfix SMTP 7710server. </p> 7711 7712<p> This feature is available in Postfix 2.8. </p> 7713 7714 7715</DD> 7716 7717<DT><b><a name="postscreen_pipelining_ttl">postscreen_pipelining_ttl</a> 7718(default: 30d)</b></DT><DD> 7719 7720<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from 7721a successful "pipelining" SMTP protocol test. During this time, the 7722client IP address is excluded from this test. The default is 7723long because a good client must disconnect after it passes the test, 7724before it can talk to a real Postfix SMTP server. </p> 7725 7726<p> Specify a non-zero time value (an integral value plus an optional 7727one-letter suffix that specifies the time unit). Time units: s 7728(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7729 7730<p> This feature is available in Postfix 2.8. </p> 7731 7732 7733</DD> 7734 7735<DT><b><a name="postscreen_post_queue_limit">postscreen_post_queue_limit</a> 7736(default: $<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b></DT><DD> 7737 7738<p> The number of clients that can be waiting for service from a 7739real Postfix SMTP server process. When this queue is full, all 7740clients will 7741receive a 421 response. </p> 7742 7743<p> This feature is available in Postfix 2.8. </p> 7744 7745 7746</DD> 7747 7748<DT><b><a name="postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> 7749(default: $<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b></DT><DD> 7750 7751<p> The number of non-whitelisted clients that can be waiting for 7752a decision whether they will receive service from a real Postfix 7753SMTP server 7754process. When this queue is full, all non-whitelisted clients will 7755receive a 421 response. </p> 7756 7757<p> This feature is available in Postfix 2.8. </p> 7758 7759 7760</DD> 7761 7762<DT><b><a name="postscreen_reject_footer">postscreen_reject_footer</a> 7763(default: $<a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a>)</b></DT><DD> 7764 7765<p> Optional information that is appended after a 4XX or 5XX 7766<a href="postscreen.8.html">postscreen(8)</a> server 7767response. See <a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> for further details. </p> 7768 7769<p> This feature is available in Postfix 2.8 and later. </p> 7770 7771 7772</DD> 7773 7774<DT><b><a name="postscreen_tls_security_level">postscreen_tls_security_level</a> 7775(default: $<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b></DT><DD> 7776 7777<p> The SMTP TLS security level for the <a href="postscreen.8.html">postscreen(8)</a> server; when 7778a non-empty value is specified, this overrides the obsolete parameters 7779<a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>. See <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> 7780for details. </p> 7781 7782<p> This feature is available in Postfix 2.8 and later. </p> 7783 7784 7785</DD> 7786 7787<DT><b><a name="postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> 7788(default: empty)</b></DT><DD> 7789 7790<p> The name of the proxy protocol used by an optional before-postscreen 7791proxy agent. When a proxy agent is used, this protocol conveys local 7792and remote address and port information. Specify 7793"<a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> = haproxy" to enable the haproxy 7794protocol. <p> 7795 7796<p> This feature is available in Postfix 2.10 and later. </p> 7797 7798 7799</DD> 7800 7801<DT><b><a name="postscreen_upstream_proxy_timeout">postscreen_upstream_proxy_timeout</a> 7802(default: 5s)</b></DT><DD> 7803 7804<p> The time limit for the proxy protocol specified with the 7805<a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> parameter. </p> 7806 7807<p> This feature is available in Postfix 2.10 and later. </p> 7808 7809 7810</DD> 7811 7812<DT><b><a name="postscreen_use_tls">postscreen_use_tls</a> 7813(default: $<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b></DT><DD> 7814 7815<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients, 7816but do not require that clients use TLS encryption. </p> 7817 7818<p> This feature is available in Postfix 2.8 and later. 7819Preferably, use <a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> instead. </p> 7820 7821 7822</DD> 7823 7824<DT><b><a name="postscreen_watchdog_timeout">postscreen_watchdog_timeout</a> 7825(default: 10s)</b></DT><DD> 7826 7827<p> How much time a <a href="postscreen.8.html">postscreen(8)</a> process may take to respond to 7828a remote SMTP client command or to perform a cache operation before it 7829is terminated by a built-in watchdog timer. This is a safety 7830mechanism that prevents <a href="postscreen.8.html">postscreen(8)</a> from becoming non-responsive 7831due to a bug in Postfix itself or in system software. To avoid 7832false alarms and unnecessary cache corruption this limit cannot be 7833set under 10s. </p> 7834 7835<p> Specify a non-zero time value (an integral value plus an optional 7836one-letter suffix that specifies the time unit). Time units: s 7837(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7838 7839<p> This feature is available in Postfix 2.8. </p> 7840 7841 7842</DD> 7843 7844<DT><b><a name="postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> 7845(default: <a href="DATABASE_README.html#types">static</a>:all)</b></DT><DD> 7846 7847<p> A list of local <a href="postscreen.8.html">postscreen(8)</a> server IP addresses where a 7848non-whitelisted remote SMTP client can obtain <a href="postscreen.8.html">postscreen(8)</a>'s temporary 7849whitelist status. This status is required before the client can 7850talk to a Postfix SMTP server process. By default, a client can 7851obtain <a href="postscreen.8.html">postscreen(8)</a>'s whitelist status on any local <a href="postscreen.8.html">postscreen(8)</a> 7852server IP address. </p> 7853 7854<p> When <a href="postscreen.8.html">postscreen(8)</a> listens on both primary and backup MX 7855addresses, the <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> parameter can be 7856configured to give the temporary whitelist status only when a client 7857connects to a primary MX address. Once a client is whitelisted it 7858can talk to a Postfix SMTP server on any address. Thus, clients 7859that connect only to backup MX addresses will never become whitelisted, 7860and will never be allowed to talk to a Postfix SMTP server process. 7861</p> 7862 7863<p> Specify a list of network addresses or network/netmask patterns, 7864separated by commas and/or whitespace. The netmask specifies the 7865number of bits in the network part of a host address. Continue long 7866lines by starting the next line with whitespace. </p> 7867 7868<p> You can also specify "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A 7869"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" 7870lookup table is matched when a table entry matches a lookup string 7871(the lookup result is ignored). </p> 7872 7873<p> The list is matched left to right, and the search stops on the 7874first match. Specify "!pattern" to exclude an address or network 7875block from the list. </p> 7876 7877<p> Note: IP version 6 address information must be specified inside 7878[] in the <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> value, and in files 7879specified with "/file/name". IP version 6 addresses contain the 7880":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 7881pattern. </p> 7882 7883<p> Example: </p> 7884 7885<pre> 7886/etc/postfix/<a href="postconf.5.html">main.cf</a>: 7887 # Don't whitelist connections to the backup IP address. 7888 <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> = !168.100.189.8, <a href="DATABASE_README.html#types">static</a>:all 7889</pre> 7890 7891<p> This feature is available in Postfix 2.9 and later. </p> 7892 7893 7894</DD> 7895 7896<DT><b><a name="prepend_delivered_header">prepend_delivered_header</a> 7897(default: command, file, forward)</b></DT><DD> 7898 7899<p> The message delivery contexts where the Postfix <a href="local.8.html">local(8)</a> delivery 7900agent prepends a Delivered-To: message header with the address 7901that the mail was delivered to. This information is used for mail 7902delivery loop detection. </p> 7903 7904<p> 7905By default, the Postfix local delivery agent prepends a Delivered-To: 7906header when forwarding mail and when delivering to file (mailbox) 7907and command. Turning off the Delivered-To: header when forwarding 7908mail is not recommended. 7909</p> 7910 7911<p> 7912Specify zero or more of <b>forward</b>, <b>file</b>, or <b>command</b>. 7913</p> 7914 7915<p> 7916Example: 7917</p> 7918 7919<pre> 7920<a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a> = forward 7921</pre> 7922 7923 7924</DD> 7925 7926<DT><b><a name="process_id">process_id</a> 7927(read-only)</b></DT><DD> 7928 7929<p> 7930The process ID of a Postfix command or daemon process. 7931</p> 7932 7933 7934</DD> 7935 7936<DT><b><a name="process_id_directory">process_id_directory</a> 7937(default: pid)</b></DT><DD> 7938 7939<p> 7940The location of Postfix PID files relative to $<a href="postconf.5.html#queue_directory">queue_directory</a>. 7941This is a read-only parameter. 7942</p> 7943 7944 7945</DD> 7946 7947<DT><b><a name="process_name">process_name</a> 7948(read-only)</b></DT><DD> 7949 7950<p> 7951The process name of a Postfix command or daemon process. 7952</p> 7953 7954 7955</DD> 7956 7957<DT><b><a name="propagate_unmatched_extensions">propagate_unmatched_extensions</a> 7958(default: canonical, virtual)</b></DT><DD> 7959 7960<p> 7961What address lookup tables copy an address extension from the lookup 7962key to the lookup result. 7963</p> 7964 7965<p> 7966For example, with a <a href="virtual.5.html">virtual(5)</a> mapping of "<i>joe@example.com => 7967joe.user@example.net</i>", the address "<i>joe+foo@example.com</i>" 7968would rewrite to "<i>joe.user+foo@example.net</i>". 7969</p> 7970 7971<p> 7972Specify zero or more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, 7973<b>forward</b>, <b>include</b> or <b>generic</b>. These cause 7974address extension 7975propagation with <a href="canonical.5.html">canonical(5)</a>, <a href="virtual.5.html">virtual(5)</a>, and <a href="aliases.5.html">aliases(5)</a> maps, 7976with <a href="local.8.html">local(8)</a> .forward and :include: file lookups, and with <a href="smtp.8.html">smtp(8)</a> 7977generic maps, respectively. </p> 7978 7979<p> 7980Note: enabling this feature for types other than <b>canonical</b> 7981and <b>virtual</b> is likely to cause problems when mail is forwarded 7982to other sites, especially with mail that is sent to a mailing list 7983exploder address. 7984</p> 7985 7986<p> 7987Examples: 7988</p> 7989 7990<pre> 7991<a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> = canonical, virtual, alias, 7992 forward, include 7993<a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> = canonical, virtual 7994</pre> 7995 7996 7997</DD> 7998 7999<DT><b><a name="proxy_interfaces">proxy_interfaces</a> 8000(default: empty)</b></DT><DD> 8001 8002<p> 8003The network interface addresses that this mail system receives mail 8004on by way of a proxy or network address translation unit. 8005</p> 8006 8007<p> 8008This feature is available in Postfix 2.0 and later. 8009</p> 8010 8011<p> You must specify your "outside" proxy/NAT addresses when your 8012system is a backup MX host for other domains, otherwise mail delivery 8013loops will happen when the primary MX host is down. </p> 8014 8015<p> 8016Example: 8017</p> 8018 8019<pre> 8020<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4 8021</pre> 8022 8023 8024</DD> 8025 8026<DT><b><a name="proxy_read_maps">proxy_read_maps</a> 8027(default: see "postconf -d" output)</b></DT><DD> 8028 8029<p> 8030The lookup tables that the <a href="proxymap.8.html">proxymap(8)</a> server is allowed to 8031access for the read-only service. 8032Table references that don't begin with <a href="proxymap.8.html">proxy</a>: are ignored. 8033</p> 8034 8035<p> 8036This feature is available in Postfix 2.0 and later. 8037</p> 8038 8039 8040</DD> 8041 8042<DT><b><a name="proxy_write_maps">proxy_write_maps</a> 8043(default: see "postconf -d" output)</b></DT><DD> 8044 8045<p> The lookup tables that the <a href="proxymap.8.html">proxymap(8)</a> server is allowed to 8046access for the read-write service. Postfix-owned local database 8047files should be stored under the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>. 8048Table references that don't begin with <a href="proxymap.8.html">proxy</a>: are ignored. </p> 8049 8050<p> 8051This feature is available in Postfix 2.5 and later. 8052</p> 8053 8054 8055</DD> 8056 8057<DT><b><a name="proxymap_service_name">proxymap_service_name</a> 8058(default: proxymap)</b></DT><DD> 8059 8060<p> The name of the proxymap read-only table lookup service. This 8061service is normally implemented by the <a href="proxymap.8.html">proxymap(8)</a> daemon. </p> 8062 8063<p> This feature is available in Postfix 2.6 and later. </p> 8064 8065 8066</DD> 8067 8068<DT><b><a name="proxywrite_service_name">proxywrite_service_name</a> 8069(default: proxywrite)</b></DT><DD> 8070 8071<p> The name of the proxywrite read-write table lookup service. 8072This service is normally implemented by the <a href="proxymap.8.html">proxymap(8)</a> daemon. 8073</p> 8074 8075<p> This feature is available in Postfix 2.6 and later. </p> 8076 8077 8078</DD> 8079 8080<DT><b><a name="qmgr_clog_warn_time">qmgr_clog_warn_time</a> 8081(default: 300s)</b></DT><DD> 8082 8083<p> 8084The minimal delay between warnings that a specific destination is 8085clogging up the Postfix <a href="QSHAPE_README.html#active_queue">active queue</a>. Specify 0 to disable. 8086</p> 8087 8088<p> 8089This feature is enabled with the <a href="postconf.5.html#helpful_warnings">helpful_warnings</a> parameter. 8090</p> 8091 8092<p> 8093This feature is available in Postfix 2.0 and later. 8094</p> 8095 8096 8097</DD> 8098 8099<DT><b><a name="qmgr_daemon_timeout">qmgr_daemon_timeout</a> 8100(default: 1000s)</b></DT><DD> 8101 8102<p> How much time a Postfix queue manager process may take to handle 8103a request before it is terminated by a built-in watchdog timer. 8104</p> 8105 8106<p> 8107Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 8108The default time unit is s (seconds). 8109</p> 8110 8111<p> This feature is available in Postfix 2.8 and later. </p> 8112 8113 8114</DD> 8115 8116<DT><b><a name="qmgr_fudge_factor">qmgr_fudge_factor</a> 8117(default: 100)</b></DT><DD> 8118 8119<p> 8120Obsolete feature: the percentage of delivery resources that a busy 8121mail system will use up for delivery of a large mailing list 8122message. 8123</p> 8124 8125<p> 8126This feature exists only in the <a href="qmgr.8.html">oqmgr(8)</a> old queue manager. The 8127current queue manager solves the problem in a better way. 8128</p> 8129 8130 8131</DD> 8132 8133<DT><b><a name="qmgr_ipc_timeout">qmgr_ipc_timeout</a> 8134(default: 60s)</b></DT><DD> 8135 8136<p> The time limit for the queue manager to send or receive information 8137over an internal communication channel. The purpose is to break 8138out of deadlock situations. If the time limit is exceeded the 8139software either retries or aborts the operation. </p> 8140 8141<p> 8142Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 8143The default time unit is s (seconds). 8144</p> 8145 8146<p> This feature is available in Postfix 2.8 and later. </p> 8147 8148 8149</DD> 8150 8151<DT><b><a name="qmgr_message_active_limit">qmgr_message_active_limit</a> 8152(default: 20000)</b></DT><DD> 8153 8154<p> 8155The maximal number of messages in the <a href="QSHAPE_README.html#active_queue">active queue</a>. 8156</p> 8157 8158 8159</DD> 8160 8161<DT><b><a name="qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> 8162(default: 20000)</b></DT><DD> 8163 8164<p> The maximal number of recipients held in memory by the Postfix 8165queue manager, and the maximal size of the short-term, 8166in-memory "dead" destination status cache. </p> 8167 8168 8169</DD> 8170 8171<DT><b><a name="qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> 8172(default: 10)</b></DT><DD> 8173 8174<p> 8175The minimal number of in-memory recipients for any message. This 8176takes priority over any other in-memory recipient limits (i.e., 8177the global <a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> and the per transport 8178_recipient_limit) if necessary. The minimum value allowed for this 8179parameter is 1. 8180</p> 8181 8182 8183</DD> 8184 8185<DT><b><a name="qmqpd_authorized_clients">qmqpd_authorized_clients</a> 8186(default: empty)</b></DT><DD> 8187 8188<p> 8189What remote QMQP clients are allowed to connect to the Postfix QMQP 8190server port. 8191</p> 8192 8193<p> 8194By default, no client is allowed to use the service. This is 8195because the QMQP server will relay mail to any destination. 8196</p> 8197 8198<p> 8199Specify a list of client patterns. A list pattern specifies a host 8200name, a domain name, an internet address, or a network/mask pattern, 8201where the mask specifies the number of bits in the network part. 8202When a pattern specifies a file name, its contents are substituted 8203for the file name; when a pattern is a "<a href="DATABASE_README.html">type:table</a>" table specification, 8204table lookup is used instead. </p> 8205 8206<p> 8207Patterns are separated by whitespace and/or commas. In order to 8208reverse the result, precede a pattern with an 8209exclamation point (!). The form "!/file/name" is supported only 8210in Postfix version 2.4 and later. 8211</p> 8212 8213<p> 8214Example: 8215</p> 8216 8217<pre> 8218<a href="postconf.5.html#qmqpd_authorized_clients">qmqpd_authorized_clients</a> = !192.168.0.1, 192.168.0.0/24 8219</pre> 8220 8221 8222</DD> 8223 8224<DT><b><a name="qmqpd_client_port_logging">qmqpd_client_port_logging</a> 8225(default: no)</b></DT><DD> 8226 8227<p> Enable logging of the remote QMQP client port in addition to 8228the hostname and IP address. The logging format is "host[address]:port". 8229</p> 8230 8231<p> This feature is available in Postfix 2.5 and later. </p> 8232 8233 8234</DD> 8235 8236<DT><b><a name="qmqpd_error_delay">qmqpd_error_delay</a> 8237(default: 1s)</b></DT><DD> 8238 8239<p> 8240How long the Postfix QMQP server will pause before sending a negative 8241reply to the remote QMQP client. The purpose is to slow down confused 8242or malicious clients. 8243</p> 8244 8245<p> 8246Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 8247The default time unit is s (seconds). 8248</p> 8249 8250 8251</DD> 8252 8253<DT><b><a name="qmqpd_timeout">qmqpd_timeout</a> 8254(default: 300s)</b></DT><DD> 8255 8256<p> 8257The time limit for sending or receiving information over the network. 8258If a read or write operation blocks for more than $<a href="postconf.5.html#qmqpd_timeout">qmqpd_timeout</a> 8259seconds the Postfix QMQP server gives up and disconnects. 8260</p> 8261 8262<p> 8263Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 8264The default time unit is s (seconds). 8265</p> 8266 8267 8268</DD> 8269 8270<DT><b><a name="queue_directory">queue_directory</a> 8271(default: see "postconf -d" output)</b></DT><DD> 8272 8273<p> 8274The location of the Postfix top-level queue directory. This is the 8275root directory of Postfix daemon processes that run chrooted. 8276</p> 8277 8278 8279</DD> 8280 8281<DT><b><a name="queue_file_attribute_count_limit">queue_file_attribute_count_limit</a> 8282(default: 100)</b></DT><DD> 8283 8284<p> 8285The maximal number of (name=value) attributes that may be stored 8286in a Postfix queue file. The limit is enforced by the <a href="cleanup.8.html">cleanup(8)</a> 8287server. 8288</p> 8289 8290<p> 8291This feature is available in Postfix 2.0 and later. 8292</p> 8293 8294 8295</DD> 8296 8297<DT><b><a name="queue_minfree">queue_minfree</a> 8298(default: 0)</b></DT><DD> 8299 8300<p> 8301The minimal amount of free space in bytes in the queue file system 8302that is needed to receive mail. This is currently used by the 8303Postfix SMTP server to decide if it will accept any mail at all. 8304</p> 8305 8306<p> 8307By default, the Postfix SMTP server rejects MAIL FROM commands when 8308the amount of free space is less than 1.5*$<a href="postconf.5.html#message_size_limit">message_size_limit</a> 8309(Postfix version 2.1 and later). 8310To specify a higher minimum free space limit, specify a <a href="postconf.5.html#queue_minfree">queue_minfree</a> 8311value that is at least 1.5*$<a href="postconf.5.html#message_size_limit">message_size_limit</a>. 8312</p> 8313 8314<p> 8315With Postfix versions 2.0 and earlier, a <a href="postconf.5.html#queue_minfree">queue_minfree</a> value of 8316zero means there is no minimum required amount of free space. 8317</p> 8318 8319 8320</DD> 8321 8322<DT><b><a name="queue_run_delay">queue_run_delay</a> 8323(default: 300s)</b></DT><DD> 8324 8325<p> 8326The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager; 8327prior to Postfix 2.4 the default value was 1000s. 8328</p> 8329 8330<p> This parameter should be set less than or equal to 8331$<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a>. See also $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>. </p> 8332 8333<p> 8334Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 8335The default time unit is s (seconds). 8336</p> 8337 8338 8339</DD> 8340 8341<DT><b><a name="queue_service_name">queue_service_name</a> 8342(default: qmgr)</b></DT><DD> 8343 8344<p> 8345The name of the <a href="qmgr.8.html">qmgr(8)</a> service. This service manages the Postfix 8346queue and schedules delivery requests. 8347</p> 8348 8349<p> 8350This feature is available in Postfix 2.0 and later. 8351</p> 8352 8353 8354</DD> 8355 8356<DT><b><a name="rbl_reply_maps">rbl_reply_maps</a> 8357(default: empty)</b></DT><DD> 8358 8359<p> 8360Optional lookup tables with RBL response templates. The tables are 8361indexed by the RBL domain name. By default, Postfix uses the default 8362template as specified with the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> configuration 8363parameter. See there for a discussion of the syntax of RBL reply 8364templates. 8365</p> 8366 8367<p> 8368This feature is available in Postfix 2.0 and later. 8369</p> 8370 8371 8372</DD> 8373 8374<DT><b><a name="readme_directory">readme_directory</a> 8375(default: see "postconf -d" output)</b></DT><DD> 8376 8377<p> 8378The location of Postfix README files that describe how to build, 8379configure or operate a specific Postfix subsystem or feature. 8380</p> 8381 8382 8383</DD> 8384 8385<DT><b><a name="receive_override_options">receive_override_options</a> 8386(default: empty)</b></DT><DD> 8387 8388<p> Enable or disable recipient validation, built-in content 8389filtering, or address mapping. Typically, these are specified in 8390<a href="master.5.html">master.cf</a> as command-line arguments for the <a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a> or 8391<a href="pickup.8.html">pickup(8)</a> daemons. </p> 8392 8393<p> Specify zero or more of the following options. The options 8394override <a href="postconf.5.html">main.cf</a> settings and are either implemented by <a href="smtpd.8.html">smtpd(8)</a>, 8395<a href="qmqpd.8.html">qmqpd(8)</a>, or <a href="pickup.8.html">pickup(8)</a> themselves, or they are forwarded to the 8396cleanup server. </p> 8397 8398<dl> 8399 8400<dt><b><a name="no_unknown_recipient_checks">no_unknown_recipient_checks</a></b></dt> 8401 8402<dd>Do not try to reject unknown recipients (SMTP server only). 8403This is typically specified AFTER an external content filter. 8404</dd> 8405 8406<dt><b><a name="no_address_mappings">no_address_mappings</a></b></dt> 8407 8408<dd>Disable canonical address mapping, virtual alias map expansion, 8409address masquerading, and automatic BCC (blind carbon-copy) 8410recipients. This is typically specified BEFORE an external content 8411filter. </dd> 8412 8413<dt><b><a name="no_header_body_checks">no_header_body_checks</a></b></dt> 8414 8415<dd>Disable header/body_checks. This is typically specified AFTER 8416an external content filter. </dd> 8417 8418<dt><b><a name="no_milters">no_milters</a></b></dt> 8419 8420<dd>Disable Milter (mail filter) applications. This is typically 8421specified AFTER an external content filter. </dd> 8422 8423</dl> 8424 8425<p> 8426Note: when the "BEFORE content filter" <a href="postconf.5.html#receive_override_options">receive_override_options</a> 8427setting is specified in the <a href="postconf.5.html">main.cf</a> file, specify the "AFTER content 8428filter" <a href="postconf.5.html#receive_override_options">receive_override_options</a> setting in <a href="master.5.html">master.cf</a> (and vice 8429versa). 8430</p> 8431 8432<p> 8433Examples: 8434</p> 8435 8436<pre> 8437<a href="postconf.5.html#receive_override_options">receive_override_options</a> = 8438 <a href="postconf.5.html#no_unknown_recipient_checks">no_unknown_recipient_checks</a>, <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a> 8439<a href="postconf.5.html#receive_override_options">receive_override_options</a> = <a href="postconf.5.html#no_address_mappings">no_address_mappings</a> 8440</pre> 8441 8442<p> 8443This feature is available in Postfix 2.1 and later. 8444</p> 8445 8446 8447</DD> 8448 8449<DT><b><a name="recipient_bcc_maps">recipient_bcc_maps</a> 8450(default: empty)</b></DT><DD> 8451 8452<p> 8453Optional BCC (blind carbon-copy) address lookup tables, indexed by 8454recipient address. The BCC address (multiple results are not 8455supported) is added when mail enters from outside of Postfix. 8456</p> 8457 8458<p> 8459This feature is available in Postfix 2.1 and later. 8460</p> 8461 8462<p> 8463The table search order is as follows: 8464</p> 8465 8466<ul> 8467 8468<li> Look up the "user+extension@domain.tld" address including the 8469optional address extension. 8470 8471<li> Look up the "user@domain.tld" address without the optional 8472address extension. 8473 8474<li> Look up the "user+extension" address local part when the 8475recipient domain equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 8476or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 8477 8478<li> Look up the "user" address local part when the recipient domain 8479equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 8480 8481<li> Look up the "@domain.tld" part. 8482 8483</ul> 8484 8485<p> 8486Specify the types and names of databases to use. After change, 8487run "<b>postmap /etc/postfix/recipient_bcc</b>". 8488</p> 8489 8490<p> 8491Note: with Postfix 2.3 and later the BCC address is added as if it 8492was specified with NOTIFY=NONE. The sender will not be notified 8493when the BCC address is undeliverable, as long as all down-stream 8494software implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>. 8495</p> 8496 8497<p> 8498Note: with Postfix 2.2 and earlier the sender will be notified 8499when the BCC address is undeliverable. 8500</p> 8501 8502<p> Note: automatic BCC recipients are produced only for new mail. 8503To avoid mailer loops, automatic BCC recipients are not generated 8504after Postfix forwards mail internally, or after Postfix generates 8505mail itself. </p> 8506 8507<p> 8508Example: 8509</p> 8510 8511<pre> 8512<a href="postconf.5.html#recipient_bcc_maps">recipient_bcc_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/recipient_bcc 8513</pre> 8514 8515 8516</DD> 8517 8518<DT><b><a name="recipient_canonical_classes">recipient_canonical_classes</a> 8519(default: envelope_recipient, header_recipient)</b></DT><DD> 8520 8521<p> What addresses are subject to <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> address 8522mapping. By default, <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> address mapping is 8523applied to envelope recipient addresses, and to header recipient 8524addresses. </p> 8525 8526<p> Specify one or more of: envelope_recipient, header_recipient 8527</p> 8528 8529<p> This feature is available in Postfix 2.2 and later. </p> 8530 8531 8532</DD> 8533 8534<DT><b><a name="recipient_canonical_maps">recipient_canonical_maps</a> 8535(default: empty)</b></DT><DD> 8536 8537<p> 8538Optional address mapping lookup tables for envelope and header 8539recipient addresses. 8540The table format and lookups are documented in <a href="canonical.5.html">canonical(5)</a>. 8541</p> 8542 8543<p> 8544Note: $<a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> is processed before $<a href="postconf.5.html#canonical_maps">canonical_maps</a>. 8545</p> 8546 8547<p> 8548Example: 8549</p> 8550 8551<pre> 8552<a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/recipient_canonical 8553</pre> 8554 8555 8556</DD> 8557 8558<DT><b><a name="recipient_delimiter">recipient_delimiter</a> 8559(default: empty)</b></DT><DD> 8560 8561<p> The set of characters that can separate a user name from its 8562extension (example: user+foo), or a .forward file name from its 8563extension (example: .forward+foo). Basically, the software tries 8564user+foo and .forward+foo before trying user and .forward. This 8565implementation recognizes one delimiter character and one extension 8566per email address or .forward file name. </p> 8567 8568<p> When the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> set contains multiple characters 8569(Postfix 2.11 and later), a user name or .forward file name is 8570separated from its extension by the first character that matches 8571the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> set. </p> 8572 8573<p> See <a href="canonical.5.html">canonical(5)</a>, <a href="local.8.html">local(8)</a>, <a href="relocated.5.html">relocated(5)</a> and <a href="virtual.5.html">virtual(5)</a> for the 8574effects of <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> on lookups in aliases, canonical, 8575virtual, and relocated maps, and see the <a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> 8576parameter for propagating an extension from one email address to 8577another. </p> 8578 8579<p> When used in <a href="postconf.5.html#command_execution_directory">command_execution_directory</a>, <a href="postconf.5.html#forward_path">forward_path</a>, or 8580<a href="postconf.5.html#luser_relay">luser_relay</a>, ${<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>} is replaced with the actual 8581recipient delimiter that was found in the recipient email address 8582(Postfix 2.11 and later), or it is replaced with the <a href="postconf.5.html">main.cf</a> 8583<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> parameter value (Postfix 2.10 and earlier). 8584</p> 8585 8586<p> The <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is not applied to the mailer-daemon 8587address, the postmaster address, or the double-bounce address. With 8588the default "<a href="postconf.5.html#owner_request_special">owner_request_special</a> = yes" setting, the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> 8589is also not applied to addresses with the special "owner-" prefix 8590or the special "-request" suffix. </p> 8591 8592<p> 8593Examples: 8594</p> 8595 8596<pre> 8597# Handle Postfix-style extensions. 8598<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = + 8599</pre> 8600 8601<pre> 8602# Handle both Postfix and qmail extensions (Postfix 2.11 and later). 8603<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +- 8604</pre> 8605 8606<pre> 8607# Use .forward for mail without address extension, and for mail with 8608# an unrecognized address extension. 8609<a href="postconf.5.html#forward_path">forward_path</a> = $home/.forward${<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>}${extension}, 8610 $home/.forward 8611</pre> 8612 8613 8614</DD> 8615 8616<DT><b><a name="reject_code">reject_code</a> 8617(default: 554)</b></DT><DD> 8618 8619<p> 8620The numerical Postfix SMTP server response code when a remote SMTP 8621client request is rejected by the "reject" restriction. 8622</p> 8623 8624<p> 8625Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 8626</p> 8627 8628 8629</DD> 8630 8631<DT><b><a name="reject_tempfail_action">reject_tempfail_action</a> 8632(default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>)</b></DT><DD> 8633 8634<p> The Postfix SMTP server's action when a reject-type restriction 8635fails due to a temporary error condition. Specify "defer" to defer 8636the remote SMTP client request immediately. With the default 8637"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look 8638for opportunities to reject mail, and defers the client request 8639only if it would otherwise be accepted. </p> 8640 8641<p> For finer control, see: <a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a>, 8642<a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a>, <a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a>, 8643and <a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a>. </p> 8644 8645<p> This feature is available in Postfix 2.6 and later. </p> 8646 8647 8648</DD> 8649 8650<DT><b><a name="relay_clientcerts">relay_clientcerts</a> 8651(default: empty)</b></DT><DD> 8652 8653<p> List of tables with remote SMTP client-certificate fingerprints or 8654public key fingerprints (Postfix 2.9 and later) for which the Postfix 8655SMTP server will allow access with the <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> 8656feature. The fingerprint digest algorithm is configurable via the 8657<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to 8658Postfix version 2.5). </p> 8659 8660<p> Postfix lookup tables are in the form of (key, value) pairs. 8661Since we only need the key, the value can be chosen freely, e.g. 8662the name of the user or host: 8663D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home </p> 8664 8665<p> Example: </p> 8666 8667<pre> 8668<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relay_clientcerts 8669</pre> 8670 8671<p>For more fine-grained control, use <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> to select 8672an appropriate <a href="access.5.html">access(5)</a> policy for each client. 8673See <a href="RESTRICTION_CLASS_README.html">RESTRICTION_CLASS_README</a>.</p> 8674 8675<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key 8676fingerprint incorrectly. To use public-key fingerprints, upgrade 8677to Postfix 2.9.6 or later. </p> 8678 8679<p>This feature is available with Postfix version 2.2.</p> 8680 8681 8682</DD> 8683 8684<DT><b><a name="relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> 8685(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 8686 8687<p> The maximal number of parallel deliveries to the same destination 8688via the relay message delivery transport. This limit is enforced 8689by the queue manager. The message delivery transport name is the 8690first field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 8691 8692<p> This feature is available in Postfix 2.0 and later. </p> 8693 8694 8695</DD> 8696 8697<DT><b><a name="relay_destination_recipient_limit">relay_destination_recipient_limit</a> 8698(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 8699 8700<p> The maximal number of recipients per message for the relay 8701message delivery transport. This limit is enforced by the queue 8702manager. The message delivery transport name is the first field in 8703the entry in the <a href="master.5.html">master.cf</a> file. </p> 8704 8705<p> Setting this parameter to a value of 1 changes the meaning of 8706<a href="postconf.5.html#relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> from concurrency per domain 8707into concurrency per recipient. </p> 8708 8709<p> This feature is available in Postfix 2.0 and later. </p> 8710 8711 8712</DD> 8713 8714<DT><b><a name="relay_domains">relay_domains</a> 8715(default: $<a href="postconf.5.html#mydestination">mydestination</a>)</b></DT><DD> 8716 8717<p> What destination domains (and subdomains thereof) this system 8718will relay mail to. Subdomain matching is controlled with the 8719<a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> parameter. For details about how 8720the <a href="postconf.5.html#relay_domains">relay_domains</a> value is used, see the description of the 8721<a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> and <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> SMTP recipient 8722restrictions. </p> 8723 8724<p> Domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a> are delivered with the 8725$<a href="postconf.5.html#relay_transport">relay_transport</a> mail delivery transport. The SMTP server validates 8726recipient addresses with $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> and rejects non-existent 8727recipients. See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the 8728<a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p> 8729 8730<p> Note: Postfix will not automatically forward mail for domains 8731that list this system as their primary or backup MX host. See the 8732<a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> restriction in the <a href="postconf.5.html">postconf(5)</a> manual page. </p> 8733 8734<p> Specify a list of host or domain names, "/file/name" patterns 8735or "<a href="DATABASE_README.html">type:table</a>" lookup tables, separated by commas and/or whitespace. 8736Continue long lines by starting the next line with whitespace. A 8737"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" 8738lookup table is matched when a (parent) domain appears as lookup 8739key. Specify "!pattern" to exclude a domain from the list. The form 8740"!/file/name" is supported only in Postfix version 2.4 and later. 8741</p> 8742 8743 8744</DD> 8745 8746<DT><b><a name="relay_domains_reject_code">relay_domains_reject_code</a> 8747(default: 554)</b></DT><DD> 8748 8749<p> 8750The numerical Postfix SMTP server response code when a client 8751request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient 8752restriction. 8753</p> 8754 8755<p> 8756Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 8757</p> 8758 8759 8760</DD> 8761 8762<DT><b><a name="relay_recipient_maps">relay_recipient_maps</a> 8763(default: empty)</b></DT><DD> 8764 8765<p> Optional lookup tables with all valid addresses in the domains 8766that match $<a href="postconf.5.html#relay_domains">relay_domains</a>. Specify @domain as a wild-card for 8767domains that have no valid recipient list, and become a source of 8768backscatter mail: Postfix accepts spam for non-existent recipients 8769and then floods innocent people with undeliverable mail. Technically, 8770tables 8771listed with $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> are used as lists: Postfix needs 8772to know only if a lookup string is found or not, but it does not 8773use the result from table lookup. </p> 8774 8775<p> 8776If this parameter is non-empty, then the Postfix SMTP server will reject 8777mail to unknown relay users. This feature is off by default. 8778</p> 8779 8780<p> 8781See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> 8782file. 8783</p> 8784 8785<p> 8786Example: 8787</p> 8788 8789<pre> 8790<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relay_recipients 8791</pre> 8792 8793<p> 8794This feature is available in Postfix 2.0 and later. 8795</p> 8796 8797 8798</DD> 8799 8800<DT><b><a name="relay_transport">relay_transport</a> 8801(default: relay)</b></DT><DD> 8802 8803<p> 8804The default mail delivery transport and next-hop destination for 8805remote delivery to domains listed with $<a href="postconf.5.html#relay_domains">relay_domains</a>. In order of 8806decreasing precedence, the nexthop destination is taken from 8807$<a href="postconf.5.html#relay_transport">relay_transport</a>, $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>, or 8808from the recipient domain. This information can be overruled with 8809the <a href="transport.5.html">transport(5)</a> table. 8810</p> 8811 8812<p> 8813Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 8814is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>. 8815The <i>:nexthop</i> destination is optional; its syntax is documented 8816in the manual page of the corresponding delivery agent. 8817</p> 8818 8819<p> 8820See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> 8821file. 8822</p> 8823 8824<p> 8825This feature is available in Postfix 2.0 and later. 8826</p> 8827 8828 8829</DD> 8830 8831<DT><b><a name="relayhost">relayhost</a> 8832(default: empty)</b></DT><DD> 8833 8834<p> 8835The next-hop destination of non-local mail; overrides non-local 8836domains in recipient addresses. This information is overruled with 8837<a href="postconf.5.html#relay_transport">relay_transport</a>, <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, 8838<a href="postconf.5.html#default_transport">default_transport</a>, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> 8839and with the <a href="transport.5.html">transport(5)</a> table. 8840</p> 8841 8842<p> 8843On an intranet, specify the organizational domain name. If your 8844internal DNS uses no MX records, specify the name of the intranet 8845gateway host instead. 8846</p> 8847 8848<p> 8849In the case of SMTP, specify a domain name, hostname, hostname:port, 8850[hostname]:port, [hostaddress] or [hostaddress]:port. The form 8851[hostname] turns off MX lookups. 8852</p> 8853 8854<p> 8855If you're connected via UUCP, see the <a href="UUCP_README.html">UUCP_README</a> file for useful 8856information. 8857</p> 8858 8859<p> 8860Examples: 8861</p> 8862 8863<pre> 8864<a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a> 8865<a href="postconf.5.html#relayhost">relayhost</a> = [gateway.example.com] 8866<a href="postconf.5.html#relayhost">relayhost</a> = uucphost 8867<a href="postconf.5.html#relayhost">relayhost</a> = [an.ip.add.ress] 8868</pre> 8869 8870 8871</DD> 8872 8873<DT><b><a name="relocated_maps">relocated_maps</a> 8874(default: empty)</b></DT><DD> 8875 8876<p> 8877Optional lookup tables with new contact information for users or 8878domains that no longer exist. The table format and lookups are 8879documented in <a href="relocated.5.html">relocated(5)</a>. 8880</p> 8881 8882<p> 8883If you use this feature, run "<b>postmap /etc/postfix/relocated</b>" to 8884build the necessary DBM or DB file after change, then "<b>postfix 8885reload</b>" to make the changes visible. 8886</p> 8887 8888<p> 8889Examples: 8890</p> 8891 8892<pre> 8893<a href="postconf.5.html#relocated_maps">relocated_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/relocated 8894<a href="postconf.5.html#relocated_maps">relocated_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relocated 8895</pre> 8896 8897 8898</DD> 8899 8900<DT><b><a name="remote_header_rewrite_domain">remote_header_rewrite_domain</a> 8901(default: empty)</b></DT><DD> 8902 8903<p> Don't rewrite message headers from remote clients at all when 8904this parameter is empty; otherwise, rewrite message headers and 8905append the specified domain name to incomplete addresses. The 8906<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls what clients Postfix 8907considers local. </p> 8908 8909<p> Examples: </p> 8910 8911<p> The safe setting: append "domain.invalid" to incomplete header 8912addresses from remote SMTP clients, so that those addresses cannot 8913be confused with local addresses. </p> 8914 8915<blockquote> 8916<pre> 8917<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> = domain.invalid 8918</pre> 8919</blockquote> 8920 8921<p> The default, purist, setting: don't rewrite headers from remote 8922clients at all. </p> 8923 8924<blockquote> 8925<pre> 8926<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> = 8927</pre> 8928</blockquote> 8929 8930 8931</DD> 8932 8933<DT><b><a name="require_home_directory">require_home_directory</a> 8934(default: no)</b></DT><DD> 8935 8936<p> 8937Require that a <a href="local.8.html">local(8)</a> recipient's home directory exists 8938before mail delivery is attempted. By default this test is disabled. 8939It can be useful for environments that import home directories to 8940the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED). 8941</p> 8942 8943 8944</DD> 8945 8946<DT><b><a name="reset_owner_alias">reset_owner_alias</a> 8947(default: no)</b></DT><DD> 8948 8949<p> Reset the <a href="local.8.html">local(8)</a> delivery agent's idea of the owner-alias 8950attribute, when delivering mail to a child alias that does not have 8951its own owner alias. </p> 8952 8953<p> This feature is available in Postfix 2.8 and later. With older 8954Postfix releases, the behavior is as if this parameter is set to 8955"yes". </p> 8956 8957<p> As documented in <a href="aliases.5.html">aliases(5)</a>, when an alias <i>name</i> has a 8958companion alias named owner-<i>name</i>, delivery errors will be 8959reported to the owner alias instead of the sender. This configuration 8960is recommended for mailing lists. <p> 8961 8962<p> A less known property of the owner alias is that it also forces 8963the <a href="local.8.html">local(8)</a> delivery agent to write local and remote addresses 8964from alias expansion to a new queue file, instead of attempting to 8965deliver mail to local addresses as soon as they come out of alias 8966expansion. </p> 8967 8968<p> Writing local addresses from alias expansion to a new queue 8969file allows for robust handling of temporary delivery errors: errors 8970with one local member have no effect on deliveries to other members 8971of the list. On the other hand, delivery to local addresses as 8972soon as they come out of alias expansion is fragile: a temporary 8973error with one local address from alias expansion will cause the 8974entire alias to be expanded repeatedly until the error goes away, 8975or until the message expires in the queue. In that case, a problem 8976with one list member results in multiple message deliveries to other 8977list members. </p> 8978 8979<p> The default behavior of Postfix 2.8 and later is to keep the 8980owner-alias attribute of the parent alias, when delivering mail to 8981a child alias that does not have its own owner alias. Then, local 8982addresses from that child alias will be written to a new queue file, 8983and a temporary error with one local address will not affect delivery 8984to other mailing list members. </p> 8985 8986<p> Unfortunately, older Postfix releases reset the owner-alias 8987attribute when delivering mail to a child alias that does not have 8988its own owner alias. The <a href="local.8.html">local(8)</a> delivery agent then attempts to 8989deliver local addresses as soon as they come out of child alias 8990expansion. If delivery to any address from child alias expansion 8991fails with a temporary error condition, the entire mailing list may 8992be expanded repeatedly until the mail expires in the queue, resulting 8993in multiple deliveries of the same message to mailing list members. 8994</p> 8995 8996 8997</DD> 8998 8999<DT><b><a name="resolve_dequoted_address">resolve_dequoted_address</a> 9000(default: yes)</b></DT><DD> 9001 9002<p> Resolve a recipient address safely instead of correctly, by 9003looking inside quotes. </p> 9004 9005<p> By default, the Postfix address resolver does not quote the 9006address localpart as per <a href="http://tools.ietf.org/html/rfc822">RFC 822</a>, so that additional @ or % or ! 9007operators remain visible. This behavior is safe but it is also 9008technically incorrect. </p> 9009 9010<p> If you specify "<a href="postconf.5.html#resolve_dequoted_address">resolve_dequoted_address</a> = no", then 9011the Postfix 9012resolver will not know about additional @ etc. operators in the 9013address localpart. This opens opportunities for obscure mail relay 9014attacks with user@domain@domain addresses when Postfix provides 9015backup MX service for Sendmail systems. </p> 9016 9017 9018</DD> 9019 9020<DT><b><a name="resolve_null_domain">resolve_null_domain</a> 9021(default: no)</b></DT><DD> 9022 9023<p> Resolve an address that ends in the "@" null domain as if the 9024local hostname were specified, instead of rejecting the address as 9025invalid. </p> 9026 9027<p> This feature is available in Postfix 2.1 and later. 9028Earlier versions always resolve the null domain as the local 9029hostname. </p> 9030 9031<p> The Postfix SMTP server uses this feature to reject mail from 9032or to addresses that end in the "@" null domain, and from addresses 9033that rewrite into a form that ends in the "@" null domain. </p> 9034 9035 9036</DD> 9037 9038<DT><b><a name="resolve_numeric_domain">resolve_numeric_domain</a> 9039(default: no)</b></DT><DD> 9040 9041<p> Resolve "user@ipaddress" as "user@[ipaddress]", instead of 9042rejecting the address as invalid. </p> 9043 9044<p> This feature is available in Postfix 2.3 and later. 9045 9046 9047</DD> 9048 9049<DT><b><a name="rewrite_service_name">rewrite_service_name</a> 9050(default: rewrite)</b></DT><DD> 9051 9052<p> 9053The name of the address rewriting service. This service rewrites 9054addresses to standard form and resolves them to a (delivery method, 9055next-hop host, recipient) triple. 9056</p> 9057 9058<p> 9059This feature is available in Postfix 2.0 and later. 9060</p> 9061 9062 9063</DD> 9064 9065<DT><b><a name="sample_directory">sample_directory</a> 9066(default: /etc/postfix)</b></DT><DD> 9067 9068<p> 9069The name of the directory with example Postfix configuration files. 9070Starting with Postfix 2.1, these files have been replaced with the 9071<a href="postconf.5.html">postconf(5)</a> manual page. 9072</p> 9073 9074 9075</DD> 9076 9077<DT><b><a name="send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> 9078(default: no)</b></DT><DD> 9079 9080<p> When authenticating to a remote SMTP or LMTP server with the 9081default setting "no", send no SASL authoriZation ID (authzid); send 9082only the SASL authentiCation ID (authcid) plus the authcid's password. 9083</p> 9084 9085<p> The non-default setting "yes" enables the behavior of older 9086Postfix versions. These always send a SASL authzid that is equal 9087to the SASL authcid, but this causes inter-operability problems 9088with some SMTP servers. </p> 9089 9090<p> This feature is available in Postfix 2.4.4 and later. </p> 9091 9092 9093</DD> 9094 9095<DT><b><a name="sender_based_routing">sender_based_routing</a> 9096(default: no)</b></DT><DD> 9097 9098<p> 9099This parameter should not be used. It was replaced by <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> 9100in Postfix version 2.3. 9101</p> 9102 9103 9104</DD> 9105 9106<DT><b><a name="sender_bcc_maps">sender_bcc_maps</a> 9107(default: empty)</b></DT><DD> 9108 9109<p> Optional BCC (blind carbon-copy) address lookup tables, indexed 9110by sender address. The BCC address (multiple results are not 9111supported) is added when mail enters from outside of Postfix. </p> 9112 9113<p> 9114This feature is available in Postfix 2.1 and later. 9115</p> 9116 9117<p> 9118The table search order is as follows: 9119</p> 9120 9121<ul> 9122 9123<li> Look up the "user+extension@domain.tld" address including the 9124optional address extension. 9125 9126<li> Look up the "user@domain.tld" address without the optional 9127address extension. 9128 9129<li> Look up the "user+extension" address local part when the 9130sender domain equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 9131or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 9132 9133<li> Look up the "user" address local part when the sender domain 9134equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 9135 9136<li> Look up the "@domain.tld" part. 9137 9138</ul> 9139 9140<p> 9141Specify the types and names of databases to use. After change, 9142run "<b>postmap /etc/postfix/sender_bcc</b>". 9143</p> 9144 9145<p> 9146Note: with Postfix 2.3 and later the BCC address is added as if it 9147was specified with NOTIFY=NONE. The sender will not be notified 9148when the BCC address is undeliverable, as long as all down-stream 9149software implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>. 9150</p> 9151 9152<p> 9153Note: with Postfix 2.2 and earlier the sender will be notified 9154when the BCC address is undeliverable. 9155</p> 9156 9157<p> Note: automatic BCC recipients are produced only for new mail. 9158To avoid mailer loops, automatic BCC recipients are not generated 9159after Postfix forwards mail internally, or after Postfix generates 9160mail itself. </p> 9161 9162<p> 9163Example: 9164</p> 9165 9166<pre> 9167<a href="postconf.5.html#sender_bcc_maps">sender_bcc_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_bcc 9168</pre> 9169 9170 9171</DD> 9172 9173<DT><b><a name="sender_canonical_classes">sender_canonical_classes</a> 9174(default: envelope_sender, header_sender)</b></DT><DD> 9175 9176<p> What addresses are subject to <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address 9177mapping. By default, <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address mapping is 9178applied to envelope sender addresses, and to header sender addresses. 9179</p> 9180 9181<p> Specify one or more of: envelope_sender, header_sender </p> 9182 9183<p> This feature is available in Postfix 2.2 and later. </p> 9184 9185 9186</DD> 9187 9188<DT><b><a name="sender_canonical_maps">sender_canonical_maps</a> 9189(default: empty)</b></DT><DD> 9190 9191<p> 9192Optional address mapping lookup tables for envelope and header 9193sender addresses. 9194The table format and lookups are documented in <a href="canonical.5.html">canonical(5)</a>. 9195</p> 9196 9197<p> 9198Example: you want to rewrite the SENDER address "user@ugly.domain" 9199to "user@pretty.domain", while still being able to send mail to 9200the RECIPIENT address "user@ugly.domain". 9201</p> 9202 9203<p> 9204Note: $<a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> is processed before $<a href="postconf.5.html#canonical_maps">canonical_maps</a>. 9205</p> 9206 9207<p> 9208Example: 9209</p> 9210 9211<pre> 9212<a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_canonical 9213</pre> 9214 9215 9216</DD> 9217 9218<DT><b><a name="sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> 9219(default: empty)</b></DT><DD> 9220 9221<p> A sender-dependent override for the global <a href="postconf.5.html#default_transport">default_transport</a> 9222parameter setting. The tables are searched by the envelope sender 9223address and @domain. A lookup result of DUNNO terminates the search 9224without overriding the global <a href="postconf.5.html#default_transport">default_transport</a> parameter setting. 9225This information is overruled with the <a href="transport.5.html">transport(5)</a> table. </p> 9226 9227<p> Note: this overrides <a href="postconf.5.html#default_transport">default_transport</a>, not <a href="postconf.5.html#transport_maps">transport_maps</a>, and 9228therefore the expected syntax is that of <a href="postconf.5.html#default_transport">default_transport</a>, not the 9229syntax of <a href="postconf.5.html#transport_maps">transport_maps</a>. Specifically, this does not support the 9230<a href="postconf.5.html#transport_maps">transport_maps</a> syntax for null transport, null nexthop, or null 9231email addresses. </p> 9232 9233<p> For safety reasons, this feature does not allow $number 9234substitutions in regular expression maps. </p> 9235 9236<p> This feature is available in Postfix 2.7 and later. </p> 9237 9238 9239</DD> 9240 9241<DT><b><a name="sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> 9242(default: empty)</b></DT><DD> 9243 9244<p> A sender-dependent override for the global <a href="postconf.5.html#relayhost">relayhost</a> parameter 9245setting. The tables are searched by the envelope sender address and 9246@domain. A lookup result of DUNNO terminates the search without 9247overriding the global <a href="postconf.5.html#relayhost">relayhost</a> parameter setting (Postfix 2.6 and 9248later). This information is overruled with <a href="postconf.5.html#relay_transport">relay_transport</a>, 9249<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, <a href="postconf.5.html#default_transport">default_transport</a> and with 9250the <a href="transport.5.html">transport(5)</a> table. </p> 9251 9252<p> For safety reasons, this feature does not allow $number 9253substitutions in regular expression maps. </p> 9254 9255<p> 9256This feature is available in Postfix 2.3 and later. 9257</p> 9258 9259 9260</DD> 9261 9262<DT><b><a name="sendmail_fix_line_endings">sendmail_fix_line_endings</a> 9263(default: always)</b></DT><DD> 9264 9265<p> Controls how the Postfix sendmail command converts email message 9266line endings from <CR><LF> into UNIX format (<LF>). 9267</p> 9268 9269<dl> 9270 9271<dt> <b>always</b> </dt> <dd> Always convert message lines ending 9272in <CR><LF>. This setting is the default with Postfix 92732.9 and later. </dd> 9274 9275<dt> <b>strict</b> </dt> <dd> Convert message lines ending in 9276<CR><LF> only if the first input line ends in 9277<CR><LF>. This setting is backwards-compatible with 9278Postfix 2.8 and earlier. </dd> 9279 9280<dt> <b>never</b> </dt> <dd> Never convert message lines ending in 9281<CR><LF>. This setting exists for completeness only. 9282</dd> 9283 9284</dl> 9285 9286<p> This feature is available in Postfix 2.9 and later. </p> 9287 9288 9289</DD> 9290 9291<DT><b><a name="sendmail_path">sendmail_path</a> 9292(default: see "postconf -d" output)</b></DT><DD> 9293 9294<p> 9295A Sendmail compatibility feature that specifies the location of 9296the Postfix <a href="sendmail.1.html">sendmail(1)</a> command. This command can be used to 9297submit mail into the Postfix queue. 9298</p> 9299 9300 9301</DD> 9302 9303<DT><b><a name="service_throttle_time">service_throttle_time</a> 9304(default: 60s)</b></DT><DD> 9305 9306<p> 9307How long the Postfix <a href="master.8.html">master(8)</a> waits before forking a server that 9308appears to be malfunctioning. 9309</p> 9310 9311<p> 9312Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9313The default time unit is s (seconds). 9314</p> 9315 9316 9317</DD> 9318 9319<DT><b><a name="setgid_group">setgid_group</a> 9320(default: postdrop)</b></DT><DD> 9321 9322<p> 9323The group ownership of set-gid Postfix commands and of group-writable 9324Postfix directories. When this parameter value is changed you need 9325to re-run "<b>postfix set-permissions</b>" (with Postfix version 2.0 and 9326earlier: "<b>/etc/postfix/post-install set-permissions</b>". 9327</p> 9328 9329 9330</DD> 9331 9332<DT><b><a name="show_user_unknown_table_name">show_user_unknown_table_name</a> 9333(default: yes)</b></DT><DD> 9334 9335<p> 9336Display the name of the recipient table in the "User unknown" 9337responses. The extra detail makes trouble shooting easier but also 9338reveals information that is nobody elses business. 9339</p> 9340 9341<p> 9342This feature is available in Postfix 2.0 and later. 9343</p> 9344 9345 9346</DD> 9347 9348<DT><b><a name="showq_service_name">showq_service_name</a> 9349(default: showq)</b></DT><DD> 9350 9351<p> 9352The name of the <a href="showq.8.html">showq(8)</a> service. This service produces mail queue 9353status reports. 9354</p> 9355 9356<p> 9357This feature is available in Postfix 2.0 and later. 9358</p> 9359 9360 9361</DD> 9362 9363<DT><b><a name="smtp_address_preference">smtp_address_preference</a> 9364(default: any)</b></DT><DD> 9365 9366<p> The address type ("ipv6", "ipv4" or "any") that the Postfix 9367SMTP client will try first, when a destination has IPv6 and IPv4 9368addresses with equal MX preference. This feature has no effect 9369unless the <a href="postconf.5.html#inet_protocols">inet_protocols</a> setting enables both IPv4 and IPv6. 9370With Postfix 2.8 the default is "ipv6". </p> 9371 9372<p> Notes for mail delivery between sites that have both IPv4 and 9373IPv6 connectivity: </p> 9374 9375<ul> 9376 9377<li> <p> The setting "<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> = ipv6" is unsafe. 9378It can fail to deliver mail when there is an outage that affects 9379IPv6, while the destination is still reachable over IPv4. </p> 9380 9381<li> <p> The setting "<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> = any" is safe. With 9382this, mail will eventually be delivered even if there is an outage 9383that affects IPv6 or IPv4, as long as it does not affect both. </p> 9384 9385</ul> 9386 9387<p> This feature is available in Postfix 2.8 and later. </p> 9388 9389 9390</DD> 9391 9392<DT><b><a name="smtp_always_send_ehlo">smtp_always_send_ehlo</a> 9393(default: yes)</b></DT><DD> 9394 9395<p> 9396Always send EHLO at the start of an SMTP session. 9397</p> 9398 9399<p> 9400With "<a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> = no", the Postfix SMTP client sends 9401EHLO only when 9402the word "ESMTP" appears in the server greeting banner (example: 9403220 spike.porcupine.org ESMTP Postfix). 9404</p> 9405 9406 9407</DD> 9408 9409<DT><b><a name="smtp_bind_address">smtp_bind_address</a> 9410(default: empty)</b></DT><DD> 9411 9412<p> 9413An optional numerical network address that the Postfix SMTP client 9414should bind to when making an IPv4 connection. 9415</p> 9416 9417<p> 9418This can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP clients, or 9419it can be specified in the <a href="master.5.html">master.cf</a> file for a specific client, 9420for example: 9421</p> 9422 9423<blockquote> 9424<pre> 9425/etc/postfix/<a href="master.5.html">master.cf</a>: 9426 smtp ... smtp -o <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>=11.22.33.44 9427</pre> 9428</blockquote> 9429 9430<p> Note 1: when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies no more than one IPv4 9431address, and that address is a non-loopback address, it is 9432automatically used as the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>. This supports virtual 9433IP hosting, but can be a problem on multi-homed firewalls. See the 9434<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> documentation for more detail. </p> 9435 9436<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 9437but this form is not required here. </p> 9438 9439 9440</DD> 9441 9442<DT><b><a name="smtp_bind_address6">smtp_bind_address6</a> 9443(default: empty)</b></DT><DD> 9444 9445<p> 9446An optional numerical network address that the Postfix SMTP client 9447should bind to when making an IPv6 connection. 9448</p> 9449 9450<p> This feature is available in Postfix 2.2 and later. </p> 9451 9452<p> 9453This can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP clients, or 9454it can be specified in the <a href="master.5.html">master.cf</a> file for a specific client, 9455for example: 9456</p> 9457 9458<blockquote> 9459<pre> 9460/etc/postfix/<a href="master.5.html">master.cf</a>: 9461 smtp ... smtp -o <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>=1:2:3:4:5:6:7:8 9462</pre> 9463</blockquote> 9464 9465<p> Note 1: when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies no more than one IPv6 9466address, and that address is a non-loopback address, it is 9467automatically used as the <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>. This supports virtual 9468IP hosting, but can be a problem on multi-homed firewalls. See the 9469<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> documentation for more detail. </p> 9470 9471<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 9472but this form is not recommended here. </p> 9473 9474 9475</DD> 9476 9477<DT><b><a name="smtp_body_checks">smtp_body_checks</a> 9478(default: empty)</b></DT><DD> 9479 9480<p> Restricted <a href="header_checks.5.html">body_checks(5)</a> tables for the Postfix SMTP client. 9481These tables are searched while mail is being delivered. Actions 9482that change the delivery time or destination are not available. 9483</p> 9484 9485<p> This feature is available in Postfix 2.5 and later. </p> 9486 9487 9488</DD> 9489 9490<DT><b><a name="smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> 9491(default: version dependent)</b></DT><DD> 9492 9493<p> When the remote SMTP servername is a DNS CNAME, replace the 9494servername with the result from CNAME expansion for the purpose of 9495logging, SASL password lookup, TLS 9496policy decisions, or TLS certificate verification. The value "no" 9497hardens Postfix <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> hostname-based policies against 9498false hostname information in DNS CNAME records, and makes SASL 9499password file lookups more predictable. This is the default setting 9500as of Postfix 2.3. </p> 9501 9502<p> When DNS CNAME records are validated with secure DNS lookups 9503(<a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> = dnssec), they are always allowed to 9504override the above servername (Postfix 2.11 and later). </p> 9505 9506<p> This feature is available in Postfix 2.2.9 and later. </p> 9507 9508 9509</DD> 9510 9511<DT><b><a name="smtp_connect_timeout">smtp_connect_timeout</a> 9512(default: 30s)</b></DT><DD> 9513 9514<p> 9515The Postfix SMTP client time limit for completing a TCP connection, or 9516zero (use the operating system built-in time limit). 9517</p> 9518 9519<p> 9520When no connection can be made within the deadline, the Postfix 9521SMTP client 9522tries the next address on the mail exchanger list. Specify 0 to 9523disable the time limit (i.e. use whatever timeout is implemented by 9524the operating system). 9525</p> 9526 9527<p> 9528Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9529The default time unit is s (seconds). 9530</p> 9531 9532 9533</DD> 9534 9535<DT><b><a name="smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> 9536(default: empty)</b></DT><DD> 9537 9538<p> Permanently enable SMTP connection caching for the specified 9539destinations. With SMTP connection caching, a connection is not 9540closed immediately after completion of a mail transaction. Instead, 9541the connection is kept open for up to $<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> 9542seconds. This allows connections to be reused for other deliveries, 9543and can improve mail delivery performance. </p> 9544 9545<p> Specify a comma or white space separated list of destinations 9546or pseudo-destinations: </p> 9547 9548<ul> 9549 9550<li> if mail is sent without a <a href="postconf.5.html#relayhost">relay host</a>: a domain name (the 9551right-hand side of an email address, without the [] around a numeric 9552IP address), 9553 9554<li> if mail is sent via a <a href="postconf.5.html#relayhost">relay host</a>: a <a href="postconf.5.html#relayhost">relay host</a> name (without 9555[] or non-default TCP port), as specified in <a href="postconf.5.html">main.cf</a> or in the 9556transport map, 9557 9558<li> if mail is sent via a UNIX-domain socket: a pathname (without 9559the unix: prefix), 9560 9561<li> a /file/name with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names as 9562defined above, 9563 9564<li> a "<a href="DATABASE_README.html">type:table</a>" with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names on 9565the left-hand side. The right-hand side result from "<a href="DATABASE_README.html">type:table</a>" 9566lookups is ignored. 9567 9568</ul> 9569 9570<p> This feature is available in Postfix 2.2 and later. </p> 9571 9572 9573</DD> 9574 9575<DT><b><a name="smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> 9576(default: yes)</b></DT><DD> 9577 9578<p> Temporarily enable SMTP connection caching while a destination 9579has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. With SMTP connection 9580caching, a connection is not closed immediately after completion 9581of a mail transaction. Instead, the connection is kept open for 9582up to $<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> seconds. This allows 9583connections to be reused for other deliveries, and can improve mail 9584delivery performance. </p> 9585 9586<p> This feature is available in Postfix 2.2 and later. </p> 9587 9588 9589</DD> 9590 9591<DT><b><a name="smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> 9592(default: 2s)</b></DT><DD> 9593 9594<p> When SMTP connection caching is enabled, the amount of time that 9595an unused SMTP client socket is kept open before it is closed. Do 9596not specify larger values without permission from the remote sites. 9597</p> 9598 9599<p> This feature is available in Postfix 2.2 and later. </p> 9600 9601 9602</DD> 9603 9604<DT><b><a name="smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> 9605(default: 0)</b></DT><DD> 9606 9607<p> When SMTP connection caching is enabled, the number of times 9608that an SMTP session may be reused before it is closed, or zero (no 9609limit). With a reuse count limit of N, a connection is used up to 9610N+1 times. </p> 9611 9612<p> NOTE: This feature is unsafe. When a high-volume destination 9613has multiple inbound MTAs, then the slowest inbound MTA will attract 9614the most connections to that destination. This limitation does not 9615exist with the <a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> feature. </p> 9616 9617<p> This feature is available in Postfix 2.11. </p> 9618 9619 9620</DD> 9621 9622<DT><b><a name="smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> 9623(default: 300s)</b></DT><DD> 9624 9625<p> The amount of time during which Postfix will use an SMTP 9626connection repeatedly. The timer starts when the connection is 9627initiated (i.e. it includes the connect, greeting and helo latency, 9628in addition to the latencies of subsequent mail delivery transactions). 9629</p> 9630 9631<p> This feature addresses a performance stability problem with 9632remote SMTP servers. This problem is not specific to Postfix: it 9633can happen when any MTA sends large amounts of SMTP email to a site 9634that has multiple MX hosts. </p> 9635 9636<p> The problem starts when one of a set of MX hosts becomes slower 9637than the rest. Even though SMTP clients connect to fast and slow 9638MX hosts with equal probability, the slow MX host ends up with more 9639simultaneous inbound connections than the faster MX hosts, because 9640the slow MX host needs more time to serve each client request. </p> 9641 9642<p> The slow MX host becomes a connection attractor. If one MX 9643host becomes N times slower than the rest, it dominates mail delivery 9644latency unless there are more than N fast MX hosts to counter the 9645effect. And if the number of MX hosts is smaller than N, the mail 9646delivery latency becomes effectively that of the slowest MX host 9647divided by the total number of MX hosts. </p> 9648 9649<p> The solution uses connection caching in a way that differs from 9650Postfix version 2.2. By limiting the amount of time during which a connection 9651can be used repeatedly (instead of limiting the number of deliveries 9652over that connection), Postfix not only restores fairness in the 9653distribution of simultaneous connections across a set of MX hosts, 9654it also favors deliveries over connections that perform well, which 9655is exactly what we want. </p> 9656 9657<p> The default reuse time limit, 300s, is comparable to the various 9658smtp transaction timeouts which are fair estimates of maximum excess 9659latency for a slow delivery. Note that hosts may accept thousands 9660of messages over a single connection within the default connection 9661reuse time limit. This number is much larger than the default Postfix 9662version 2.2 limit of 10 messages per cached connection. It may prove necessary 9663to lower the limit to avoid interoperability issues with MTAs that 9664exhibit bugs when many messages are delivered via a single connection. 9665A lower reuse time limit risks losing the benefit of connection 9666reuse when the average connection and mail delivery latency exceeds 9667the reuse time limit. </p> 9668 9669<p> This feature is available in Postfix 2.3 and later. </p> 9670 9671 9672</DD> 9673 9674<DT><b><a name="smtp_data_done_timeout">smtp_data_done_timeout</a> 9675(default: 600s)</b></DT><DD> 9676 9677<p> 9678The Postfix SMTP client time limit for sending the SMTP ".", and 9679for receiving the remote SMTP server response. 9680</p> 9681 9682<p> 9683When no response is received within the deadline, a warning is 9684logged that the mail may be delivered multiple times. 9685</p> 9686 9687<p> 9688Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9689The default time unit is s (seconds). 9690</p> 9691 9692 9693</DD> 9694 9695<DT><b><a name="smtp_data_init_timeout">smtp_data_init_timeout</a> 9696(default: 120s)</b></DT><DD> 9697 9698<p> 9699The Postfix SMTP client time limit for sending the SMTP DATA command, 9700and for receiving the remote SMTP server response. 9701</p> 9702 9703<p> 9704Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9705The default time unit is s (seconds). 9706</p> 9707 9708 9709</DD> 9710 9711<DT><b><a name="smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> 9712(default: 180s)</b></DT><DD> 9713 9714<p> 9715The Postfix SMTP client time limit for sending the SMTP message content. 9716When the connection makes no progress for more than $<a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> 9717seconds the Postfix SMTP client terminates the transfer. 9718</p> 9719 9720<p> 9721Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9722The default time unit is s (seconds). 9723</p> 9724 9725 9726</DD> 9727 9728<DT><b><a name="smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> 9729(default: no)</b></DT><DD> 9730 9731<p> 9732Defer mail delivery when no MX record resolves to an IP address. 9733</p> 9734 9735<p> 9736The default (no) is to return the mail as undeliverable. With older 9737Postfix versions the default was to keep trying to deliver the mail 9738until someone fixed the MX record or until the mail was too old. 9739</p> 9740 9741<p> 9742Note: the Postfix SMTP client always ignores MX records with equal 9743or worse preference 9744than the local MTA itself. 9745</p> 9746 9747<p> 9748This feature is available in Postfix 2.1 and later. 9749</p> 9750 9751 9752</DD> 9753 9754<DT><b><a name="smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> 9755(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 9756 9757<p> The maximal number of parallel deliveries to the same destination 9758via the smtp message delivery transport. This limit is enforced by 9759the queue manager. The message delivery transport name is the first 9760field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 9761 9762 9763</DD> 9764 9765<DT><b><a name="smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> 9766(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 9767 9768<p> The maximal number of recipients per message for the smtp 9769message delivery transport. This limit is enforced by the queue 9770manager. The message delivery transport name is the first field in 9771the entry in the <a href="master.5.html">master.cf</a> file. </p> 9772 9773<p> Setting this parameter to a value of 1 changes the meaning of 9774<a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> from concurrency per domain 9775into concurrency per recipient. </p> 9776 9777 9778</DD> 9779 9780<DT><b><a name="smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> 9781(default: empty)</b></DT><DD> 9782 9783<p> Lookup tables, indexed by the remote SMTP server address, with 9784case insensitive lists of EHLO keywords (pipelining, starttls, auth, 9785etc.) that the Postfix SMTP client will ignore in the EHLO response from a 9786remote SMTP server. See <a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> for details. The 9787table is not indexed by hostname for consistency with 9788<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>. </p> 9789 9790<p> This feature is available in Postfix 2.2 and later. </p> 9791 9792 9793</DD> 9794 9795<DT><b><a name="smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> 9796(default: empty)</b></DT><DD> 9797 9798<p> A case insensitive list of EHLO keywords (pipelining, starttls, 9799auth, etc.) that the Postfix SMTP client will ignore in the EHLO 9800response from a remote SMTP server. </p> 9801 9802<p> This feature is available in Postfix 2.2 and later. </p> 9803 9804<p> Notes: </p> 9805 9806<ul> 9807 9808<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 9809this action from being logged. </p> 9810 9811<li> <p> Use the <a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> feature to 9812discard EHLO keywords selectively. </p> 9813 9814</ul> 9815 9816 9817</DD> 9818 9819<DT><b><a name="smtp_dns_resolver_options">smtp_dns_resolver_options</a> 9820(default: empty)</b></DT><DD> 9821 9822<p> DNS Resolver options for the Postfix SMTP client. Specify zero 9823or more of the following options, separated by comma or whitespace. 9824Option names are case-sensitive. Some options refer to domain names 9825that are specified in the file /etc/resolv.conf or equivalent. </p> 9826 9827<dl> 9828 9829<dt><b>res_defnames</b></dt> 9830 9831<dd> Append the current domain name to single-component names (those 9832that do not contain a "." character). This can produce incorrect 9833results, and is the hard-coded behavior prior to Postfix 2.8. </dd> 9834 9835<dt><b>res_dnsrch</b></dt> 9836 9837<dd> Search for host names in the current domain and in parent 9838domains. This can produce incorrect results and is therefore not 9839recommended. </dd> 9840 9841</dl> 9842 9843<p> This feature is available in Postfix 2.8 and later. </p> 9844 9845 9846</DD> 9847 9848<DT><b><a name="smtp_dns_support_level">smtp_dns_support_level</a> 9849(default: empty)</b></DT><DD> 9850 9851<p> Level of DNS support in the Postfix SMTP client. With 9852"<a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>" left at its empty default value, the legacy 9853"<a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a>" parameter controls whether DNS is enabled in 9854the Postfix SMTP client, otherwise the legacy parameter is ignored. 9855</p> 9856 9857<p> Specify one of the following: </p> 9858 9859<dl> 9860 9861<dt><b>disabled</b></dt> 9862 9863<dd>Disable DNS lookups. No MX lookups are performed and hostname 9864to address lookups are unconditionally "native". This setting is 9865not appropriate for hosts that deliver mail to the public Internet. 9866Some obsolete how-to documents recommend disabling DNS lookups in 9867some configurations with content_filters. This is no longer required 9868and strongly discouraged. </dd> 9869 9870<dt><b>enabled</b></dt> 9871 9872<dd>Enable DNS lookups. Nexthop destination domains not enclosed 9873in "[]" will be subject to MX lookups. If "dns" and "native" are 9874included in the "<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" parameter value, DNS will be 9875queried first to resolve MX-host A records, followed by "native" 9876lookups if no answer is found in DNS. </dd> 9877 9878<dt><b>dnssec</b></dt> 9879 9880<dd>Enable <a href="https://tools.ietf.org/html/rfc4033">DNSSEC</a> 9881lookups. The "dnssec" setting differs from the "enabled" setting 9882above in the following ways: <ul> <li>Any MX lookups will set 9883RES_USE_DNSSEC and RES_USE_EDNS0 to request DNSSEC-validated 9884responses. If the MX response is DNSSEC-validated the corresponding 9885hostnames are considered validated. <li> The address lookups of 9886validated hostnames are also validated, (provided of course 9887"<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" includes "dns", see below). <li>Temporary 9888failures in DNSSEC-enabled hostname-to-address resolution block any 9889"native" lookups. Additional "native" lookups only happen when 9890DNSSEC lookups hard-fail (NODATA or NXDOMAIN). </ul> </dd> 9891 9892</dl> 9893 9894<p> The Postfix SMTP client considers non-MX "[nexthop]" and 9895"[nexthop]:port" destinations equivalent to statically-validated 9896MX records of the form "nexthop. IN MX 0 nexthop." Therefore, 9897with "dnssec" support turned on, validated hostname-to-address 9898lookups apply to the nexthop domain of any "[nexthop]" or 9899"[nexthop]:port" destination. This is also true for LMTP "inet:host" 9900and "inet:host:port" destinations, as LMTP hostnames are never 9901subject to MX lookups. </p> 9902 9903<p>The "dnssec" setting is recommended only if you plan to use the 9904<a href="TLS_README.html#client_tls_dane">dane</a> or <a 9905href="TLS_README.html#client_tls_dane">dane-only</a> TLS security 9906level, otherwise enabling DNSSEC support in Postfix offers no 9907additional security. Postfix DNSSEC support relies on an upstream 9908recursive nameserver that validates DNSSEC signatures. Such a DNS 9909server will always filter out forged DNS responses, even when Postfix 9910itself is not configured to use DNSSEC. </p> 9911 9912<p> When using Postfix DANE support the "<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" parameter 9913should include "dns", as <a 9914href="https://tools.ietf.org/html/rfc6698">DANE</a> is not applicable 9915to hosts resolved via "native" lookups. </p> 9916 9917<p> As mentioned above, Postfix is not a validating <a 9918href="https://tools.ietf.org/html/rfc4035#section-4.9">stub 9919resolver</a>; it relies on the system's configured DNSSEC-validating 9920<a href="https://tools.ietf.org/html/rfc4035#section-3.2">recursive 9921nameserver</a> to perform all DNSSEC validation. Since this 9922nameserver's DNSSEC-validated responses will be fully trusted, it 9923is strongly recommended that the MTA host have a local DNSSEC-validating 9924recursive caching nameserver listening on a loopback address, and 9925be configured to use only this nameserver for all lookups. Otherwise, 9926Postfix may remain subject to man-in-the-middle attacks that forge 9927responses from the recursive nameserver</p> 9928 9929<p>DNSSEC support requires a version of Postfix compiled against a 9930reasonably-modern DNS resolver(3) library that implements the 9931RES_USE_DNSSEC and RES_USE_EDNS0 resolver options. </p> 9932 9933<p> This feature is available in Postfix 2.11 and later. </p> 9934 9935 9936</DD> 9937 9938<DT><b><a name="smtp_enforce_tls">smtp_enforce_tls</a> 9939(default: no)</b></DT><DD> 9940 9941<p> Enforcement mode: require that remote SMTP servers use TLS 9942encryption, and never send mail in the clear. This also requires 9943that the remote SMTP server hostname matches the information in 9944the remote server certificate, and that the remote SMTP server 9945certificate was issued by a CA that is trusted by the Postfix SMTP 9946client. If the certificate doesn't verify or the hostname doesn't 9947match, delivery is deferred and mail stays in the queue. </p> 9948 9949<p> The server hostname is matched against all names provided as 9950dNSNames in the SubjectAlternativeName. If no dNSNames are specified, 9951the CommonName is checked. The behavior may be changed with the 9952<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> option. </p> 9953 9954<p> This option is useful only if you are definitely sure that you 9955will only connect to servers that support <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> _and_ that 9956provide valid server certificates. Typical use is for clients that 9957send all their email to a dedicated mailhub. </p> 9958 9959<p> This feature is available in Postfix 2.2 and later. With 9960Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p> 9961 9962 9963</DD> 9964 9965<DT><b><a name="smtp_fallback_relay">smtp_fallback_relay</a> 9966(default: $<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b></DT><DD> 9967 9968<p> 9969Optional list of relay hosts for SMTP destinations that can't be 9970found or that are unreachable. With Postfix 2.2 and earlier this 9971parameter is called <a href="postconf.5.html#fallback_relay">fallback_relay</a>. </p> 9972 9973<p> 9974By default, mail is returned to the sender when a destination is 9975not found, and delivery is deferred when a destination is unreachable. 9976</p> 9977 9978<p> With bulk email deliveries, it can be beneficial to run the 9979fallback relay MTA on the same host, so that it can reuse the sender 9980IP address. This speeds up deliveries that are delayed by IP-based 9981reputation systems (greylist, etc.). </p> 9982 9983<p> The fallback relays must be SMTP destinations. Specify a domain, 9984host, host:port, [host]:port, [address] or [address]:port; the form 9985[host] turns off MX lookups. If you specify multiple SMTP 9986destinations, Postfix will try them in the specified order. </p> 9987 9988<p> To prevent mailer loops between MX hosts and fall-back hosts, 9989Postfix version 2.2 and later will not use the fallback relays for 9990destinations that it is MX host for (assuming DNS lookup is turned on). 9991</p> 9992 9993 9994</DD> 9995 9996<DT><b><a name="smtp_generic_maps">smtp_generic_maps</a> 9997(default: empty)</b></DT><DD> 9998 9999<p> Optional lookup tables that perform address rewriting in the 10000Postfix SMTP client, typically to transform a locally valid address into 10001a globally valid address when sending mail across the Internet. 10002This is needed when the local machine does not have its own Internet 10003domain name, but uses something like <i>localdomain.local</i> 10004instead. </p> 10005 10006<p> The table format and lookups are documented in <a href="generic.5.html">generic(5)</a>; 10007examples are shown in the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> and 10008<a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> documents. </p> 10009 10010<p> This feature is available in Postfix 2.2 and later. </p> 10011 10012 10013</DD> 10014 10015<DT><b><a name="smtp_header_checks">smtp_header_checks</a> 10016(default: empty)</b></DT><DD> 10017 10018<p> Restricted <a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP client. 10019These tables are searched while mail is being delivered. Actions 10020that change the delivery time or destination are not available. 10021</p> 10022 10023<p> This feature is available in Postfix 2.5 and later. </p> 10024 10025 10026</DD> 10027 10028<DT><b><a name="smtp_helo_name">smtp_helo_name</a> 10029(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 10030 10031<p> 10032The hostname to send in the SMTP EHLO or HELO command. 10033</p> 10034 10035<p> 10036The default value is the machine hostname. Specify a hostname or 10037[ip.add.re.ss]. 10038</p> 10039 10040<p> 10041This information can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP 10042clients, or it can be specified in the <a href="master.5.html">master.cf</a> file for a specific 10043client, for example: 10044</p> 10045 10046<blockquote> 10047<pre> 10048/etc/postfix/<a href="master.5.html">master.cf</a>: 10049 mysmtp ... smtp -o <a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a>=foo.bar.com 10050</pre> 10051</blockquote> 10052 10053<p> 10054This feature is available in Postfix 2.0 and later. 10055</p> 10056 10057 10058</DD> 10059 10060<DT><b><a name="smtp_helo_timeout">smtp_helo_timeout</a> 10061(default: 300s)</b></DT><DD> 10062 10063<p> 10064The Postfix SMTP client time limit for sending the HELO or EHLO command, 10065and for receiving the initial remote SMTP server response. 10066</p> 10067 10068<p> 10069Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 10070The default time unit is s (seconds). 10071</p> 10072 10073 10074</DD> 10075 10076<DT><b><a name="smtp_host_lookup">smtp_host_lookup</a> 10077(default: dns)</b></DT><DD> 10078 10079<p> 10080What mechanisms the Postfix SMTP client uses to look up a host's 10081IP address. This parameter is ignored when DNS lookups are disabled 10082(see: <a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> and <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>). The "dns" 10083mechanism is always tried before "native" if both are listed. 10084</p> 10085 10086<p> 10087Specify one of the following: 10088</p> 10089 10090<dl> 10091 10092<dt><b>dns</b></dt> 10093 10094<dd>Hosts can be found in the DNS (preferred). </dd> 10095 10096<dt><b>native</b></dt> 10097 10098<dd>Use the native naming service only (nsswitch.conf, or equivalent 10099mechanism). </dd> 10100 10101<dt><b>dns, native</b></dt> 10102 10103<dd>Use the native service for hosts not found in the DNS. </dd> 10104 10105</dl> 10106 10107<p> 10108This feature is available in Postfix 2.1 and later. 10109</p> 10110 10111 10112</DD> 10113 10114<DT><b><a name="smtp_line_length_limit">smtp_line_length_limit</a> 10115(default: 998)</b></DT><DD> 10116 10117<p> 10118The maximal length of message header and body lines that Postfix 10119will send via SMTP. This limit does not include the <CR><LF> 10120at the end of each line. Longer lines are broken by inserting 10121"<CR><LF><SPACE>", to minimize the damage to MIME 10122formatted mail. 10123</p> 10124 10125<p> 10126The Postfix limit of 998 characters not including <CR><LF> 10127is consistent with the SMTP limit of 1000 characters including 10128<CR><LF>. The Postfix limit was 990 with Postfix 2.8 10129and earlier. 10130</p> 10131 10132 10133</DD> 10134 10135<DT><b><a name="smtp_mail_timeout">smtp_mail_timeout</a> 10136(default: 300s)</b></DT><DD> 10137 10138<p> 10139The Postfix SMTP client time limit for sending the MAIL FROM command, 10140and for receiving the remote SMTP server response. 10141</p> 10142 10143<p> 10144Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 10145The default time unit is s (seconds). 10146</p> 10147 10148 10149</DD> 10150 10151<DT><b><a name="smtp_mime_header_checks">smtp_mime_header_checks</a> 10152(default: empty)</b></DT><DD> 10153 10154<p> Restricted mime_<a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP 10155client. These tables are searched while mail is being delivered. 10156Actions that change the delivery time or destination are not 10157available. </p> 10158 10159<p> This feature is available in Postfix 2.5 and later. </p> 10160 10161 10162</DD> 10163 10164<DT><b><a name="smtp_mx_address_limit">smtp_mx_address_limit</a> 10165(default: 5)</b></DT><DD> 10166 10167<p> 10168The maximal number of MX (mail exchanger) IP addresses that can 10169result from Postfix SMTP client mail exchanger lookups, or zero (no 10170limit). Prior to 10171Postfix version 2.3, this limit was disabled by default. 10172</p> 10173 10174<p> 10175This feature is available in Postfix 2.1 and later. 10176</p> 10177 10178 10179</DD> 10180 10181<DT><b><a name="smtp_mx_session_limit">smtp_mx_session_limit</a> 10182(default: 2)</b></DT><DD> 10183 10184<p> The maximal number of SMTP sessions per delivery request before 10185the Postfix SMTP client 10186gives up or delivers to a fall-back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no 10187limit). This restriction ignores sessions that fail to complete the 10188SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to 10189complete the EHLO and TLS handshake (Postfix version 2.3 and later). </p> 10190 10191<p> This feature is available in Postfix 2.1 and later. </p> 10192 10193 10194</DD> 10195 10196<DT><b><a name="smtp_nested_header_checks">smtp_nested_header_checks</a> 10197(default: empty)</b></DT><DD> 10198 10199<p> Restricted nested_<a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP 10200client. These tables are searched while mail is being delivered. 10201Actions that change the delivery time or destination are not 10202available. </p> 10203 10204<p> This feature is available in Postfix 2.5 and later. </p> 10205 10206 10207</DD> 10208 10209<DT><b><a name="smtp_never_send_ehlo">smtp_never_send_ehlo</a> 10210(default: no)</b></DT><DD> 10211 10212<p> Never send EHLO at the start of an SMTP session. See also the 10213<a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> parameter. </p> 10214 10215 10216</DD> 10217 10218<DT><b><a name="smtp_per_record_deadline">smtp_per_record_deadline</a> 10219(default: no)</b></DT><DD> 10220 10221<p> Change the behavior of the smtp_*_timeout time limits, from a 10222time limit per read or write system call, to a time limit to send 10223or receive a complete record (an SMTP command line, SMTP response 10224line, SMTP message content line, or TLS protocol message). This 10225limits the impact from hostile peers that trickle data one byte at 10226a time. </p> 10227 10228<p> Note: when per-record deadlines are enabled, a short timeout 10229may cause problems with TLS over very slow network connections. 10230The reasons are that a TLS protocol message can be up to 16 kbytes 10231long (with TLSv1), and that an entire TLS protocol message must be 10232sent or received within the per-record deadline. </p> 10233 10234<p> This feature is available in Postfix 2.9 and later. With older 10235Postfix releases, the behavior is as if this parameter is set to 10236"no". </p> 10237 10238 10239</DD> 10240 10241<DT><b><a name="smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> 10242(default: 10s)</b></DT><DD> 10243 10244<p> 10245How long the Postfix SMTP client pauses before sending 10246".<CR><LF>" in order to work around the PIX firewall 10247"<CR><LF>.<CR><LF>" bug. 10248</p> 10249 10250<p> 10251Choosing a too short time makes this workaround ineffective when 10252sending large messages over slow network connections. 10253</p> 10254 10255 10256</DD> 10257 10258<DT><b><a name="smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> 10259(default: empty)</b></DT><DD> 10260 10261<p> Lookup tables, indexed by the remote SMTP server address, with 10262per-destination workarounds for CISCO PIX firewall bugs. The table 10263is not indexed by hostname for consistency with 10264<a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a>. </p> 10265 10266<p> This feature is available in Postfix 2.4 and later. </p> 10267 10268 10269</DD> 10270 10271<DT><b><a name="smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> 10272(default: 500s)</b></DT><DD> 10273 10274<p> How long a message must be queued before the Postfix SMTP client 10275turns on the PIX firewall "<CR><LF>.<CR><LF>" 10276bug workaround for delivery through firewalls with "smtp fixup" 10277mode turned on. </p> 10278 10279<p> 10280By default, the workaround is turned off for mail that is queued 10281for less than 500 seconds. In other words, the workaround is normally 10282turned off for the first delivery attempt. 10283</p> 10284 10285<p> 10286Specify 0 to enable the PIX firewall 10287"<CR><LF>.<CR><LF>" bug workaround upon the 10288first delivery attempt. 10289</p> 10290 10291 10292</DD> 10293 10294<DT><b><a name="smtp_pix_workarounds">smtp_pix_workarounds</a> 10295(default: disable_esmtp, delay_dotcrlf)</b></DT><DD> 10296 10297<p> A list that specifies zero or more workarounds for CISCO PIX 10298firewall bugs. These workarounds are implemented by the Postfix 10299SMTP client. Workaround names are separated by comma or space, and 10300are case insensitive. This parameter setting can be overruled with 10301per-destination <a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> settings. </p> 10302 10303<dl> 10304 10305<dt><b>delay_dotcrlf</b><dd> Insert a delay before sending 10306".<CR><LF>" after the end of the message content. The 10307delay is subject to the <a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> and 10308<a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> parameter settings. </dd> 10309 10310<dt><b>disable_esmtp</b><dd> Disable all extended SMTP commands: 10311send HELO instead of EHLO. </dd> 10312 10313</dl> 10314 10315<p> This feature is available in Postfix 2.4 and later. The default 10316settings are backwards compatible with earlier Postfix versions. 10317</p> 10318 10319 10320</DD> 10321 10322<DT><b><a name="smtp_quit_timeout">smtp_quit_timeout</a> 10323(default: 300s)</b></DT><DD> 10324 10325<p> 10326The Postfix SMTP client time limit for sending the QUIT command, 10327and for receiving the remote SMTP server response. 10328</p> 10329 10330<p> 10331Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 10332The default time unit is s (seconds). 10333</p> 10334 10335 10336</DD> 10337 10338<DT><b><a name="smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> 10339(default: yes)</b></DT><DD> 10340 10341<p> 10342Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands 10343as required 10344by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. This includes putting quotes around an address localpart 10345that ends in ".". 10346</p> 10347 10348<p> 10349The default is to comply with <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. If you have to send mail to 10350a broken SMTP server, configure a special SMTP client in <a href="master.5.html">master.cf</a>: 10351</p> 10352 10353<blockquote> 10354<pre> 10355/etc/postfix/<a href="master.5.html">master.cf</a>: 10356 broken-smtp . . . smtp -o <a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a>=no 10357</pre> 10358</blockquote> 10359 10360<p> 10361and route mail for the destination in question to the "broken-smtp" 10362message delivery with a <a href="transport.5.html">transport(5)</a> table. 10363</p> 10364 10365<p> 10366This feature is available in Postfix 2.1 and later. 10367</p> 10368 10369 10370</DD> 10371 10372<DT><b><a name="smtp_randomize_addresses">smtp_randomize_addresses</a> 10373(default: yes)</b></DT><DD> 10374 10375<p> 10376Randomize the order of equal-preference MX host addresses. This 10377is a performance feature of the Postfix SMTP client. 10378</p> 10379 10380 10381</DD> 10382 10383<DT><b><a name="smtp_rcpt_timeout">smtp_rcpt_timeout</a> 10384(default: 300s)</b></DT><DD> 10385 10386<p> 10387The Postfix SMTP client time limit for sending the SMTP RCPT TO 10388command, and for receiving the remote SMTP server response. 10389</p> 10390 10391<p> 10392Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 10393The default time unit is s (seconds). 10394</p> 10395 10396 10397</DD> 10398 10399<DT><b><a name="smtp_reply_filter">smtp_reply_filter</a> 10400(default: empty)</b></DT><DD> 10401 10402<p> A mechanism to transform replies from remote SMTP servers one 10403line at a time. This is a last-resort tool to work around server 10404replies that break inter-operability with the Postfix SMTP client. 10405Other uses involve fault injection to test Postfix's handling of 10406invalid responses. </p> 10407 10408<p> Notes: </p> 10409 10410<ul> 10411 10412<li> <p> In the case of a multi-line reply, the Postfix SMTP client 10413uses the final reply line's numerical SMTP reply code and enhanced 10414status code. </p> 10415 10416<li> <p> The numerical SMTP reply code (XYZ) takes precedence over 10417the enhanced status code (X.Y.Z). When the enhanced status code 10418initial digit differs from the SMTP reply code initial digit, or 10419when no enhanced status code is present, the Postfix SMTP client 10420uses a generic enhanced status code (X.0.0) instead. </p> 10421 10422</ul> 10423 10424<p> Specify the name of a "<a href="DATABASE_README.html">type:table</a>" lookup table. The search 10425string is a single SMTP reply line as received from the remote SMTP 10426server, except that the trailing <CR><LF> are removed. 10427When the lookup succeeds, the result replaces the single SMTP reply 10428line. </p> 10429 10430<p> Examples: </p> 10431 10432<pre> 10433/etc/postfix/<a href="postconf.5.html">main.cf</a>: 10434 <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/reply_filter 10435</pre> 10436 10437<pre> 10438/etc/postfix/reply_filter: 10439 # Transform garbage into "250-filler..." so that it looks like 10440 # one line from a multi-line reply. It does not matter what we 10441 # substitute here as long it has the right syntax. The Postfix 10442 # SMTP client will use the final line's numerical SMTP reply 10443 # code and enhanced status code. 10444 !/^([2-5][0-9][0-9]($|[- ]))/ 250-filler for garbage 10445</pre> 10446 10447<p> This feature is available in Postfix 2.7. </p> 10448 10449 10450</DD> 10451 10452<DT><b><a name="smtp_rset_timeout">smtp_rset_timeout</a> 10453(default: 20s)</b></DT><DD> 10454 10455<p> The Postfix SMTP client time limit for sending the RSET command, 10456and for receiving the remote SMTP server response. The SMTP client 10457sends RSET in 10458order to finish a recipient address probe, or to verify that a 10459cached session is still usable. </p> 10460 10461<p> This feature is available in Postfix 2.1 and later. </p> 10462 10463 10464</DD> 10465 10466<DT><b><a name="smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> 10467(default: empty)</b></DT><DD> 10468 10469<p> An optional table to prevent repeated SASL authentication 10470failures with the same remote SMTP server hostname, username and 10471password. Each table (key, value) pair contains a server name, a 10472username and password, and the full server response. This information 10473is stored when a remote SMTP server rejects an authentication attempt 10474with a 535 reply code. As long as the <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> 10475information does no change, and as long as the <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> 10476information does not expire (see <a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a>) the 10477Postfix SMTP client avoids SASL authentication attempts with the 10478same server, username and password, and instead bounces or defers 10479mail as controlled with the <a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> configuration 10480parameter. </p> 10481 10482<p> Use a per-destination delivery concurrency of 1 (for example, 10483"<a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> = 1", 10484"<a href="postconf.5.html#relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> = 1", etc.), otherwise multiple 10485delivery agents may experience a login failure at the same time. 10486</p> 10487 10488<p> The table must be accessed via the proxywrite service, i.e. the 10489map name must start with "<a href="proxymap.8.html">proxy</a>:". The table should be stored under 10490the directory specified with the <a href="postconf.5.html#data_directory">data_directory</a> parameter. </p> 10491 10492<p> This feature uses cryptographic hashing to protect plain-text 10493passwords, and requires that Postfix is compiled with TLS support. 10494</p> 10495 10496<p> Example: </p> 10497 10498<pre> 10499<a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> = <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/var/db/postfix/sasl_auth_cache 10500</pre> 10501 10502<p> This feature is available in Postfix 2.5 and later. </p> 10503 10504 10505</DD> 10506 10507<DT><b><a name="smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> 10508(default: 90d)</b></DT><DD> 10509 10510<p> The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it 10511is removed. </p> 10512 10513<p> This feature is available in Postfix 2.5 and later. </p> 10514 10515 10516</DD> 10517 10518<DT><b><a name="smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> 10519(default: no)</b></DT><DD> 10520 10521<p> 10522Enable SASL authentication in the Postfix SMTP client. By default, 10523the Postfix SMTP client uses no authentication. 10524</p> 10525 10526<p> 10527Example: 10528</p> 10529 10530<pre> 10531<a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> = yes 10532</pre> 10533 10534 10535</DD> 10536 10537<DT><b><a name="smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> 10538(default: yes)</b></DT><DD> 10539 10540<p> When a remote SMTP server rejects a SASL authentication request 10541with a 535 reply code, defer mail delivery instead of returning 10542mail as undeliverable. The latter behavior was hard-coded prior to 10543Postfix version 2.5. </p> 10544 10545<p> Note: the setting "yes" overrides the global <a href="postconf.5.html#soft_bounce">soft_bounce</a> 10546parameter, but the setting "no" does not. </p> 10547 10548<p> Example: </p> 10549 10550<pre> 10551# Default as of Postfix 2.5 10552<a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> = yes 10553# The old hard-coded default 10554<a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> = no 10555</pre> 10556 10557<p> This feature is available in Postfix 2.5 and later. </p> 10558 10559 10560</DD> 10561 10562<DT><b><a name="smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> 10563(default: empty)</b></DT><DD> 10564 10565<p> 10566If non-empty, a Postfix SMTP client filter for the remote SMTP 10567server's list of offered SASL mechanisms. Different client and 10568server implementations may support different mechanism lists; by 10569default, the Postfix SMTP client will use the intersection of the 10570two. <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> specifies an optional third mechanism 10571list to intersect with. </p> 10572 10573<p> Specify mechanism names, "/file/name" patterns or "<a href="DATABASE_README.html">type:table</a>" 10574lookup tables. The right-hand side result from "<a href="DATABASE_README.html">type:table</a>" lookups 10575is ignored. Specify "!pattern" to exclude a mechanism name from the 10576list. The form "!/file/name" is supported only in Postfix version 105772.4 and later. </p> 10578 10579<p> This feature is available in Postfix 2.2 and later. </p> 10580 10581<p> 10582Examples: 10583</p> 10584 10585<pre> 10586<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = plain, login 10587<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = /etc/postfix/smtp_mechs 10588<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = !gssapi, !login, <a href="DATABASE_README.html#types">static</a>:rest 10589</pre> 10590 10591 10592</DD> 10593 10594<DT><b><a name="smtp_sasl_password_maps">smtp_sasl_password_maps</a> 10595(default: empty)</b></DT><DD> 10596 10597<p> 10598Optional Postfix SMTP client lookup tables with one username:password 10599entry 10600per remote hostname or domain, or sender address when sender-dependent 10601authentication is enabled. If no username:password entry is found, 10602then the Postfix SMTP client will not 10603attempt to authenticate to the remote host. 10604</p> 10605 10606<p> 10607The Postfix SMTP client opens the lookup table before going to 10608chroot jail, so you can leave the password file in /etc/postfix. 10609</p> 10610 10611 10612</DD> 10613 10614<DT><b><a name="smtp_sasl_path">smtp_sasl_path</a> 10615(default: empty)</b></DT><DD> 10616 10617<p> Implementation-specific information that the Postfix SMTP client 10618passes through to 10619the SASL plug-in implementation that is selected with 10620<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. Typically this specifies the name of a 10621configuration file or rendezvous point. </p> 10622 10623<p> This feature is available in Postfix 2.3 and later. </p> 10624 10625 10626</DD> 10627 10628<DT><b><a name="smtp_sasl_security_options">smtp_sasl_security_options</a> 10629(default: noplaintext, noanonymous)</b></DT><DD> 10630 10631<p> Postfix SMTP client SASL security options; as of Postfix 2.3 10632the list of available 10633features depends on the SASL client implementation that is selected 10634with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. </p> 10635 10636<p> The following security features are defined for the <b>cyrus</b> 10637client SASL implementation: </p> 10638 10639<p> 10640Specify zero or more of the following: 10641</p> 10642 10643<dl> 10644 10645<dt><b>noplaintext</b></dt> 10646 10647<dd>Disallow methods that use plaintext passwords. </dd> 10648 10649<dt><b>noactive</b></dt> 10650 10651<dd>Disallow methods subject to active (non-dictionary) attack. 10652</dd> 10653 10654<dt><b>nodictionary</b></dt> 10655 10656<dd>Disallow methods subject to passive (dictionary) attack. </dd> 10657 10658<dt><b>noanonymous</b></dt> 10659 10660<dd>Disallow methods that allow anonymous authentication. </dd> 10661 10662<dt><b>mutual_auth</b></dt> 10663 10664<dd>Only allow methods that provide mutual authentication (not 10665available with SASL version 1). </dd> 10666 10667</dl> 10668 10669<p> 10670Example: 10671</p> 10672 10673<pre> 10674<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> = noplaintext 10675</pre> 10676 10677 10678</DD> 10679 10680<DT><b><a name="smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> 10681(default: $<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b></DT><DD> 10682 10683<p> The SASL authentication security options that the Postfix SMTP 10684client uses for TLS encrypted SMTP sessions. </p> 10685 10686<p> This feature is available in Postfix 2.2 and later. </p> 10687 10688 10689</DD> 10690 10691<DT><b><a name="smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> 10692(default: $<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b></DT><DD> 10693 10694<p> The SASL authentication security options that the Postfix SMTP 10695client uses for TLS encrypted SMTP sessions with a verified server 10696certificate. </p> 10697 10698<p> When mail is sent to the public MX host for the recipient's 10699domain, server certificates are by default optional, and delivery 10700proceeds even if certificate verification fails. For delivery via 10701a submission service that requires SASL authentication, it may be 10702appropriate to send plaintext passwords only when the connection 10703to the server is strongly encrypted <b>and</b> the server identity 10704is verified. </p> 10705 10706<p> The <a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> parameter makes it 10707possible to only enable plaintext mechanisms when a secure connection 10708to the server is available. Submission servers subject to this 10709policy must either have verifiable certificates or offer suitable 10710non-plaintext SASL mechanisms. </p> 10711 10712<p> This feature is available in Postfix 2.6 and later. </p> 10713 10714 10715</DD> 10716 10717<DT><b><a name="smtp_sasl_type">smtp_sasl_type</a> 10718(default: cyrus)</b></DT><DD> 10719 10720<p> The SASL plug-in type that the Postfix SMTP client should use 10721for authentication. The available types are listed with the 10722"<b>postconf -A</b>" command. </p> 10723 10724<p> This feature is available in Postfix 2.3 and later. </p> 10725 10726 10727</DD> 10728 10729<DT><b><a name="smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> 10730(default: no)</b></DT><DD> 10731 10732<p> Whether or not to append the "AUTH=<>" option to the MAIL 10733FROM command in SASL-authenticated SMTP sessions. The default is 10734not to send this, to avoid problems with broken remote SMTP servers. 10735Before Postfix 2.9 the behavior is as if "<a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> 10736= yes". 10737 10738<p> This feature is available in Postfix 2.9 and later. </p> 10739 10740 10741</DD> 10742 10743<DT><b><a name="smtp_send_xforward_command">smtp_send_xforward_command</a> 10744(default: no)</b></DT><DD> 10745 10746<p> 10747Send the non-standard XFORWARD command when the Postfix SMTP server 10748EHLO response announces XFORWARD support. 10749</p> 10750 10751<p> 10752This allows a Postfix SMTP delivery agent, used for injecting mail 10753into 10754a content filter, to forward the name, address, protocol and HELO 10755name of the original client to the content filter and downstream 10756queuing SMTP server. This can produce more useful logging than 10757localhost[127.0.0.1] etc. 10758</p> 10759 10760<p> 10761This feature is available in Postfix 2.1 and later. 10762</p> 10763 10764 10765</DD> 10766 10767<DT><b><a name="smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> 10768(default: no)</b></DT><DD> 10769 10770<p> 10771Enable sender-dependent authentication in the Postfix SMTP client; this is 10772available only with SASL authentication, and disables SMTP connection 10773caching to ensure that mail from different senders will use the 10774appropriate credentials. </p> 10775 10776<p> 10777This feature is available in Postfix 2.3 and later. 10778</p> 10779 10780 10781</DD> 10782 10783<DT><b><a name="smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> 10784(default: yes)</b></DT><DD> 10785 10786<p> 10787Skip SMTP servers that greet with a 4XX status code (go away, try 10788again later). 10789</p> 10790 10791<p> 10792By default, the Postfix SMTP client moves on the next mail exchanger. 10793Specify 10794"<a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> = no" if Postfix should defer delivery 10795immediately. 10796</p> 10797 10798<p> This feature is available in Postfix 2.0 and earlier. 10799Later Postfix versions always skip remote SMTP servers that greet 10800with a 108014XX status code. </p> 10802 10803 10804</DD> 10805 10806<DT><b><a name="smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> 10807(default: yes)</b></DT><DD> 10808 10809<p> 10810Skip remote SMTP servers that greet with a 5XX status code. 10811</p> 10812 10813<p> By default, the Postfix SMTP client moves on the next mail 10814exchanger. Specify "<a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> = no" if Postfix should 10815bounce the mail immediately. Caution: the latter behavior appears 10816to contradict <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p> 10817 10818 10819</DD> 10820 10821<DT><b><a name="smtp_skip_quit_response">smtp_skip_quit_response</a> 10822(default: yes)</b></DT><DD> 10823 10824<p> 10825Do not wait for the response to the SMTP QUIT command. 10826</p> 10827 10828 10829</DD> 10830 10831<DT><b><a name="smtp_starttls_timeout">smtp_starttls_timeout</a> 10832(default: 300s)</b></DT><DD> 10833 10834<p> Time limit for Postfix SMTP client write and read operations 10835during TLS startup and shutdown handshake procedures. </p> 10836 10837<p> This feature is available in Postfix 2.2 and later. </p> 10838 10839 10840</DD> 10841 10842<DT><b><a name="smtp_tls_CAfile">smtp_tls_CAfile</a> 10843(default: empty)</b></DT><DD> 10844 10845<p> A file containing CA certificates of root CAs trusted to sign 10846either remote SMTP server certificates or intermediate CA certificates. 10847These are loaded into memory before the <a href="smtp.8.html">smtp(8)</a> client enters the 10848chroot jail. If the number of trusted roots is large, consider using 10849<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> instead, but note that the latter directory must be 10850present in the chroot jail if the <a href="smtp.8.html">smtp(8)</a> client is chrooted. This 10851file may also be used to augment the client certificate trust chain, 10852but it is best to include all the required certificates directly in 10853$<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. </p> 10854 10855<p> Specify "<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /path/to/system_CA_file" to use 10856ONLY the system-supplied default certificate authority certificates. 10857</p> 10858 10859<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from 10860appending the system-supplied default CAs and trusting third-party 10861certificates. </p> 10862 10863<p> Example: </p> 10864 10865<pre> 10866<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/CAcert.pem 10867</pre> 10868 10869<p> This feature is available in Postfix 2.2 and later. </p> 10870 10871 10872</DD> 10873 10874<DT><b><a name="smtp_tls_CApath">smtp_tls_CApath</a> 10875(default: empty)</b></DT><DD> 10876 10877<p> Directory with PEM format certificate authority certificates 10878that the Postfix SMTP client uses to verify a remote SMTP server 10879certificate. Don't forget to create the necessary "hash" links 10880with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". 10881</p> 10882 10883<p> To use this option in chroot mode, this directory (or a copy) 10884must be inside the chroot jail. </p> 10885 10886<p> Specify "<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> = /path/to/system_CA_directory" to 10887use ONLY the system-supplied default certificate authority certificates. 10888</p> 10889 10890<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from 10891appending the system-supplied default CAs and trusting third-party 10892certificates. </p> 10893 10894<p> Example: </p> 10895 10896<pre> 10897<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> = /etc/postfix/certs 10898</pre> 10899 10900<p> This feature is available in Postfix 2.2 and later. </p> 10901 10902 10903</DD> 10904 10905<DT><b><a name="smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> 10906(default: no)</b></DT><DD> 10907 10908<p> Try to detect a mail hijacking attack based on a TLS protocol 10909vulnerability (CVE-2009-3555), where an attacker prepends malicious 10910HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. 10911The attack would succeed with non-Postfix SMTP servers that reply 10912to the malicious HELO, MAIL, RCPT, DATA commands after negotiating 10913the Postfix SMTP client TLS session. </p> 10914 10915<p> This feature is available in Postfix 2.7. </p> 10916 10917 10918</DD> 10919 10920<DT><b><a name="smtp_tls_cert_file">smtp_tls_cert_file</a> 10921(default: empty)</b></DT><DD> 10922 10923<p> File with the Postfix SMTP client RSA certificate in PEM format. 10924This file may also contain the Postfix SMTP client private RSA key, 10925and these may be the same as the Postfix SMTP server RSA certificate and key 10926file. </p> 10927 10928<p> Do not configure client certificates unless you <b>must</b> present 10929client TLS certificates to one or more servers. Client certificates are 10930not usually needed, and can cause problems in configurations that work 10931well without them. The recommended setting is to let the defaults stand: </p> 10932 10933<blockquote> 10934<pre> 10935<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> = 10936<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> = 10937<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> = 10938<a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> = 10939<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> = 10940<a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> = 10941</pre> 10942</blockquote> 10943 10944<p> The best way to use the default settings is to comment out the above 10945parameters in <a href="postconf.5.html">main.cf</a> if present. </p> 10946 10947<p> To enable remote SMTP servers to verify the Postfix SMTP client 10948certificate, the issuing CA certificates must be made available to the 10949server. You should include the required certificates in the client 10950certificate file, the client certificate first, then the issuing 10951CA(s) (bottom-up order). </p> 10952 10953<p> Example: the certificate for "client.example.com" was issued by 10954"intermediate CA" which itself has a certificate issued by "root CA". 10955Create the client.pem file with "cat client_cert.pem intermediate_CA.pem 10956root_CA.pem > client.pem". </p> 10957 10958<p> If you also want to verify remote SMTP server certificates issued by 10959these CAs, you can add the CA certificates to the <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>, in 10960which case it is not necessary to have them in the <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>, 10961<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> or <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>. </p> 10962 10963<p> A certificate supplied here must be usable as an SSL client certificate 10964and hence pass the "openssl verify -purpose sslclient ..." test. </p> 10965 10966<p> Example: </p> 10967 10968<pre> 10969<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> = /etc/postfix/client.pem 10970</pre> 10971 10972<p> This feature is available in Postfix 2.2 and later. </p> 10973 10974 10975</DD> 10976 10977<DT><b><a name="smtp_tls_cipherlist">smtp_tls_cipherlist</a> 10978(default: empty)</b></DT><DD> 10979 10980<p> Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS 10981cipher list. As this feature applies to all TLS security levels, it is easy 10982to create inter-operability problems by choosing a non-default cipher 10983list. Do not use a non-default TLS cipher list on hosts that deliver email 10984to the public Internet: you will be unable to send email to servers that 10985only support the ciphers you exclude. Using a restricted cipher list 10986may be more appropriate for an internal MTA, where one can exert some 10987control over the TLS software and settings of the peer servers. </p> 10988 10989<p> <b>Note:</b> do not use "" quotes around the parameter value. </p> 10990 10991<p> This feature is available in Postfix version 2.2. It is not used with 10992Postfix 2.3 and later; use <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> instead. </p> 10993 10994 10995</DD> 10996 10997<DT><b><a name="smtp_tls_ciphers">smtp_tls_ciphers</a> 10998(default: export)</b></DT><DD> 10999 11000<p> The minimum TLS cipher grade that the Postfix SMTP client 11001will use with opportunistic TLS encryption. Cipher types listed in 11002<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> are excluded from the base definition of 11003the selected cipher grade. The default value "export" ensures maximum 11004inter-operability. Because encryption is optional, stronger controls 11005are not appropriate, and this setting SHOULD NOT be changed unless the 11006change is essential. </p> 11007 11008<p> When TLS is mandatory the cipher grade is chosen via the 11009<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> configuration parameter, see there for syntax 11010details. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure 11011ciphers on a per-destination basis. </p> 11012 11013<p> Example: </p> 11014<pre> 11015<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = export 11016</pre> 11017 11018<p> This feature is available in Postfix 2.6 and later. With earlier Postfix 11019releases only the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter is implemented, 11020and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p> 11021 11022 11023</DD> 11024 11025<DT><b><a name="smtp_tls_dcert_file">smtp_tls_dcert_file</a> 11026(default: empty)</b></DT><DD> 11027 11028<p> File with the Postfix SMTP client DSA certificate in PEM format. 11029This file may also contain the Postfix SMTP client private DSA key. </p> 11030 11031<p> See the discussion under <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for more details. 11032</p> 11033 11034<p> Example: </p> 11035 11036<pre> 11037<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> = /etc/postfix/client-dsa.pem 11038</pre> 11039 11040<p> This feature is available in Postfix 2.2 and later. </p> 11041 11042 11043</DD> 11044 11045<DT><b><a name="smtp_tls_dkey_file">smtp_tls_dkey_file</a> 11046(default: $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b></DT><DD> 11047 11048<p> File with the Postfix SMTP client DSA private key in PEM format. 11049This file may be combined with the Postfix SMTP client DSA certificate 11050file specified with $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>. </p> 11051 11052<p> The private key must be accessible without a pass-phrase, i.e. it 11053must not be encrypted. File permissions should grant read-only 11054access to the system superuser account ("root"), and no access 11055to anyone else. </p> 11056 11057<p> This feature is available in Postfix 2.2 and later. </p> 11058 11059 11060</DD> 11061 11062<DT><b><a name="smtp_tls_eccert_file">smtp_tls_eccert_file</a> 11063(default: empty)</b></DT><DD> 11064 11065<p> File with the Postfix SMTP client ECDSA certificate in PEM format. 11066This file may also contain the Postfix SMTP client ECDSA private key. </p> 11067 11068<p> See the discussion under <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for more details. 11069</p> 11070 11071<p> Example: </p> 11072 11073<pre> 11074<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> = /etc/postfix/ecdsa-ccert.pem 11075</pre> 11076 11077<p> This feature is available in Postfix 2.6 and later, when Postfix is 11078compiled and linked with OpenSSL 1.0.0 or later. </p> 11079 11080 11081</DD> 11082 11083<DT><b><a name="smtp_tls_eckey_file">smtp_tls_eckey_file</a> 11084(default: $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b></DT><DD> 11085 11086<p> File with the Postfix SMTP client ECDSA private key in PEM format. 11087This file may be combined with the Postfix SMTP client ECDSA 11088certificate file specified with $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>. </p> 11089 11090<p> The private key must be accessible without a pass-phrase, i.e. it 11091must not be encrypted. File permissions should grant read-only 11092access to the system superuser account ("root"), and no access 11093to anyone else. </p> 11094 11095<p> This feature is available in Postfix 2.6 and later, when Postfix is 11096compiled and linked with OpenSSL 1.0.0 or later. </p> 11097 11098 11099</DD> 11100 11101<DT><b><a name="smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> 11102(default: yes)</b></DT><DD> 11103 11104<p> With mandatory TLS encryption, require that the remote SMTP 11105server hostname matches the information in the remote SMTP server 11106certificate. As of <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> the requirements for hostname checking 11107for MTA clients are not specified. </p> 11108 11109<p> This option can be set to "no" to disable strict peer name 11110checking. This setting has no effect on sessions that are controlled 11111via the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table. </p> 11112 11113<p> Disabling the hostname verification can make sense in closed 11114environment where special CAs are created. If not used carefully, 11115this option opens the danger of a "man-in-the-middle" attack (the 11116CommonName of this attacker will be logged). </p> 11117 11118<p> This feature is available in Postfix 2.2 and later. With 11119Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p> 11120 11121 11122</DD> 11123 11124<DT><b><a name="smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> 11125(default: empty)</b></DT><DD> 11126 11127<p> List of ciphers or cipher types to exclude from the Postfix 11128SMTP client cipher 11129list at all TLS security levels. This is not an OpenSSL cipherlist, it is 11130a simple list separated by whitespace and/or commas. The elements are a 11131single cipher, or one or more "+" separated cipher properties, in which 11132case only ciphers matching <b>all</b> the properties are excluded. </p> 11133 11134<p> Examples (some of these will cause problems): </p> 11135 11136<blockquote> 11137<pre> 11138<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL 11139<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = MD5, DES 11140<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = DES+MD5 11141<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = AES256-SHA, DES-CBC3-MD5 11142<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = kEDH+aRSA 11143</pre> 11144</blockquote> 11145 11146<p> The first setting, disables anonymous ciphers. The next setting 11147disables ciphers that use the MD5 digest algorithm or the (single) DES 11148encryption algorithm. The next setting disables ciphers that use MD5 and 11149DES together. The next setting disables the two ciphers "AES256-SHA" 11150and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH" 11151key exchange with RSA authentication. </p> 11152 11153<p> This feature is available in Postfix 2.3 and later. </p> 11154 11155 11156</DD> 11157 11158<DT><b><a name="smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> 11159(default: empty)</b></DT><DD> 11160 11161<p> List of acceptable remote SMTP server certificate fingerprints for 11162the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = 11163fingerprint). At this security level, certificate authorities are not 11164used, and certificate expiration times are ignored. Instead, server 11165certificates are verified directly via their certificate fingerprint 11166or public key fingerprint (Postfix 2.9 and later). The fingerprint 11167is a message digest of the server certificate (or public key). The 11168digest algorithm is selected via the <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> 11169parameter. </p> 11170 11171<p> When an <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a></b> table entry specifies the 11172"fingerprint" security level, any "match" attributes in that entry specify 11173the list of valid fingerprints for the corresponding destination. Multiple 11174fingerprints can be combined with a "|" delimiter in a single match 11175attribute, or multiple match attributes can be employed. </p> 11176 11177<p> Example: Certificate fingerprint verification with internal mailhub. 11178Two matching fingerprints are listed. The <a href="postconf.5.html#relayhost">relayhost</a> may be multiple 11179physical hosts behind a load-balancer, each with its own private/public 11180key and self-signed certificate. Alternatively, a single <a href="postconf.5.html#relayhost">relayhost</a> may 11181be in the process of switching from one set of private/public keys to 11182another, and both keys are trusted just prior to the transition. </p> 11183 11184<blockquote> 11185<pre> 11186<a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com] 11187<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint 11188<a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = md5 11189<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> = 11190 3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 11191 EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 11192</pre> 11193</blockquote> 11194 11195<p> Example: Certificate fingerprint verification with selected destinations. 11196As in the example above, we show two matching fingerprints: </p> 11197 11198<blockquote> 11199<pre> 11200/etc/postfix/<a href="postconf.5.html">main.cf</a>: 11201 <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_policy 11202 <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = md5 11203</pre> 11204</blockquote> 11205 11206<blockquote> 11207<pre> 11208/etc/postfix/tls_policy: 11209 example.com fingerprint 11210 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 11211 match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 11212</pre> 11213</blockquote> 11214 11215<p> This feature is available in Postfix 2.5 and later. </p> 11216 11217 11218</DD> 11219 11220<DT><b><a name="smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> 11221(default: md5)</b></DT><DD> 11222 11223<p> The message digest algorithm used to construct remote SMTP server 11224certificate fingerprints. At the "fingerprint" TLS security level 11225(<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = fingerprint), the server certificate is 11226verified by directly matching its certificate fingerprint or its public 11227key fingerprint (Postfix 2.9 and later). The fingerprint is the 11228message digest of the server certificate (or its public key) 11229using the selected 11230algorithm. With a digest algorithm resistant to "second pre-image" 11231attacks, it is not feasible to create a new public key and a matching 11232certificate (or public/private key-pair) that has the same fingerprint. </p> 11233 11234<p> The default algorithm is <b>md5</b>; this is consistent with 11235the backwards compatible setting of the digest used to verify client 11236certificates in the SMTP server. </p> 11237 11238<p> The best practice algorithm is now <b>sha1</b>. Recent advances in hash 11239function cryptanalysis have led to md5 being deprecated in favor of sha1. 11240However, as long as there are no known "second pre-image" attacks 11241against md5, its use in this context can still be considered safe. 11242</p> 11243 11244<p> While additional digest algorithms are often available with OpenSSL's 11245libcrypto, only those used by libssl in SSL cipher suites are available to 11246Postfix. For now this means just md5 or sha1. </p> 11247 11248<p> To find the fingerprint of a specific certificate file, with a 11249specific digest algorithm, run: 11250</p> 11251 11252<blockquote> 11253<pre> 11254$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem 11255</pre> 11256</blockquote> 11257 11258<p> The text to the right of "=" sign is the desired fingerprint. 11259For example: </p> 11260 11261<blockquote> 11262<pre> 11263$ openssl x509 -noout -fingerprint -sha1 -in cert.pem 11264SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A 11265</pre> 11266</blockquote> 11267 11268<p> To extract the public key fingerprint from an X.509 certificate, 11269you need to extract the public key from the certificate and compute 11270the appropriate digest of its DER (ASN.1) encoding. With OpenSSL 11271the "-pubkey" option of the "x509" command extracts the public 11272key always in "PEM" format. We pipe the result to another OpenSSL 11273command that converts the key to DER and then to the "dgst" command 11274to compute the fingerprint. </p> 11275 11276<p> The actual command to transform the key to DER format depends 11277on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the 11278"pkey" command supports all key types. With OpenSSL 0.9.8 and 11279earlier, the key type is always RSA (nobody uses DSA, and EC 11280keys are not fully supported by 0.9.8), so the "rsa" command is 11281used. </p> 11282<blockquote> 11283<pre> 11284# OpenSSL 1.0 with all certificates and SHA-1 fingerprints. 11285$ openssl x509 -in cert.pem -noout -pubkey | 11286 openssl pkey -pubin -outform DER | 11287 openssl dgst -sha1 -c 11288(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58 11289</pre> 11290</blockquote> 11291 11292<blockquote> 11293<pre> 11294# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints. 11295$ openssl x509 -in cert.pem -noout -pubkey | 11296 openssl rsa -pubin -outform DER | 11297 openssl dgst -md5 -c 11298(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50 11299</pre> 11300</blockquote> 11301 11302<p> The Postfix SMTP server and client log the peer (leaf) certificate 11303fingerprint and public key fingerprint when the TLS loglevel is 2 or 11304higher. </p> 11305 11306<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key 11307fingerprint incorrectly. To use public-key fingerprints, upgrade 11308to Postfix 2.9.6 or later. </p> 11309 11310<p> This feature is available in Postfix 2.5 and later. </p> 11311 11312 11313</DD> 11314 11315<DT><b><a name="smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> 11316(default: no)</b></DT><DD> 11317 11318<p> Lookup the associated DANE TLSA RRset even when a hostname is 11319not an alias and its address records lie in an unsigned zone. This 11320is unlikely to ever yield DNSSEC validated results, since child 11321zones of unsigned zones are also unsigned in the absence of DLV or 11322locally configured non-root trust-anchors. We anticipate that such 11323mechanisms will not be used for just the "_tcp" subdomain of a host. 11324Suppressing the TLSA RRset lookup reduces latency and avoids potential 11325interoperability problems with nameservers for unsigned zones that 11326are not prepared to handle the new TLSA RRset. </p> 11327 11328<p> This feature is available in Postfix 2.11. </p> 11329 11330 11331</DD> 11332 11333<DT><b><a name="smtp_tls_key_file">smtp_tls_key_file</a> 11334(default: $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b></DT><DD> 11335 11336<p> File with the Postfix SMTP client RSA private key in PEM format. 11337This file may be combined with the Postfix SMTP client RSA certificate 11338file specified with $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. </p> 11339 11340<p> The private key must be accessible without a pass-phrase, i.e. it 11341must not be encrypted. File permissions should grant read-only 11342access to the system superuser account ("root"), and no access 11343to anyone else. </p> 11344 11345<p> Example: </p> 11346 11347<pre> 11348<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> = $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> 11349</pre> 11350 11351<p> This feature is available in Postfix 2.2 and later. </p> 11352 11353 11354</DD> 11355 11356<DT><b><a name="smtp_tls_loglevel">smtp_tls_loglevel</a> 11357(default: 0)</b></DT><DD> 11358 11359<p> Enable additional Postfix SMTP client logging of TLS activity. 11360Each logging level also includes the information that is logged at 11361a lower logging level. </p> 11362 11363<dl compact> 11364 11365<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd> 11366 11367<dt> </dt> <dd> 1 Log only a summary message on TLS handshake completion 11368— no logging of remote SMTP server certificate trust-chain 11369verification errors if server certificate verification is not required. 11370With Postfix 2.8 and earlier, log the summary message and unconditionally 11371log trust-chain verification errors. </dd> 11372 11373<dt> </dt> <dd> 2 Also log levels during TLS negotiation. </dd> 11374 11375<dt> </dt> <dd> 3 Also log hexadecimal and ASCII dump of TLS negotiation 11376process. </dd> 11377 11378<dt> </dt> <dd> 4 Also log hexadecimal and ASCII dump of complete 11379transmission after STARTTLS. </dd> 11380 11381</dl> 11382 11383<p> Do not use "<a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> = 2" or higher except in case of 11384problems. Use of loglevel 4 is strongly discouraged. </p> 11385 11386<p> This feature is available in Postfix 2.2 and later. </p> 11387 11388 11389</DD> 11390 11391<DT><b><a name="smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> 11392(default: medium)</b></DT><DD> 11393 11394<p> The minimum TLS cipher grade that the Postfix SMTP client will 11395use with 11396mandatory TLS encryption. The default value "medium" is suitable 11397for most destinations with which you may want to enforce TLS, and 11398is beyond the reach of today's cryptanalytic methods. See 11399<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure ciphers 11400on a per-destination basis. </p> 11401 11402<p> The following cipher grades are supported: </p> 11403 11404<dl> 11405<dt><b>export</b></dt> 11406<dd> Enable "EXPORT" grade or better OpenSSL 11407ciphers. This is the default for opportunistic encryption. It is 11408not recommended for mandatory encryption unless you must enforce TLS 11409with "crippled" peers. The underlying cipherlist is specified via the 11410<a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> configuration parameter, which you are strongly 11411encouraged to not change. </dd> 11412 11413<dt><b>low</b></dt> 11414<dd> Enable "LOW" grade or better OpenSSL ciphers. This 11415setting is only appropriate for internal mail servers. The underlying 11416cipherlist is specified via the <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> configuration 11417parameter, which you are strongly encouraged to not change. </dd> 11418 11419<dt><b>medium</b></dt> 11420<dd> Enable "MEDIUM" grade or better OpenSSL ciphers. 11421The underlying cipherlist is specified via the <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> 11422configuration parameter, which you are strongly encouraged to not change. 11423</dd> 11424 11425<dt><b>high</b></dt> 11426<dd> Enable only "HIGH" grade OpenSSL ciphers. This setting may 11427be appropriate when all mandatory TLS destinations (e.g. when all 11428mail is routed to a suitably capable <a href="postconf.5.html#relayhost">relayhost</a>) support at least one 11429"HIGH" grade cipher. The underlying cipherlist is specified via the 11430<a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> configuration parameter, which you are strongly 11431encouraged to not change. </dd> 11432 11433<dt><b>null</b></dt> 11434<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication 11435without encryption. This setting is only appropriate in the rare case 11436that all servers are prepared to use NULL ciphers (not normally enabled 11437in TLS servers). A plausible use-case is an LMTP server listening on a 11438UNIX-domain socket that is configured to support "NULL" ciphers. The 11439underlying cipherlist is specified via the <a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> 11440configuration parameter, which you are strongly encouraged to not 11441change. </dd> 11442 11443</dl> 11444 11445<p> The underlying cipherlists for grades other than "null" include 11446anonymous ciphers, but these are automatically filtered out if the 11447Postfix SMTP client is configured to verify server certificates. 11448You are very unlikely to need to take any steps to exclude anonymous 11449ciphers, they are excluded automatically as necessary. If you must 11450exclude anonymous ciphers at the "may" or "encrypt" security levels, 11451when the Postfix SMTP client does not need or use peer certificates, set 11452"<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL". To exclude anonymous ciphers only when 11453TLS is enforced, set "<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> = aNULL". </p> 11454 11455<p> This feature is available in Postfix 2.3 and later. </p> 11456 11457 11458</DD> 11459 11460<DT><b><a name="smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> 11461(default: empty)</b></DT><DD> 11462 11463<p> Additional list of ciphers or cipher types to exclude from the 11464Postfix SMTP client cipher list at mandatory TLS security levels. This list 11465works in addition to the exclusions listed with <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> 11466(see there for syntax details). </p> 11467 11468<p> Starting with Postfix 2.6, the mandatory cipher exclusions can be 11469specified on a per-destination basis via the TLS policy "exclude" 11470attribute. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for notes and examples. </p> 11471 11472<p> This feature is available in Postfix 2.3 and later. </p> 11473 11474 11475</DD> 11476 11477<DT><b><a name="smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> 11478(default: !SSLv2)</b></DT><DD> 11479 11480<p> List of SSL/TLS protocols that the Postfix SMTP client will use with 11481mandatory TLS encryption. In <a href="postconf.5.html">main.cf</a> the values are separated by 11482whitespace, commas or colons. In the policy table "protocols" attribute 11483(see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid separator is colon. An 11484empty value means allow all protocols. The valid protocol names, (see 11485<b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and "TLSv1". </p> 11486 11487<p> With Postfix ≥ 2.5 the parameter syntax was expanded to support 11488protocol exclusions. One can explicitly exclude "SSLv2" by setting 11489"<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2". To exclude both "SSLv2" and 11490"SSLv3" set "<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3". Listing 11491the protocols to include, rather than protocols to exclude, is 11492supported, but not recommended. The exclusion form more closely 11493matches the underlying OpenSSL interface semantics. 11494</p> 11495 11496<p> The range of protocols advertised by an SSL/TLS client must be 11497contiguous. When a protocol version is enabled, disabling any 11498higher version implicitly disables all versions above that higher 11499version. Thus, for example: </p> 11500<blockquote> 11501<pre> 11502<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !TLSv1 11503</pre> 11504</blockquote> 11505<p> also disables any protocols version higher than TLSv1 leaving 11506only "SSLv3" enabled. </p> 11507 11508<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" 11509and "TLSv1.2". When Postfix ≤ 2.5 is linked against OpenSSL 1.0.1 11510or later, these, or any other new protocol versions, cannot be 11511disabled except by also disabling "TLSv1" (typically leaving just 11512"SSLv3"). The latest patch levels of Postfix ≥ 2.6, and all 11513versions of Postfix ≥ 2.10 can explicitly disable support for 11514"TLSv1.1" or "TLSv1.2". </p> 11515 11516<p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and 11517<a href="TLS_README.html#client_tls_dane">dane-only</a> security 11518levels, when usable TLSA records are obtained for the remote SMTP 11519server, the Postfix SMTP client is obligated to include the SNI TLS 11520extension in its SSL client hello message. This may help the remote 11521SMTP server live up to its promise to provide a certificate that 11522matches its TLSA records. Since TLS extensions require TLS 1.0 or 11523later, the Postfix SMTP client must disable "SSLv2" and "SSLv3" when 11524SNI is required. If you use "dane" or "dane-only" do not disable 11525TLSv1, except perhaps via the policy table for destinations which 11526you are sure will support "TLSv1.1" or "TLSv1.2". </p> 11527 11528<p> Since SSL version 2 has known protocol weaknesses and is now 11529deprecated, the default setting excludes "SSLv2". This means that by 11530default, SSL version 2 will not be used at the "encrypt" security level 11531and higher. </p> 11532 11533<p> See the documentation of the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> parameter and 11534<a href="TLS_README.html">TLS_README</a> for more information about security levels. </p> 11535 11536<p> Example: </p> 11537 11538<pre> 11539# Preferred syntax with Postfix ≥ 2.5: 11540<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3 11541# Legacy syntax: 11542<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = TLSv1 11543</pre> 11544 11545<p> This feature is available in Postfix 2.3 and later. </p> 11546 11547 11548</DD> 11549 11550<DT><b><a name="smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> 11551(default: no)</b></DT><DD> 11552 11553<p> Log the hostname of a remote SMTP server that offers STARTTLS, 11554when TLS is not already enabled for that server. </p> 11555 11556<p> The logfile record looks like: </p> 11557 11558<pre> 11559postfix/smtp[pid]: Host offered STARTTLS: [name.of.host] 11560</pre> 11561 11562<p> This feature is available in Postfix 2.2 and later. </p> 11563 11564 11565</DD> 11566 11567<DT><b><a name="smtp_tls_per_site">smtp_tls_per_site</a> 11568(default: empty)</b></DT><DD> 11569 11570<p> Optional lookup tables with the Postfix SMTP client TLS usage 11571policy by next-hop destination and by remote SMTP server hostname. 11572When both lookups succeed, the more specific per-site policy (NONE, 11573MUST, etc) overrides the less specific one (MAY), and the more secure 11574per-site policy (MUST, etc) overrides the less secure one (NONE). 11575With Postfix 2.3 and later <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> is strongly discouraged: 11576use <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> instead. </p> 11577 11578<p> Use of the bare hostname as the per-site table lookup key is 11579discouraged. Always use the full destination nexthop (enclosed in 11580[] with a possible ":port" suffix). A recipient domain or MX-enabled 11581transport next-hop with no port suffix may look like a bare hostname, 11582but is still a suitable <i>destination</i>. </p> 11583 11584<p> Specify a next-hop destination or server hostname on the left-hand 11585side; no wildcards are allowed. The next-hop destination is either 11586the recipient domain, or the destination specified with a <a href="transport.5.html">transport(5)</a> 11587table, the <a href="postconf.5.html#relayhost">relayhost</a> parameter, or the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter. 11588On the right hand side specify one of the following keywords: </p> 11589 11590<dl> 11591 11592<dt> NONE </dt> <dd> Don't use TLS at all. This overrides a less 11593specific <b>MAY</b> lookup result from the alternate host or next-hop 11594lookup key, and overrides the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, 11595and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> settings. </dd> 11596 11597<dt> MAY </dt> <dd> Try to use TLS if the server announces support, 11598otherwise use the unencrypted connection. This has less precedence 11599than a more specific result (including <b>NONE</b>) from the alternate 11600host or next-hop lookup key, and has less precedence than the more 11601specific global "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" or "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> 11602= yes". </dd> 11603 11604<dt> MUST_NOPEERMATCH </dt> <dd> Require TLS encryption, but do not 11605require that the remote SMTP server hostname matches the information 11606in the remote SMTP server certificate, or that the server certificate 11607was issued by a trusted CA. This overrides a less secure <b>NONE</b> 11608or a less specific <b>MAY</b> lookup result from the alternate host 11609or next-hop lookup key, and overrides the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, 11610<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> settings. </dd> 11611 11612<dt> MUST </dt> <dd> Require TLS encryption, require that the remote 11613SMTP server hostname matches the information in the remote SMTP 11614server certificate, and require that the remote SMTP server certificate 11615was issued by a trusted CA. This overrides a less secure <b>NONE</b> 11616and <b>MUST_NOPEERMATCH</b> or a less specific <b>MAY</b> lookup 11617result from the alternate host or next-hop lookup key, and overrides 11618the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> 11619settings. </dd> 11620 11621</dl> 11622 11623<p> The above keywords correspond to the "none", "may", "encrypt" and 11624"verify" security levels for the new <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> parameter 11625introduced in Postfix 2.3. Starting with Postfix 2.3, and independently 11626of how the policy is specified, the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and 11627<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameters apply when TLS encryption 11628is mandatory. Connections for which encryption is optional typically 11629enable all "export" grade and better ciphers (see <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> 11630and <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>). </p> 11631 11632<p> As long as no secure DNS lookup mechanism is available, false 11633hostnames in MX or CNAME responses can change the server hostname 11634that Postfix uses for TLS policy lookup and server certificate 11635verification. Even with a perfect match between the server hostname and 11636the server certificate, there is no guarantee that Postfix is connected 11637to the right server. See <a href="TLS_README.html">TLS_README</a> (Closing a DNS loophole with obsolete 11638per-site TLS policies) for a possible work-around. </p> 11639 11640<p> This feature is available in Postfix 2.2 and later. With 11641Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> instead. </p> 11642 11643 11644</DD> 11645 11646<DT><b><a name="smtp_tls_policy_maps">smtp_tls_policy_maps</a> 11647(default: empty)</b></DT><DD> 11648 11649<p> Optional lookup tables with the Postfix SMTP client TLS security 11650policy by next-hop destination; when a non-empty value is specified, 11651this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter. See 11652<a href="TLS_README.html">TLS_README</a> for a more detailed discussion of TLS security levels. 11653</p> 11654 11655<p> The TLS policy table is indexed by the full next-hop destination, 11656which is either the recipient domain, or the verbatim next-hop 11657specified in the transport table, $<a href="postconf.5.html#local_transport">local_transport</a>, $<a href="postconf.5.html#virtual_transport">virtual_transport</a>, 11658$<a href="postconf.5.html#relay_transport">relay_transport</a> or $<a href="postconf.5.html#default_transport">default_transport</a>. This includes any enclosing 11659square brackets and any non-default destination server port suffix. The 11660LMTP socket type prefix (inet: or unix:) is not included in the lookup 11661key. </p> 11662 11663<p> Only the next-hop domain, or $<a href="postconf.5.html#myhostname">myhostname</a> with LMTP over UNIX-domain 11664sockets, is used as the nexthop name for certificate verification. The 11665port and any enclosing square brackets are used in the table lookup key, 11666but are not used for server name verification. </p> 11667 11668<p> When the lookup key is a domain name without enclosing square brackets 11669or any <i>:port</i> suffix (typically the recipient domain), and the full 11670domain is not found in the table, just as with the <a href="transport.5.html">transport(5)</a> table, 11671the parent domain starting with a leading "." is matched recursively. This 11672allows one to specify a security policy for a recipient domain and all 11673its sub-domains. </p> 11674 11675<p> The lookup result is a security level, followed by an optional list 11676of whitespace and/or comma separated name=value attributes that override 11677related <a href="postconf.5.html">main.cf</a> settings. The TLS security levels in order of increasing 11678security are: </p> 11679 11680<dl> 11681 11682<dt><b><a href="TLS_README.html#client_tls_none">none</a></b></dt> 11683<dd>No TLS. No additional attributes are supported at this level. </dd> 11684 11685<dt><b><a href="TLS_README.html#client_tls_may">may</a></b></dt> 11686<dd>Opportunistic TLS. Since sending in the clear is acceptable, 11687demanding stronger than default TLS security merely reduces 11688inter-operability. The optional "ciphers", "exclude" and "protocols" 11689attributes (available for opportunistic TLS with Postfix ≥ 2.6) 11690override the "<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>", "<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>" and 11691"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>" configuration parameters. When opportunistic TLS 11692handshakes fail, Postfix retries the connection with TLS disabled. 11693This allows mail delivery to sites with non-interoperable TLS 11694implementations.</dd> 11695 11696<dt><b><a href="TLS_README.html#client_tls_encrypt">encrypt</a></b></dt> 11697<dd>Mandatory TLS encryption. At this level 11698and higher, the optional "protocols" attribute overrides the <a href="postconf.5.html">main.cf</a> 11699<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter, the optional "ciphers" attribute 11700overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter, and the 11701optional "exclude" attribute (Postfix ≥ 2.6) overrides the <a href="postconf.5.html">main.cf</a> 11702<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> parameter. In the policy table, 11703multiple protocols or excluded ciphers must be separated by colons, 11704as attribute values may not contain whitespace or commas. </dd> 11705 11706<dt><b><a href="TLS_README.html#client_tls_dane">dane</a></b></dt> 11707<dd>Opportunistic DANE TLS. The TLS policy for the destination is 11708obtained via TLSA records in DNSSEC. If no TLSA records are found, 11709the effective security level used is <a 11710href="TLS_README.html#client_tls_may">may</a>. If TLSA records are 11711found, but none are usable, the effective security level is <a 11712href="TLS_README.html#client_tls_encrypt">encrypt</a>. When usable 11713TLSA records are obtained for the remote SMTP server, the 11714server certificate must match the TLSA records. <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE) 11715TLS authentication and DNSSEC support is available with Postfix 117162.11 and later. </dd> 11717 11718<dt><b><a href="TLS_README.html#client_tls_dane">dane-only</a></b></dt> 11719<dd>Mandatory DANE TLS. The TLS policy for the destination is 11720obtained via TLSA records in DNSSEC. If no TLSA records are found, 11721or none are usable, no connection is made to the server. When 11722usable TLSA records are obtained for the remote SMTP server, the 11723server certificate must match the TLSA records. <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE) TLS 11724authentication and DNSSEC support is available with Postfix 2.11 11725and later. </dd> 11726 11727<dt><b><a href="TLS_README.html#client_tls_fingerprint">fingerprint</a></b></dt> 11728<dd>Certificate fingerprint 11729verification. Available with Postfix 2.5 and later. At this security 11730level, there are no trusted certificate authorities. The certificate 11731trust chain, expiration date, ... are not checked. Instead, 11732the optional <b>match</b> attribute, or else the <a href="postconf.5.html">main.cf</a> 11733<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a></b> parameter, lists the certificate 11734fingerprints or the public key fingerprint (Postfix 2.9 and later) 11735of the valid server certificate. The digest 11736algorithm used to calculate the fingerprint is selected by the 11737<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> parameter. Multiple fingerprints can 11738be combined with a "|" delimiter in a single match attribute, or multiple 11739match attributes can be employed. The ":" character is not used as a 11740delimiter as it occurs between each pair of fingerprint (hexadecimal) 11741digits. </dd> 11742 11743<dt><b><a href="TLS_README.html#client_tls_verify">verify</a></b></dt> 11744<dd>Mandatory TLS verification. At this security 11745level, DNS MX lookups are trusted to be secure enough, and the name 11746verified in the server certificate is usually obtained indirectly via 11747unauthenticated DNS MX lookups. The optional "match" attribute overrides 11748the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter. In the policy table, 11749multiple match patterns and strategies must be separated by colons. 11750In practice explicit control over matching is more common with the 11751"secure" policy, described below. </dd> 11752 11753<dt><b><a href="TLS_README.html#client_tls_secure">secure</a></b></dt> 11754<dd>Secure-channel TLS. At this security level, DNS 11755MX lookups, though potentially used to determine the candidate next-hop 11756gateway IP addresses, are <b>not</b> trusted to be secure enough for TLS 11757peername verification. Instead, the default name verified in the server 11758certificate is obtained directly from the next-hop, or is explicitly 11759specified via the optional <b>match</b> attribute which overrides the 11760<a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> parameter. In the policy table, 11761multiple match patterns and strategies must be separated by colons. 11762The match attribute is most useful when multiple domains are supported by 11763common server, the policy entries for additional domains specify matching 11764rules for the primary domain certificate. While transport table overrides 11765routing the secondary domains to the primary nexthop also allow secure 11766verification, they risk delivery to the wrong destination when domains 11767change hands or are re-assigned to new gateways. With the "match" 11768attribute approach, routing is not perturbed, and mail is deferred if 11769verification of a new MX host fails. </dd> 11770 11771</dl> 11772 11773<p> 11774Example: 11775</p> 11776 11777<pre> 11778/etc/postfix/<a href="postconf.5.html">main.cf</a>: 11779 <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_policy 11780 # Postfix 2.5 and later 11781 <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = md5 11782</pre> 11783 11784<pre> 11785/etc/postfix/tls_policy: 11786 example.edu none 11787 example.mil may 11788 example.gov encrypt protocols=TLSv1 11789 example.com verify ciphers=high 11790 example.net secure 11791 .example.net secure match=.example.net:example.net 11792 [mail.example.org]:587 secure match=nexthop 11793 # Postfix 2.5 and later 11794 [thumb.example.org] fingerprint 11795 match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 11796 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 11797</pre> 11798 11799<p> <b>Note:</b> The <b>hostname</b> strategy if listed in a non-default 11800setting of <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> or in the <b>match</b> attribute 11801in the policy table can render the <b>secure</b> level vulnerable to 11802DNS forgery. Do not use the <b>hostname</b> strategy for secure-channel 11803configurations in environments where DNS security is not assured. </p> 11804 11805<p> This feature is available in Postfix 2.3 and later. </p> 11806 11807 11808</DD> 11809 11810<DT><b><a name="smtp_tls_protocols">smtp_tls_protocols</a> 11811(default: !SSLv2)</b></DT><DD> 11812 11813<p> List of TLS protocols that the Postfix SMTP client will exclude or 11814include with opportunistic TLS encryption. Starting with Postfix 2.6, 11815the Postfix SMTP client will by default not use the obsolete SSLv2 11816protocol. </p> 11817 11818<p> In <a href="postconf.5.html">main.cf</a> the values are separated by whitespace, commas or 11819colons. In the policy table (see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid 11820separator is colon. An empty value means allow all protocols. The valid 11821protocol names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" 11822and "TLSv1". </p> 11823 11824<p> The range of protocols advertised by an SSL/TLS client must be 11825contiguous. When a protocol version is enabled, disabling any 11826higher version implicitly disables all versions above that higher 11827version. Thus, for example: </p> 11828<blockquote> 11829<pre> 11830<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !TLSv1 11831</pre> 11832</blockquote> 11833<p> also disables any protocols version higher than TLSv1 leaving 11834only "SSLv3" enabled. </p> 11835 11836<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" 11837and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all 11838versions of Postfix ≥ 2.10 can explicitly disable support for 11839"TLSv1.1" or "TLSv1.2"</p> 11840 11841<p> To include a protocol list its name, to exclude it, prefix the name 11842with a "!" character. To exclude SSLv2 even for opportunistic TLS set 11843"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set 11844"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3". Explicitly listing the protocols to 11845include, rather than protocols to exclude, is supported, but not 11846recommended. The exclusion form more closely matches the underlying 11847OpenSSL interface semantics. </p> 11848 11849<p> Example: </p> 11850<pre> 11851# TLSv1 or better: 11852<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3 11853</pre> 11854 11855<p> This feature is available in Postfix 2.6 and later. </p> 11856 11857 11858</DD> 11859 11860<DT><b><a name="smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> 11861(default: 9)</b></DT><DD> 11862 11863<p> The verification depth for remote SMTP server certificates. A depth 11864of 1 is sufficient if the issuing CA is listed in a local CA file. </p> 11865 11866<p> The default verification depth is 9 (the OpenSSL default) for 11867compatibility with earlier Postfix behavior. Prior to Postfix 2.5, 11868the default value was 5, but the limit was not actually enforced. If 11869you have set this to a lower non-default value, certificates with longer 11870trust chains may now fail to verify. Certificate chains with 1 or 2 11871CAs are common, deeper chains are more rare and any number between 5 11872and 9 should suffice in practice. You can choose a lower number if, 11873for example, you trust certificates directly signed by an issuing CA 11874but not any CAs it delegates to. </p> 11875 11876<p> This feature is available in Postfix 2.2 and later. </p> 11877 11878 11879</DD> 11880 11881<DT><b><a name="smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> 11882(default: nexthop, dot-nexthop)</b></DT><DD> 11883 11884<p> How the Postfix SMTP client verifies the server certificate 11885peername for the "secure" TLS security level. In a "secure" TLS policy table 11886($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) entry the optional "match" attribute 11887overrides this <a href="postconf.5.html">main.cf</a> setting. </p> 11888 11889<p> This parameter specifies one or more patterns or strategies separated 11890by commas, whitespace or colons. In the policy table the only valid 11891separator is the colon character. </p> 11892 11893<p> For a description of the pattern and strategy syntax see the 11894<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter. The "hostname" strategy should 11895be avoided in this context, as in the absence of a secure global DNS, using 11896the results of MX lookups in certificate verification is not immune to active 11897(man-in-the-middle) attacks on DNS. </p> 11898 11899<p> 11900Sample <a href="postconf.5.html">main.cf</a> setting: 11901</p> 11902 11903<blockquote> 11904<pre> 11905<a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> = nexthop 11906</pre> 11907</blockquote> 11908 11909<p> 11910Sample policy table override: 11911</p> 11912 11913<blockquote> 11914<pre> 11915example.net secure match=example.com:.example.com 11916.example.net secure match=example.com:.example.com 11917</pre> 11918</blockquote> 11919 11920<p> This feature is available in Postfix 2.3 and later. </p> 11921 11922 11923</DD> 11924 11925<DT><b><a name="smtp_tls_security_level">smtp_tls_security_level</a> 11926(default: empty)</b></DT><DD> 11927 11928<p> The default SMTP TLS security level for the Postfix SMTP client; 11929when a non-empty value is specified, this overrides the obsolete 11930parameters <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>. 11931</p> 11932 11933<p> Specify one of the following security levels: </p> 11934 11935<dl> 11936 11937<dt><b><a href="TLS_README.html#client_tls_none">none</a></b></dt> 11938<dd> No TLS. TLS will not be used unless enabled for specific 11939destinations via <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>. </dd> 11940 11941<dt><b><a href="TLS_README.html#client_tls_may">may</a></b></dt> 11942<dd> Opportunistic TLS. Use TLS if this is supported by the remote 11943SMTP server, otherwise use plaintext. Since 11944sending in the clear is acceptable, demanding stronger than default TLS 11945security merely reduces inter-operability. 11946The "<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>" and "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>" (Postfix ≥ 2.6) 11947configuration parameters provide control over the protocols and 11948cipher grade used with opportunistic TLS. With earlier releases the 11949opportunistic TLS cipher grade is always "export" and no protocols 11950are disabled. 11951When TLS handshakes fail, the connection is retried with TLS disabled. 11952This allows mail delivery to sites with non-interoperable TLS 11953implementations. </dd> 11954 11955<dt><b><a href="TLS_README.html#client_tls_encrypt">encrypt</a></b></dt> 11956<dd>Mandatory TLS encryption. Since a minimum 11957level of security is intended, it is reasonable to be specific about 11958sufficiently secure protocol versions and ciphers. At this security level 11959and higher, the <a href="postconf.5.html">main.cf</a> parameters <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> and 11960<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> specify the TLS protocols and minimum 11961cipher grade which the administrator considers secure enough for 11962mandatory encrypted sessions. This security level is not an appropriate 11963default for systems delivering mail to the Internet. </dd> 11964 11965<dt><b><a href="TLS_README.html#client_tls_dane">dane</a></b></dt> 11966<dd>Opportunistic DANE TLS. At this security level, the TLS policy 11967for the destination is obtained via DNSSEC. For TLSA policy to be 11968in effect, the destination domain's containing DNS zone must be 11969signed and the Postfix SMTP client's operating system must be 11970configured to send its DNS queries to a recursive DNS nameserver 11971that is able to validate the signed records. Each MX host's DNS 11972zone should also be signed, and should publish DANE TLSA (<a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a>) 11973records that specify how that MX host's TLS certificate is to be 11974verified. TLSA records do not preempt the normal SMTP MX host 11975selection algorithm, if some MX hosts support TLSA and others do 11976not, TLS security will vary from delivery to delivery. It is up 11977to the domain owner to configure their MX hosts and their DNS 11978sensibly. To configure the Postfix SMTP client for DNSSEC lookups 11979see the documentation for the <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> <a href="postconf.5.html">main.cf</a> 11980parameter. When DNSSEC-validated TLSA records are not found the 11981effective tls security level is "may". When TLSA records are found, 11982but are all unusable the effective security level is "encrypt". For 11983purposes of protocol and cipher selection, the "dane" security level 11984is treated like a "mandatory" TLS security level, and weak ciphers 11985and protocols are disabled. Since DANE authenticates server 11986certificates the "aNULL" cipher-suites are transparently excluded 11987at this level, no need to configure this manually. <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE) 11988TLS authentication is available with Postfix 2.11 and later. </dd> 11989 11990<dt><b><a href="TLS_README.html#client_tls_dane">dane-only</a></b></dt> 11991<dd>Mandatory DANE TLS. This is just like "dane" above, but DANE 11992TLSA authentication is required. There is no fallback to "may" or 11993"encrypt" when TLSA records are missing or unusable. <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> 11994(DANE) TLS authentication is available with Postfix 2.11 and later. 11995</dd> 11996 11997<dt><b><a href="TLS_README.html#client_tls_fingerprint">fingerprint</a></b></dt> 11998<dd>Certificate fingerprint verification. 11999At this security level, there are no trusted certificate authorities. 12000The certificate trust chain, expiration date, etc., are 12001not checked. Instead, the <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a></b> 12002parameter lists the certificate fingerprint or public key fingerprint 12003(Postfix 2.9 and later) of the valid server certificate. The digest 12004algorithm used to calculate the fingerprint is selected by the 12005<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> parameter. Available with Postfix 120062.5 and later. </dd> 12007 12008<dt><b><a href="TLS_README.html#client_tls_verify">verify</a></b></dt> 12009<dd>Mandatory TLS verification. At this security 12010level, DNS MX lookups are trusted to be secure enough, and the name 12011verified in the server certificate is usually obtained indirectly 12012via unauthenticated DNS MX lookups. The <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> 12013parameter controls how the server name is verified. In practice explicit 12014control over matching is more common at the "secure" level, described 12015below. This security level is not an appropriate default for systems 12016delivering mail to the Internet. </dd> 12017 12018<dt><b><a href="TLS_README.html#client_tls_secure">secure</a></b></dt> 12019<dd>Secure-channel TLS. At this security level, 12020DNS MX lookups, though potentially used to determine the candidate 12021next-hop gateway IP addresses, are <b>not</b> trusted to be secure enough 12022for TLS peername verification. Instead, the default name verified in 12023the server certificate is obtained from the next-hop domain as specified 12024in the <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> configuration parameter. The default 12025matching rule is that a server certificate matches when its name is equal 12026to or is a sub-domain of the nexthop domain. This security level is not 12027an appropriate default for systems delivering mail to the Internet. </dd> 12028 12029</dl> 12030 12031<p> 12032Examples: 12033</p> 12034 12035<pre> 12036# No TLS. Formerly: <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>=no and <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>=no. 12037<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = none 12038</pre> 12039 12040<pre> 12041# Opportunistic TLS. 12042<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may 12043# Postfix ≥ 2.6: 12044# Do not tweak opportunistic ciphers or protocol unless it is essential 12045# to do so (if a security vulnerability is found in the SSL library that 12046# can be mitigated by disabling a particular protocol or raising the 12047# cipher grade from "export" to "low" or "medium"). 12048<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = export 12049<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2 12050</pre> 12051 12052<pre> 12053# Mandatory (high-grade) TLS encryption. 12054<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt 12055<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high 12056</pre> 12057 12058<pre> 12059# Mandatory TLS verification of hostname or nexthop domain. 12060<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = verify 12061<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high 12062<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> = hostname, nexthop, dot-nexthop 12063</pre> 12064 12065<pre> 12066# Secure channel TLS with exact nexthop name match. 12067<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = secure 12068<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = TLSv1 12069<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high 12070<a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> = nexthop 12071</pre> 12072 12073<pre> 12074# Certificate fingerprint verification (Postfix ≥ 2.5). 12075# The CA-less "fingerprint" security level only scales to a limited 12076# number of destinations. As a global default rather than a per-site 12077# setting, this is practical when mail for all recipients is sent 12078# to a central mail hub. 12079<a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com] 12080<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint 12081<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3 12082<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high 12083<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> = 12084 3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 12085 EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 12086</pre> 12087 12088<p> This feature is available in Postfix 2.3 and later. </p> 12089 12090 12091</DD> 12092 12093<DT><b><a name="smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> 12094(default: empty)</b></DT><DD> 12095 12096<p> Name of the file containing the optional Postfix SMTP client 12097TLS session cache. Specify a database type that supports enumeration, 12098such as <b>btree</b> or <b>sdbm</b>; there is no need to support 12099concurrent access. The file is created if it does not exist. The <a href="smtp.8.html">smtp(8)</a> 12100daemon does not use this parameter directly, rather the cache is 12101implemented indirectly in the <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon. This means that 12102per-smtp-instance <a href="master.5.html">master.cf</a> overrides of this parameter are not effective. 12103Note, that each of the cache databases supported by <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon: 12104$<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, $<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> 12105(and with Postfix 2.3 and later $<a href="postconf.5.html#lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a>), needs to 12106be stored separately. It is not at this time possible to store multiple 12107caches in a single database. </p> 12108 12109<p> Note: <b>dbm</b> databases are not suitable. TLS 12110session objects are too large. </p> 12111 12112<p> As of version 2.5, Postfix no longer uses root privileges when 12113opening this file. The file should now be stored under the Postfix-owned 12114<a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to open the file 12115under a non-Postfix directory is redirected to the Postfix-owned 12116<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p> 12117 12118<p> Example: </p> 12119 12120<pre> 12121<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:/var/db/postfix/smtp_scache 12122</pre> 12123 12124<p> This feature is available in Postfix 2.2 and later. </p> 12125 12126 12127</DD> 12128 12129<DT><b><a name="smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> 12130(default: 3600s)</b></DT><DD> 12131 12132<p> The expiration time of Postfix SMTP client TLS session cache 12133information. A cache cleanup is performed periodically 12134every $<a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> seconds. As with 12135$<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>, this parameter is implemented in the 12136<a href="tlsmgr.8.html">tlsmgr(8)</a> daemon and therefore per-smtp-instance <a href="master.5.html">master.cf</a> overrides 12137are not possible. </p> 12138 12139<p> As of Postfix 2.11 this setting cannot exceed 100 days. If set 12140≤ 0, session caching is disabled. If set to a positive value 12141less than 2 minutes, the minimum value of 2 minutes is used instead. </p> 12142 12143<p> This feature is available in Postfix 2.2 and later. </p> 12144 12145 12146</DD> 12147 12148<DT><b><a name="smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> 12149(default: empty)</b></DT><DD> 12150 12151<p> Zero or more PEM-format files with trust-anchor certificates 12152and/or public keys. If the parameter is not empty the root CAs in 12153CAfile and CApath are no longer trusted. Rather, the Postfix SMTP 12154client will only trust certificate-chains signed by one of the 12155trust-anchors contained in the chosen files. The specified 12156trust-anchor certificates and public keys are not subject to 12157expiration, and need not be (self-signed) root CAs. They may, if 12158desired, be intermediate certificates. Therefore, these certificates 12159also may be found "in the middle" of the trust chain presented by 12160the remote SMTP server, and any untrusted issuing parent certificates 12161will be ignored. Specify a list of pathnames separated by comma 12162or whitespace. </p> 12163 12164<p> Whether specified in <a href="postconf.5.html">main.cf</a>, or on a per-destination basis, 12165the trust-anchor PEM file must be accessible to the Postfix SMTP 12166client in the chroot jail if applicable. The trust-anchor file 12167should contain only certificates and public keys, no private key 12168material, and must be readable by the non-privileged $<a href="postconf.5.html#mail_owner">mail_owner</a> 12169user. This allows destinations to be bound to a set of specific 12170CAs or public keys without trusting the same CAs for all destinations. 12171</p> 12172 12173<p> The <a href="postconf.5.html">main.cf</a> parameter supports single-purpose Postfix installations 12174that send mail to a fixed set of SMTP peers. At most sites, if 12175trust-anchor files are used at all, they will be specified on a 12176per-destination basis via the "tafile" attribute of the "verify" 12177and "secure" levels in <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>. </p> 12178 12179<p> The underlying mechanism is in support of <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA), 12180which defines mechanisms for a client to securely determine server 12181TLS certificates via DNS. </p> 12182 12183<p> If you want your trust anchors to be public keys, with OpenSSL 12184you can extract a single PEM public key from a PEM X.509 file 12185containing a single certificate, as follows: </p> 12186 12187<blockquote> 12188<pre> 12189$ openssl x509 -in cert.pem -out ta-key.pem -noout -pubkey 12190</pre> 12191</blockquote> 12192 12193<p> This feature is available in Postfix 2.11 and later. </p> 12194 12195 12196</DD> 12197 12198<DT><b><a name="smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> 12199(default: hostname)</b></DT><DD> 12200 12201<p> How the Postfix SMTP client verifies the server certificate 12202peername for the 12203"verify" TLS security level. In a "verify" TLS policy table 12204($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) entry the optional "match" attribute 12205overrides this <a href="postconf.5.html">main.cf</a> setting. </p> 12206 12207<p> This parameter specifies one or more patterns or strategies separated 12208by commas, whitespace or colons. In the policy table the only valid 12209separator is the colon character. </p> 12210 12211<p> Patterns specify domain names, or domain name suffixes: </p> 12212 12213<dl> 12214 12215<dt><i>example.com</i></dt> <dd> Match the <i>example.com</i> domain, 12216i.e. one of the names the server certificate must be <i>example.com</i>, 12217upper and lower case distinctions are ignored. </dd> 12218 12219<dt><i>.example.com</i></dt> 12220<dd> Match subdomains of the <i>example.com</i> domain, i.e. match 12221a name in the server certificate that consists of a non-zero number of 12222labels followed by a <i>.example.com</i> suffix. Case distinctions are 12223ignored.</dd> 12224 12225</dl> 12226 12227<p> Strategies specify a transformation from the next-hop domain 12228to the expected name in the server certificate: </p> 12229 12230<dl> 12231 12232<dt>nexthop</dt> 12233<dd> Match against the next-hop domain, which is either the recipient 12234domain, or the transport next-hop configured for the domain stripped of 12235any optional socket type prefix, enclosing square brackets and trailing 12236port. When MX lookups are not suppressed, this is the original nexthop 12237domain prior to the MX lookup, not the result of the MX lookup. For 12238LMTP delivery via UNIX-domain sockets, the verified next-hop name is 12239$<a href="postconf.5.html#myhostname">myhostname</a>. This strategy is suitable for use with the "secure" 12240policy. Case is ignored.</dd> 12241 12242<dt>dot-nexthop</dt> 12243<dd> As above, but match server certificate names that are subdomains 12244of the next-hop domain. Case is ignored.</dd> 12245 12246<dt>hostname</dt> <dd> Match against the hostname of the server, often 12247obtained via an unauthenticated DNS MX lookup. For LMTP delivery via 12248UNIX-domain sockets, the verified name is $<a href="postconf.5.html#myhostname">myhostname</a>. This matches 12249the verification strategy of the "MUST" keyword in the obsolete 12250<a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table, and is suitable for use with the "verify" 12251security level. When the next-hop name is enclosed in square brackets 12252to suppress MX lookups, the "hostname" strategy is the same as the 12253"nexthop" strategy. Case is ignored.</dd> 12254 12255</dl> 12256 12257<p> 12258Sample <a href="postconf.5.html">main.cf</a> setting: 12259</p> 12260 12261<pre> 12262<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> = hostname, nexthop, dot-nexthop 12263</pre> 12264 12265<p> 12266Sample policy table override: 12267</p> 12268 12269<pre> 12270example.com verify match=hostname:nexthop 12271.example.com verify match=example.com:.example.com:hostname 12272</pre> 12273 12274<p> This feature is available in Postfix 2.3 and later. </p> 12275 12276 12277</DD> 12278 12279<DT><b><a name="smtp_use_tls">smtp_use_tls</a> 12280(default: no)</b></DT><DD> 12281 12282<p> Opportunistic mode: use TLS when a remote SMTP server announces 12283STARTTLS support, otherwise send the mail in the clear. Beware: 12284some SMTP servers offer STARTTLS even if it is not configured. With 12285Postfix < 2.3, if the TLS handshake fails, and no other server is 12286available, delivery is deferred and mail stays in the queue. If this 12287is a concern for you, use the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> feature instead. </p> 12288 12289<p> This feature is available in Postfix 2.2 and later. With 12290Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p> 12291 12292 12293</DD> 12294 12295<DT><b><a name="smtp_xforward_timeout">smtp_xforward_timeout</a> 12296(default: 300s)</b></DT><DD> 12297 12298<p> 12299The Postfix SMTP client time limit for sending the XFORWARD command, 12300and for receiving the remote SMTP server response. 12301</p> 12302 12303<p> 12304Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 12305The default time unit is s (seconds). 12306</p> 12307 12308<p> 12309This feature is available in Postfix 2.1 and later. 12310</p> 12311 12312 12313</DD> 12314 12315<DT><b><a name="smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> 12316(default: $<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b></DT><DD> 12317 12318<p> What remote SMTP clients are allowed to specify the XVERP command. 12319This command requests that mail be delivered one recipient at a 12320time with a per recipient return address. </p> 12321 12322<p> By default, no clients are allowed to specify XVERP. </p> 12323 12324<p> This parameter was renamed with Postfix version 2.1. The default value 12325is backwards compatible with Postfix version 2.0. </p> 12326 12327<p> Specify a list of network/netmask patterns, separated by commas 12328and/or whitespace. The mask specifies the number of bits in the 12329network part of a host address. You can also specify hostnames or 12330.domain names (the initial dot causes the domain to match any name 12331below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" 12332pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 12333is matched when a table entry matches a lookup string (the lookup 12334result is ignored). Continue long lines by starting the next line 12335with whitespace. Specify "!pattern" to exclude an address or network 12336block from the list. The form "!/file/name" is supported only in 12337Postfix version 2.4 and later. </p> 12338 12339<p> Note: IP version 6 address information must be specified inside 12340<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> value, and in 12341files specified with "/file/name". IP version 6 addresses contain 12342the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 12343pattern. </p> 12344 12345 12346</DD> 12347 12348<DT><b><a name="smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> 12349(default: empty)</b></DT><DD> 12350 12351<p> 12352What remote SMTP clients are allowed to use the XCLIENT feature. This 12353command overrides remote SMTP client information that is used for access 12354control. Typical use is for SMTP-based content filters, fetchmail-like 12355programs, or SMTP server access rule testing. See the <a href="XCLIENT_README.html">XCLIENT_README</a> 12356document for details. 12357</p> 12358 12359<p> 12360This feature is available in Postfix 2.1 and later. 12361</p> 12362 12363<p> 12364By default, no clients are allowed to specify XCLIENT. 12365</p> 12366 12367<p> 12368Specify a list of network/netmask patterns, separated by commas 12369and/or whitespace. The mask specifies the number of bits in the 12370network part of a host address. You can also specify hostnames or 12371.domain names (the initial dot causes the domain to match any name 12372below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" 12373pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 12374is matched when a table entry matches a lookup string (the lookup 12375result is ignored). Continue long lines by starting the next line 12376with whitespace. Specify "!pattern" to exclude an address or network 12377block from the list. The form "!/file/name" is supported only in 12378Postfix version 2.4 and later. </p> 12379 12380<p> Note: IP version 6 address information must be specified inside 12381<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> value, and in 12382files specified with "/file/name". IP version 6 addresses contain 12383the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 12384pattern. </p> 12385 12386 12387</DD> 12388 12389<DT><b><a name="smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> 12390(default: empty)</b></DT><DD> 12391 12392<p> 12393What remote SMTP clients are allowed to use the XFORWARD feature. This 12394command forwards information that is used to improve logging after 12395SMTP-based content filters. See the <a href="XFORWARD_README.html">XFORWARD_README</a> document for 12396details. 12397</p> 12398 12399<p> 12400This feature is available in Postfix 2.1 and later. 12401</p> 12402 12403<p> 12404By default, no clients are allowed to specify XFORWARD. 12405</p> 12406 12407<p> 12408Specify a list of network/netmask patterns, separated by commas 12409and/or whitespace. The mask specifies the number of bits in the 12410network part of a host address. You can also specify hostnames or 12411.domain names (the initial dot causes the domain to match any name 12412below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" 12413pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 12414is matched when a table entry matches a lookup string (the lookup 12415result is ignored). Continue long lines by starting the next line 12416with whitespace. Specify "!pattern" to exclude an address or network 12417block from the list. The form "!/file/name" is supported only in 12418Postfix version 2.4 and later. </p> 12419 12420<p> Note: IP version 6 address information must be specified inside 12421<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> value, and in 12422files specified with "/file/name". IP version 6 addresses contain 12423the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 12424pattern. </p> 12425 12426 12427</DD> 12428 12429<DT><b><a name="smtpd_banner">smtpd_banner</a> 12430(default: $<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b></DT><DD> 12431 12432<p> 12433The text that follows the 220 status code in the SMTP greeting 12434banner. Some people like to see the mail version advertised. By 12435default, Postfix shows no version. 12436</p> 12437 12438<p> 12439You MUST specify $<a href="postconf.5.html#myhostname">myhostname</a> at the start of the text. This is 12440required by the SMTP protocol. 12441</p> 12442 12443<p> 12444Example: 12445</p> 12446 12447<pre> 12448<a href="postconf.5.html#smtpd_banner">smtpd_banner</a> = $<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a> ($<a href="postconf.5.html#mail_version">mail_version</a>) 12449</pre> 12450 12451 12452</DD> 12453 12454<DT><b><a name="smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> 12455(default: 50)</b></DT><DD> 12456 12457<p> 12458How many simultaneous connections any client is allowed to 12459make to this service. By default, the limit is set to half 12460the default process limit value. 12461</p> 12462 12463<p> 12464To disable this feature, specify a limit of 0. 12465</p> 12466 12467<p> 12468WARNING: The purpose of this feature is to limit abuse. It must 12469not be used to regulate legitimate mail traffic. 12470</p> 12471 12472<p> 12473This feature is available in Postfix 2.2 and later. 12474</p> 12475 12476 12477</DD> 12478 12479<DT><b><a name="smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> 12480(default: 0)</b></DT><DD> 12481 12482<p> 12483The maximal number of connection attempts any client is allowed to 12484make to this service per time unit. The time unit is specified 12485with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter. 12486</p> 12487 12488<p> 12489By default, a client can make as many connections per time unit as 12490Postfix can accept. 12491</p> 12492 12493<p> 12494To disable this feature, specify a limit of 0. 12495</p> 12496 12497<p> 12498WARNING: The purpose of this feature is to limit abuse. It must 12499not be used to regulate legitimate mail traffic. 12500</p> 12501 12502<p> 12503This feature is available in Postfix 2.2 and later. 12504</p> 12505 12506<p> 12507Example: 12508</p> 12509 12510<pre> 12511<a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> = 1000 12512</pre> 12513 12514 12515</DD> 12516 12517<DT><b><a name="smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> 12518(default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)</b></DT><DD> 12519 12520<p> 12521Clients that are excluded from smtpd_client_*_count/rate_limit 12522restrictions. See the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter 12523description for the parameter value syntax. 12524</p> 12525 12526<p> 12527By default, clients in trusted networks are excluded. Specify a 12528list of network blocks, hostnames or .domain names (the initial 12529dot causes the domain to match any name below it). 12530</p> 12531 12532<p> Note: IP version 6 address information must be specified inside 12533<tt>[]</tt> in the <a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> value, and 12534in files specified with "/file/name". IP version 6 addresses 12535contain the ":" character, and would otherwise be confused with a 12536"<a href="DATABASE_README.html">type:table</a>" pattern. </p> 12537 12538<p> 12539This feature is available in Postfix 2.2 and later. 12540</p> 12541 12542 12543</DD> 12544 12545<DT><b><a name="smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> 12546(default: 0)</b></DT><DD> 12547 12548<p> 12549The maximal number of message delivery requests that any client is 12550allowed to make to this service per time unit, regardless of whether 12551or not Postfix actually accepts those messages. The time unit is 12552specified with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter. 12553</p> 12554 12555<p> 12556By default, a client can send as many message delivery requests 12557per time unit as Postfix can accept. 12558</p> 12559 12560<p> 12561To disable this feature, specify a limit of 0. 12562</p> 12563 12564<p> 12565WARNING: The purpose of this feature is to limit abuse. It must 12566not be used to regulate legitimate mail traffic. 12567</p> 12568 12569<p> 12570This feature is available in Postfix 2.2 and later. 12571</p> 12572 12573<p> 12574Example: 12575</p> 12576 12577<pre> 12578<a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> = 1000 12579</pre> 12580 12581 12582</DD> 12583 12584<DT><b><a name="smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> 12585(default: 0)</b></DT><DD> 12586 12587<p> 12588The maximal number of new (i.e., uncached) TLS sessions that a 12589remote SMTP client is allowed to negotiate with this service per 12590time unit. The time unit is specified with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> 12591configuration parameter. 12592</p> 12593 12594<p> 12595By default, a remote SMTP client can negotiate as many new TLS 12596sessions per time unit as Postfix can accept. 12597</p> 12598 12599<p> 12600To disable this feature, specify a limit of 0. Otherwise, specify 12601a limit that is at least the per-client concurrent session limit, 12602or else legitimate client sessions may be rejected. 12603</p> 12604 12605<p> 12606WARNING: The purpose of this feature is to limit abuse. It must 12607not be used to regulate legitimate mail traffic. 12608</p> 12609 12610<p> 12611This feature is available in Postfix 2.3 and later. 12612</p> 12613 12614<p> 12615Example: 12616</p> 12617 12618<pre> 12619<a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> = 100 12620</pre> 12621 12622 12623</DD> 12624 12625<DT><b><a name="smtpd_client_port_logging">smtpd_client_port_logging</a> 12626(default: no)</b></DT><DD> 12627 12628<p> Enable logging of the remote SMTP client port in addition to 12629the hostname and IP address. The logging format is "host[address]:port". 12630</p> 12631 12632<p> This feature is available in Postfix 2.5 and later. </p> 12633 12634 12635</DD> 12636 12637<DT><b><a name="smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> 12638(default: 0)</b></DT><DD> 12639 12640<p> 12641The maximal number of recipient addresses that any client is allowed 12642to send to this service per time unit, regardless of whether or not 12643Postfix actually accepts those recipients. The time unit is specified 12644with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter. 12645</p> 12646 12647<p> 12648By default, a client can send as many recipient addresses per time 12649unit as Postfix can accept. 12650</p> 12651 12652<p> 12653To disable this feature, specify a limit of 0. 12654</p> 12655 12656<p> 12657WARNING: The purpose of this feature is to limit abuse. It must 12658not be used to regulate legitimate mail traffic. 12659</p> 12660 12661<p> 12662This feature is available in Postfix 2.2 and later. 12663</p> 12664 12665<p> 12666Example: 12667</p> 12668 12669<pre> 12670<a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> = 1000 12671</pre> 12672 12673 12674</DD> 12675 12676<DT><b><a name="smtpd_client_restrictions">smtpd_client_restrictions</a> 12677(default: empty)</b></DT><DD> 12678 12679<p> 12680Optional restrictions that the Postfix SMTP server applies in the 12681context of a client connection request. 12682See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 12683restriction lists" for a discussion of evaluation context and time. 12684</p> 12685 12686<p> 12687The default is to allow all connection requests. 12688</p> 12689 12690<p> 12691Specify a list of restrictions, separated by commas and/or whitespace. 12692Continue long lines by starting the next line with whitespace. 12693Restrictions are applied in the order as specified; the first 12694restriction that matches wins. 12695</p> 12696 12697<p> 12698The following restrictions are specific to client hostname or 12699client network address information. 12700</p> 12701 12702<dl> 12703 12704<dt><b><a name="check_ccert_access">check_ccert_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12705 12706<dd> Use the remote SMTP client certificate fingerprint or the public key 12707fingerprint (Postfix 2.9 and later) as lookup key for the specified 12708<a href="access.5.html">access(5)</a> database; with Postfix version 2.2, also require that the 12709remote SMTP client certificate is verified successfully. 12710The fingerprint digest algorithm is configurable via the 12711<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to 12712Postfix version 2.5). This feature is available with Postfix version 127132.2 and later. </dd> 12714 12715<dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12716 12717<dd>Search the specified access database for the client hostname, 12718parent domains, client IP address, or networks obtained by stripping 12719least significant octets. See the <a href="access.5.html">access(5)</a> manual page for details. </dd> 12720 12721<dt><b><a name="check_client_mx_access">check_client_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12722 12723<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for the 12724client hostname, and execute the corresponding action. Note: a result 12725of "OK" is not allowed for safety reasons. Instead, use DUNNO in order 12726to exclude specific hosts from blacklists. This feature is available 12727in Postfix 2.7 and later. </dd> 12728 12729<dt><b><a name="check_client_ns_access">check_client_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12730 12731<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers for 12732the client hostname, and execute the corresponding action. Note: a 12733result of "OK" is not allowed for safety reasons. Instead, use DUNNO 12734in order to exclude specific hosts from blacklists. This feature is 12735available in Postfix 2.7 and later. </dd> 12736 12737<dt><b><a name="check_reverse_client_hostname_access">check_reverse_client_hostname_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12738 12739<dd>Search the specified access database for the unverified reverse 12740client hostname, parent domains, client IP address, or networks 12741obtained by stripping least significant octets. See the <a href="access.5.html">access(5)</a> 12742manual page for details. Note: a result of "OK" is not allowed for 12743safety reasons. Instead, use DUNNO in order to exclude specific 12744hosts from blacklists. This feature is available in Postfix 2.6 12745and later.</dd> 12746 12747<dt><b><a name="check_reverse_client_hostname_mx_access">check_reverse_client_hostname_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12748 12749<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for the 12750unverified reverse client hostname, and execute the corresponding 12751action. Note: a result of "OK" is not allowed for safety reasons. 12752Instead, use DUNNO in order to exclude specific hosts from blacklists. 12753This feature is available in Postfix 2.7 and later. </dd> 12754 12755<dt><b><a name="check_reverse_client_hostname_ns_access">check_reverse_client_hostname_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12756 12757<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers for 12758the unverified reverse client hostname, and execute the corresponding 12759action. Note: a result of "OK" is not allowed for safety reasons. 12760Instead, use DUNNO in order to exclude specific hosts from blacklists. 12761This feature is available in Postfix 2.7 and later. </dd> 12762 12763<dt><b><a name="check_sasl_access">check_sasl_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12764 12765<dd> Use the remote SMTP client SASL user name as lookup key for 12766the specified <a href="access.5.html">access(5)</a> database. The lookup key has the form 12767"username@domainname" when the <a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> parameter 12768value is non-empty. Unlike the <a href="postconf.5.html#check_client_access">check_client_access</a> feature, 12769<a href="postconf.5.html#check_sasl_access">check_sasl_access</a> does not perform matches of parent domains or IP 12770subnet ranges. This feature is available with Postfix version 2.11 12771and later. </dd> 12772 12773<dt><b><a name="permit_inet_interfaces">permit_inet_interfaces</a></b></dt> 12774 12775<dd>Permit the request when the client IP address matches 12776$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. </dd> 12777 12778<dt><b><a name="permit_mynetworks">permit_mynetworks</a></b></dt> 12779 12780<dd>Permit the request when the client IP address matches any 12781network or network address listed in $<a href="postconf.5.html#mynetworks">mynetworks</a>. </dd> 12782 12783<dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt> 12784 12785<dd> Permit the request when the client is successfully 12786authenticated via the <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH) protocol. </dd> 12787 12788<dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt> 12789 12790<dd> Permit the request when the remote SMTP client certificate is 12791verified successfully. This option must be used only if a special 12792CA issues the certificates and only this CA is listed as trusted 12793CA. Otherwise, clients with a third-party certificate would also 12794be allowed to relay. Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" when the 12795trusted CA is specified with <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> or <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>, 12796to prevent Postfix from appending the system-supplied default CAs. 12797This feature is available with Postfix version 2.2.</dd> 12798 12799<dt><b><a name="permit_tls_clientcerts">permit_tls_clientcerts</a></b></dt> 12800 12801<dd>Permit the request when the remote SMTP client certificate 12802fingerprint or public key fingerprint (Postfix 2.9 and later) is 12803listed in $<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a>. 12804The fingerprint digest algorithm is configurable via the 12805<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to 12806Postfix version 2.5). This feature is available with Postfix version 128072.2. </dd> 12808 12809<dt><b><a name="reject_rbl_client">reject_rbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 12810 12811<dd>Reject the request when the reversed client network address is 12812listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> 12813(Postfix version 2.1 and later only). Each "<i>d</i>" is a number, 12814or a pattern inside "[]" that contains one or more ";"-separated 12815numbers or number..number ranges (Postfix version 2.8 and later). 12816If no "<i>=d.d.d.d</i>" is specified, reject the request when the 12817reversed client network address is listed with any A record under 12818<i>rbl_domain</i>. <br> 12819The <a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> parameter specifies the response code for 12820rejected requests (default: 554), the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter 12821specifies the default server reply, and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter 12822specifies tables with server replies indexed by <i>rbl_domain</i>. 12823This feature is available in Postfix 2.0 and later. </dd> 12824 12825<dt><b><a name="permit_dnswl_client">permit_dnswl_client <i>dnswl_domain=d.d.d.d</i></a></b></dt> 12826 12827<dd>Accept the request when the reversed client network address is 12828listed with the A record "<i>d.d.d.d</i>" under <i>dnswl_domain</i>. 12829Each "<i>d</i>" is a number, or a pattern inside "[]" that contains 12830one or more ";"-separated numbers or number..number ranges. 12831If no "<i>=d.d.d.d</i>" is specified, accept the request when the 12832reversed client network address is listed with any A record under 12833<i>dnswl_domain</i>. <br> For safety, <a href="postconf.5.html#permit_dnswl_client">permit_dnswl_client</a> is silently 12834ignored when it would override <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>. The 12835result is DEFER_IF_REJECT when whitelist lookup fails. This feature 12836is available in Postfix 2.8 and later. </dd> 12837 12838<dt><b><a name="reject_rhsbl_client">reject_rhsbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 12839 12840<dd>Reject the request when the client hostname is listed with the 12841A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version 128422.1 and later only). Each "<i>d</i>" is a number, or a pattern 12843inside "[]" that contains one or more ";"-separated numbers or 12844number..number ranges (Postfix version 2.8 and later). If no 12845"<i>=d.d.d.d</i>" is specified, reject the request when the client 12846hostname is listed with 12847any A record under <i>rbl_domain</i>. See the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> 12848description above for additional RBL related configuration parameters. 12849This feature is available in Postfix 2.0 and later; with Postfix 12850version 2.8 and later, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a> will usually 12851produce better results. </dd> 12852 12853<dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt> 12854 12855<dd>Accept the request when the client hostname is listed with the 12856A record "<i>d.d.d.d</i>" under <i>rhswl_domain</i>. Each "<i>d</i>" 12857is a number, or a pattern inside "[]" that contains one or more 12858";"-separated numbers or number..number ranges. If no 12859"<i>=d.d.d.d</i>" is specified, accept the request when the client 12860hostname is listed with any A record under <i>rhswl_domain</i>. 12861<br> Caution: client name whitelisting is fragile, since the client 12862name lookup can fail due to temporary outages. Client name 12863whitelisting should be used only to reduce false positives in e.g. 12864DNS-based blocklists, and not for making access rule exceptions. 12865<br> For safety, <a href="postconf.5.html#permit_rhswl_client">permit_rhswl_client</a> is silently ignored when it 12866would override <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>. The result is DEFER_IF_REJECT 12867when whitelist lookup fails. This feature is available in Postfix 128682.8 and later. </dd> 12869 12870<dt><b><a name="reject_rhsbl_reverse_client">reject_rhsbl_reverse_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 12871 12872<dd>Reject the request when the unverified reverse client hostname 12873is listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>. 12874Each "<i>d</i>" is a number, or a pattern inside "[]" that contains 12875one or more ";"-separated numbers or number..number ranges. 12876If no "<i>=d.d.d.d</i>" is specified, reject the request when the 12877unverified reverse client hostname is listed with any A record under 12878<i>rbl_domain</i>. See the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> description above for 12879additional RBL related configuration parameters. This feature is 12880available in Postfix 2.8 and later. </dd> 12881 12882<dt><b><a name="reject_unknown_client_hostname">reject_unknown_client_hostname</a></b> (with Postfix < 2.3: reject_unknown_client)</dt> 12883 12884<dd>Reject the request when 1) the client IP address->name mapping 12885fails, 2) the name->address mapping fails, or 3) the name->address 12886mapping does not match the client IP address. <br> This is a 12887stronger restriction than the <a href="postconf.5.html#reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a> 12888feature, which triggers only under condition 1) above. <br> The 12889<a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> parameter specifies the response code 12890for rejected requests (default: 450). The reply is always 450 in 12891case the address->name or name->address lookup failed due to 12892a temporary problem. </dd> 12893 12894<dt><b><a name="reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a></b></dt> 12895 12896<dd>Reject the request when the client IP address has no address->name 12897mapping. <br> This is a weaker restriction than the 12898<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> feature, which requires not only 12899that the address->name and name->address mappings exist, but 12900also that the two mappings reproduce the client IP address. <br> 12901The <a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> parameter specifies the response 12902code for rejected requests (default: 450). The reply is always 450 12903in case the address->name lookup failed due to a temporary 12904problem. <br> This feature is available in Postfix 2.3 and 12905later. </dd> 12906 12907</dl> 12908 12909<p> 12910In addition, you can use any of the following <a name="generic"> 12911generic</a> restrictions. These restrictions are applicable in 12912any SMTP command context. 12913</p> 12914 12915<dl> 12916 12917<dt><b><a name="check_policy_service">check_policy_service <i>servername</i></a></b></dt> 12918 12919<dd>Query the specified policy server. See the <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> 12920document for details. This feature is available in Postfix 2.1 12921and later. </dd> 12922 12923<dt><b><a name="defer">defer</a></b></dt> 12924 12925<dd>Defer the request. The client is told to try again later. This 12926restriction is useful at the end of a restriction list, to make 12927the default policy explicit. <br> The <a href="postconf.5.html#defer_code">defer_code</a> parameter specifies 12928the SMTP server reply code (default: 450).</dd> 12929 12930<dt><b><a name="defer_if_permit">defer_if_permit</a></b></dt> 12931 12932<dd>Defer the request if some later restriction would result in an 12933explicit or implicit PERMIT action. This is useful when a blacklisting 12934feature fails due to a temporary problem. This feature is available 12935in Postfix version 2.1 and later. </dd> 12936 12937<dt><b><a name="defer_if_reject">defer_if_reject</a></b></dt> 12938 12939<dd>Defer the request if some later restriction would result in a 12940REJECT action. This is useful when a whitelisting feature fails 12941due to a temporary problem. This feature is available in Postfix 12942version 2.1 and later. </dd> 12943 12944<dt><b><a name="permit">permit</a></b></dt> 12945 12946<dd>Permit the request. This restriction is useful at the end of 12947a restriction list, to make the default policy explicit.</dd> 12948 12949<dt><b><a name="reject_multi_recipient_bounce">reject_multi_recipient_bounce</a></b></dt> 12950 12951<dd>Reject the request when the envelope sender is the null address, 12952and the message has multiple envelope recipients. This usage has 12953rare but legitimate applications: under certain conditions, 12954multi-recipient mail that was posted with the DSN option NOTIFY=NEVER 12955may be forwarded with the null sender address. 12956<br> Note: this restriction can only work reliably 12957when used in <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> or 12958<a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a>, because the total number of 12959recipients is not known at an earlier stage of the SMTP conversation. 12960Use at the RCPT stage will only reject the second etc. recipient. 12961<br> 12962The <a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> parameter specifies the 12963response code for rejected requests (default: 550). This feature 12964is available in Postfix 2.1 and later. </dd> 12965 12966<dt><b><a name="reject_plaintext_session">reject_plaintext_session</a></b></dt> 12967 12968<dd>Reject the request when the connection is not encrypted. This 12969restriction should not be used before the client has had a chance 12970to negotiate encryption with the AUTH or STARTTLS commands. 12971<br> 12972The <a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> parameter specifies the response 12973code for rejected requests (default: 450). This feature is available 12974in Postfix 2.3 and later. </dd> 12975 12976<dt><b><a name="reject_unauth_pipelining">reject_unauth_pipelining</a></b></dt> 12977 12978<dd>Reject the request when the client sends SMTP commands ahead 12979of time where it is not allowed, or when the client sends SMTP 12980commands ahead of time without knowing that Postfix actually supports 12981ESMTP command pipelining. This stops mail from bulk mail software 12982that improperly uses ESMTP command pipelining in order to speed up 12983deliveries. 12984<br> With Postfix 2.6 and later, the SMTP server sets a per-session 12985flag whenever it detects illegal pipelining, including pipelined 12986EHLO or HELO commands. The <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> feature simply 12987tests whether the flag was set at any point in time during the 12988session. 12989<br> With older Postfix versions, <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> checks 12990the current status of the input read queue, and its usage is not 12991recommended in contexts other than <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a>. </dd> 12992 12993<dt><b><a name="reject">reject</a></b></dt> 12994 12995<dd>Reject the request. This restriction is useful at the end of 12996a restriction list, to make the default policy explicit. The 12997<a href="postconf.5.html#reject_code">reject_code</a> configuration parameter specifies the response code for 12998rejected requests (default: 554).</dd> 12999 13000<dt><b><a name="sleep">sleep <i>seconds</i></a></b></dt> 13001 13002<dd>Pause for the specified number of seconds and proceed with 13003the next restriction in the list, if any. This may stop zombie 13004mail when used as: 13005<pre> 13006/etc/postfix/<a href="postconf.5.html">main.cf</a>: 13007 <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = 13008 sleep 1, <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> 13009 <a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = no 13010</pre> 13011This feature is available in Postfix 2.3. </dd> 13012 13013<dt><b><a name="warn_if_reject">warn_if_reject</a></b></dt> 13014 13015<dd> A safety net for testing. When "<a href="postconf.5.html#warn_if_reject">warn_if_reject</a>" is placed 13016before a reject-type restriction, access table query, or 13017<a href="postconf.5.html#check_policy_service">check_policy_service</a> query, this logs a "reject_warning" message 13018instead of rejecting a request (when a reject-type restriction fails 13019due to a temporary error, this logs a "reject_warning" message for 13020any implicit "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" actions that would normally prevent 13021mail from being accepted by some later access restriction). This 13022feature has no effect on <a href="postconf.5.html#defer_if_reject">defer_if_reject</a> restrictions. </dd> 13023 13024</dl> 13025 13026<p> 13027Other restrictions that are valid in this context: 13028</p> 13029 13030<ul> 13031 13032<li> SMTP command specific restrictions that are described under 13033the <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>, <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or 13034<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameters. When helo, sender or 13035recipient restrictions are listed under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, 13036they have effect only with "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that 13037$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> is evaluated at the time of the RCPT TO 13038command. 13039 13040</ul> 13041 13042<p> 13043Example: 13044</p> 13045 13046<pre> 13047<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> 13048</pre> 13049 13050 13051</DD> 13052 13053<DT><b><a name="smtpd_command_filter">smtpd_command_filter</a> 13054(default: empty)</b></DT><DD> 13055 13056<p> A mechanism to transform commands from remote SMTP clients. 13057This is a last-resort tool to work around client commands that break 13058inter-operability with the Postfix SMTP server. Other uses involve 13059fault injection to test Postfix's handling of invalid commands. 13060</p> 13061 13062<p> Specify the name of a "<a href="DATABASE_README.html">type:table</a>" lookup table. The search 13063string is the SMTP command as received from the remote SMTP client, 13064except that initial whitespace and the trailing <CR><LF> 13065are removed. The result value is executed by the Postfix SMTP 13066server. </p> 13067 13068<p> There is no need to use <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> for the following 13069cases: </p> 13070 13071<ul> 13072 13073<li> <p> Use "<a href="postconf.5.html#resolve_numeric_domain">resolve_numeric_domain</a> = yes" to accept 13074"<i>user@ipaddress</i>". </p> 13075 13076<li> <p> Postfix already accepts the correct form 13077"<i>user@[ipaddress]</i>". Use <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> or <a href="postconf.5.html#canonical_maps">canonical_maps</a> 13078to translate these into domain names if necessary. </p> 13079 13080<li> <p> Use "<a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> = no" to accept "RCPT TO:<<i>User 13081Name <user@example.com>></i>". Postfix will ignore the "<i>User 13082Name</i>" part and deliver to the <i><user@example.com></i> address. 13083</p> 13084 13085</ul> 13086 13087<p> Examples of problems that can be solved with the <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> 13088feature: </p> 13089 13090<pre> 13091/etc/postfix/<a href="postconf.5.html">main.cf</a>: 13092 <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/command_filter 13093</pre> 13094 13095<pre> 13096/etc/postfix/command_filter: 13097 # Work around clients that send malformed HELO commands. 13098 /^HELO\s*$/ HELO domain.invalid 13099</pre> 13100 13101<pre> 13102 # Work around clients that send empty lines. 13103 /^\s*$/ NOOP 13104</pre> 13105 13106<pre> 13107 # Work around clients that send RCPT TO:<'user@domain'>. 13108 # WARNING: do not lose the parameters that follow the address. 13109 /^RCPT\s+TO:\s*<'([^[:space:]]+)'>(.*)/ RCPT TO:<$1>$2 13110</pre> 13111 13112<pre> 13113 # Append XVERP to MAIL FROM commands to request VERP-style delivery. 13114 # See <a href="VERP_README.html">VERP_README</a> for more information on how to use Postfix VERP. 13115 /^(MAIL FROM:<listname@example\.com>.*)/ $1 XVERP 13116</pre> 13117 13118<pre> 13119 # Bounce-never mail sink. Use <a href="postconf.5.html#notify_classes">notify_classes</a>=bounce,resource,software 13120 # to send bounced mail to the postmaster (with message body removed). 13121 /^(RCPT\s+TO:<.*>.*)\s+NOTIFY=\S+(.*)/ $1 NOTIFY=NEVER$2 13122 /^(RCPT\s+TO:.*)/ $1 NOTIFY=NEVER 13123</pre> 13124 13125<p> This feature is available in Postfix 2.7. </p> 13126 13127 13128</DD> 13129 13130<DT><b><a name="smtpd_data_restrictions">smtpd_data_restrictions</a> 13131(default: empty)</b></DT><DD> 13132 13133<p> 13134Optional access restrictions that the Postfix SMTP server applies 13135in the context of the SMTP DATA command. 13136See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 13137restriction lists" for a discussion of evaluation context and time. 13138</p> 13139 13140<p> 13141This feature is available in Postfix 2.0 and later. 13142</p> 13143 13144<p> 13145Specify a list of restrictions, separated by commas and/or whitespace. 13146Continue long lines by starting the next line with whitespace. 13147Restrictions are applied in the order as specified; the first 13148restriction that matches wins. 13149</p> 13150 13151<p> 13152The following restrictions are valid in this context: 13153</p> 13154 13155<ul> 13156 13157<li><a href="#generic">Generic</a> restrictions that can be used 13158in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 13159 13160<li>SMTP command specific restrictions described under 13161<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>, 13162<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. 13163 13164<li>However, no recipient information is available in the case of 13165multi-recipient mail. Acting on only one recipient would be misleading, 13166because any decision will affect all recipients equally. Acting on 13167all recipients would require a possibly very large amount of memory, 13168and would also be misleading for the reasons mentioned before. 13169 13170</ul> 13171 13172<p> 13173Examples: 13174</p> 13175 13176<pre> 13177<a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> 13178<a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> 13179</pre> 13180 13181 13182</DD> 13183 13184<DT><b><a name="smtpd_delay_open_until_valid_rcpt">smtpd_delay_open_until_valid_rcpt</a> 13185(default: yes)</b></DT><DD> 13186 13187<p> Postpone the start of an SMTP mail transaction until a valid 13188RCPT TO command is received. Specify "no" to create a mail transaction 13189as soon as the Postfix SMTP server receives a valid MAIL FROM 13190command. </p> 13191 13192<p> With sites that reject lots of mail, the default setting reduces 13193the use of 13194disk, CPU and memory resources. The downside is that rejected 13195recipients are logged with NOQUEUE instead of a mail transaction 13196ID. This complicates the logfile analysis of multi-recipient mail. 13197</p> 13198 13199<p> This feature is available in Postfix 2.3 and later. </p> 13200 13201 13202</DD> 13203 13204<DT><b><a name="smtpd_delay_reject">smtpd_delay_reject</a> 13205(default: yes)</b></DT><DD> 13206 13207<p> 13208Wait until the RCPT TO command before evaluating 13209$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and 13210$<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until the ETRN command before 13211evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>. 13212</p> 13213 13214<p> 13215This feature is turned on by default because some clients apparently 13216mis-behave when the Postfix SMTP server rejects commands before 13217RCPT TO. 13218</p> 13219 13220<p> 13221The default setting has one major benefit: it allows Postfix to log 13222recipient address information when rejecting a client name/address 13223or sender address, so that it is possible to find out whose mail 13224is being rejected. 13225</p> 13226 13227 13228</DD> 13229 13230<DT><b><a name="smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> 13231(default: empty)</b></DT><DD> 13232 13233<p> Lookup tables, indexed by the remote SMTP client address, with 13234case insensitive lists of EHLO keywords (pipelining, starttls, auth, 13235etc.) that the Postfix SMTP server will not send in the EHLO response 13236to a 13237remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> for details. 13238The table is not searched by hostname for robustness reasons. </p> 13239 13240<p> This feature is available in Postfix 2.2 and later. </p> 13241 13242 13243</DD> 13244 13245<DT><b><a name="smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> 13246(default: empty)</b></DT><DD> 13247 13248<p> A case insensitive list of EHLO keywords (pipelining, starttls, 13249auth, etc.) that the Postfix SMTP server will not send in the EHLO 13250response 13251to a remote SMTP client. </p> 13252 13253<p> This feature is available in Postfix 2.2 and later. </p> 13254 13255<p> Notes: </p> 13256 13257<ul> 13258 13259<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 13260this action from being logged. </p> 13261 13262<li> <p> Use the <a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> feature 13263to discard EHLO keywords selectively. </p> 13264 13265</ul> 13266 13267 13268</DD> 13269 13270<DT><b><a name="smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> 13271(default: empty)</b></DT><DD> 13272 13273<p> Optional access restrictions that the Postfix SMTP server 13274applies in the context of the SMTP END-OF-DATA command. 13275See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 13276restriction lists" for a discussion of evaluation context and time. 13277</p> 13278 13279<p> This feature is available in Postfix 2.2 and later. </p> 13280 13281<p> See <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> for details and limitations. </p> 13282 13283 13284</DD> 13285 13286<DT><b><a name="smtpd_enforce_tls">smtpd_enforce_tls</a> 13287(default: no)</b></DT><DD> 13288 13289<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, 13290and require that clients use TLS encryption. According to <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> 13291this MUST NOT be applied in case of a publicly-referenced SMTP 13292server. This option is therefore off by default. </p> 13293 13294<p> Note 1: "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p> 13295 13296<p> Note 2: when invoked via "<b>sendmail -bs</b>", Postfix will never offer 13297STARTTLS due to insufficient privileges to access the server private 13298key. This is intended behavior. </p> 13299 13300<p> This feature is available in Postfix 2.2 and later. With 13301Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p> 13302 13303 13304</DD> 13305 13306<DT><b><a name="smtpd_error_sleep_time">smtpd_error_sleep_time</a> 13307(default: 1s)</b></DT><DD> 13308 13309<p>With Postfix version 2.1 and later: the SMTP server response delay after 13310a client has made more than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and 13311fewer than $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering mail. 13312</p> 13313 13314<p>With Postfix version 2.0 and earlier: the SMTP server delay before 13315sending a reject (4xx or 5xx) response, when the client has made 13316fewer than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors without delivering 13317mail. </p> 13318 13319 13320</DD> 13321 13322<DT><b><a name="smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> 13323(default: empty)</b></DT><DD> 13324 13325<p> 13326Optional restrictions that the Postfix SMTP server applies in the 13327context of a client ETRN command. 13328See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 13329restriction lists" for a discussion of evaluation context and time. 13330</p> 13331 13332<p> 13333The Postfix ETRN implementation accepts only destinations that are 13334eligible for the Postfix "fast flush" service. See the <a href="ETRN_README.html">ETRN_README</a> 13335file for details. 13336</p> 13337 13338<p> 13339Specify a list of restrictions, separated by commas and/or whitespace. 13340Continue long lines by starting the next line with whitespace. 13341Restrictions are applied in the order as specified; the first 13342restriction that matches wins. 13343</p> 13344 13345<p> 13346The following restrictions are specific to the domain name information 13347received with the ETRN command. 13348</p> 13349 13350<dl> 13351 13352<dt><b><a name="check_etrn_access">check_etrn_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13353 13354<dd>Search the specified access database for the ETRN domain name 13355or its parent domains. See the <a href="access.5.html">access(5)</a> manual page for details. 13356</dd> 13357 13358</dl> 13359 13360<p> 13361Other restrictions that are valid in this context: 13362</p> 13363 13364<ul> 13365 13366<li><a href="#generic">Generic</a> restrictions that can be used 13367in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 13368 13369<li>SMTP command specific restrictions described under 13370<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>. 13371 13372</ul> 13373 13374<p> 13375Example: 13376</p> 13377 13378<pre> 13379<a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, reject 13380</pre> 13381 13382 13383</DD> 13384 13385<DT><b><a name="smtpd_expansion_filter">smtpd_expansion_filter</a> 13386(default: see "postconf -d" output)</b></DT><DD> 13387 13388<p> 13389What characters are allowed in $name expansions of RBL reply 13390templates. Characters not in the allowed set are replaced by "_". 13391Use C like escapes to specify special characters such as whitespace. 13392</p> 13393 13394<p> 13395This parameter is not subjected to $parameter expansion. 13396</p> 13397 13398<p> 13399This feature is available in Postfix 2.0 and later. 13400</p> 13401 13402 13403</DD> 13404 13405<DT><b><a name="smtpd_forbidden_commands">smtpd_forbidden_commands</a> 13406(default: CONNECT, GET, POST)</b></DT><DD> 13407 13408<p> 13409List of commands that cause the Postfix SMTP server to immediately 13410terminate the session with a 221 code. This can be used to disconnect 13411clients that obviously attempt to abuse the system. In addition to the 13412commands listed in this parameter, commands that follow the "Label:" 13413format of message headers will also cause a disconnect. 13414</p> 13415 13416<p> 13417This feature is available in Postfix 2.2 and later. 13418</p> 13419 13420 13421</DD> 13422 13423<DT><b><a name="smtpd_hard_error_limit">smtpd_hard_error_limit</a> 13424(default: normal: 20, overload: 1)</b></DT><DD> 13425 13426<p> 13427The maximal number of errors a remote SMTP client is allowed to 13428make without delivering mail. The Postfix SMTP server disconnects 13429when the limit is exceeded. Normally the default limit is 20, but 13430it changes under overload to just 1. With Postfix 2.5 and earlier, 13431the SMTP server always allows up to 20 errors by default. 13432 13433</p> 13434 13435 13436</DD> 13437 13438<DT><b><a name="smtpd_helo_required">smtpd_helo_required</a> 13439(default: no)</b></DT><DD> 13440 13441<p> 13442Require that a remote SMTP client introduces itself with the HELO 13443or EHLO command before sending the MAIL command or other commands 13444that require EHLO negotiation. 13445</p> 13446 13447<p> 13448Example: 13449</p> 13450 13451<pre> 13452<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes 13453</pre> 13454 13455 13456</DD> 13457 13458<DT><b><a name="smtpd_helo_restrictions">smtpd_helo_restrictions</a> 13459(default: empty)</b></DT><DD> 13460 13461<p> 13462Optional restrictions that the Postfix SMTP server applies in the 13463context of a client HELO command. 13464See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 13465restriction lists" for a discussion of evaluation context and time. 13466</p> 13467 13468<p> 13469The default is to permit everything. 13470</p> 13471 13472<p> Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 13473restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 13474simply skip <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> by not sending HELO or EHLO). 13475</p> 13476 13477<p> 13478Specify a list of restrictions, separated by commas and/or whitespace. 13479Continue long lines by starting the next line with whitespace. 13480Restrictions are applied in the order as specified; the first 13481restriction that matches wins. 13482</p> 13483 13484<p> 13485The following restrictions are specific to the hostname information 13486received with the HELO or EHLO command. 13487</p> 13488 13489<dl> 13490 13491<dt><b><a name="check_helo_access">check_helo_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13492 13493<dd>Search the specified <a href="access.5.html">access(5)</a> database for the HELO or EHLO 13494hostname or parent domains, and execute the corresponding action. 13495Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 13496restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 13497simply skip <a href="postconf.5.html#check_helo_access">check_helo_access</a> by not sending HELO or EHLO). </dd> 13498 13499<dt><b><a name="check_helo_mx_access">check_helo_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13500 13501<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for 13502the HELO or EHLO hostname, and execute the corresponding action. 13503Note 1: a result of "OK" is not allowed for safety reasons. Instead, 13504use DUNNO in order to exclude specific hosts from blacklists. Note 135052: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 13506restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 13507simply skip <a href="postconf.5.html#check_helo_mx_access">check_helo_mx_access</a> by not sending HELO or EHLO). This 13508feature is available in Postfix 2.1 and later. 13509</dd> 13510 13511<dt><b><a name="check_helo_ns_access">check_helo_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13512 13513<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers 13514for the HELO or EHLO hostname, and execute the corresponding action. 13515Note 1: a result of "OK" is not allowed for safety reasons. Instead, 13516use DUNNO in order to exclude specific hosts from blacklists. Note 135172: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 13518restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 13519simply skip <a href="postconf.5.html#check_helo_ns_access">check_helo_ns_access</a> by not sending HELO or EHLO). This 13520feature is available in Postfix 2.1 and later. 13521</dd> 13522 13523<dt><b><a name="reject_invalid_helo_hostname">reject_invalid_helo_hostname</a></b> (with Postfix < 2.3: reject_invalid_hostname)</dt> 13524 13525<dd>Reject the request when the HELO or EHLO hostname is malformed. 13526Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce 13527this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can simply 13528skip <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> by not sending HELO or EHLO). 13529<br> The <a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> specifies the response code 13530for rejected requests (default: 501).</dd> 13531 13532<dt><b><a name="reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a></b> (with Postfix < 2.3: reject_non_fqdn_hostname)</dt> 13533 13534<dd>Reject the request when the HELO or EHLO hostname is not in 13535fully-qualified domain or address literal form, as required by the 13536RFC. Note: specify 13537"<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this restriction 13538(without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can simply skip 13539<a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a> by not sending HELO or EHLO). <br> 13540The <a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for 13541rejected requests (default: 504).</dd> 13542 13543<dt><b><a name="reject_rhsbl_helo">reject_rhsbl_helo <i>rbl_domain=d.d.d.d</i></a></b></dt> 13544 13545<dd>Reject the request when the HELO or EHLO hostname is 13546listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> 13547(Postfix version 2.1 and later only). Each "<i>d</i>" is a number, 13548or a pattern inside "[]" that contains one or more ";"-separated 13549numbers or number..number ranges (Postfix version 2.8 and later). 13550If no "<i>=d.d.d.d</i>" is 13551specified, reject the request when the HELO or EHLO hostname is 13552listed with any A record under <i>rbl_domain</i>. See the 13553<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> description for additional RBL related configuration 13554parameters. Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully 13555enforce this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a 13556client can simply skip <a href="postconf.5.html#reject_rhsbl_helo">reject_rhsbl_helo</a> by not sending HELO or 13557EHLO). This feature is available in Postfix 2.0 13558and later. </dd> 13559 13560<dt><b><a name="reject_unknown_helo_hostname">reject_unknown_helo_hostname</a></b> (with Postfix < 2.3: reject_unknown_hostname)</dt> 13561 13562<dd>Reject the request when the HELO or EHLO hostname has no DNS A 13563or MX record. <br> The <a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> parameter 13564specifies the numerical response code for rejected requests (default: 13565450). <br> The <a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> parameter 13566specifies the action after a temporary DNS error (default: 13567<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully 13568enforce this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a 13569client can simply skip <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> by not sending 13570HELO or EHLO). </dd> 13571 13572</dl> 13573 13574<p> 13575Other restrictions that are valid in this context: 13576</p> 13577 13578<ul> 13579 13580<li> <a href="#generic">Generic</a> restrictions that can be used 13581in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 13582 13583<li> Client hostname or network address specific restrictions 13584described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 13585 13586<li> SMTP command specific restrictions described under 13587<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. When 13588sender or recipient restrictions are listed under <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>, 13589they have effect only with "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that 13590$<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> is evaluated at the time of the RCPT TO 13591command. 13592 13593</ul> 13594 13595<p> 13596Examples: 13597</p> 13598 13599<pre> 13600<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> 13601<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> 13602</pre> 13603 13604 13605</DD> 13606 13607<DT><b><a name="smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> 13608(default: 100)</b></DT><DD> 13609 13610<p> 13611The maximal number of lines in the Postfix SMTP server command history 13612before it is flushed upon receipt of EHLO, RSET, or end of DATA. 13613</p> 13614 13615 13616</DD> 13617 13618<DT><b><a name="smtpd_junk_command_limit">smtpd_junk_command_limit</a> 13619(default: normal: 100, overload: 1)</b></DT><DD> 13620 13621<p> 13622The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote 13623SMTP client can send before the Postfix SMTP server starts to 13624increment the error counter with each junk command. The junk 13625command count is reset after mail is delivered. See also the 13626<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> and <a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> configuration 13627parameters. Normally the default limit is 100, but it changes under 13628overload to just 1. With Postfix 2.5 and earlier, the SMTP server 13629always allows up to 100 junk commands by default. </p> 13630 13631 13632</DD> 13633 13634<DT><b><a name="smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> 13635(default: empty)</b></DT><DD> 13636 13637<p> Enable logging of the named "permit" actions in SMTP server 13638access lists (by default, the SMTP server logs "reject" actions but 13639not "permit" actions). This feature does not affect conditional 13640actions such as "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>". </p> 13641 13642<p> Specify a list of "permit" action names, "/file/name" or 13643"<a href="DATABASE_README.html">type:table</a>" patterns, separated by commas and/or whitespace. The 13644list is matched left to right, and the search stops on the first 13645match. A "/file/name" pattern is replaced by its contents; a 13646"<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name matches a lookup 13647key (the lookup result is ignored). Continue long lines by starting 13648the next line with whitespace. Specify "!pattern" to exclude a name 13649from the list. </p> 13650 13651<p> Examples: </p> 13652 13653<pre> 13654/etc/postfix/<a href="postconf.5.html">main.cf</a>: 13655 # Log all "permit" actions. 13656 <a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> = <a href="DATABASE_README.html#types">static</a>:all 13657</pre> 13658 13659<pre> 13660/etc/postfix/<a href="postconf.5.html">main.cf</a>: 13661 # Log "<a href="postconf.5.html#permit_dnswl_client">permit_dnswl_client</a>" only. 13662 <a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> = <a href="postconf.5.html#permit_dnswl_client">permit_dnswl_client</a> 13663</pre> 13664 13665<p> This feature is available in Postfix 2.10 and later. </p> 13666 13667 13668</DD> 13669 13670<DT><b><a name="smtpd_milters">smtpd_milters</a> 13671(default: empty)</b></DT><DD> 13672 13673<p> A list of Milter (mail filter) applications for new mail that 13674arrives via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server. Specify space or comma as 13675separator. See the <a href="MILTER_README.html">MILTER_README</a> document for details. </p> 13676 13677<p> This feature is available in Postfix 2.3 and later. </p> 13678 13679 13680</DD> 13681 13682<DT><b><a name="smtpd_noop_commands">smtpd_noop_commands</a> 13683(default: empty)</b></DT><DD> 13684 13685<p> 13686List of commands that the Postfix SMTP server replies to with "250 13687Ok", without doing any syntax checks and without changing state. 13688This list overrides any commands built into the Postfix SMTP server. 13689</p> 13690 13691 13692</DD> 13693 13694<DT><b><a name="smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> 13695(default: <>)</b></DT><DD> 13696 13697<p> 13698The lookup key to be used in SMTP <a href="access.5.html">access(5)</a> tables instead of the 13699null sender address. 13700</p> 13701 13702 13703</DD> 13704 13705<DT><b><a name="smtpd_peername_lookup">smtpd_peername_lookup</a> 13706(default: yes)</b></DT><DD> 13707 13708<p> Attempt to look up the remote SMTP client hostname, and verify that 13709the name matches the client IP address. A client name is set to 13710"unknown" when it cannot be looked up or verified, or when name 13711lookup is disabled. Turning off name lookup reduces delays due to 13712DNS lookup and increases the maximal inbound delivery rate. </p> 13713 13714<p> This feature is available in Postfix 2.3 and later. </p> 13715 13716 13717</DD> 13718 13719<DT><b><a name="smtpd_per_record_deadline">smtpd_per_record_deadline</a> 13720(default: normal: no, overload: yes)</b></DT><DD> 13721 13722<p> Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> 13723time limits, from a 13724time limit per read or write system call, to a time limit to send 13725or receive a complete record (an SMTP command line, SMTP response 13726line, SMTP message content line, or TLS protocol message). This 13727limits the impact from hostile peers that trickle data one byte at 13728a time. </p> 13729 13730<p> Note: when per-record deadlines are enabled, a short timeout 13731may cause problems with TLS over very slow network connections. 13732The reasons are that a TLS protocol message can be up to 16 kbytes 13733long (with TLSv1), and that an entire TLS protocol message must be 13734sent or received within the per-record deadline. </p> 13735 13736<p> This feature is available in Postfix 2.9 and later. With older 13737Postfix releases, the behavior is as if this parameter is set to 13738"no". </p> 13739 13740 13741</DD> 13742 13743<DT><b><a name="smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> 13744(default: 300s)</b></DT><DD> 13745 13746<p> 13747The time after which an idle SMTPD policy service connection is 13748closed. 13749</p> 13750 13751<p> 13752This feature is available in Postfix 2.1 and later. 13753</p> 13754 13755 13756</DD> 13757 13758<DT><b><a name="smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> 13759(default: 1000s)</b></DT><DD> 13760 13761<p> 13762The time after which an active SMTPD policy service connection is 13763closed. 13764</p> 13765 13766<p> 13767This feature is available in Postfix 2.1 and later. 13768</p> 13769 13770 13771</DD> 13772 13773<DT><b><a name="smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> 13774(default: 100s)</b></DT><DD> 13775 13776<p> 13777The time limit for connecting to, writing to or receiving from a 13778delegated SMTPD policy server. 13779</p> 13780 13781<p> 13782This feature is available in Postfix 2.1 and later. 13783</p> 13784 13785 13786</DD> 13787 13788<DT><b><a name="smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> 13789(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 13790 13791<p> 13792How the Postfix SMTP server announces itself to the proxy filter. 13793By default, the Postfix hostname is used. 13794</p> 13795 13796<p> 13797This feature is available in Postfix 2.1 and later. 13798</p> 13799 13800 13801</DD> 13802 13803<DT><b><a name="smtpd_proxy_filter">smtpd_proxy_filter</a> 13804(default: empty)</b></DT><DD> 13805 13806<p> The hostname and TCP port of the mail filtering proxy server. 13807The proxy receives all mail from the Postfix SMTP server, and is 13808supposed to give the result to another Postfix SMTP server process. 13809</p> 13810 13811<p> Specify "host:port" or "inet:host:port" for a TCP endpoint, or 13812"unix:pathname" for a UNIX-domain endpoint. The host can be specified 13813as an IP address or as a symbolic name; no MX lookups are done. 13814When no "host" or "host:" are specified, the local machine is 13815assumed. Pathname interpretation is relative to the Postfix queue 13816directory. </p> 13817 13818<p> This feature is available in Postfix 2.1 and later. </p> 13819 13820<p> The "inet:" and "unix:" prefixes are available in Postfix 2.3 13821and later. </p> 13822 13823 13824</DD> 13825 13826<DT><b><a name="smtpd_proxy_options">smtpd_proxy_options</a> 13827(default: empty)</b></DT><DD> 13828 13829<p> 13830List of options that control how the Postfix SMTP server 13831communicates with a before-queue content filter. Specify zero or 13832more of the following, separated by comma or whitespace. </p> 13833 13834<dl> 13835 13836<dt><b>speed_adjust</b></dt> 13837 13838<dd> <p> Do not connect to a before-queue content filter until an entire 13839message has been received. This reduces the number of simultaneous 13840before-queue content filter processes. </p> 13841 13842<p> NOTE 1: A filter must not <i>selectively</i> reject recipients 13843of a multi-recipient message. Rejecting all recipients is OK, as 13844is accepting all recipients. </p> 13845 13846<p> NOTE 2: This feature increases the minimum amount of free queue 13847space by $<a href="postconf.5.html#message_size_limit">message_size_limit</a>. The extra space is needed to save the 13848message to a temporary file. </p> </dd> 13849 13850</dl> 13851 13852<p> 13853This feature is available in Postfix 2.7 and later. 13854</p> 13855 13856 13857</DD> 13858 13859<DT><b><a name="smtpd_proxy_timeout">smtpd_proxy_timeout</a> 13860(default: 100s)</b></DT><DD> 13861 13862<p> 13863The time limit for connecting to a proxy filter and for sending or 13864receiving information. When a connection fails the client gets a 13865generic error message while more detailed information is logged to 13866the maillog file. 13867</p> 13868 13869<p> 13870Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 13871The default time unit is s (seconds). 13872</p> 13873 13874<p> 13875This feature is available in Postfix 2.1 and later. 13876</p> 13877 13878 13879</DD> 13880 13881<DT><b><a name="smtpd_recipient_limit">smtpd_recipient_limit</a> 13882(default: 1000)</b></DT><DD> 13883 13884<p> 13885The maximal number of recipients that the Postfix SMTP server 13886accepts per message delivery request. 13887</p> 13888 13889 13890</DD> 13891 13892<DT><b><a name="smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> 13893(default: 1000)</b></DT><DD> 13894 13895<p> The number of recipients that a remote SMTP client can send in 13896excess of the limit specified with $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>, before 13897the Postfix SMTP server increments the per-session error count 13898for each excess recipient. </p> 13899 13900 13901</DD> 13902 13903<DT><b><a name="smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> 13904(default: see "postconf -d" output)</b></DT><DD> 13905 13906<p> 13907Optional restrictions that the Postfix SMTP server applies in the 13908context of a client RCPT TO command, after <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>. 13909See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 13910restriction lists" for a discussion of evaluation context and time. 13911</p> 13912 13913<p> With Postfix versions before 2.10, the rules for relay permission 13914and spam blocking were combined under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>, 13915resulting in error-prone configuration. As of Postfix 2.10, relay 13916permission rules are preferably implemented with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>, 13917so that a permissive spam blocking policy under 13918<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> will no longer result in a permissive 13919mail relay policy. </p> 13920 13921<p> For backwards compatibility, sites that migrate from Postfix 13922versions before 2.10 can set <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> to the empty 13923value, and use <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> exactly as before. </p> 13924 13925<p> 13926IMPORTANT: Either the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> or the 13927<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameter must specify 13928at least one of the following restrictions. Otherwise Postfix will 13929refuse to receive mail: 13930</p> 13931 13932<blockquote> 13933<pre> 13934reject, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> 13935</pre> 13936</blockquote> 13937 13938<blockquote> 13939<pre> 13940defer, <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a> 13941</pre> 13942</blockquote> 13943 13944<p> 13945Specify a list of restrictions, separated by commas and/or whitespace. 13946Continue long lines by starting the next line with whitespace. 13947Restrictions are applied in the order as specified; the first 13948restriction that matches wins. 13949</p> 13950 13951<p> 13952The following restrictions are specific to the recipient address 13953that is received with the RCPT TO command. 13954</p> 13955 13956<dl> 13957 13958<dt><b><a name="check_recipient_access">check_recipient_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13959 13960<dd>Search the specified <a href="access.5.html">access(5)</a> database for the resolved RCPT 13961TO address, domain, parent domains, or localpart@, and execute the 13962corresponding action. </dd> 13963 13964<dt><b><a name="check_recipient_mx_access">check_recipient_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13965 13966<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for 13967the RCPT TO domain, and execute the corresponding action. Note: 13968a result of "OK" is not allowed for safety reasons. Instead, use 13969DUNNO in order to exclude specific hosts from blacklists. This 13970feature is available in Postfix 2.1 and later. </dd> 13971 13972<dt><b><a name="check_recipient_ns_access">check_recipient_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13973 13974<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers 13975for the RCPT TO domain, and execute the corresponding action. 13976Note: a result of "OK" is not allowed for safety reasons. Instead, 13977use DUNNO in order to exclude specific hosts from blacklists. This 13978feature is available in Postfix 2.1 and later. </dd> 13979 13980<dt><b><a name="permit_auth_destination">permit_auth_destination</a></b></dt> 13981 13982<dd>Permit the request when one of the following is true: 13983 13984<ul> 13985 13986<li> Postfix is mail forwarder: the resolved RCPT TO domain matches 13987$<a href="postconf.5.html#relay_domains">relay_domains</a> or a subdomain thereof, and the address contains no 13988sender-specified routing (user@elsewhere@domain), 13989 13990<li> Postfix is the final destination: the resolved RCPT TO domain 13991matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, 13992$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and the address 13993contains no sender-specified routing (user@elsewhere@domain). 13994 13995</ul></dd> 13996 13997<dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt> 13998 13999<dd>Permit the request when the local mail system is backup MX for 14000the RCPT TO domain, or when the domain is an authorized destination 14001(see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> for definition). 14002 14003<ul> 14004 14005<li> Safety: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> does not accept addresses that have 14006sender-specified routing information (example: user@elsewhere@domain). 14007 14008<li> Safety: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> can be vulnerable to mis-use when 14009access is not restricted with <a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a>. 14010 14011<li> Safety: as of Postfix version 2.3, <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> no longer 14012accepts the address when the local mail system is primary MX for 14013the recipient domain. Exception: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> accepts the address 14014when it specifies an authorized destination (see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> 14015for definition). 14016 14017<li> Limitation: mail may be rejected in case of a temporary DNS 14018lookup problem with Postfix prior to version 2.0. 14019 14020</ul></dd> 14021 14022<dt><b><a name="reject_non_fqdn_recipient">reject_non_fqdn_recipient</a></b></dt> 14023 14024<dd>Reject the request when the RCPT TO address is not in 14025fully-qualified domain form, as required by the RFC. <br> The 14026<a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for 14027rejected requests (default: 504). </dd> 14028 14029<dt><b><a name="reject_rhsbl_recipient">reject_rhsbl_recipient <i>rbl_domain=d.d.d.d</i></a></b></dt> 14030 14031<dd>Reject the request when the RCPT TO domain is listed with the 14032A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version 140332.1 and later only). Each "<i>d</i>" is a number, or a pattern 14034inside "[]" that contains one or more ";"-separated numbers or 14035number..number ranges (Postfix version 2.8 and later). If no 14036"<i>=d.d.d.d</i>" is specified, reject 14037the request when the RCPT TO domain is listed with 14038any A record under <i>rbl_domain</i>. <br> The <a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> 14039parameter specifies the response code for rejected requests (default: 14040554); the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter specifies the default server 14041reply; and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter specifies tables with server 14042replies indexed by <i>rbl_domain</i>. This feature is available 14043in Postfix version 2.0 and later.</dd> 14044 14045<dt><b><a name="reject_unauth_destination">reject_unauth_destination</a></b></dt> 14046 14047<dd>Reject the request unless one of the following is true: 14048 14049<ul> 14050 14051<li> Postfix is mail forwarder: the resolved RCPT TO domain matches 14052$<a href="postconf.5.html#relay_domains">relay_domains</a> or a subdomain thereof, and contains no sender-specified 14053routing (user@elsewhere@domain), 14054 14055<li> Postfix is the final destination: the resolved RCPT TO domain 14056matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, 14057$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and contains 14058no sender-specified routing (user@elsewhere@domain). 14059 14060</ul>The <a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> parameter specifies the response 14061code for rejected requests (default: 554). </dd> 14062 14063<dt><b><a name="defer_unauth_destination">defer_unauth_destination</a></b></dt> 14064 14065<dd> Reject the same requests as <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>, with a 14066non-permanent error code. This feature is available in Postfix 140672.10 and later.</dd> 14068 14069<dt><b><a name="reject_unknown_recipient_domain">reject_unknown_recipient_domain</a></b></dt> 14070 14071<dd>Reject the request when Postfix is not final destination for 14072the recipient domain, and the RCPT TO domain has 1) no DNS A or MX 14073record or 2) a malformed MX record such as a record with 14074a zero-length MX hostname (Postfix version 2.3 and later). <br> The 14075<a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter specifies the numerical 14076response code for rejected requests (default: 450). The response 14077is always 450 in case of a temporary DNS error. <br> The 14078<a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> parameter specifies the action 14079after a temporary DNS error (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). </dd> 14080 14081<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b> (with Postfix version 2.0: check_recipient_maps)</dt> 14082 14083<dd> Reject the request when the RCPT TO address is not listed in 14084the list of valid recipients for its domain class. See the 14085<a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> parameter description for details. 14086This feature is available in Postfix 2.1 and later.</dd> 14087 14088<dt><b><a name="reject_unverified_recipient">reject_unverified_recipient</a></b></dt> 14089 14090<dd>Reject the request when mail to the RCPT TO address is known 14091to bounce, or when the recipient address destination is not reachable. 14092Address verification information is managed by the <a href="verify.8.html">verify(8)</a> server; 14093see the <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> file for details. <br> The 14094<a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> parameter specifies the numerical 14095response code when an address is known to bounce (default: 450, 14096change into 550 when you are confident that it is safe to do so). 14097<br>The <a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> parameter specifies the 14098numerical response code when an address probe failed due to a 14099temporary problem (default: 450). <br> The 14100<a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> parameter specifies the action 14101after address probe failure due to a temporary problem (default: 14102<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). <br> This feature is available in Postfix 2.1 14103and later. </dd> 14104 14105</dl> 14106 14107<p> 14108Other restrictions that are valid in this context: 14109</p> 14110 14111<ul> 14112 14113<li><a href="#generic">Generic</a> restrictions that can be used 14114in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 14115 14116<li>SMTP command specific restrictions described under 14117<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and 14118<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>. 14119 14120</ul> 14121 14122<p> 14123Example: 14124</p> 14125 14126<pre> 14127# The Postfix before 2.10 default mail relay policy. Later Postfix 14128# versions implement this preferably with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>. 14129<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> 14130</pre> 14131 14132 14133</DD> 14134 14135<DT><b><a name="smtpd_reject_footer">smtpd_reject_footer</a> 14136(default: empty)</b></DT><DD> 14137 14138<p> Optional information that is appended after each Postfix SMTP 14139server 141404XX or 5XX response. </p> 14141 14142<p> The following example uses "\c" at the start of the template 14143(supported in Postfix 2.10 and later) to suppress the line break 14144between the reply text and the footer text. With earlier Postfix 14145versions, the footer text always begins on a new line, and the "\c" 14146is output literally. </p> 14147 14148<pre> 14149/etc/postfix/<a href="postconf.5.html">main.cf</a>: 14150 <a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> = \c. For assistance, call 800-555-0101. 14151 Please provide the following information in your problem report: 14152 time ($localtime), client ($client_address) and server 14153 ($server_name). 14154</pre> 14155 14156<p> Server response: </p> 14157 14158<pre> 14159 550-5.5.1 <user@example> Recipient address rejected: User 14160 unknown. For assistance, call 800-555-0101. Please provide the 14161 following information in your problem report: time (Jan 4 15:42:00), 14162 client (192.168.1.248) and server (mail1.example.com). 14163</pre> 14164 14165<p> Note: the above text is meant to make it easier to find the 14166Postfix logfile records for a failed SMTP session. The text itself 14167is not logged to the Postfix SMTP server's maillog file. </p> 14168 14169<p> Be sure to keep the text as short as possible. Long text may 14170be truncated before it is logged to the remote SMTP client's maillog 14171file, or before it is returned to the sender in a delivery status 14172notification. </p> 14173 14174<p> This feature supports a limited number of $name attributes in 14175the footer text. These are replaced by their current value for the 14176SMTP session: </p> 14177 14178<dl> 14179 14180<dt> <b>client_address</b> </dt> <dd> The Client IP address that 14181is logged in the maillog file. </dd> 14182 14183<dt> <b>client_port</b> </dt> <dd> The client TCP port that is 14184logged in the maillog file. </dd> 14185 14186<dt> <b>localtime</b> </dt> <dd> The server local time (Mmm dd 14187hh:mm:ss) that is logged in the maillog file. </dd> 14188 14189<dt> <b>server_name</b> </dt> <dd> The server's <a href="postconf.5.html#myhostname">myhostname</a> value. 14190This attribute is made available for sites with multiple MTAs 14191(perhaps behind a load-balancer), where the server name can help 14192the server support team to quickly find the right log files. </dd> 14193 14194</dl> 14195 14196<p> Notes: </p> 14197 14198<ul> 14199 14200<li> <p> NOT SUPPORTED are other attributes such as sender, recipient, 14201or <a href="postconf.5.html">main.cf</a> parameters. </p> 14202 14203<li> <p> For safety reasons, text that does not match 14204$<a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> is censored. </p> 14205 14206</ul> 14207 14208<p> This feature supports the two-character sequence \n as a request 14209for a line break in the footer text. Postfix automatically inserts 14210after each line break the three-digit SMTP reply code (and optional 14211enhanced status code) from the original Postfix reject message. 14212</p> 14213 14214<p> To work around mail software that mis-handles multi-line replies, 14215specify the two-character sequence \c at the start of the template. 14216This suppresses the line break between the reply text and the footer 14217text (Postfix 2.10 and later). </p> 14218 14219<p> This feature is available in Postfix 2.8 and later. </p> 14220 14221 14222</DD> 14223 14224<DT><b><a name="smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> 14225(default: yes)</b></DT><DD> 14226 14227<p> 14228Request that the Postfix SMTP server rejects mail for unknown 14229recipient addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> 14230access restriction is specified. This prevents the Postfix queue 14231from filling up with undeliverable MAILER-DAEMON messages. 14232</p> 14233 14234<p> An address is always considered "known" when it matches a 14235<a href="virtual.5.html">virtual(5)</a> alias or a <a href="canonical.5.html">canonical(5)</a> mapping. 14236 14237<ul> 14238 14239<li> The recipient domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 14240or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, but the recipient is not listed in 14241$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> is not null. 14242 14243<li> The recipient domain matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> but the 14244recipient is not listed in $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. 14245 14246<li> The recipient domain matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> but the 14247recipient is not listed in $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> 14248is not null. 14249 14250<li> The recipient domain matches $<a href="postconf.5.html#relay_domains">relay_domains</a> but the recipient 14251is not listed in $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>, and $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> 14252is not null. 14253 14254</ul> 14255 14256<p> 14257This feature is available in Postfix 2.1 and later. 14258</p> 14259 14260 14261</DD> 14262 14263<DT><b><a name="smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> 14264(default: no)</b></DT><DD> 14265 14266<p> Request that the Postfix SMTP server rejects mail from unknown 14267sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> 14268access restriction is specified. This can slow down an explosion 14269of forged mail from worms or viruses. </p> 14270 14271<p> An address is always considered "known" when it matches a 14272<a href="virtual.5.html">virtual(5)</a> alias or a <a href="canonical.5.html">canonical(5)</a> mapping. 14273 14274<ul> 14275 14276<li> The sender domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or 14277$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, but the sender is not listed in 14278$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> is not null. 14279 14280<li> The sender domain matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> but the sender 14281is not listed in $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. 14282 14283<li> The sender domain matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> but the 14284sender is not listed in $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> 14285is not null. 14286 14287<li> The sender domain matches $<a href="postconf.5.html#relay_domains">relay_domains</a> but the sender is 14288not listed in $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>, and $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> is 14289not null. 14290 14291</ul> 14292 14293<p> 14294This feature is available in Postfix 2.1 and later. 14295</p> 14296 14297 14298</DD> 14299 14300<DT><b><a name="smtpd_relay_restrictions">smtpd_relay_restrictions</a> 14301(default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>)</b></DT><DD> 14302 14303<p> Access restrictions for mail relay control that the Postfix 14304SMTP server applies in the context of the RCPT TO command, before 14305<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. 14306See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 14307restriction lists" for a discussion of evaluation context and time. 14308</p> 14309 14310<p> With Postfix versions before 2.10, the rules for relay permission 14311and spam blocking were combined under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>, 14312resulting in error-prone configuration. As of Postfix 2.10, relay 14313permission rules are preferably implemented with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>, 14314so that a permissive spam blocking policy under 14315<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> will no longer result in a permissive 14316mail relay policy. </p> 14317 14318<p> For backwards compatibility, sites that migrate from Postfix 14319versions before 2.10 can set <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> to the empty 14320value, and use <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> exactly as before. </p> 14321 14322<p> 14323By default, the Postfix SMTP server accepts: 14324</p> 14325 14326<ul> 14327 14328<li> Mail from clients whose IP address matches $<a href="postconf.5.html#mynetworks">mynetworks</a>, or: 14329 14330<li> Mail to remote destinations that match $<a href="postconf.5.html#relay_domains">relay_domains</a>, except 14331for addresses that contain sender-specified routing 14332(user@elsewhere@domain), or: 14333 14334<li> Mail to local destinations that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 14335or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or 14336$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. 14337 14338</ul> 14339 14340<p> 14341IMPORTANT: Either the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> or the 14342<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameter must specify 14343at least one of the following restrictions. Otherwise Postfix will 14344refuse to receive mail: 14345</p> 14346 14347<blockquote> 14348<pre> 14349reject, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> 14350</pre> 14351</blockquote> 14352 14353<blockquote> 14354<pre> 14355defer, <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a> 14356</pre> 14357</blockquote> 14358 14359<p> 14360Specify a list of restrictions, separated by commas and/or whitespace. 14361Continue long lines by starting the next line with whitespace. 14362The same restrictions are available as documented under 14363<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. 14364</p> 14365 14366<p> This feature is available in Postix 2.10 and later. </p> 14367 14368 14369</DD> 14370 14371<DT><b><a name="smtpd_restriction_classes">smtpd_restriction_classes</a> 14372(default: empty)</b></DT><DD> 14373 14374<p> 14375User-defined aliases for groups of access restrictions. The aliases 14376can be specified in <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> etc., and on the 14377right-hand side of a Postfix <a href="access.5.html">access(5)</a> table. 14378</p> 14379 14380<p> 14381One major application is for implementing per-recipient UCE control. 14382See the <a href="RESTRICTION_CLASS_README.html">RESTRICTION_CLASS_README</a> document for other examples. 14383</p> 14384 14385 14386</DD> 14387 14388<DT><b><a name="smtpd_sasl_application_name">smtpd_sasl_application_name</a> 14389(default: smtpd)</b></DT><DD> 14390 14391<p> 14392The application name that the Postfix SMTP server uses for SASL 14393server initialization. This 14394controls the name of the SASL configuration file. The default value 14395is <b>smtpd</b>, corresponding to a SASL configuration file named 14396<b>smtpd.conf</b>. 14397</p> 14398 14399<p> 14400This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3 14401it was renamed to <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>. 14402</p> 14403 14404 14405</DD> 14406 14407<DT><b><a name="smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> 14408(default: no)</b></DT><DD> 14409 14410<p> 14411Enable SASL authentication in the Postfix SMTP server. By default, 14412the Postfix SMTP server does not use authentication. 14413</p> 14414 14415<p> 14416If a remote SMTP client is authenticated, the <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> 14417access restriction can be used to permit relay access, like this: 14418</p> 14419 14420<blockquote> 14421<pre> 14422# With Postfix 2.10 and later, the mail relay policy is 14423# preferably specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>. 14424<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> = 14425 <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, ... 14426</pre> 14427 14428<pre> 14429# With Postfix before 2.10, the relay policy can be 14430# specified only under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. 14431<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = 14432 <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, ... 14433</pre> 14434</blockquote> 14435 14436<p> To reject all SMTP connections from unauthenticated clients, 14437specify "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes" (which is the default) and use: 14438</p> 14439 14440<blockquote> 14441<pre> 14442<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, reject 14443</pre> 14444</blockquote> 14445 14446<p> 14447See the <a href="SASL_README.html">SASL_README</a> file for SASL configuration and operation details. 14448</p> 14449 14450 14451</DD> 14452 14453<DT><b><a name="smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> 14454(default: no)</b></DT><DD> 14455 14456<p> Report the SASL authenticated user name in the <a href="smtpd.8.html">smtpd(8)</a> Received 14457message header. </p> 14458 14459<p> This feature is available in Postfix 2.3 and later. </p> 14460 14461 14462</DD> 14463 14464<DT><b><a name="smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> 14465(default: empty)</b></DT><DD> 14466 14467<p> 14468What remote SMTP clients the Postfix SMTP server will not offer 14469AUTH support to. 14470</p> 14471 14472<p> 14473Some clients (Netscape 4 at least) have a bug that causes them to 14474require a login and password whenever AUTH is offered, whether it's 14475necessary or not. To work around this, specify, for example, 14476$<a href="postconf.5.html#mynetworks">mynetworks</a> to prevent Postfix from offering AUTH to local clients. 14477</p> 14478 14479<p> 14480Specify a list of network/netmask patterns, separated by commas 14481and/or whitespace. The mask specifies the number of bits in the 14482network part of a host address. You can also "/file/name" or 14483"<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" pattern is replaced by its 14484contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a table entry 14485matches a lookup string (the lookup result is ignored). Continue 14486long lines by starting the next line with whitespace. Specify 14487"!pattern" to exclude an address or network block from the list. 14488The form "!/file/name" is supported only in Postfix version 2.4 and 14489later. </p> 14490 14491<p> Note: IP version 6 address information must be specified inside 14492<tt>[]</tt> in the <a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> value, and in 14493files specified with "/file/name". IP version 6 addresses contain 14494the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 14495pattern. </p> 14496 14497<p> 14498Example: 14499</p> 14500 14501<pre> 14502<a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> = $<a href="postconf.5.html#mynetworks">mynetworks</a> 14503</pre> 14504 14505<p> 14506This feature is available in Postfix 2.1 and later. 14507</p> 14508 14509 14510</DD> 14511 14512<DT><b><a name="smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> 14513(default: empty)</b></DT><DD> 14514 14515<p> 14516The name of the Postfix SMTP server's local SASL authentication 14517realm. 14518</p> 14519 14520<p> 14521By default, the local authentication realm name is the null string. 14522</p> 14523 14524<p> 14525Examples: 14526</p> 14527 14528<pre> 14529<a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> = $<a href="postconf.5.html#mydomain">mydomain</a> 14530<a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> = $<a href="postconf.5.html#myhostname">myhostname</a> 14531</pre> 14532 14533 14534</DD> 14535 14536<DT><b><a name="smtpd_sasl_path">smtpd_sasl_path</a> 14537(default: smtpd)</b></DT><DD> 14538 14539<p> Implementation-specific information that the Postfix SMTP server 14540passes through to 14541the SASL plug-in implementation that is selected with 14542<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. Typically this specifies the name of a 14543configuration file or rendezvous point. </p> 14544 14545<p> This feature is available in Postfix 2.3 and later. In earlier 14546releases it was called <b><a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a></b>. </p> 14547 14548 14549</DD> 14550 14551<DT><b><a name="smtpd_sasl_security_options">smtpd_sasl_security_options</a> 14552(default: noanonymous)</b></DT><DD> 14553 14554<p> Postfix SMTP server SASL security options; as of Postfix 2.3 14555the list of available 14556features depends on the SASL server implementation that is selected 14557with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. </p> 14558 14559<p> The following security features are defined for the <b>cyrus</b> 14560server SASL implementation: </p> 14561 14562<p> 14563Restrict what authentication mechanisms the Postfix SMTP server 14564will offer to the client. The list of available authentication 14565mechanisms is system dependent. 14566</p> 14567 14568<p> 14569Specify zero or more of the following: 14570</p> 14571 14572<dl> 14573 14574<dt><b>noplaintext</b></dt> 14575 14576<dd>Disallow methods that use plaintext passwords. </dd> 14577 14578<dt><b>noactive</b></dt> 14579 14580<dd>Disallow methods subject to active (non-dictionary) attack. </dd> 14581 14582<dt><b>nodictionary</b></dt> 14583 14584<dd>Disallow methods subject to passive (dictionary) attack. </dd> 14585 14586<dt><b>noanonymous</b></dt> 14587 14588<dd>Disallow methods that allow anonymous authentication. </dd> 14589 14590<dt><b>forward_secrecy</b></dt> 14591 14592<dd>Only allow methods that support forward secrecy (Dovecot only). 14593</dd> 14594 14595<dt><b>mutual_auth</b></dt> 14596 14597<dd>Only allow methods that provide mutual authentication (not available 14598with Cyrus SASL version 1). </dd> 14599 14600</dl> 14601 14602<p> 14603By default, the Postfix SMTP server accepts plaintext passwords but 14604not anonymous logins. 14605</p> 14606 14607<p> 14608Warning: it appears that clients try authentication methods in the 14609order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5) 14610which means that if you disable plaintext passwords, clients will 14611log in anonymously, even when they should be able to use CRAM-MD5. 14612So, if you disable plaintext logins, disable anonymous logins too. 14613Postfix treats anonymous login as no authentication. 14614</p> 14615 14616<p> 14617Example: 14618</p> 14619 14620<pre> 14621<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> = noanonymous, noplaintext 14622</pre> 14623 14624 14625</DD> 14626 14627<DT><b><a name="smtpd_sasl_service">smtpd_sasl_service</a> 14628(default: smtp)</b></DT><DD> 14629 14630<p> The service name that is passed to the SASL plug-in that is 14631selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b> and <b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a></b>. 14632</p> 14633 14634<p> This feature is available in Postfix 2.11 and later. Prior 14635versions behave as if "<b>smtp</b>" is specified. </p> 14636 14637 14638</DD> 14639 14640<DT><b><a name="smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> 14641(default: $<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a>)</b></DT><DD> 14642 14643<p> The SASL authentication security options that the Postfix SMTP 14644server uses for TLS encrypted SMTP sessions. </p> 14645 14646<p> This feature is available in Postfix 2.2 and later. </p> 14647 14648 14649</DD> 14650 14651<DT><b><a name="smtpd_sasl_type">smtpd_sasl_type</a> 14652(default: cyrus)</b></DT><DD> 14653 14654<p> The SASL plug-in type that the Postfix SMTP server should use 14655for authentication. The available types are listed with the 14656"<b>postconf -a</b>" command. </p> 14657 14658<p> This feature is available in Postfix 2.3 and later. </p> 14659 14660 14661</DD> 14662 14663<DT><b><a name="smtpd_sender_login_maps">smtpd_sender_login_maps</a> 14664(default: empty)</b></DT><DD> 14665 14666<p> 14667Optional lookup table with the SASL login names that own sender 14668(MAIL FROM) addresses. 14669</p> 14670 14671<p> 14672Specify zero or more "<a href="DATABASE_README.html">type:table</a>" lookup tables. With lookups from 14673indexed files such as DB or DBM, or from networked tables such as 14674NIS, LDAP or SQL, the following search operations are done with a 14675sender address of <i>user@domain</i>: </p> 14676 14677<dl> 14678 14679<dt> 1) <i>user@domain</i> </dt> 14680 14681<dd>This table lookup is always done and has the highest precedence. </dd> 14682 14683<dt> 2) <i>user</i> </dt> 14684 14685<dd>This table lookup is done only when the <i>domain</i> part of the 14686sender address matches $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 14687or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. </dd> 14688 14689<dt> 3) <i>@domain</i> </dt> 14690 14691<dd>This table lookup is done last and has the lowest precedence. </dd> 14692 14693</dl> 14694 14695<p> 14696In all cases the result of table lookup must be either "not found" 14697or a list of SASL login names separated by comma and/or whitespace. 14698</p> 14699 14700 14701</DD> 14702 14703<DT><b><a name="smtpd_sender_restrictions">smtpd_sender_restrictions</a> 14704(default: empty)</b></DT><DD> 14705 14706<p> 14707Optional restrictions that the Postfix SMTP server applies in the 14708context of a client MAIL FROM command. 14709See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 14710restriction lists" for a discussion of evaluation context and time. 14711</p> 14712 14713<p> 14714The default is to permit everything. 14715</p> 14716 14717<p> 14718Specify a list of restrictions, separated by commas and/or whitespace. 14719Continue long lines by starting the next line with whitespace. 14720Restrictions are applied in the order as specified; the first 14721restriction that matches wins. 14722</p> 14723 14724<p> 14725The following restrictions are specific to the sender address 14726received with the MAIL FROM command. 14727</p> 14728 14729<dl> 14730 14731<dt><b><a name="check_sender_access">check_sender_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 14732 14733<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MAIL FROM 14734address, domain, parent domains, or localpart@, and execute the 14735corresponding action. </dd> 14736 14737<dt><b><a name="check_sender_mx_access">check_sender_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 14738 14739<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for 14740the MAIL FROM address, and execute the corresponding action. Note: 14741a result of "OK" is not allowed for safety reasons. Instead, use 14742DUNNO in order to exclude specific hosts from blacklists. This 14743feature is available in Postfix 2.1 and later. </dd> 14744 14745<dt><b><a name="check_sender_ns_access">check_sender_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 14746 14747<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers 14748for the MAIL FROM address, and execute the corresponding action. 14749Note: a result of "OK" is not allowed for safety reasons. Instead, 14750use DUNNO in order to exclude specific hosts from blacklists. This 14751feature is available in Postfix 2.1 and later. </dd> 14752 14753<dt><b><a name="reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></b></dt> 14754 14755<dd>Enforces the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction for 14756authenticated clients only. This feature is available in 14757Postfix version 2.1 and later. </dd> 14758 14759<dt><b><a name="reject_known_sender_login_mismatch">reject_known_sender_login_mismatch</a></b></dt> 14760 14761<dd>Apply the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction only to MAIL 14762FROM addresses that are known in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>. This 14763feature is available in Postfix version 2.11 and later. </dd> 14764 14765<dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt> 14766 14767<dd>Reject the request when the MAIL FROM address is not in 14768fully-qualified domain form, as required by the RFC. <br> The 14769<a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for 14770rejected requests (default: 504). </dd> 14771 14772<dt><b><a name="reject_rhsbl_sender">reject_rhsbl_sender <i>rbl_domain=d.d.d.d</i></a></b></dt> 14773 14774<dd>Reject the request when the MAIL FROM domain is listed with 14775the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix 14776version 2.1 and later only). Each "<i>d</i>" is a number, or a 14777pattern inside "[]" that contains one or more ";"-separated numbers 14778or number..number ranges (Postfix version 2.8 and later). If no 14779"<i>=d.d.d.d</i>" is specified, 14780reject the request when the MAIL FROM domain is 14781listed with any A record under <i>rbl_domain</i>. <br> The 14782<a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> parameter specifies the response code for 14783rejected requests (default: 554); the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter 14784specifies the default server reply; and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter 14785specifies tables with server replies indexed by <i>rbl_domain</i>. 14786This feature is available in Postfix 2.0 and later.</dd> 14787 14788<dt><b><a name="reject_sender_login_mismatch">reject_sender_login_mismatch</a></b></dt> 14789 14790<dd>Reject the request when $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> specifies an 14791owner for the MAIL FROM address, but the client is not (SASL) logged 14792in as that MAIL FROM address owner; or when the client is (SASL) 14793logged in, but the client login name doesn't own the MAIL FROM 14794address according to $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>.</dd> 14795 14796<dt><b><a name="reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></b></dt> 14797 14798<dd>Enforces the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction for 14799unauthenticated clients only. This feature is available in 14800Postfix version 2.1 and later. </dd> 14801 14802<dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt> 14803 14804<dd>Reject the request when Postfix is not final destination for 14805the sender address, and the MAIL FROM domain has 1) no DNS A or MX 14806record, or 2) a malformed MX record such as a record with 14807a zero-length MX hostname (Postfix version 2.3 and later). <br> The 14808<a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter specifies the numerical 14809response code for rejected requests (default: 450). The response 14810is always 450 in case of a temporary DNS error. <br> The 14811<a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> parameter specifies the action 14812after a temporary DNS error (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). </dd> 14813 14814<dt><b><a name="reject_unlisted_sender">reject_unlisted_sender</a></b></dt> 14815 14816<dd>Reject the request when the MAIL FROM address is not listed in 14817the list of valid recipients for its domain class. See the 14818<a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> parameter description for details. 14819This feature is available in Postfix 2.1 and later.</dd> 14820 14821<dt><b><a name="reject_unverified_sender">reject_unverified_sender</a></b></dt> 14822 14823<dd>Reject the request when mail to the MAIL FROM address is known to 14824bounce, or when the sender address destination is not reachable. 14825Address verification information is managed by the <a href="verify.8.html">verify(8)</a> server; 14826see the <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> file for details. <br> The 14827<a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> parameter specifies the numerical 14828response code when an address is known to bounce (default: 450, 14829change into 550 when you are confident that it is safe to do so). 14830<br>The <a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> specifies the numerical response 14831code when an address probe failed due to a temporary problem 14832(default: 450). <br> The <a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> parameter 14833specifies the action after address probe failure due to a temporary 14834problem (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). <br> This feature is available 14835in Postfix 2.1 and later. </dd> 14836 14837</dl> 14838 14839<p> 14840Other restrictions that are valid in this context: 14841</p> 14842 14843<ul> 14844 14845<li> <a href="#generic">Generic</a> restrictions that can be used 14846in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 14847 14848<li> SMTP command specific restrictions described under 14849<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>. 14850 14851<li> SMTP command specific restrictions described under 14852<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. When recipient restrictions are listed 14853under <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, they have effect only with 14854"<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> is 14855evaluated at the time of the RCPT TO command. 14856 14857</ul> 14858 14859<p> 14860Examples: 14861</p> 14862 14863<pre> 14864<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> = <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> 14865<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> = <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>, 14866 <a href="postconf.5.html#check_sender_access">check_sender_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/access 14867</pre> 14868 14869 14870</DD> 14871 14872<DT><b><a name="smtpd_service_name">smtpd_service_name</a> 14873(default: smtpd)</b></DT><DD> 14874 14875<p> The internal service that <a href="postscreen.8.html">postscreen(8)</a> hands off allowed 14876connections to. In a future version there may be different 14877classes of SMTP service. </p> 14878 14879<p> This feature is available in Postfix 2.8. </p> 14880 14881 14882</DD> 14883 14884<DT><b><a name="smtpd_soft_error_limit">smtpd_soft_error_limit</a> 14885(default: 10)</b></DT><DD> 14886 14887<p> 14888The number of errors a remote SMTP client is allowed to make without 14889delivering mail before the Postfix SMTP server slows down all its 14890responses. 14891</p> 14892 14893<ul> 14894 14895<li><p>With Postfix version 2.1 and later, the Postfix SMTP server 14896delays all responses by $<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> seconds. </p> 14897 14898<li><p>With Postfix versions 2.0 and earlier, the Postfix SMTP 14899server delays all responses by (number of errors) seconds. </p> 14900 14901</ul> 14902 14903 14904</DD> 14905 14906<DT><b><a name="smtpd_starttls_timeout">smtpd_starttls_timeout</a> 14907(default: see "postconf -d" output)</b></DT><DD> 14908 14909<p> The time limit for Postfix SMTP server write and read operations 14910during TLS startup and shutdown handshake procedures. The current 14911default value is stress-dependent. Before Postfix version 2.8, it 14912was fixed at 300s. </p> 14913 14914<p> This feature is available in Postfix 2.2 and later. </p> 14915 14916 14917</DD> 14918 14919<DT><b><a name="smtpd_timeout">smtpd_timeout</a> 14920(default: normal: 300s, overload: 10s)</b></DT><DD> 14921 14922<p> 14923The time limit for sending a Postfix SMTP server response and for 14924receiving a remote SMTP client request. Normally the default limit 14925is 300s, but it changes under overload to just 10s. With Postfix 149262.5 and earlier, the SMTP server always uses a time limit of 300s 14927by default. 14928</p> 14929 14930<p> 14931Note: if you set SMTP time limits to very large values you may have 14932to update the global <a href="postconf.5.html#ipc_timeout">ipc_timeout</a> parameter. 14933</p> 14934 14935<p> 14936Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 14937The default time unit is s (seconds). 14938</p> 14939 14940 14941</DD> 14942 14943<DT><b><a name="smtpd_tls_CAfile">smtpd_tls_CAfile</a> 14944(default: empty)</b></DT><DD> 14945 14946<p> A file containing (PEM format) CA certificates of root CAs trusted 14947to sign either remote SMTP client certificates or intermediate CA 14948certificates. These are loaded into memory before the <a href="smtpd.8.html">smtpd(8)</a> server 14949enters the chroot jail. If the number of trusted roots is large, consider 14950using <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> instead, but note that the latter directory must 14951be present in the chroot jail if the <a href="smtpd.8.html">smtpd(8)</a> server is chrooted. This 14952file may also be used to augment the server certificate trust chain, 14953but it is best to include all the required certificates directly in the 14954server certificate file. </p> 14955 14956<p> Specify "<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /path/to/system_CA_file" to use ONLY 14957the system-supplied default certificate authority certificates. 14958</p> 14959 14960<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from 14961appending the system-supplied default CAs and trusting third-party 14962certificates. </p> 14963 14964<p> By default (see <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>), client certificates are not 14965requested, and <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> should remain empty. If you do make use 14966of client certificates, the distinguished names (DNs) of the certificate 14967authorities listed in <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> are sent to the remote SMTP client 14968in the client certificate request message. MUAs with multiple client 14969certificates may use the list of preferred certificate authorities 14970to select the correct client certificate. You may want to put your 14971"preferred" CA or CAs in this file, and install other trusted CAs in 14972$<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>. </p> 14973 14974<p> Example: </p> 14975 14976<pre> 14977<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/CAcert.pem 14978</pre> 14979 14980<p> This feature is available in Postfix 2.2 and later. </p> 14981 14982 14983</DD> 14984 14985<DT><b><a name="smtpd_tls_CApath">smtpd_tls_CApath</a> 14986(default: empty)</b></DT><DD> 14987 14988<p> A directory containing (PEM format) CA certificates of root CAs 14989trusted to sign either remote SMTP client certificates or intermediate CA 14990certificates. Do not forget to create the necessary "hash" links with, 14991for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use 14992<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> in chroot mode, this directory (or a copy) must be 14993inside the chroot jail. </p> 14994 14995<p> Specify "<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> = /path/to/system_CA_directory" to 14996use ONLY the system-supplied default certificate authority certificates. 14997</p> 14998 14999<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from 15000appending the system-supplied default CAs and trusting third-party 15001certificates. </p> 15002 15003<p> By default (see <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>), client certificates are 15004not requested, and <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> should remain empty. In contrast 15005to <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, DNs of certificate authorities installed 15006in $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> are not included in the client certificate 15007request message. MUAs with multiple client certificates may use the 15008list of preferred certificate authorities to select the correct 15009client certificate. You may want to put your "preferred" CA or 15010CAs in $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, and install the remaining trusted CAs in 15011$<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>. </p> 15012 15013<p> Example: </p> 15014 15015<pre> 15016<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> = /etc/postfix/certs 15017</pre> 15018 15019<p> This feature is available in Postfix 2.2 and later. </p> 15020 15021 15022</DD> 15023 15024<DT><b><a name="smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> 15025(default: yes)</b></DT><DD> 15026 15027<p> Force the Postfix SMTP server to issue a TLS session id, even 15028when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> 15029is empty). This behavior is compatible with Postfix < 2.3. </p> 15030 15031<p> With Postfix 2.3 and later the Postfix SMTP server can disable 15032session id generation when TLS session caching is turned off. This 15033keeps remote SMTP clients from caching sessions that almost certainly cannot 15034be re-used. </p> 15035 15036<p> By default, the Postfix SMTP server always generates TLS session 15037ids. This works around a known defect in mail client applications 15038such as MS Outlook, and may also prevent interoperability issues 15039with other MTAs. </p> 15040 15041<p> Example: </p> 15042 15043<pre> 15044<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> = no 15045</pre> 15046 15047<p> This feature is available in Postfix 2.3 and later. </p> 15048 15049 15050</DD> 15051 15052<DT><b><a name="smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> 15053(default: no)</b></DT><DD> 15054 15055<p> Ask a remote SMTP client for a client certificate. This 15056information is needed for certificate based mail relaying with, 15057for example, the <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> feature. </p> 15058 15059<p> Some clients such as Netscape will either complain if no 15060certificate is available (for the list of CAs in $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>) 15061or will offer multiple client certificates to choose from. This 15062may be annoying, so this option is "off" by default. </p> 15063 15064<p> This feature is available in Postfix 2.2 and later. </p> 15065 15066 15067</DD> 15068 15069<DT><b><a name="smtpd_tls_auth_only">smtpd_tls_auth_only</a> 15070(default: no)</b></DT><DD> 15071 15072<p> When TLS encryption is optional in the Postfix SMTP server, do 15073not announce or accept SASL authentication over unencrypted 15074connections. </p> 15075 15076<p> This feature is available in Postfix 2.2 and later. </p> 15077 15078 15079</DD> 15080 15081<DT><b><a name="smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> 15082(default: 9)</b></DT><DD> 15083 15084<p> The verification depth for remote SMTP client certificates. A 15085depth of 1 is sufficient if the issuing CA is listed in a local CA 15086file. </p> 15087 15088<p> The default verification depth is 9 (the OpenSSL default) for 15089compatibility with earlier Postfix behavior. Prior to Postfix 2.5, 15090the default value was 5, but the limit was not actually enforced. If 15091you have set this to a lower non-default value, certificates with longer 15092trust chains may now fail to verify. Certificate chains with 1 or 2 15093CAs are common, deeper chains are more rare and any number between 5 15094and 9 should suffice in practice. You can choose a lower number if, 15095for example, you trust certificates directly signed by an issuing CA 15096but not any CAs it delegates to. </p> 15097 15098<p> This feature is available in Postfix 2.2 and later. </p> 15099 15100 15101</DD> 15102 15103<DT><b><a name="smtpd_tls_cert_file">smtpd_tls_cert_file</a> 15104(default: empty)</b></DT><DD> 15105 15106<p> File with the Postfix SMTP server RSA certificate in PEM format. 15107This file may also contain the Postfix SMTP server private RSA key. </p> 15108 15109<p> Public Internet MX hosts without certificates signed by a "reputable" 15110CA must generate, and be prepared to present to most clients, a 15111self-signed or private-CA signed certificate. The client will not be 15112able to authenticate the server, but unless it is running Postfix 2.3 or 15113similar software, it will still insist on a server certificate. </p> 15114 15115<p> For servers that are <b>not</b> public Internet MX hosts, Postfix 151162.3 supports configurations with no certificates. This entails the 15117use of just the anonymous TLS ciphers, which are not supported by 15118typical SMTP clients. Since such clients will not, as a rule, fall 15119back to plain text after a TLS handshake failure, the server will 15120be unable to receive email from TLS enabled clients. To avoid 15121accidental configurations with no certificates, Postfix 2.3 enables 15122certificate-less operation only when the administrator explicitly 15123sets "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix 15124configurations will not accidentally run with no certificates. </p> 15125 15126<p> Both RSA and DSA certificates are supported. When both types 15127are present, the cipher used determines which certificate will be 15128presented to the client. For Netscape and OpenSSL clients without 15129special cipher choices the RSA certificate is preferred. </p> 15130 15131<p> To enable a remote SMTP client to verify the Postfix SMTP server 15132certificate, the issuing CA certificates must be made available to the 15133client. You should include the required certificates in the server 15134certificate file, the server certificate first, then the issuing 15135CA(s) (bottom-up order). </p> 15136 15137<p> Example: the certificate for "server.example.com" was issued by 15138"intermediate CA" which itself has a certificate of "root CA". 15139Create the server.pem file with "cat server_cert.pem intermediate_CA.pem 15140root_CA.pem > server.pem". </p> 15141 15142<p> If you also want to verify client certificates issued by these 15143CAs, you can add the CA certificates to the <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, in which 15144case it is not necessary to have them in the <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> or 15145<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. </p> 15146 15147<p> A certificate supplied here must be usable as an SSL server certificate 15148and hence pass the "openssl verify -purpose sslserver ..." test. </p> 15149 15150<p> Example: </p> 15151 15152<pre> 15153<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/server.pem 15154</pre> 15155 15156<p> This feature is available in Postfix 2.2 and later. </p> 15157 15158 15159</DD> 15160 15161<DT><b><a name="smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> 15162(default: empty)</b></DT><DD> 15163 15164<p> Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS 15165cipher list. It is easy to create inter-operability problems by choosing 15166a non-default cipher list. Do not use a non-default TLS cipherlist for 15167MX hosts on the public Internet. Clients that begin the TLS handshake, 15168but are unable to agree on a common cipher, may not be able to send any 15169email to the SMTP server. Using a restricted cipher list may be more 15170appropriate for a dedicated MSA or an internal mailhub, where one can 15171exert some control over the TLS software and settings of the connecting 15172clients. </p> 15173 15174<p> <b>Note:</b> do not use "" quotes around the parameter value. </p> 15175 15176<p>This feature is available with Postfix version 2.2. It is not used with 15177Postfix 2.3 and later; use <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> instead. </p> 15178 15179 15180</DD> 15181 15182<DT><b><a name="smtpd_tls_ciphers">smtpd_tls_ciphers</a> 15183(default: export)</b></DT><DD> 15184 15185<p> The minimum TLS cipher grade that the Postfix SMTP server 15186will use with opportunistic TLS encryption. Cipher types listed in 15187<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are excluded from the base definition of 15188the selected cipher grade. The default value "export" ensures maximum 15189inter-operability. Because encryption is optional, stronger controls 15190are not appropriate, and this setting SHOULD NOT be changed unless the 15191change is essential. </p> 15192 15193<p> When TLS is mandatory the cipher grade is chosen via the 15194<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> configuration parameter, see there for syntax 15195details. </p> 15196 15197<p> Example: </p> 15198<pre> 15199<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> = export 15200</pre> 15201 15202<p> This feature is available in Postfix 2.6 and later. With earlier Postfix 15203releases only the <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> parameter is implemented, 15204and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p> 15205 15206 15207</DD> 15208 15209<DT><b><a name="smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> 15210(default: empty)</b></DT><DD> 15211 15212<p> File with the Postfix SMTP server DSA certificate in PEM format. 15213This file may also contain the Postfix SMTP server private DSA key. </p> 15214 15215<p> See the discussion under <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for more details. 15216</p> 15217 15218<p> Example: </p> 15219 15220<pre> 15221<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> = /etc/postfix/server-dsa.pem 15222</pre> 15223 15224<p> This feature is available in Postfix 2.2 and later. </p> 15225 15226 15227</DD> 15228 15229<DT><b><a name="smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> 15230(default: empty)</b></DT><DD> 15231 15232<p> File with DH parameters that the Postfix SMTP server should 15233use with non-export EDH ciphers. </p> 15234 15235<p> Instead of using the exact same parameter sets as distributed 15236with other TLS packages, it is more secure to generate your own 15237set of parameters with something like the following commands: </p> 15238 15239<blockquote> 15240<pre> 15241openssl dhparam -out /etc/postfix/dh512.pem 512 15242openssl dhparam -out /etc/postfix/dh1024.pem 1024 15243openssl dhparam -out /etc/postfix/dh2048.pem 2048 15244</pre> 15245</blockquote> 15246 15247<p> It is safe to share the same DH parameters between multiple 15248Postfix instances. If you prefer, you can generate separate 15249parameters for each instance. </p> 15250 15251<p> If you want to take maximal advantage of ciphers that offer <a 15252href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see 15253the <a href="FORWARD_SECRECY_README.html#quick-start">Getting 15254started</a> section of <a 15255href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The 15256full document conveniently presents all information about Postfix 15257"perfect" forward secrecy support in one place: what forward secrecy 15258is, how to tweak settings, and what you can expect to see when 15259Postfix uses ciphers with forward secrecy. </p> 15260 15261<p> Example: </p> 15262 15263<pre> 15264<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> = /etc/postfix/dh2048.pem 15265</pre> 15266 15267<p>This feature is available with Postfix version 2.2.</p> 15268 15269 15270</DD> 15271 15272<DT><b><a name="smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> 15273(default: empty)</b></DT><DD> 15274 15275<p> File with DH parameters that the Postfix SMTP server should 15276use with export-grade EDH ciphers. </p> 15277 15278<p> See also the discussion under the <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> 15279configuration parameter. </p> 15280 15281<p> Example: </p> 15282 15283<pre> 15284<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> = /etc/postfix/dh_512.pem 15285</pre> 15286 15287<p>This feature is available with Postfix version 2.2.</p> 15288 15289 15290</DD> 15291 15292<DT><b><a name="smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> 15293(default: $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b></DT><DD> 15294 15295<p> File with the Postfix SMTP server DSA private key in PEM format. 15296This file may be combined with the Postfix SMTP server DSA certificate 15297file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. </p> 15298 15299<p> The private key must be accessible without a pass-phrase, i.e. it 15300must not be encrypted. File permissions should grant read-only 15301access to the system superuser account ("root"), and no access 15302to anyone else. </p> 15303 15304<p> This feature is available in Postfix 2.2 and later. </p> 15305 15306 15307</DD> 15308 15309<DT><b><a name="smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> 15310(default: empty)</b></DT><DD> 15311 15312<p> File with the Postfix SMTP server ECDSA certificate in PEM format. 15313This file may also contain the Postfix SMTP server private ECDSA key. </p> 15314 15315<p> See the discussion under <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for more details. </p> 15316 15317<p> Example: </p> 15318 15319<pre> 15320<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> = /etc/postfix/ecdsa-scert.pem 15321</pre> 15322 15323<p> This feature is available in Postfix 2.6 and later, when Postfix is 15324compiled and linked with OpenSSL 1.0.0 or later. </p> 15325 15326 15327</DD> 15328 15329<DT><b><a name="smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> 15330(default: $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b></DT><DD> 15331 15332<p> File with the Postfix SMTP server ECDSA private key in PEM format. 15333This file may be combined with the Postfix SMTP server ECDSA certificate 15334file specified with $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. </p> 15335 15336<p> The private key must be accessible without a pass-phrase, i.e. it 15337must not be encrypted. File permissions should grant read-only 15338access to the system superuser account ("root"), and no access 15339to anyone else. </p> 15340 15341<p> This feature is available in Postfix 2.6 and later, when Postfix is 15342compiled and linked with OpenSSL 1.0.0 or later. </p> 15343 15344 15345</DD> 15346 15347<DT><b><a name="smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> 15348(default: see "postconf -d" output)</b></DT><DD> 15349 15350<p> The Postfix SMTP server security grade for ephemeral elliptic-curve 15351Diffie-Hellman (EECDH) key exchange. </p> 15352 15353<p> The available choices are: </p> 15354 15355<dl> 15356 15357<dt><b>none</b></dt> <dd> Don't use EECDH. Ciphers based on EECDH key 15358exchange will be disabled. This is the default in Postfix versions 153592.6 and 2.7. </dd> 15360 15361<dt><b>strong</b></dt> <dd> Use EECDH with approximately 128 15362bits of security at a reasonable computational cost. This is the 15363current best-practice trade-off between security and computational 15364efficiency. This is the default in Postfix version 2.8 and later. 15365</dd> 15366 15367<dt><b>ultra</b></dt> <dd> Use EECDH with approximately 192 bits of 15368security at computational cost that is approximately twice as high 15369as 128 bit strength ECC. Barring significant progress in attacks on 15370elliptic curve crypto-systems, the "strong" curve is sufficient for most 15371users. </dd> 15372 15373</dl> 15374 15375<p> If you want to take maximal advantage of ciphers that offer <a 15376href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see 15377the <a href="FORWARD_SECRECY_README.html#quick-start">Getting 15378started</a> section of <a 15379href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The 15380full document conveniently presents all information about Postfix 15381"perfect" forward secrecy support in one place: what forward secrecy 15382is, how to tweak settings, and what you can expect to see when 15383Postfix uses ciphers with forward secrecy. </p> 15384 15385<p> This feature is available in Postfix 2.6 and later, when it is 15386compiled and linked with OpenSSL 1.0.0 or later on platforms 15387where EC algorithms have not been disabled by the vendor. </p> 15388 15389 15390</DD> 15391 15392<DT><b><a name="smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> 15393(default: empty)</b></DT><DD> 15394 15395<p> List of ciphers or cipher types to exclude from the SMTP server 15396cipher list at all TLS security levels. Excluding valid ciphers 15397can create interoperability problems. DO NOT exclude ciphers unless it 15398is essential to do so. This is not an OpenSSL cipherlist; it is a simple 15399list separated by whitespace and/or commas. The elements are a single 15400cipher, or one or more "+" separated cipher properties, in which case 15401only ciphers matching <b>all</b> the properties are excluded. </p> 15402 15403<p> Examples (some of these will cause problems): </p> 15404 15405<blockquote> 15406<pre> 15407<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL 15408<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = MD5, DES 15409<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = DES+MD5 15410<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = AES256-SHA, DES-CBC3-MD5 15411<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = kEDH+aRSA 15412</pre> 15413</blockquote> 15414 15415<p> The first setting disables anonymous ciphers. The next setting 15416disables ciphers that use the MD5 digest algorithm or the (single) DES 15417encryption algorithm. The next setting disables ciphers that use MD5 and 15418DES together. The next setting disables the two ciphers "AES256-SHA" 15419and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH" 15420key exchange with RSA authentication. </p> 15421 15422<p> This feature is available in Postfix 2.3 and later. </p> 15423 15424 15425</DD> 15426 15427<DT><b><a name="smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> 15428(default: md5)</b></DT><DD> 15429 15430<p> The message digest algorithm to construct remote SMTP 15431client-certificate 15432fingerprints or public key fingerprints (Postfix 2.9 and later) 15433for <b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a></b>. The 15434default algorithm is <b>md5</b>, for backwards compatibility with Postfix 15435releases prior to 2.5. </p> 15436 15437<p> Advances in hash 15438function cryptanalysis have led to md5 being deprecated in favor of sha1. 15439However, as long as there are no known "second pre-image" attacks 15440against md5, its use in this context can still be considered safe. 15441</p> 15442 15443<p> While additional digest algorithms are often available with OpenSSL's 15444libcrypto, only those used by libssl in SSL cipher suites are available to 15445Postfix. </p> 15446 15447<p> To find the fingerprint of a specific certificate file, with a 15448specific digest algorithm, run: </p> 15449 15450<blockquote> 15451<pre> 15452$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem 15453</pre> 15454</blockquote> 15455 15456<p> The text to the right of "=" sign is the desired fingerprint. 15457For example: </p> 15458 15459<blockquote> 15460<pre> 15461$ openssl x509 -noout -fingerprint -sha1 -in cert.pem 15462SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A 15463</pre> 15464</blockquote> 15465 15466<p> To extract the public key fingerprint from an X.509 certificate, 15467you need to extract the public key from the certificate and compute 15468the appropriate digest of its DER (ASN.1) encoding. With OpenSSL 15469the "-pubkey" option of the "x509" command extracts the public 15470key always in "PEM" format. We pipe the result to another OpenSSL 15471command that converts the key to DER and then to the "dgst" command 15472to compute the fingerprint. </p> 15473 15474<p> The actual command to transform the key to DER format depends 15475on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the 15476"pkey" command supports all key types. With OpenSSL 0.9.8 and 15477earlier, the key type is always RSA (nobody uses DSA, and EC 15478keys are not fully supported by 0.9.8), so the "rsa" command is 15479used. </p> 15480<blockquote> 15481<pre> 15482# OpenSSL 1.0 with all certificates and SHA-1 fingerprints. 15483$ openssl x509 -in cert.pem -noout -pubkey | 15484 openssl pkey -pubin -outform DER | 15485 openssl dgst -sha1 -c 15486(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58 15487</pre> 15488</blockquote> 15489 15490<blockquote> 15491<pre> 15492# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints. 15493$ openssl x509 -in cert.pem -noout -pubkey | 15494 openssl rsa -pubin -outform DER | 15495 openssl dgst -md5 -c 15496(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50 15497</pre> 15498</blockquote> 15499 15500<p> The Postfix SMTP server and client log the peer (leaf) certificate 15501fingerprint and public key fingerprint when the TLS loglevel is 2 or 15502higher. </p> 15503 15504<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key 15505fingerprint incorrectly. To use public-key fingerprints, upgrade 15506to Postfix 2.9.6 or later. </p> 15507 15508<p> Example: client-certificate access table, with sha1 fingerprints: </p> 15509 15510<blockquote> 15511<pre> 15512/etc/postfix/<a href="postconf.5.html">main.cf</a>: 15513 <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> = sha1 15514 <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = 15515 <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/access, 15516 reject 15517</pre> 15518<pre> 15519/etc/postfix/access: 15520 # Action folded to next line... 15521 AF:88:7C:AD:51:95:6F:36:96:F6:01:FB:2E:48:CD:AB:49:25:A2:3B 15522 OK 15523 85:16:78:FD:73:6E:CE:70:E0:31:5F:0D:3C:C8:6D:C4:2C:24:59:E1 15524 <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> 15525</pre> 15526</blockquote> 15527 15528<p> This feature is available in Postfix 2.5 and later. </p> 15529 15530 15531</DD> 15532 15533<DT><b><a name="smtpd_tls_key_file">smtpd_tls_key_file</a> 15534(default: $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b></DT><DD> 15535 15536<p> File with the Postfix SMTP server RSA private key in PEM format. 15537This file may be combined with the Postfix SMTP server RSA certificate 15538file specified with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>. </p> 15539 15540<p> The private key must be accessible without a pass-phrase, i.e. it 15541must not be encrypted. File permissions should grant read-only 15542access to the system superuser account ("root"), and no access 15543to anyone else. </p> 15544 15545 15546</DD> 15547 15548<DT><b><a name="smtpd_tls_loglevel">smtpd_tls_loglevel</a> 15549(default: 0)</b></DT><DD> 15550 15551<p> Enable additional Postfix SMTP server logging of TLS activity. 15552Each logging level also includes the information that is logged at 15553a lower logging level. </p> 15554 15555<dl compact> 15556 15557<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd> 15558 15559<dt> </dt> <dd> 1 Log only a summary message on TLS handshake completion 15560— no logging of client certificate trust-chain verification errors 15561if client certificate verification is not required. With Postfix 2.8 and 15562earlier, log the summary message, peer certificate summary information 15563and unconditionally log trust-chain verification errors. </dd> 15564 15565<dt> </dt> <dd> 2 Also log levels during TLS negotiation. </dd> 15566 15567<dt> </dt> <dd> 3 Also log hexadecimal and ASCII dump of TLS negotiation 15568process. </dd> 15569 15570<dt> </dt> <dd> 4 Also log hexadecimal and ASCII dump of complete 15571transmission after STARTTLS. </dd> 15572 15573</dl> 15574 15575<p> Do not use "<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> = 2" or higher except in case 15576of problems. Use of loglevel 4 is strongly discouraged. </p> 15577 15578<p> This feature is available in Postfix 2.2 and later. </p> 15579 15580 15581</DD> 15582 15583<DT><b><a name="smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> 15584(default: medium)</b></DT><DD> 15585 15586<p> The minimum TLS cipher grade that the Postfix SMTP server will 15587use with mandatory TLS encryption. The default grade ("medium") is 15588sufficiently strong that any benefit from globally restricting TLS 15589sessions to a more stringent grade is likely negligible, especially 15590given the fact that many implementations still do not offer any stronger 15591("high" grade) ciphers, while those that do, will always use "high" 15592grade ciphers. So insisting on "high" grade ciphers is generally 15593counter-productive. Allowing "export" or "low" ciphers is typically 15594not a good idea, as systems limited to just these are limited to 15595obsolete browsers. No known SMTP clients fail to support at least 15596one "medium" or "high" grade cipher. </p> 15597 15598<p> The following cipher grades are supported: </p> 15599 15600<dl> 15601<dt><b>export</b></dt> 15602<dd> Enable "EXPORT" grade or stronger OpenSSL ciphers. 15603This is the most appropriate setting for public MX hosts, and is always 15604used with opportunistic TLS encryption. The underlying cipherlist 15605is specified via the <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> configuration parameter, 15606which you are strongly encouraged to not change. </dd> 15607 15608<dt><b>low</b></dt> 15609<dd> Enable "LOW" grade or stronger OpenSSL ciphers. The 15610underlying cipherlist is specified via the <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> 15611configuration parameter, which you are strongly encouraged to 15612not change. </dd> 15613 15614<dt><b>medium</b></dt> 15615<dd> Enable "MEDIUM" grade or stronger OpenSSL ciphers. These use 128-bit 15616or longer symmetric bulk-encryption keys. This is the default minimum 15617strength for mandatory TLS encryption. The underlying cipherlist is 15618specified via the <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> configuration parameter, which 15619you are strongly encouraged to not change. </dd> 15620 15621<dt><b>high</b></dt> 15622<dd> Enable only "HIGH" grade OpenSSL ciphers. The 15623underlying cipherlist is specified via the <a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> 15624configuration parameter, which you are strongly encouraged to 15625not change. </dd> 15626 15627<dt><b>null</b></dt> 15628<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication 15629without encryption. This setting is only appropriate in the rare 15630case that all clients are prepared to use NULL ciphers (not normally 15631enabled in TLS clients). The underlying cipherlist is specified via the 15632<a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> configuration parameter, which you are strongly 15633encouraged to not change. </dd> 15634 15635</dl> 15636 15637<p> Cipher types listed in 15638<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> or <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are 15639excluded from the base definition of the selected cipher grade. See 15640<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> for cipher controls that apply to opportunistic 15641TLS. </p> 15642 15643<p> The underlying cipherlists for grades other than "null" include 15644anonymous ciphers, but these are automatically filtered out if the 15645server is configured to ask for remote SMTP client certificates. You are very 15646unlikely to need to take any steps to exclude anonymous ciphers, they 15647are excluded automatically as required. If you must exclude anonymous 15648ciphers even when Postfix does not need or use peer certificates, set 15649"<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". To exclude anonymous ciphers only 15650when TLS is enforced, set "<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL". </p> 15651 15652<p> This feature is available in Postfix 2.3 and later. </p> 15653 15654 15655</DD> 15656 15657<DT><b><a name="smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> 15658(default: empty)</b></DT><DD> 15659 15660<p> Additional list of ciphers or cipher types to exclude from the 15661Postfix SMTP server cipher list at mandatory TLS security levels. 15662This list 15663works in addition to the exclusions listed with <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> 15664(see there for syntax details). </p> 15665 15666<p> This feature is available in Postfix 2.3 and later. </p> 15667 15668 15669</DD> 15670 15671<DT><b><a name="smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> 15672(default: !SSLv2)</b></DT><DD> 15673 15674<p> The SSL/TLS protocols accepted by the Postfix SMTP server with 15675mandatory TLS encryption. If the list is empty, the server supports 15676all available SSL/TLS protocol versions. A non-empty value is a 15677list of protocol names separated by whitespace, commas or colons. 15678The supported protocol names are "SSLv2", "SSLv3" and "TLSv1", and 15679are not case sensitive. </p> 15680 15681<p> With Postfix ≥ 2.5 the parameter syntax was expanded to support 15682protocol exclusions. One can explicitly exclude "SSLv2" by setting 15683"<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2". To exclude both "SSLv2" and 15684"SSLv3" set "<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3". Listing 15685the protocols to include, rather than protocols to exclude, is 15686supported, but not recommended. The exclusion form more closely 15687matches the underlying OpenSSL interface semantics. </p> 15688 15689<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" 15690and "TLSv1.2". When Postfix ≤ 2.5 is linked against OpenSSL 1.0.1 15691or later, these, or any other new protocol versions, cannot be 15692disabled. The latest patch levels of Postfix ≥ 2.6, and all 15693versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or 15694"TLSv1.2". </p> 15695 15696<p> Since SSL version 2 has known protocol weaknesses and is now 15697deprecated, the default setting excludes "SSLv2". This means that 15698by default, SSL version 2 will not be used at the "encrypt" security 15699level. </p> 15700 15701<p> Example: </p> 15702 15703<pre> 15704# Preferred syntax with Postfix ≥ 2.5: 15705<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3 15706# Legacy syntax: 15707<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = TLSv1 15708</pre> 15709 15710<p> This feature is available in Postfix 2.3 and later. </p> 15711 15712 15713</DD> 15714 15715<DT><b><a name="smtpd_tls_protocols">smtpd_tls_protocols</a> 15716(default: empty)</b></DT><DD> 15717 15718<p> List of TLS protocols that the Postfix SMTP server will exclude 15719or include with opportunistic TLS encryption. This parameter SHOULD 15720be left at its default empty value, allowing all protocols to be 15721used with opportunistic TLS. A non-empty value is a list of protocol 15722names separated by whitespace, commas or colons. The supported 15723protocol names are "SSLv2", "SSLv3" and "TLSv1", and are not case 15724sensitive. </p> 15725 15726<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" 15727and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all 15728versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or 15729"TLSv1.2". </p> 15730 15731<p> To include a protocol list its name, to exclude it, prefix the name 15732with a "!" character. To exclude SSLv2 even for opportunistic TLS set 15733"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set 15734"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2, !SSLv3". Explicitly listing the protocols to 15735include, rather than protocols to exclude, is supported, but not 15736recommended. The exclusion form more closely matches the underlying 15737OpenSSL interface semantics. </p> 15738 15739<p> Example: </p> 15740<pre> 15741<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2 15742</pre> 15743 15744<p> This feature is available in Postfix 2.6 and later. </p> 15745 15746 15747</DD> 15748 15749<DT><b><a name="smtpd_tls_received_header">smtpd_tls_received_header</a> 15750(default: no)</b></DT><DD> 15751 15752<p> Request that the Postfix SMTP server produces Received: message 15753headers that include information about the protocol and cipher used, 15754as well as the remote SMTP client CommonName and client certificate issuer 15755CommonName. This is disabled by default, as the information may 15756be modified in transit through other mail servers. Only information 15757that was recorded by the final destination can be trusted. </p> 15758 15759<p> This feature is available in Postfix 2.2 and later. </p> 15760 15761 15762</DD> 15763 15764<DT><b><a name="smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> 15765(default: no)</b></DT><DD> 15766 15767<p> With mandatory TLS encryption, require a trusted remote SMTP client 15768certificate in order to allow TLS connections to proceed. This 15769option implies "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes". </p> 15770 15771<p> When TLS encryption is optional, this setting is ignored with 15772a warning written to the mail log. </p> 15773 15774<p> This feature is available in Postfix 2.2 and later. </p> 15775 15776 15777</DD> 15778 15779<DT><b><a name="smtpd_tls_security_level">smtpd_tls_security_level</a> 15780(default: empty)</b></DT><DD> 15781 15782<p> The SMTP TLS security level for the Postfix SMTP server; when 15783a non-empty value is specified, this overrides the obsolete parameters 15784<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>. This parameter is ignored with 15785"<a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> = yes". </p> 15786 15787<p> Specify one of the following security levels: </p> 15788 15789<dl> 15790 15791<dt><b>none</b></dt> <dd> TLS will not be used. </dd> 15792 15793<dt><b>may</b></dt> <dd> Opportunistic TLS: announce STARTTLS support 15794to remote SMTP clients, but do not require that clients use TLS encryption. 15795</dd> 15796 15797<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce 15798STARTTLS support to remote SMTP clients, and require that clients use TLS 15799encryption. According to <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> this MUST NOT be applied in case 15800of a publicly-referenced SMTP server. Instead, this option should 15801be used only on dedicated servers. </dd> 15802 15803</dl> 15804 15805<p> Note 1: the "fingerprint", "verify" and "secure" levels are not 15806supported here. 15807The Postfix SMTP server logs a warning and uses "encrypt" instead. 15808To verify remote SMTP client certificates, see <a href="TLS_README.html">TLS_README</a> for a discussion 15809of the <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>, <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>, and <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> 15810features. </p> 15811 15812<p> Note 2: The parameter setting "<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = 15813encrypt" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes".</p> 15814 15815<p> Note 3: when invoked via "sendmail -bs", Postfix will never 15816offer STARTTLS due to insufficient privileges to access the server 15817private key. This is intended behavior.</p> 15818 15819<p> This feature is available in Postfix 2.3 and later. </p> 15820 15821 15822</DD> 15823 15824<DT><b><a name="smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> 15825(default: empty)</b></DT><DD> 15826 15827<p> Name of the file containing the optional Postfix SMTP server 15828TLS session cache. Specify a database type that supports enumeration, 15829such as <b>btree</b> or <b>sdbm</b>; there is no need to support 15830concurrent access. The file is created if it does not exist. The <a href="smtpd.8.html">smtpd(8)</a> 15831daemon does not use this parameter directly, rather the cache is 15832implemented indirectly in the <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon. This means that 15833per-smtpd-instance <a href="master.5.html">master.cf</a> overrides of this parameter are not 15834effective. Note, that each of the cache databases supported by <a href="tlsmgr.8.html">tlsmgr(8)</a> 15835daemon: $<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, $<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> 15836(and with Postfix 2.3 and later $<a href="postconf.5.html#lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a>), needs to be 15837stored separately. It is not at this time possible to store multiple 15838caches in a single database. </p> 15839 15840<p> Note: <b>dbm</b> databases are not suitable. TLS 15841session objects are too large. </p> 15842 15843<p> As of version 2.5, Postfix no longer uses root privileges when 15844opening this file. The file should now be stored under the Postfix-owned 15845<a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to open the file 15846under a non-Postfix directory is redirected to the Postfix-owned 15847<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p> 15848 15849<p> Example: </p> 15850 15851<pre> 15852<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:/var/db/postfix/smtpd_scache 15853</pre> 15854 15855<p> This feature is available in Postfix 2.2 and later. </p> 15856 15857 15858</DD> 15859 15860<DT><b><a name="smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> 15861(default: 3600s)</b></DT><DD> 15862 15863<p> The expiration time of Postfix SMTP server TLS session cache 15864information. A cache cleanup is performed periodically 15865every $<a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> seconds. As with 15866$<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, this parameter is implemented in the 15867<a href="tlsmgr.8.html">tlsmgr(8)</a> daemon and therefore per-smtpd-instance <a href="master.5.html">master.cf</a> overrides 15868are not possible. </p> 15869 15870<p> As of Postfix 2.11 this setting cannot exceed 100 days. If set 15871≤ 0, session caching is disabled, not just via the database, but 15872also via <a href="http://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session tickets, which don't require server-side 15873storage. If set to a positive value less than 2 minutes, the minimum 15874value of 2 minutes is used instead. TLS session tickets require 15875an OpenSSL library (at least version 0.9.8h) that provides full 15876support for this TLS extension. </p> 15877 15878<p> This feature is available in Postfix 2.2 and later, and updated 15879for TLS session ticket support in Postfix 2.11. </p> 15880 15881 15882</DD> 15883 15884<DT><b><a name="smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> 15885(default: no)</b></DT><DD> 15886 15887<p> Run the Postfix SMTP server in the non-standard "wrapper" mode, 15888instead of using the STARTTLS command. </p> 15889 15890<p> If you want to support this service, enable a special port in 15891<a href="master.5.html">master.cf</a>, and specify "-o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>=yes" on the SMTP 15892server's command line. Port 465 (smtps) was once chosen for this 15893purpose. </p> 15894 15895<p> This feature is available in Postfix 2.2 and later. </p> 15896 15897 15898</DD> 15899 15900<DT><b><a name="smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> 15901(default: empty)</b></DT><DD> 15902 15903<p> The name of the proxy protocol used by an optional before-smtpd 15904proxy agent. When a proxy agent is used, this protocol conveys local 15905and remote address and port information. Specify 15906"<a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> = haproxy" to enable the haproxy 15907protocol. </p> 15908 15909<p> NOTE: To use the nginx proxy with <a href="smtpd.8.html">smtpd(8)</a>, enable the XCLIENT 15910protocol with <a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a>. This supports SASL 15911authentication in the proxy agent (Postfix 2.9 and later). <p> 15912 15913<p> This feature is available in Postfix 2.10 and later. </p> 15914 15915 15916</DD> 15917 15918<DT><b><a name="smtpd_upstream_proxy_timeout">smtpd_upstream_proxy_timeout</a> 15919(default: 5s)</b></DT><DD> 15920 15921<p> The time limit for the proxy protocol specified with the 15922<a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> parameter. </p> 15923 15924<p> This feature is available in Postfix 2.10 and later. </p> 15925 15926 15927</DD> 15928 15929<DT><b><a name="smtpd_use_tls">smtpd_use_tls</a> 15930(default: no)</b></DT><DD> 15931 15932<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients, 15933but do not require that clients use TLS encryption. </p> 15934 15935<p> Note: when invoked via "<b>sendmail -bs</b>", Postfix will never offer 15936STARTTLS due to insufficient privileges to access the server private 15937key. This is intended behavior. </p> 15938 15939<p> This feature is available in Postfix 2.2 and later. With 15940Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p> 15941 15942 15943</DD> 15944 15945<DT><b><a name="soft_bounce">soft_bounce</a> 15946(default: no)</b></DT><DD> 15947 15948<p> 15949Safety net to keep mail queued that would otherwise be returned to 15950the sender. This parameter disables locally-generated bounces, 15951changes the handling of negative responses from remote servers, 15952content filters or plugins, 15953and prevents the Postfix SMTP server from rejecting mail permanently 15954by changing 5xx reply codes into 4xx. However, <a href="postconf.5.html#soft_bounce">soft_bounce</a> is no 15955cure for address rewriting mistakes or mail routing mistakes. 15956</p> 15957 15958<p> 15959Note: "<a href="postconf.5.html#soft_bounce">soft_bounce</a> = yes" is in some cases implemented by modifying 15960server responses. Therefore, the response that Postfix logs may 15961differ from the response that Postfix actually sends or receives. 15962</p> 15963 15964<p> 15965Example: 15966</p> 15967 15968<pre> 15969<a href="postconf.5.html#soft_bounce">soft_bounce</a> = yes 15970</pre> 15971 15972 15973</DD> 15974 15975<DT><b><a name="stale_lock_time">stale_lock_time</a> 15976(default: 500s)</b></DT><DD> 15977 15978<p> 15979The time after which a stale exclusive mailbox lockfile is removed. 15980This is used for delivery to file or mailbox. 15981</p> 15982 15983<p> 15984Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 15985The default time unit is s (seconds). 15986</p> 15987 15988 15989</DD> 15990 15991<DT><b><a name="stress">stress</a> 15992(default: empty)</b></DT><DD> 15993 15994<p> This feature is documented in the <a href="STRESS_README.html">STRESS_README</a> document. </p> 15995 15996<p> This feature is available in Postfix 2.5 and later. </p> 15997 15998 15999</DD> 16000 16001<DT><b><a name="strict_7bit_headers">strict_7bit_headers</a> 16002(default: no)</b></DT><DD> 16003 16004<p> 16005Reject mail with 8-bit text in message headers. This blocks mail 16006from poorly written applications. 16007</p> 16008 16009<p> 16010This feature should not be enabled on a general purpose mail server, 16011because it is likely to reject legitimate email. 16012</p> 16013 16014<p> 16015This feature is available in Postfix 2.0 and later. 16016</p> 16017 16018 16019</DD> 16020 16021<DT><b><a name="strict_8bitmime">strict_8bitmime</a> 16022(default: no)</b></DT><DD> 16023 16024<p> 16025Enable both <a href="postconf.5.html#strict_7bit_headers">strict_7bit_headers</a> and <a href="postconf.5.html#strict_8bitmime_body">strict_8bitmime_body</a>. 16026</p> 16027 16028<p> 16029This feature should not be enabled on a general purpose mail server, 16030because it is likely to reject legitimate email. 16031</p> 16032 16033<p> 16034This feature is available in Postfix 2.0 and later. 16035</p> 16036 16037 16038</DD> 16039 16040<DT><b><a name="strict_8bitmime_body">strict_8bitmime_body</a> 16041(default: no)</b></DT><DD> 16042 16043<p> 16044Reject 8-bit message body text without 8-bit MIME content encoding 16045information. This blocks mail from poorly written applications. 16046</p> 16047 16048<p> 16049Unfortunately, this also rejects majordomo approval requests when 16050the included request contains valid 8-bit MIME mail, and it rejects 16051bounces from mailers that do not MIME encapsulate 8-bit content 16052(for example, bounces from qmail or from old versions of Postfix). 16053</p> 16054 16055<p> 16056This feature should not be enabled on a general purpose mail server, 16057because it is likely to reject legitimate email. 16058</p> 16059 16060<p> 16061This feature is available in Postfix 2.0 and later. 16062</p> 16063 16064 16065</DD> 16066 16067<DT><b><a name="strict_mailbox_ownership">strict_mailbox_ownership</a> 16068(default: yes)</b></DT><DD> 16069 16070<p> Defer delivery when a mailbox file is not owned by its recipient. 16071The default setting is not backwards compatible. </p> 16072 16073<p> This feature is available in Postfix 2.5.3 and later. </p> 16074 16075 16076</DD> 16077 16078<DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a> 16079(default: no)</b></DT><DD> 16080 16081<p> 16082Reject mail with invalid Content-Transfer-Encoding: information 16083for the message/* or multipart/* MIME content types. This blocks 16084mail from poorly written software. 16085</p> 16086 16087<p> 16088This feature should not be enabled on a general purpose mail server, 16089because it will reject mail after a single violation. 16090</p> 16091 16092<p> 16093This feature is available in Postfix 2.0 and later. 16094</p> 16095 16096 16097</DD> 16098 16099<DT><b><a name="strict_rfc821_envelopes">strict_rfc821_envelopes</a> 16100(default: no)</b></DT><DD> 16101 16102<p> 16103Require that addresses received in SMTP MAIL FROM and RCPT TO 16104commands are enclosed with <>, and that those addresses do 16105not contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style comments or phrases. This stops mail 16106from poorly written software. 16107</p> 16108 16109<p> 16110By default, the Postfix SMTP server accepts <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> syntax in MAIL 16111FROM and RCPT TO addresses. 16112</p> 16113 16114 16115</DD> 16116 16117<DT><b><a name="sun_mailtool_compatibility">sun_mailtool_compatibility</a> 16118(default: no)</b></DT><DD> 16119 16120<p> 16121Obsolete SUN mailtool compatibility feature. Instead, use 16122"<a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> = dotlock". 16123</p> 16124 16125 16126</DD> 16127 16128<DT><b><a name="swap_bangpath">swap_bangpath</a> 16129(default: yes)</b></DT><DD> 16130 16131<p> 16132Enable the rewriting of "site!user" into "user@site". This is 16133necessary if your machine is connected to UUCP networks. It is 16134enabled by default. 16135</p> 16136 16137<p> Note: with Postfix version 2.2, message header address rewriting 16138happens only when one of the following conditions is true: </p> 16139 16140<ul> 16141 16142<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 16143 16144<li> The message is received from a network client that matches 16145$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 16146 16147<li> The message is received from the network, and the 16148<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 16149 16150</ul> 16151 16152<p> To get the behavior before Postfix version 2.2, specify 16153"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 16154 16155<p> 16156Example: 16157</p> 16158 16159<pre> 16160<a href="postconf.5.html#swap_bangpath">swap_bangpath</a> = no 16161</pre> 16162 16163 16164</DD> 16165 16166<DT><b><a name="syslog_facility">syslog_facility</a> 16167(default: mail)</b></DT><DD> 16168 16169<p> 16170The syslog facility of Postfix logging. Specify a facility as 16171defined in syslog.conf(5). The default facility is "mail". 16172</p> 16173 16174<p> 16175Warning: a non-default <a href="postconf.5.html#syslog_facility">syslog_facility</a> setting takes effect only 16176after a Postfix process has completed initialization. Errors during 16177process initialization will be logged with the default facility. 16178Examples are errors while parsing the command line arguments, and 16179errors while accessing the Postfix <a href="postconf.5.html">main.cf</a> configuration file. 16180</p> 16181 16182 16183</DD> 16184 16185<DT><b><a name="syslog_name">syslog_name</a> 16186(default: see "postconf -d" output)</b></DT><DD> 16187 16188<p> 16189The mail system name that is prepended to the process name in syslog 16190records, so that "smtpd" becomes, for example, "postfix/smtpd". 16191</p> 16192 16193<p> 16194Warning: a non-default <a href="postconf.5.html#syslog_name">syslog_name</a> setting takes effect only after 16195a Postfix process has completed initialization. Errors during 16196process initialization will be logged with the default name. Examples 16197are errors while parsing the command line arguments, and errors 16198while accessing the Postfix <a href="postconf.5.html">main.cf</a> configuration file. 16199</p> 16200 16201 16202</DD> 16203 16204<DT><b><a name="tcp_windowsize">tcp_windowsize</a> 16205(default: 0)</b></DT><DD> 16206 16207<p> An optional workaround for routers that break TCP window scaling. 16208Specify a value > 0 and < 65536 to enable this feature. With 16209Postfix TCP servers (<a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a>), this feature is implemented 16210by the Postfix <a href="master.8.html">master(8)</a> daemon. </p> 16211 16212<p> To change this parameter without stopping Postfix, you need to 16213first terminate all Postfix TCP servers: </p> 16214 16215<blockquote> 16216<pre> 16217# postconf -e <a href="postconf.5.html#master_service_disable">master_service_disable</a>=inet 16218# postfix reload 16219</pre> 16220</blockquote> 16221 16222<p> This immediately terminates all processes that accept network 16223connections. Next, you enable Postfix TCP servers with the updated 16224<a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> setting: </p> 16225 16226<blockquote> 16227<pre> 16228# postconf -e <a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a>=65535 <a href="postconf.5.html#master_service_disable">master_service_disable</a>= 16229# postfix reload 16230</pre> 16231</blockquote> 16232 16233<p> If you skip these steps with a running Postfix system, then the 16234<a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> change will work only for Postfix TCP clients (<a href="smtp.8.html">smtp(8)</a>, 16235<a href="lmtp.8.html">lmtp(8)</a>). </p> 16236 16237<p> This feature is available in Postfix 2.6 and later. </p> 16238 16239 16240</DD> 16241 16242<DT><b><a name="tls_append_default_CA">tls_append_default_CA</a> 16243(default: no)</b></DT><DD> 16244 16245<p> Append the system-supplied default certificate authority 16246certificates to the ones specified with *_tls_CApath or *_tls_CAfile. 16247The default is "no"; this prevents Postfix from trusting third-party 16248certificates and giving them relay permission with 16249<a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p> 16250 16251<p> This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8, 162522.7.2 and later versions. Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = yes" for 16253backwards compatibility, to avoid breaking certificate verification 16254with sites that don't use <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p> 16255 16256 16257</DD> 16258 16259<DT><b><a name="tls_daemon_random_bytes">tls_daemon_random_bytes</a> 16260(default: 32)</b></DT><DD> 16261 16262<p> The number of pseudo-random bytes that an <a href="smtp.8.html">smtp(8)</a> or <a href="smtpd.8.html">smtpd(8)</a> 16263process requests from the <a href="tlsmgr.8.html">tlsmgr(8)</a> server in order to seed its 16264internal pseudo random number generator (PRNG). The default of 32 16265bytes (equivalent to 256 bits) is sufficient to generate a 128bit 16266(or 168bit) session key. </p> 16267 16268<p> This feature is available in Postfix 2.2 and later. </p> 16269 16270 16271</DD> 16272 16273<DT><b><a name="tls_dane_digest_agility">tls_dane_digest_agility</a> 16274(default: on)</b></DT><DD> 16275 16276<p> Configure DANE TLSA digest algorithm agility. When digest 16277algorithm agility is enabled, and the server and client support a 16278common strong digest algorithm, TLSA records with weaker digest 16279algorithms are ignored. </p> 16280 16281<p> Specify one of the following: </p> 16282 16283<dl> 16284 16285<dt><b>off</b></dt> 16286<dd> DANE verification examines each well-formed record in the TLSA 16287RRset whose matching type is either "0" (no hash used) or is one of 16288the digest algorithms listed in $<a href="postconf.5.html#tls_dane_digests">tls_dane_digests</a>. This setting 16289is not recommended. </dd> 16290 16291<dt><b>on</b></dt> 16292<dd> From each group of well-formed TLSA RRs a non-zero digest 16293matching type with the same certificate usage and selector, DANE 16294verification examines only those records whose matching type has 16295the highest precedence (appear earliest in $<a href="postconf.5.html#tls_dane_digests">tls_dane_digests</a>). 16296</dd> 16297 16298<dt><b>maybe</b></dt> 16299<dd> For compatibility with digest algorithm agility, each certificate 16300or public key whose digest is included in a DANE TLSA RRset, SHOULD 16301be published with the same set of digest matching type values as 16302any other with the same usage and selector. Therefore, compatible 16303TLSA RRsets will contain an identical count of well-formed RRs with 16304each non-zero digest matching type for any fixed combination of 16305usage and selector. When this constraint is violated, or any of 16306the digest records are malformed, digest algorithm agility will 16307disabled. Otherwise, digest algorithm agility is enabled. </dd> 16308 16309</dl> 16310 16311<p> Digest algorithm agility ensures that the strongest digest 16312supported by both the Postfix SMTP client and the remote server is 16313used, and weaker digests are ignored. This supports non-disruptive 16314deprecation of outdated digest algorithms. </p> 16315 16316<p> To ensure compatibility with digest algorithm agility during 16317key rotation, when a certificate or public key is being replaced 16318with another, and both are published during the transition, both 16319the old and the new certificate MUST be specified with the same set 16320of digests. One can change the list of digest algorithms later, 16321once old keys are retired. At any given time, change either the 16322list of digests without changing the list of certificates or public 16323keys or the list of certificates or public keys without changing 16324the list of digests. Full value matching type "0" records are not 16325subject to this constraint, but are discouraged due to the size of 16326the resulting DNS records. </p> 16327 16328<p> It is expected that this algorithm agility mechanism will be 16329published in a standards track RFC for SMTP with DANE, and also in 16330an eventual update to <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a>. </p> 16331 16332<p> This feature is available in Postfix 2.11 and later. </p> 16333 16334 16335</DD> 16336 16337<DT><b><a name="tls_dane_digests">tls_dane_digests</a> 16338(default: sha512 sha256)</b></DT><DD> 16339 16340<p> <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> TLSA resource-record "matching type" digest algorithms 16341in descending preference order. All the specified algorithms must 16342be supported by the underlying OpenSSL library, otherwise the Postfix 16343SMTP client will not support DANE TLSA security. </p> 16344 16345<p> Specify a list of digest names separated by commas and/or 16346whitespace. Each digest name may be followed by an optional 16347"=<number>" suffix. For example, "sha512" may instead be specified 16348as "sha512=2" and "sha256" may instead be specified as "sha256=1". 16349The optional number must match the <a 16350href="https://www.iana.org/assignments/dane-parameters/dane-parameters.xhtml#matching-types" 16351>IANA</a> assigned TLSA matching type number the algorithm in question. 16352Postfix will check this constraint for the algorithms it knows about. 16353Additional matching type algorithms registered with IANA can be added 16354with explicit numbers provided they are supported by OpenSSL. </p> 16355 16356<p> Invalid list elements are logged with a warning and disable DANE 16357support. TLSA RRs that specify digests not included in the list are 16358ignored with a warning. </p> 16359 16360<p> Note: It is unwise to omit sha256 from the digest list. This 16361digest algorithm is the only mandatory to implement digest algorithm 16362in <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a>, and many servers are expected publish TLSA records 16363with just sha256 digests. Unless one of the standard digests is 16364seriously compromised and servers have had ample time to update their 16365TLSA records you should not omit any standard digests, just arrange 16366them in order from strongest to weakest. </p> 16367 16368<p> When for a particular combination of "certificate usage" and 16369"selector" the TLSA RRset contains records with more than one digest 16370matching type, the tls_dane_digest_agility parameter determines 16371whether all the RRs are used, or only those with the most preferred 16372digest matching type. </p> 16373 16374<p> The <a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> parameter controls 16375whether any digest TLSA records are acceptable in usage "2" (trust 16376anchor assertion) TLSA records. </p> 16377 16378<p> This feature is available in Postfix 2.11 and later. </p> 16379 16380 16381</DD> 16382 16383<DT><b><a name="tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> 16384(default: yes)</b></DT><DD> 16385 16386<p> <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> trust-anchor digest support in the Postfix TLS library. 16387Enable support for <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain 16388digests of trust-anchors with certificate usage "2". In this case 16389the certificate usage logically requires the server administrator 16390to configure the server to include the trust-anchor certificate in 16391the server's SSL certificate chain. If enough domains mess this 16392up, you can disable support for these TLSA records, but you'll no 16393longer have secure connections that get it right and only publish 16394trust anchor records. </p> 16395 16396<p> At the <a href="TLS_README.html#client_tls_dane">dane</a> 16397security level, when a TLSA RRset includes only unusable associations, 16398the Postfix SMTP client will automatically switch the connection 16399to the <a href="TLS_README.html#client_tls_encrypt">encrypt</a> 16400security level. At the <a 16401href="TLS_README.html#client_tls_dane">dane-only</a> security level, 16402the server in question is skipped and delivery is deferred if no 16403secure servers are found. </p> 16404 16405<p> The <a href="postconf.5.html#tls_dane_digests">tls_dane_digests</a> parameter controls the list of digest 16406algorithms that are supported in TLSA records. The tls_dane_digest_agility 16407parameter controls digest algorithm downgrade attack resistance. 16408</p> 16409 16410<p> This feature is available in Postfix 2.11 and later. </p> 16411 16412 16413</DD> 16414 16415<DT><b><a name="tls_disable_workarounds">tls_disable_workarounds</a> 16416(default: see "postconf -d" output)</b></DT><DD> 16417 16418<p> List or bit-mask of OpenSSL bug work-arounds to disable. </p> 16419 16420<p> The OpenSSL toolkit includes a set of work-arounds for buggy SSL/TLS 16421implementations. Applications, such as Postfix, that want to maximize 16422interoperability ask the OpenSSL library to enable the full set of 16423recommended work-arounds. </p> 16424 16425<p> From time to time, it is discovered that a work-around creates a 16426security issue, and should no longer be used. If upgrading OpenSSL 16427to a fixed version is not an option or an upgrade is not available 16428in a timely manner, or in closed environments where no buggy clients 16429or servers exist, it may be appropriate to disable some or all of the 16430OpenSSL interoperability work-arounds. This parameter specifies which 16431bug work-arounds to disable. </p> 16432 16433<p> If the value of the parameter is a hexadecimal long integer starting 16434with "0x", the bug work-arounds corresponding to the bits specified in 16435its value are removed from the <b>SSL_OP_ALL</b> work-around bit-mask 16436(see openssl/ssl.h and SSL_CTX_set_options(3)). You can specify more 16437bits than are present in SSL_OP_ALL, excess bits are ignored. Specifying 164380xFFFFFFFF disables all bug-workarounds on a 32-bit system. This should 16439also be sufficient on 64-bit systems, until OpenSSL abandons support 16440for 32-bit systems and starts using the high 32 bits of a 64-bit 16441bug-workaround mask. </p> 16442 16443<p> Otherwise, the parameter is a white-space or comma separated list 16444of specific named bug work-arounds chosen from the list below. It 16445is possible that your OpenSSL version includes new bug work-arounds 16446added after your Postfix source code was last updated, in that case 16447you can only disable one of these via the hexadecimal syntax above. </p> 16448 16449<dl> 16450 16451<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 16452 16453<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 16454 16455<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 16456 16457<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased 16458as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by 16459default with OpenSSL versions that may predate the fix. Fixed in 16460OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd> 16461 16462<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See 16463SSL_CTX_set_options(3)</dd> 16464 16465<dt><b>MICROSOFT_BIG_SSLV3_BUFFER</b></dt> <dd>See 16466SSL_CTX_set_options(3)</dd> 16467 16468<dt><b>MSIE_SSLV2_RSA_PADDING</b></dt> <dd> also aliased as 16469<b>CVE-2005-2969</b>. Postfix 2.8 disables this work-around by 16470default with OpenSSL versions that may predate the fix. Fixed in 16471OpenSSL 0.9.7h and OpenSSL 0.9.8a.</dd> 16472 16473<dt><b>SSLEAY_080_CLIENT_DH_BUG</b></dt> <dd>See 16474SSL_CTX_set_options(3)</dd> 16475 16476<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 16477 16478<dt><b>TLS_BLOCK_PADDING_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 16479 16480<dt><b>TLS_ROLLBACK_BUG</b></dt> <dd>See SSL_CTX_set_options(3). 16481This is disabled in OpenSSL 0.9.7 and later. Nobody should still 16482be using 0.9.6! </dd> 16483 16484<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See 16485SSL_CTX_set_options(3)</dd> 16486 16487<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in 16488OpenSSL 1.0.0.</dd> 16489 16490</dl> 16491 16492<p> This feature is available in Postfix 2.8 and later. </p> 16493 16494 16495</DD> 16496 16497<DT><b><a name="tls_eecdh_strong_curve">tls_eecdh_strong_curve</a> 16498(default: prime256v1)</b></DT><DD> 16499 16500<p> The elliptic curve used by the Postfix SMTP server for sensibly 16501strong 16502ephemeral ECDH key exchange. This curve is used by the Postfix SMTP 16503server when "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = strong". The phrase "sensibly 16504strong" means approximately 128-bit security based on best known 16505attacks. The selected curve must be implemented by OpenSSL (as 16506reported by ecparam(1) with the "-list_curves" option) and be one 16507of the curves listed in Section 5.1.1 of <a href="http://tools.ietf.org/html/rfc4492">RFC 4492</a>. You should not 16508generally change this setting. Remote SMTP client implementations 16509must support this curve for EECDH key exchange to take place. It 16510is unwise to choose an "exotic" curve supported by only a small subset 16511of clients. </p> 16512 16513<p> The default "strong" curve is rated in NSA <a 16514href="http://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite 16515B</a> for information classified up to SECRET. </p> 16516 16517<p> Note: elliptic curve names are poorly standardized; different 16518standards groups are assigning different names to the same underlying 16519curves. The curve with the X9.62 name "prime256v1" is also known 16520under the SECG name "secp256r1", but OpenSSL does not recognize the 16521latter name. </p> 16522 16523<p> If you want to take maximal advantage of ciphers that offer <a 16524href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see 16525the <a href="FORWARD_SECRECY_README.html#quick-start">Getting 16526started</a> section of <a 16527href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The 16528full document conveniently presents all information about Postfix 16529"perfect" forward secrecy support in one place: what forward secrecy 16530is, how to tweak settings, and what you can expect to see when 16531Postfix uses ciphers with forward secrecy. </p> 16532 16533<p> This feature is available in Postfix 2.6 and later, when it is 16534compiled and linked with OpenSSL 1.0.0 or later on platforms where 16535EC algorithms have not been disabled by the vendor. </p> 16536 16537 16538</DD> 16539 16540<DT><b><a name="tls_eecdh_ultra_curve">tls_eecdh_ultra_curve</a> 16541(default: secp384r1)</b></DT><DD> 16542 16543<p> The elliptic curve used by the Postfix SMTP server for maximally 16544strong 16545ephemeral ECDH key exchange. This curve is used by the Postfix SMTP 16546server when "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = ultra". The phrase "maximally 16547strong" means approximately 192-bit security based on best known attacks. 16548This additional strength comes at a significant computational cost, most 16549users should instead set "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = strong". The selected 16550curve must be implemented by OpenSSL (as reported by ecparam(1) with the 16551"-list_curves" option) and be one of the curves listed in Section 5.1.1 16552of <a href="http://tools.ietf.org/html/rfc4492">RFC 4492</a>. You should not generally change this setting. </p> 16553 16554<p> This default "ultra" curve is rated in NSA <a 16555href="http://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite 16556B</a> for information classified up to TOP SECRET. </p> 16557 16558<p> If you want to take maximal advantage of ciphers that offer <a 16559href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see 16560the <a href="FORWARD_SECRECY_README.html#quick-start">Getting 16561started</a> section of <a 16562href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The 16563full document conveniently presents all information about Postfix 16564"perfect" forward secrecy support in one place: what forward secrecy 16565is, how to tweak settings, and what you can expect to see when 16566Postfix uses ciphers with forward secrecy. </p> 16567 16568<p> This feature is available in Postfix 2.6 and later, when it is 16569compiled and linked with OpenSSL 1.0.0 or later on platforms where 16570EC algorithms have not been disabled by the vendor. </p> 16571 16572 16573</DD> 16574 16575<DT><b><a name="tls_export_cipherlist">tls_export_cipherlist</a> 16576(default: ALL:+RC4:@STRENGTH)</b></DT><DD> 16577 16578<p> The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This 16579defines the meaning of the "export" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, 16580<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. This is 16581the cipherlist for the opportunistic ("may") TLS client security 16582level and is the default cipherlist for the SMTP server. You are 16583strongly encouraged to not change this setting. With OpenSSL 1.0.0 and 16584later the cipherlist may start with an "aNULL:" prefix, which restores 16585the 0.9.8-compatible ordering of the aNULL ciphers to the top of the 16586list when they are enabled. This prefix is not needed with previous 16587OpenSSL releases. </p> 16588 16589<p> This feature is available in Postfix 2.3 and later. </p> 16590 16591 16592</DD> 16593 16594<DT><b><a name="tls_high_cipherlist">tls_high_cipherlist</a> 16595(default: ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)</b></DT><DD> 16596 16597<p> The OpenSSL cipherlist for "HIGH" grade ciphers. This defines 16598the meaning of the "high" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, 16599<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are 16600strongly encouraged to not change this setting. With OpenSSL 1.0.0 and 16601later the cipherlist may start with an "aNULL:" prefix, which restores 16602the 0.9.8-compatible ordering of the aNULL ciphers to the top of the 16603list when they are enabled. This prefix is not needed with previous 16604OpenSSL releases. </p> 16605 16606<p> This feature is available in Postfix 2.3 and later. </p> 16607 16608 16609</DD> 16610 16611<DT><b><a name="tls_legacy_public_key_fingerprints">tls_legacy_public_key_fingerprints</a> 16612(default: no)</b></DT><DD> 16613 16614<p> A temporary migration aid for sites that use certificate 16615<i>public-key</i> fingerprints with Postfix 2.9.0..2.9.5, which use 16616an incorrect algorithm. This parameter has no effect on the certificate 16617fingerprint support that is available since Postfix 2.2. </p> 16618 16619<p> Specify "<a href="postconf.5.html#tls_legacy_public_key_fingerprint">tls_legacy_public_key_fingerprints</a> = yes" temporarily, 16620pending a migration from configuration files with incorrect Postfix 166212.9.0..2.9.5 certificate public-key finger prints, to the correct 16622fingerprints used by Postfix 2.9.6 and later. To compute the correct 16623certificate public-key fingerprints, see <a href="TLS_README.html">TLS_README</a>. </p> 16624 16625<p> This feature is available in Postfix 2.9.6 and later. </p> 16626 16627 16628</DD> 16629 16630<DT><b><a name="tls_low_cipherlist">tls_low_cipherlist</a> 16631(default: ALL:!EXPORT:+RC4:@STRENGTH)</b></DT><DD> 16632 16633<p> The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines 16634the meaning of the "low" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, 16635<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are 16636strongly encouraged to not change this setting. With OpenSSL 1.0.0 and 16637later the cipherlist may start with an "aNULL:" prefix, which restores 16638the 0.9.8-compatible ordering of the aNULL ciphers to the top of the 16639list when they are enabled. This prefix is not needed with previous 16640OpenSSL releases. </p> 16641 16642<p> This feature is available in Postfix 2.3 and later. </p> 16643 16644 16645</DD> 16646 16647<DT><b><a name="tls_medium_cipherlist">tls_medium_cipherlist</a> 16648(default: ALL:!EXPORT:!LOW:+RC4:@STRENGTH)</b></DT><DD> 16649 16650<p> The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This 16651defines the meaning of the "medium" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, 16652<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. This is 16653the default cipherlist for mandatory TLS encryption in the TLS 16654client (with anonymous ciphers disabled when verifying server 16655certificates). You are strongly encouraged to not change this 16656setting. With OpenSSL 1.0.0 and later the cipherlist may start with an 16657"aNULL:" prefix, which restores the 0.9.8-compatible ordering of the 16658aNULL ciphers to the top of the list when they are enabled. This prefix 16659is not needed with previous OpenSSL releases. </p> 16660 16661<p> This feature is available in Postfix 2.3 and later. </p> 16662 16663 16664</DD> 16665 16666<DT><b><a name="tls_null_cipherlist">tls_null_cipherlist</a> 16667(default: eNULL:!aNULL)</b></DT><DD> 16668 16669<p> The OpenSSL cipherlist for "NULL" grade ciphers that provide 16670authentication without encryption. This defines the meaning of the "null" 16671setting in smtpd_mandatory_tls_ciphers, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and 16672<a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are strongly encouraged to not 16673change this setting. </p> 16674 16675<p> This feature is available in Postfix 2.3 and later. </p> 16676 16677 16678</DD> 16679 16680<DT><b><a name="tls_preempt_cipherlist">tls_preempt_cipherlist</a> 16681(default: no)</b></DT><DD> 16682 16683<p> With SSLv3 and later, use the Postfix SMTP server's cipher 16684preference order instead of the remote client's cipher preference 16685order. </p> 16686 16687<p> By default, the OpenSSL server selects the client's most preferred 16688cipher that the server supports. With SSLv3 and later, the server may 16689choose its own most preferred cipher that is supported (offered) by 16690the client. Setting "<a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> = yes" enables server cipher 16691preferences. </p> 16692 16693<p> While server cipher selection may in some cases lead to a more secure 16694or performant cipher choice, there is some risk of interoperability 16695issues. In the past, some SSL clients have listed lower priority ciphers 16696that they did not implement correctly. If the server chooses a cipher 16697that the client prefers less, it may select a cipher whose client 16698implementation is flawed. Most notably Windows 2003 Microsoft 16699Exchange servers have flawed implementations of DES-CBC3-SHA, which 16700OpenSSL considers stronger than RC4-SHA. Enabling server cipher-suite 16701selection may create interoperability issues with Windows 2003 16702Microsoft Exchange clients. </p> 16703 16704<p> This feature is available in Postfix 2.8 and later, in combination 16705with OpenSSL 0.9.7 and later. </p> 16706 16707 16708</DD> 16709 16710<DT><b><a name="tls_random_bytes">tls_random_bytes</a> 16711(default: 32)</b></DT><DD> 16712 16713<p> The number of bytes that <a href="tlsmgr.8.html">tlsmgr(8)</a> reads from $<a href="postconf.5.html#tls_random_source">tls_random_source</a> 16714when (re)seeding the in-memory pseudo random number generator (PRNG) 16715pool. The default of 32 bytes (256 bits) is good enough for 128bit 16716symmetric keys. If using EGD or a device file, a maximum of 255 16717bytes is read. </p> 16718 16719<p> This feature is available in Postfix 2.2 and later. </p> 16720 16721 16722</DD> 16723 16724<DT><b><a name="tls_random_exchange_name">tls_random_exchange_name</a> 16725(default: see "postconf -d" output)</b></DT><DD> 16726 16727<p> Name of the pseudo random number generator (PRNG) state file 16728that is maintained by <a href="tlsmgr.8.html">tlsmgr(8)</a>. The file is created when it does 16729not exist, and its length is fixed at 1024 bytes. </p> 16730 16731<p> As of version 2.5, Postfix no longer uses root privileges when 16732opening this file, and the default file location was changed from 16733${<a href="postconf.5.html#config_directory">config_directory</a>}/prng_exch to ${<a href="postconf.5.html#data_directory">data_directory</a>}/prng_exch. As 16734a migration aid, an attempt to open the file under a non-Postfix 16735directory is redirected to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a 16736warning is logged. </p> 16737 16738<p> This feature is available in Postfix 2.2 and later. </p> 16739 16740 16741</DD> 16742 16743<DT><b><a name="tls_random_prng_update_period">tls_random_prng_update_period</a> 16744(default: 3600s)</b></DT><DD> 16745 16746<p> The time between attempts by <a href="tlsmgr.8.html">tlsmgr(8)</a> to save the state of 16747the pseudo random number generator (PRNG) to the file specified 16748with $<a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a>. </p> 16749 16750<p> This feature is available in Postfix 2.2 and later. </p> 16751 16752 16753</DD> 16754 16755<DT><b><a name="tls_random_reseed_period">tls_random_reseed_period</a> 16756(default: 3600s)</b></DT><DD> 16757 16758<p> The maximal time between attempts by <a href="tlsmgr.8.html">tlsmgr(8)</a> to re-seed the 16759in-memory pseudo random number generator (PRNG) pool from external 16760sources. The actual time between re-seeding attempts is calculated 16761using the PRNG, and is between 0 and the time specified. </p> 16762 16763<p> This feature is available in Postfix 2.2 and later. </p> 16764 16765 16766</DD> 16767 16768<DT><b><a name="tls_random_source">tls_random_source</a> 16769(default: see "postconf -d" output)</b></DT><DD> 16770 16771<p> The external entropy source for the in-memory <a href="tlsmgr.8.html">tlsmgr(8)</a> pseudo 16772random number generator (PRNG) pool. Be sure to specify a non-blocking 16773source. If this source is not a regular file, the entropy source 16774type must be prepended: egd:/path/to/egd_socket for a source with 16775EGD compatible socket interface, or dev:/path/to/device for a 16776device file. </p> 16777 16778<p> Note: on OpenBSD systems specify /dev/arandom when /dev/urandom 16779gives timeout errors. </p> 16780 16781<p> This feature is available in Postfix 2.2 and later. </p> 16782 16783 16784</DD> 16785 16786<DT><b><a name="tls_ssl_options">tls_ssl_options</a> 16787(default: empty)</b></DT><DD> 16788 16789<p> List or bit-mask of OpenSSL options to enable. </p> 16790 16791<p> The OpenSSL toolkit provides a set of options that applications 16792can enable to tune the OpenSSL behavior. Some of these work around 16793bugs in other implementations and are on by default. You can use 16794the <a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> parameter to selectively disable some 16795or all of the bug work-arounds, making OpenSSL more strict at the 16796cost of non-interoperability with SSL clients or servers that exhibit 16797the bugs. </p> 16798 16799<p> Other options are off by default, and typically enable or disable 16800features rather than bug work-arounds. These may be turned on (with 16801care) via the tls_ssl_options parameter. The value is a white-space 16802or comma separated list of named options chosen from the list below. 16803The names are not case-sensitive, you can use lower-case if you 16804prefer. The upper case values below match the corresponding macro 16805name in the ssl.h header file with the SSL_OP_ prefix removed. It 16806is possible that your OpenSSL version includes new options added 16807after your Postfix source code was last updated, in that case you 16808can only enable one of these via the hexadecimal syntax below. </p> 16809 16810<p> You should only enable features via the hexadecimal mask when 16811the need to control the feature is critical (to deal with a new 16812vulnerability or a serious interoperability problem). Postfix DOES 16813NOT promise backwards compatible behavior with respect to the mask 16814bits. A feature enabled via the mask in one release may be enabled 16815by other means in a later release, and the mask bit will then be 16816ignored. Therefore, use of the hexadecimal mask is only a temporary 16817measure until a new Postfix or OpenSSL release provides a better 16818solution. </p> 16819 16820<p> If the value of the parameter is a hexadecimal long integer 16821starting with "0x", the options corresponding to the bits specified 16822in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)). 16823You can only enable options not already controlled by other Postfix 16824settings. For example, you cannot disable protocols or enable 16825server cipher preference. Do not attempt to turn all features by 16826specifying 0xFFFFFFFF, this is unlikely to be a good idea. </p> 16827 16828<dl> 16829 16830<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd> 16831 16832<dt><b>NO_TICKET</b></dt> <dd>See SSL_CTX_set_options(3).</dd> 16833 16834<dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if 16835supported by the OpenSSL library. Compression is CPU-intensive, 16836and compression before encryption does not always improve security. </dd> 16837 16838</dl> 16839 16840<p> This feature is available in Postfix 2.11 and later. </p> 16841 16842 16843</DD> 16844 16845<DT><b><a name="tls_wildcard_matches_multiple_labels">tls_wildcard_matches_multiple_labels</a> 16846(default: yes)</b></DT><DD> 16847 16848<p> Match multiple DNS labels with "*" in wildcard certificates. 16849</p> 16850 16851<p> Some mail service providers prepend the customer domain name 16852to a base domain for which they have a wildcard TLS certificate. 16853For example, the MX records for example.com hosted by example.net 16854may be: </p> 16855 16856<blockquote> 16857<pre> 16858example.com. IN MX 0 example.com.mx1.example.net. 16859example.com. IN MX 0 example.com.mx2.example.net. 16860</pre> 16861</blockquote> 16862 16863<p> and the TLS certificate may be for "*.example.net". The "*" 16864then corresponds with multiple labels in the mail server domain 16865name. While multi-label wildcards are not widely supported, and 16866are not blessed by any standard, there is little to be gained by 16867disallowing their use in this context. </p> 16868 16869<p> Notes: <p> 16870 16871<ul> 16872 16873<li> <p> In a certificate name, the "*" is special only when it is 16874used as the first label. </p> 16875 16876<li> <p> While Postfix (2.11 or later) can match "*" with multiple 16877domain name labels, other implementations likely will not. </p> 16878 16879<li> <p> Earlier Postfix implementations behave as if 16880"<a href="postconf.5.html#tls_wildcard_matches_multiple_labels">tls_wildcard_matches_multiple_labels</a> = no". </p> 16881 16882</ul> 16883 16884<p> This feature is available in Postfix 2.11 and later. </p> 16885 16886 16887</DD> 16888 16889<DT><b><a name="tlsmgr_service_name">tlsmgr_service_name</a> 16890(default: tlsmgr)</b></DT><DD> 16891 16892<p> The name of the <a href="tlsmgr.8.html">tlsmgr(8)</a> service entry in <a href="master.5.html">master.cf</a>. This 16893service maintains TLS session caches and other information in support 16894of TLS. </p> 16895 16896<p> This feature is available in Postfix 2.11 and later. </p> 16897 16898 16899</DD> 16900 16901<DT><b><a name="tlsproxy_enforce_tls">tlsproxy_enforce_tls</a> 16902(default: $<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b></DT><DD> 16903 16904<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, and 16905require that clients use TLS encryption. See <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> for 16906further details. </p> 16907 16908<p> This feature is available in Postfix 2.8 and later. </p> 16909 16910 16911</DD> 16912 16913<DT><b><a name="tlsproxy_service_name">tlsproxy_service_name</a> 16914(default: tlsproxy)</b></DT><DD> 16915 16916<p> The name of the <a href="tlsproxy.8.html">tlsproxy(8)</a> service entry in <a href="master.5.html">master.cf</a>. This 16917service performs plaintext <=> TLS ciphertext conversion. <p> 16918 16919<p> This feature is available in Postfix 2.8 and later. </p> 16920 16921 16922</DD> 16923 16924<DT><b><a name="tlsproxy_tls_CAfile">tlsproxy_tls_CAfile</a> 16925(default: $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>)</b></DT><DD> 16926 16927<p> A file containing (PEM format) CA certificates of root CAs 16928trusted to sign either remote SMTP client certificates or intermediate 16929CA certificates. See <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> for further details. </p> 16930 16931<p> This feature is available in Postfix 2.8 and later. </p> 16932 16933 16934</DD> 16935 16936<DT><b><a name="tlsproxy_tls_CApath">tlsproxy_tls_CApath</a> 16937(default: $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>)</b></DT><DD> 16938 16939<p> A directory containing (PEM format) CA certificates of root CAs 16940trusted to sign either remote SMTP client certificates or intermediate 16941CA certificates. See <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> for further details. </p> 16942 16943<p> This feature is available in Postfix 2.8 and later. </p> 16944 16945 16946</DD> 16947 16948<DT><b><a name="tlsproxy_tls_always_issue_session_ids">tlsproxy_tls_always_issue_session_ids</a> 16949(default: $<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a>)</b></DT><DD> 16950 16951<p> Force the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server to issue a TLS session id, 16952even when TLS session caching is turned off. See 16953<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> for further details. </p> 16954 16955<p> This feature is available in Postfix 2.8 and later. </p> 16956 16957 16958</DD> 16959 16960<DT><b><a name="tlsproxy_tls_ask_ccert">tlsproxy_tls_ask_ccert</a> 16961(default: $<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>)</b></DT><DD> 16962 16963<p> Ask a remote SMTP client for a client certificate. See 16964<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> for further details. </p> 16965 16966<p> This feature is available in Postfix 2.8 and later. </p> 16967 16968 16969</DD> 16970 16971<DT><b><a name="tlsproxy_tls_ccert_verifydepth">tlsproxy_tls_ccert_verifydepth</a> 16972(default: $<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a>)</b></DT><DD> 16973 16974<p> The verification depth for remote SMTP client certificates. A 16975depth of 1 is sufficient if the issuing CA is listed in a local CA 16976file. See <a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> for further details. </p> 16977 16978<p> This feature is available in Postfix 2.8 and later. </p> 16979 16980 16981</DD> 16982 16983<DT><b><a name="tlsproxy_tls_cert_file">tlsproxy_tls_cert_file</a> 16984(default: $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b></DT><DD> 16985 16986<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server RSA certificate in PEM 16987format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 16988private RSA key. See <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for further details. </p> 16989 16990<p> This feature is available in Postfix 2.8 and later. </p> 16991 16992 16993</DD> 16994 16995<DT><b><a name="tlsproxy_tls_ciphers">tlsproxy_tls_ciphers</a> 16996(default: $<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>)</b></DT><DD> 16997 16998<p> The minimum TLS cipher grade that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 16999will use with opportunistic TLS encryption. See <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> 17000for further details. </p> 17001 17002<p> This feature is available in Postfix 2.8 and later. </p> 17003 17004 17005</DD> 17006 17007<DT><b><a name="tlsproxy_tls_dcert_file">tlsproxy_tls_dcert_file</a> 17008(default: $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b></DT><DD> 17009 17010<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server DSA certificate in PEM 17011format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 17012private DSA key. See <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> for further details. 17013</p> 17014 17015<p> This feature is available in Postfix 2.8 and later. </p> 17016 17017 17018</DD> 17019 17020<DT><b><a name="tlsproxy_tls_dh1024_param_file">tlsproxy_tls_dh1024_param_file</a> 17021(default: $<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>)</b></DT><DD> 17022 17023<p> File with DH parameters that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 17024should use with non-export EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> 17025for further details. </p> 17026 17027<p> This feature is available in Postfix 2.8 and later. </p> 17028 17029 17030</DD> 17031 17032<DT><b><a name="tlsproxy_tls_dh512_param_file">tlsproxy_tls_dh512_param_file</a> 17033(default: $<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>)</b></DT><DD> 17034 17035<p> File with DH parameters that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 17036should use with export-grade EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> 17037for further details. </p> 17038 17039<p> This feature is available in Postfix 2.8 and later. </p> 17040 17041 17042</DD> 17043 17044<DT><b><a name="tlsproxy_tls_dkey_file">tlsproxy_tls_dkey_file</a> 17045(default: $<a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a>)</b></DT><DD> 17046 17047<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server DSA private key in PEM 17048format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> 17049server DSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. 17050See <a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> for further details. </p> 17051 17052<p> This feature is available in Postfix 2.8 and later. </p> 17053 17054 17055</DD> 17056 17057<DT><b><a name="tlsproxy_tls_eccert_file">tlsproxy_tls_eccert_file</a> 17058(default: $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b></DT><DD> 17059 17060<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server ECDSA certificate in 17061PEM format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> 17062server private ECDSA key. See <a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> for further 17063details. </p> 17064 17065<p> This feature is available in Postfix 2.8 and later. </p> 17066 17067 17068</DD> 17069 17070<DT><b><a name="tlsproxy_tls_eckey_file">tlsproxy_tls_eckey_file</a> 17071(default: $<a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a>)</b></DT><DD> 17072 17073<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server ECDSA private key in 17074PEM format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> 17075server ECDSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. 17076See <a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> for further details. </p> 17077 17078<p> This feature is available in Postfix 2.8 and later. </p> 17079 17080 17081</DD> 17082 17083<DT><b><a name="tlsproxy_tls_eecdh_grade">tlsproxy_tls_eecdh_grade</a> 17084(default: $<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a>)</b></DT><DD> 17085 17086<p> The Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server security grade for ephemeral 17087elliptic-curve Diffie-Hellman (EECDH) key exchange. See 17088<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> for further details. </p> 17089 17090<p> This feature is available in Postfix 2.8 and later. </p> 17091 17092 17093</DD> 17094 17095<DT><b><a name="tlsproxy_tls_exclude_ciphers">tlsproxy_tls_exclude_ciphers</a> 17096(default: $<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>)</b></DT><DD> 17097 17098<p> List of ciphers or cipher types to exclude from the <a href="tlsproxy.8.html">tlsproxy(8)</a> 17099server cipher list at all TLS security levels. See 17100<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> for further details. </p> 17101 17102<p> This feature is available in Postfix 2.8 and later. </p> 17103 17104 17105</DD> 17106 17107<DT><b><a name="tlsproxy_tls_fingerprint_digest">tlsproxy_tls_fingerprint_digest</a> 17108(default: $<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a>)</b></DT><DD> 17109 17110<p> The message digest algorithm to construct remote SMTP 17111client-certificate 17112fingerprints. See <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> for further details. 17113</p> 17114 17115<p> This feature is available in Postfix 2.8 and later. </p> 17116 17117 17118</DD> 17119 17120<DT><b><a name="tlsproxy_tls_key_file">tlsproxy_tls_key_file</a> 17121(default: $<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a>)</b></DT><DD> 17122 17123<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server RSA private key in PEM 17124format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> 17125server RSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>. 17126See <a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> for further details. </p> 17127 17128<p> This feature is available in Postfix 2.8 and later. </p> 17129 17130 17131</DD> 17132 17133<DT><b><a name="tlsproxy_tls_loglevel">tlsproxy_tls_loglevel</a> 17134(default: $<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a>)</b></DT><DD> 17135 17136<p> Enable additional Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server logging of TLS 17137activity. Each logging level also includes the information that 17138is logged at a lower logging level. See <a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> for 17139further details. </p> 17140 17141<p> This feature is available in Postfix 2.8 and later. </p> 17142 17143 17144</DD> 17145 17146<DT><b><a name="tlsproxy_tls_mandatory_ciphers">tlsproxy_tls_mandatory_ciphers</a> 17147(default: $<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>)</b></DT><DD> 17148 17149<p> The minimum TLS cipher grade that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 17150will use with mandatory TLS encryption. See <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> 17151for further details. </p> 17152 17153<p> This feature is available in Postfix 2.8 and later. </p> 17154 17155 17156</DD> 17157 17158<DT><b><a name="tlsproxy_tls_mandatory_exclude_ciphers">tlsproxy_tls_mandatory_exclude_ciphers</a> 17159(default: $<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a>)</b></DT><DD> 17160 17161<p> Additional list of ciphers or cipher types to exclude from the 17162<a href="tlsproxy.8.html">tlsproxy(8)</a> server cipher list at mandatory TLS security levels. 17163See <a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> for further details. </p> 17164 17165<p> This feature is available in Postfix 2.8 and later. </p> 17166 17167 17168</DD> 17169 17170<DT><b><a name="tlsproxy_tls_mandatory_protocols">tlsproxy_tls_mandatory_protocols</a> 17171(default: $<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>)</b></DT><DD> 17172 17173<p> The SSL/TLS protocols accepted by the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 17174with mandatory TLS encryption. If the list is empty, the server 17175supports all available SSL/TLS protocol versions. See 17176<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> for further details. </p> 17177 17178<p> This feature is available in Postfix 2.8 and later. </p> 17179 17180 17181</DD> 17182 17183<DT><b><a name="tlsproxy_tls_protocols">tlsproxy_tls_protocols</a> 17184(default: $<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>)</b></DT><DD> 17185 17186<p> List of TLS protocols that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server will 17187exclude or include with opportunistic TLS encryption. See 17188<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> for further details. </p> 17189 17190<p> This feature is available in Postfix 2.8 and later. </p> 17191 17192 17193</DD> 17194 17195<DT><b><a name="tlsproxy_tls_req_ccert">tlsproxy_tls_req_ccert</a> 17196(default: $<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>)</b></DT><DD> 17197 17198<p> With mandatory TLS encryption, require a trusted remote SMTP 17199client certificate in order to allow TLS connections to proceed. 17200See <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> for further details. </p> 17201 17202<p> This feature is available in Postfix 2.8 and later. </p> 17203 17204 17205</DD> 17206 17207<DT><b><a name="tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> 17208(default: $<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b></DT><DD> 17209 17210<p> The SMTP TLS security level for the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server; 17211when a non-empty value is specified, this overrides the obsolete 17212parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>. See 17213<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> for further details. </p> 17214 17215<p> This feature is available in Postfix 2.8 and later. </p> 17216 17217 17218</DD> 17219 17220<DT><b><a name="tlsproxy_tls_session_cache_timeout">tlsproxy_tls_session_cache_timeout</a> 17221(default: $<a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>)</b></DT><DD> 17222 17223<p> Obsolete expiration time of Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server TLS session 17224cache information. Since the cache is shared with <a href="smtpd.8.html">smtpd(8)</a> and managed 17225by <a href="tlsmgr.8.html">tlsmgr(8)</a>, there is only one expiration time for the SMTP server cache 17226shared by all three services, namely <a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>. </p> 17227 17228<p> This feature is available in Postfix 2.8 and later. </p> 17229 17230 17231</DD> 17232 17233<DT><b><a name="tlsproxy_use_tls">tlsproxy_use_tls</a> 17234(default: $<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b></DT><DD> 17235 17236<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients, 17237but do not require that clients use TLS encryption. See <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> 17238for further details. </p> 17239 17240<p> This feature is available in Postfix 2.8 and later. </p> 17241 17242 17243</DD> 17244 17245<DT><b><a name="tlsproxy_watchdog_timeout">tlsproxy_watchdog_timeout</a> 17246(default: 10s)</b></DT><DD> 17247 17248<p> How much time a <a href="tlsproxy.8.html">tlsproxy(8)</a> process may take to process local 17249or remote I/O before it is terminated by a built-in watchdog timer. 17250This is a safety mechanism that prevents <a href="tlsproxy.8.html">tlsproxy(8)</a> from becoming 17251non-responsive due to a bug in Postfix itself or in system software. 17252To avoid false alarms and unnecessary cache corruption this limit 17253cannot be set under 10s. </p> 17254 17255<p> Specify a non-zero time value (an integral value plus an optional 17256one-letter suffix that specifies the time unit). Time units: s 17257(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 17258 17259<p> This feature is available in Postfix 2.8. </p> 17260 17261 17262</DD> 17263 17264<DT><b><a name="trace_service_name">trace_service_name</a> 17265(default: trace)</b></DT><DD> 17266 17267<p> 17268The name of the trace service. This service is implemented by the 17269<a href="bounce.8.html">bounce(8)</a> daemon and maintains a record 17270of mail deliveries and produces a mail delivery report when verbose 17271delivery is requested with "<b>sendmail -v</b>". 17272</p> 17273 17274<p> 17275This feature is available in Postfix 2.1 and later. 17276</p> 17277 17278 17279</DD> 17280 17281<DT><b><a name="transport_delivery_slot_cost">transport_delivery_slot_cost</a> 17282(default: $<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>)</b></DT><DD> 17283 17284<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> 17285parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17286the message delivery transport. </p> 17287 17288<p> Note: <a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> parameters will not 17289show up in "postconf" command output before Postfix version 2.9. 17290This limitation applies to many parameters whose name is a combination 17291of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case: 17292"_delivery_slot_cost"). </p> 17293 17294 17295</DD> 17296 17297<DT><b><a name="transport_delivery_slot_discount">transport_delivery_slot_discount</a> 17298(default: $<a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a>)</b></DT><DD> 17299 17300<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a> 17301parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17302the message delivery transport. </p> 17303 17304<p> Note: <a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> parameters will 17305not show up in "postconf" command output before Postfix version 173062.9. This limitation applies to many parameters whose name is a 17307combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 17308this case: "_delivery_slot_discount"). </p> 17309 17310 17311</DD> 17312 17313<DT><b><a name="transport_delivery_slot_loan">transport_delivery_slot_loan</a> 17314(default: $<a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>)</b></DT><DD> 17315 17316<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a> 17317parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17318the message delivery transport. </p> 17319 17320<p> Note: <a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> parameters will not 17321show up in "postconf" command output before Postfix version 2.9. 17322This limitation applies to many parameters whose name is a combination 17323of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case: 17324"_delivery_slot_loan"). </p> 17325 17326 17327</DD> 17328 17329<DT><b><a name="transport_destination_concurrency_failed_cohort_limit">transport_destination_concurrency_failed_cohort_limit</a> 17330(default: $<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a>)</b></DT><DD> 17331 17332<p> A transport-specific override for the 17333<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> parameter value, 17334where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 17335transport. </p> 17336 17337<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> 17338parameters will not show up in "postconf" command output before 17339Postfix version 2.9. This limitation applies to many parameters 17340whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 17341built-in suffix (in this case: 17342"_destination_concurrency_failed_cohort_limit"). </p> 17343 17344<p> This feature is available in Postfix 2.5 and later. </p> 17345 17346 17347</DD> 17348 17349<DT><b><a name="transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> 17350(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 17351 17352<p> A transport-specific override for the 17353<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a> parameter value, where 17354<i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 17355transport. </p> 17356 17357<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> 17358parameters will not show up in "postconf" command output before 17359Postfix version 2.9. This limitation applies to many parameters 17360whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 17361built-in suffix (in this case: "_destination_concurrency_limit"). 17362</p> 17363 17364 17365</DD> 17366 17367<DT><b><a name="transport_destination_concurrency_negative_feedback">transport_destination_concurrency_negative_feedback</a> 17368(default: $<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a>)</b></DT><DD> 17369 17370<p> A transport-specific override for the 17371<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> parameter value, 17372where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 17373transport. </p> 17374 17375<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> 17376parameters will not show up in "postconf" command output before 17377Postfix version 2.9. This limitation applies to many parameters 17378whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 17379built-in suffix (in this case: 17380"_destination_concurrency_negative_feedback"). </p> 17381 17382<p> This feature is available in Postfix 2.5 and later. </p> 17383 17384 17385</DD> 17386 17387<DT><b><a name="transport_destination_concurrency_positive_feedback">transport_destination_concurrency_positive_feedback</a> 17388(default: $<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a>)</b></DT><DD> 17389 17390<p> A transport-specific override for the 17391<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> parameter value, 17392where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 17393transport. </p> 17394 17395<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a> 17396parameters will not show up in "postconf" command output before 17397Postfix version 2.9. This limitation applies to many parameters 17398whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 17399built-in suffix (in this case: 17400"_destination_concurrency_positive_feedback"). </p> 17401 17402<p> This feature is available in Postfix 2.5 and later. </p> 17403 17404 17405</DD> 17406 17407<DT><b><a name="transport_destination_rate_delay">transport_destination_rate_delay</a> 17408(default: $<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>)</b></DT><DD> 17409 17410<p> A transport-specific override for the <a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a> 17411parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17412the message delivery transport. </p> 17413 17414<p> Note: some <a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> parameters 17415will not show up in "postconf" command output before Postfix version 174162.9. This limitation applies to many parameters whose name is a 17417combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 17418this case: "_destination_rate_delay"). </p> 17419 17420<p> This feature is available in Postfix 2.5 and later. </p> 17421 17422 17423</DD> 17424 17425<DT><b><a name="transport_destination_recipient_limit">transport_destination_recipient_limit</a> 17426(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 17427 17428<p> A transport-specific override for the 17429<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a> parameter value, where 17430<i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 17431transport. </p> 17432 17433<p> Note: some <a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> parameters 17434will not show up in "postconf" command output before Postfix version 174352.9. This limitation applies to many parameters whose name is a 17436combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 17437this case: "_destination_recipient_limit"). </p> 17438 17439 17440</DD> 17441 17442<DT><b><a name="transport_extra_recipient_limit">transport_extra_recipient_limit</a> 17443(default: $<a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a>)</b></DT><DD> 17444 17445<p> A transport-specific override for the <a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a> 17446parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17447the message delivery transport. </p> 17448 17449<p> Note: <a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> parameters will 17450not show up in "postconf" command output before Postfix version 174512.9. This limitation applies to many parameters whose name is a 17452combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 17453this case: "_extra_recipient_limit"). </p> 17454 17455 17456</DD> 17457 17458<DT><b><a name="transport_initial_destination_concurrency">transport_initial_destination_concurrency</a> 17459(default: $<a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a>)</b></DT><DD> 17460 17461<p> A transport-specific override for the <a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a> 17462parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17463the message delivery transport. </p> 17464 17465<p> Note: some <a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> 17466parameters will not show up in "postconf" command output before 17467Postfix version 2.9. This limitation applies to many parameters 17468whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 17469built-in suffix (in this case: "_initial_destination_concurrency"). 17470</p> 17471 17472<p> This feature is available in Postfix 2.5 and later. </p> 17473 17474 17475</DD> 17476 17477<DT><b><a name="transport_maps">transport_maps</a> 17478(default: empty)</b></DT><DD> 17479 17480<p> 17481Optional lookup tables with mappings from recipient address to 17482(message delivery transport, next-hop destination). See <a href="transport.5.html">transport(5)</a> 17483for details. 17484</p> 17485 17486<p> 17487Specify zero or more "<a href="DATABASE_README.html">type:table</a>" lookup tables. If you use this 17488feature with local files, run "<b>postmap /etc/postfix/transport</b>" 17489after making a change. </p> 17490 17491<p> For safety reasons, as of Postfix 2.3 this feature does not 17492allow $number substitutions in regular expression maps. </p> 17493 17494<p> 17495Examples: 17496</p> 17497 17498<pre> 17499<a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/transport 17500<a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport 17501</pre> 17502 17503 17504</DD> 17505 17506<DT><b><a name="transport_minimum_delivery_slots">transport_minimum_delivery_slots</a> 17507(default: $<a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a>)</b></DT><DD> 17508 17509<p> A transport-specific override for the <a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a> 17510parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17511the message delivery transport. </p> 17512 17513<p> Note: <a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> parameters will 17514not show up in "postconf" command output before Postfix version 175152.9. This limitation applies to many parameters whose name is a 17516combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 17517this case: "_minimum_delivery_slots"). </p> 17518 17519 17520</DD> 17521 17522<DT><b><a name="transport_recipient_limit">transport_recipient_limit</a> 17523(default: $<a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a>)</b></DT><DD> 17524 17525<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a> 17526parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17527the message delivery transport. </p> 17528 17529<p> Note: some <a href="postconf.5.html#transport_recipient_limit"><i>transport</i>_recipient_limit</a> parameters will not 17530show up in "postconf" command output before Postfix version 2.9. 17531This limitation applies to many parameters whose name is a combination 17532of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case: 17533"_recipient_limit"). </p> 17534 17535 17536</DD> 17537 17538<DT><b><a name="transport_recipient_refill_delay">transport_recipient_refill_delay</a> 17539(default: $<a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>)</b></DT><DD> 17540 17541<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a> 17542parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17543the message delivery transport. </p> 17544 17545<p> Note: <a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a> parameters will 17546not show up in "postconf" command output before Postfix version 175472.9. This limitation applies to many parameters whose name is a 17548combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 17549this case: "_recipient_refill_delay"). </p> 17550 17551<p> This feature is available in Postfix 2.4 and later. </p> 17552 17553 17554</DD> 17555 17556<DT><b><a name="transport_recipient_refill_limit">transport_recipient_refill_limit</a> 17557(default: $<a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a>)</b></DT><DD> 17558 17559<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a> 17560parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17561the message delivery transport. </p> 17562 17563<p> Note: <a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a> parameters will 17564not show up in "postconf" command output before Postfix version 175652.9. This limitation applies to many parameters whose name is a 17566combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 17567this case: "_recipient_refill_limit"). </p> 17568 17569<p> This feature is available in Postfix 2.4 and later. </p> 17570 17571 17572</DD> 17573 17574<DT><b><a name="transport_retry_time">transport_retry_time</a> 17575(default: 60s)</b></DT><DD> 17576 17577<p> 17578The time between attempts by the Postfix queue manager to contact 17579a malfunctioning message delivery transport. 17580</p> 17581 17582<p> 17583Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 17584The default time unit is s (seconds). 17585</p> 17586 17587 17588</DD> 17589 17590<DT><b><a name="transport_time_limit">transport_time_limit</a> 17591(default: $<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b></DT><DD> 17592 17593<p> A transport-specific override for the <a href="postconf.5.html#command_time_limit">command_time_limit</a> parameter 17594value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message 17595delivery transport. </p> 17596 17597<p> Note: <a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> parameters will not show up 17598in "postconf" command output before Postfix version 2.9. This 17599limitation applies to many parameters whose name is a combination 17600of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case: 17601"_time_limit"). </p> 17602 17603 17604</DD> 17605 17606<DT><b><a name="trigger_timeout">trigger_timeout</a> 17607(default: 10s)</b></DT><DD> 17608 17609<p> 17610The time limit for sending a trigger to a Postfix daemon (for 17611example, the <a href="pickup.8.html">pickup(8)</a> or <a href="qmgr.8.html">qmgr(8)</a> daemon). This time limit prevents 17612programs from getting stuck when the mail system is under heavy 17613load. 17614</p> 17615 17616<p> 17617Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 17618The default time unit is s (seconds). 17619</p> 17620 17621 17622</DD> 17623 17624<DT><b><a name="undisclosed_recipients_header">undisclosed_recipients_header</a> 17625(default: see "postconf -d" output)</b></DT><DD> 17626 17627<p> 17628Message header that the Postfix <a href="cleanup.8.html">cleanup(8)</a> server inserts when a 17629message contains no To: or Cc: message header. With Postfix 2.8 17630and later, the default value is empty. With Postfix 2.4-2.7, 17631specify an empty value to disable this feature. </p> 17632 17633<p> Example: </p> 17634 17635<pre> 17636# Default value before Postfix 2.8. 17637# Note: the ":" and ";" are both required. 17638<a href="postconf.5.html#undisclosed_recipients_header">undisclosed_recipients_header</a> = To: undisclosed-recipients:; 17639</pre> 17640 17641 17642</DD> 17643 17644<DT><b><a name="unknown_address_reject_code">unknown_address_reject_code</a> 17645(default: 450)</b></DT><DD> 17646 17647<p> 17648The numerical Postfix SMTP server response code when a sender or 17649recipient address is rejected by the <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> 17650or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction. The response is 17651always 450 in case of a temporary DNS error. 17652</p> 17653 17654<p> 17655Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 17656</p> 17657 17658 17659</DD> 17660 17661<DT><b><a name="unknown_address_tempfail_action">unknown_address_tempfail_action</a> 17662(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD> 17663 17664<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> 17665or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> fail due to a temporary error 17666condition. Specify "defer" to defer the remote SMTP client request 17667immediately. With the default "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix 17668SMTP server continues to look for opportunities to reject mail, and 17669defers the client request only if it would otherwise be accepted. 17670</p> 17671 17672<p> This feature is available in Postfix 2.6 and later. </p> 17673 17674 17675</DD> 17676 17677<DT><b><a name="unknown_client_reject_code">unknown_client_reject_code</a> 17678(default: 450)</b></DT><DD> 17679 17680<p> 17681The numerical Postfix SMTP server response code when a client 17682without valid address <=> name mapping is rejected by the 17683<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> restriction. The SMTP server always replies 17684with 450 when the mapping failed due to a temporary error condition. 17685</p> 17686 17687<p> 17688Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 17689</p> 17690 17691 17692</DD> 17693 17694<DT><b><a name="unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> 17695(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD> 17696 17697<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> 17698fails due to an temporary error condition. Specify "defer" to defer 17699the remote SMTP client request immediately. With the default 17700"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look 17701for opportunities to reject mail, and defers the client request 17702only if it would otherwise be accepted. </p> 17703 17704<p> This feature is available in Postfix 2.6 and later. </p> 17705 17706 17707</DD> 17708 17709<DT><b><a name="unknown_hostname_reject_code">unknown_hostname_reject_code</a> 17710(default: 450)</b></DT><DD> 17711 17712<p> 17713The numerical Postfix SMTP server response code when the hostname 17714specified with the HELO or EHLO command is rejected by the 17715<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction. 17716</p> 17717 17718<p> 17719Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 17720</p> 17721 17722 17723</DD> 17724 17725<DT><b><a name="unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> 17726(default: 550)</b></DT><DD> 17727 17728<p> 17729The numerical Postfix SMTP server response code when a recipient 17730address is local, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of 17731lookup tables that does not match the recipient. A recipient 17732address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, 17733$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> or $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. 17734</p> 17735 17736<p> 17737The default setting is 550 (reject mail) but it is safer to initially 17738use 450 (try again later) so you have time to find out if your 17739<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> settings are OK. 17740</p> 17741 17742<p> 17743Example: 17744</p> 17745 17746<pre> 17747<a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> = 450 17748</pre> 17749 17750<p> 17751This feature is available in Postfix 2.0 and later. 17752</p> 17753 17754 17755</DD> 17756 17757<DT><b><a name="unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> 17758(default: 550)</b></DT><DD> 17759 17760<p> 17761The numerical Postfix SMTP server reply code when a recipient 17762address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies 17763a list of lookup tables that does not match the recipient address. 17764</p> 17765 17766<p> 17767This feature is available in Postfix 2.0 and later. 17768</p> 17769 17770 17771</DD> 17772 17773<DT><b><a name="unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> 17774(default: 550)</b></DT><DD> 17775 17776<p> 17777The Postfix SMTP server reply code when a recipient address matches 17778$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> specifies a list 17779of lookup tables that does not match the recipient address. 17780</p> 17781 17782<p> 17783This feature is available in Postfix 2.0 and later. 17784</p> 17785 17786 17787</DD> 17788 17789<DT><b><a name="unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> 17790(default: 550)</b></DT><DD> 17791 17792<p> 17793The Postfix SMTP server reply code when a recipient address matches 17794$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> specifies a list 17795of lookup tables that does not match the recipient address. 17796</p> 17797 17798<p> 17799This feature is available in Postfix 2.0 and later. 17800</p> 17801 17802 17803</DD> 17804 17805<DT><b><a name="unverified_recipient_defer_code">unverified_recipient_defer_code</a> 17806(default: 450)</b></DT><DD> 17807 17808<p> 17809The numerical Postfix SMTP server response when a recipient address 17810probe fails due to a temporary error condition. 17811</p> 17812 17813<p> 17814Unlike elsewhere in Postfix, you can specify 250 in order to 17815accept the address anyway. 17816</p> 17817 17818<p> 17819Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 17820</p> 17821 17822<p> 17823This feature is available in Postfix 2.6 and later. 17824</p> 17825 17826 17827</DD> 17828 17829<DT><b><a name="unverified_recipient_reject_code">unverified_recipient_reject_code</a> 17830(default: 450)</b></DT><DD> 17831 17832<p> 17833The numerical Postfix SMTP server response when a recipient address 17834is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restriction. 17835</p> 17836 17837<p> 17838Unlike elsewhere in Postfix, you can specify 250 in order to 17839accept the address anyway. 17840</p> 17841 17842<p> 17843Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 17844</p> 17845 17846<p> 17847This feature is available in Postfix 2.1 and later. 17848</p> 17849 17850 17851</DD> 17852 17853<DT><b><a name="unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> 17854(default: empty)</b></DT><DD> 17855 17856<p> The Postfix SMTP server's reply when rejecting mail with 17857<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>. Do not include the numeric SMTP reply 17858code or the enhanced status code. By default, the response includes 17859actual address verification details. 17860 17861<p> Example: </p> 17862 17863<pre> 17864<a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> = Recipient address lookup failed 17865</pre> 17866 17867<p> This feature is available in Postfix 2.6 and later. </p> 17868 17869 17870</DD> 17871 17872<DT><b><a name="unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> 17873(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD> 17874 17875<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> 17876fails due to a temporary error condition. Specify "defer" to defer 17877the remote SMTP client request immediately. With the default 17878"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look 17879for opportunities to reject mail, and defers the client request 17880only if it would otherwise be accepted. </p> 17881 17882<p> This feature is available in Postfix 2.6 and later. </p> 17883 17884 17885</DD> 17886 17887<DT><b><a name="unverified_sender_defer_code">unverified_sender_defer_code</a> 17888(default: 450)</b></DT><DD> 17889 17890<p> 17891The numerical Postfix SMTP server response code when a sender address 17892probe fails due to a temporary error condition. 17893</p> 17894 17895<p> 17896Unlike elsewhere in Postfix, you can specify 250 in order to 17897accept the address anyway. 17898</p> 17899 17900<p> 17901Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 17902</p> 17903 17904<p> 17905This feature is available in Postfix 2.6 and later. 17906</p> 17907 17908 17909</DD> 17910 17911<DT><b><a name="unverified_sender_reject_code">unverified_sender_reject_code</a> 17912(default: 450)</b></DT><DD> 17913 17914<p> 17915The numerical Postfix SMTP server response code when a recipient 17916address is rejected by the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction. 17917</p> 17918 17919<p> 17920Unlike elsewhere in Postfix, you can specify 250 in order to 17921accept the address anyway. 17922</p> 17923 17924<p> 17925Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 17926</p> 17927 17928<p> 17929This feature is available in Postfix 2.1 and later. 17930</p> 17931 17932 17933</DD> 17934 17935<DT><b><a name="unverified_sender_reject_reason">unverified_sender_reject_reason</a> 17936(default: empty)</b></DT><DD> 17937 17938<p> The Postfix SMTP server's reply when rejecting mail with 17939<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>. Do not include the numeric SMTP reply 17940code or the enhanced status code. By default, the response includes 17941actual address verification details. 17942 17943<p> Example: </p> 17944 17945<pre> 17946<a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> = Sender address lookup failed 17947</pre> 17948 17949<p> This feature is available in Postfix 2.6 and later. </p> 17950 17951 17952</DD> 17953 17954<DT><b><a name="unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> 17955(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD> 17956 17957<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> 17958fails due to a temporary error condition. Specify "defer" to defer 17959the remote SMTP client request immediately. With the default 17960"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look 17961for opportunities to reject mail, and defers the client request 17962only if it would otherwise be accepted. </p> 17963 17964<p> This feature is available in Postfix 2.6 and later. </p> 17965 17966 17967</DD> 17968 17969<DT><b><a name="verp_delimiter_filter">verp_delimiter_filter</a> 17970(default: -=+)</b></DT><DD> 17971 17972<p> 17973The characters Postfix accepts as VERP delimiter characters on the 17974Postfix <a href="sendmail.1.html">sendmail(1)</a> command line and in SMTP commands. 17975</p> 17976 17977<p> 17978This feature is available in Postfix 1.1 and later. 17979</p> 17980 17981 17982</DD> 17983 17984<DT><b><a name="virtual_alias_domains">virtual_alias_domains</a> 17985(default: $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b></DT><DD> 17986 17987<p> Postfix is final destination for the specified list of virtual 17988alias domains, that is, domains for which all addresses are aliased 17989to addresses in other local or remote domains. The SMTP server 17990validates recipient addresses with $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> and rejects 17991non-existent recipients. See also the <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> class 17992in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file </p> 17993 17994<p> 17995This feature is available in Postfix 2.0 and later. The default 17996value is backwards compatible with Postfix version 1.1. 17997</p> 17998 17999<p> 18000The default value is $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> so that you can keep all 18001information about <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a> in one place. If you have 18002many users, it is better to separate information that changes more 18003frequently (virtual address -> local or remote address mapping) 18004from information that changes less frequently (the list of virtual 18005domain names). 18006</p> 18007 18008<p> Specify a list of host or domain names, "/file/name" or 18009"<a href="DATABASE_README.html">type:table</a>" patterns, separated by commas and/or whitespace. A 18010"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" 18011lookup table is matched when a table entry matches a lookup string 18012(the lookup result is ignored). Continue long lines by starting 18013the next line with whitespace. Specify "!pattern" to exclude a host 18014or domain name from the list. The form "!/file/name" is supported 18015only in Postfix version 2.4 and later. </p> 18016 18017<p> 18018See also the <a href="VIRTUAL_README.html">VIRTUAL_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents 18019for further information. 18020</p> 18021 18022<p> 18023Example: 18024</p> 18025 18026<pre> 18027<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> = virtual1.tld virtual2.tld 18028</pre> 18029 18030 18031</DD> 18032 18033<DT><b><a name="virtual_alias_expansion_limit">virtual_alias_expansion_limit</a> 18034(default: 1000)</b></DT><DD> 18035 18036<p> 18037The maximal number of addresses that virtual alias expansion produces 18038from each original recipient. 18039</p> 18040 18041<p> 18042This feature is available in Postfix 2.1 and later. 18043</p> 18044 18045 18046</DD> 18047 18048<DT><b><a name="virtual_alias_maps">virtual_alias_maps</a> 18049(default: $<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b></DT><DD> 18050 18051<p> 18052Optional lookup tables that alias specific mail addresses or domains 18053to other local or remote address. The table format and lookups 18054are documented in <a href="virtual.5.html">virtual(5)</a>. For an overview of Postfix address 18055manipulations see the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document. 18056</p> 18057 18058<p> 18059This feature is available in Postfix 2.0 and later. The default 18060value is backwards compatible with Postfix version 1.1. 18061</p> 18062 18063<p> 18064If you use this feature with indexed files, run "<b>postmap 18065/etc/postfix/virtual</b>" after changing the file. 18066</p> 18067 18068<p> 18069Examples: 18070</p> 18071 18072<pre> 18073<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/virtual 18074<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual 18075</pre> 18076 18077 18078</DD> 18079 18080<DT><b><a name="virtual_alias_recursion_limit">virtual_alias_recursion_limit</a> 18081(default: 1000)</b></DT><DD> 18082 18083<p> 18084The maximal nesting depth of virtual alias expansion. Currently 18085the recursion limit is applied only to the left branch of the 18086expansion graph, so the depth of the tree can in the worst case 18087reach the sum of the expansion and recursion limits. This may 18088change in the future. 18089</p> 18090 18091<p> 18092This feature is available in Postfix 2.1 and later. 18093</p> 18094 18095 18096</DD> 18097 18098<DT><b><a name="virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> 18099(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 18100 18101<p> The maximal number of parallel deliveries to the same destination 18102via the virtual message delivery transport. This limit is enforced 18103by the queue manager. The message delivery transport name is the 18104first field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 18105 18106 18107</DD> 18108 18109<DT><b><a name="virtual_destination_recipient_limit">virtual_destination_recipient_limit</a> 18110(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 18111 18112<p> The maximal number of recipients per message for the virtual 18113message delivery transport. This limit is enforced by the queue 18114manager. The message delivery transport name is the first field in 18115the entry in the <a href="master.5.html">master.cf</a> file. </p> 18116 18117<p> Setting this parameter to a value of 1 changes the meaning of 18118<a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> from concurrency per domain 18119into concurrency per recipient. </p> 18120 18121 18122</DD> 18123 18124<DT><b><a name="virtual_gid_maps">virtual_gid_maps</a> 18125(default: empty)</b></DT><DD> 18126 18127<p> 18128Lookup tables with the per-recipient group ID for <a href="virtual.8.html">virtual(8)</a> mailbox 18129delivery. 18130</p> 18131 18132<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 18133It does not apply when mail is delivered with a different mail 18134delivery program. </p> 18135 18136<p> 18137In a lookup table, specify a left-hand side of "@domain.tld" to 18138match any user in the specified domain that does not have a specific 18139"user@domain.tld" entry. 18140</p> 18141 18142<p> 18143When a recipient address has an optional address extension 18144(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up 18145the full address first, and when the lookup fails, it looks up the 18146unextended address (user@domain.tld). 18147</p> 18148 18149<p> 18150Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows 18151regular expression substitution of $1 etc. in regular expression 18152lookup tables, because that would open a security hole. 18153</p> 18154 18155<p> 18156Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will 18157silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead 18158it will open the table directly. Before Postfix version 2.2, the 18159<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error. 18160</p> 18161 18162 18163</DD> 18164 18165<DT><b><a name="virtual_mailbox_base">virtual_mailbox_base</a> 18166(default: empty)</b></DT><DD> 18167 18168<p> 18169A prefix that the <a href="virtual.8.html">virtual(8)</a> delivery agent prepends to all pathname 18170results from $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> table lookups. This is a safety 18171measure to ensure that an out of control map doesn't litter the 18172file system with mailboxes. While <a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> could be 18173set to "/", this setting isn't recommended. 18174</p> 18175 18176<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 18177It does not apply when mail is delivered with a different mail 18178delivery program. </p> 18179 18180<p> 18181Example: 18182</p> 18183 18184<pre> 18185<a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> = /var/mail 18186</pre> 18187 18188 18189</DD> 18190 18191<DT><b><a name="virtual_mailbox_domains">virtual_mailbox_domains</a> 18192(default: $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b></DT><DD> 18193 18194<p> Postfix is final destination for the specified list of domains; 18195mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail delivery transport. 18196By default this is the Postfix <a href="virtual.8.html">virtual(8)</a> delivery agent. The SMTP 18197server validates recipient addresses with $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> 18198and rejects mail for non-existent recipients. See also the virtual 18199mailbox domain class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p> 18200 18201<p> This parameter expects the same syntax as the <a href="postconf.5.html#mydestination">mydestination</a> 18202configuration parameter. </p> 18203 18204<p> 18205This feature is available in Postfix 2.0 and later. The default 18206value is backwards compatible with Postfix version 1.1. 18207</p> 18208 18209 18210</DD> 18211 18212<DT><b><a name="virtual_mailbox_limit">virtual_mailbox_limit</a> 18213(default: 51200000)</b></DT><DD> 18214 18215<p> 18216The maximal size in bytes of an individual <a href="virtual.8.html">virtual(8)</a> mailbox or 18217maildir file, or zero (no limit). </p> 18218 18219<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 18220It does not apply when mail is delivered with a different mail 18221delivery program. </p> 18222 18223 18224</DD> 18225 18226<DT><b><a name="virtual_mailbox_lock">virtual_mailbox_lock</a> 18227(default: see "postconf -d" output)</b></DT><DD> 18228 18229<p> 18230How to lock a UNIX-style <a href="virtual.8.html">virtual(8)</a> mailbox before attempting 18231delivery. For a list of available file locking methods, use the 18232"<b>postconf -l</b>" command. 18233</p> 18234 18235<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 18236It does not apply when mail is delivered with a different mail 18237delivery program. </p> 18238 18239<p> 18240This setting is ignored with <b>maildir</b> style delivery, because 18241such deliveries are safe without application-level locks. 18242</p> 18243 18244<p> 18245Note 1: the <b>dotlock</b> method requires that the recipient UID 18246or GID has write access to the parent directory of the recipient's 18247mailbox file. 18248</p> 18249 18250<p> 18251Note 2: the default setting of this parameter is system dependent. 18252</p> 18253 18254 18255</DD> 18256 18257<DT><b><a name="virtual_mailbox_maps">virtual_mailbox_maps</a> 18258(default: empty)</b></DT><DD> 18259 18260<p> 18261Optional lookup tables with all valid addresses in the domains that 18262match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. 18263</p> 18264 18265<p> 18266In a lookup table, specify a left-hand side of "@domain.tld" to 18267match any user in the specified domain that does not have a specific 18268"user@domain.tld" entry. 18269</p> 18270 18271<p> The remainder of this text is specific to the <a href="virtual.8.html">virtual(8)</a> delivery 18272agent. It does not apply when mail is delivered with a different 18273mail delivery program. </p> 18274 18275<p> 18276The <a href="virtual.8.html">virtual(8)</a> delivery agent uses this table to look up the 18277per-recipient mailbox or maildir pathname. If the lookup result 18278ends in a slash ("/"), maildir-style delivery is carried out, 18279otherwise the path is assumed to specify a UNIX-style mailbox file. 18280Note that $<a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> is unconditionally prepended to 18281this path. 18282</p> 18283 18284<p> 18285When a recipient address has an optional address extension 18286(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up 18287the full address first, and when the lookup fails, it looks up the 18288unextended address (user@domain.tld). 18289</p> 18290 18291<p> 18292Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows 18293regular expression substitution of $1 etc. in regular expression 18294lookup tables, because that would open a security hole. 18295</p> 18296 18297<p> 18298Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will 18299silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead 18300it will open the table directly. Before Postfix version 2.2, the 18301<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error. 18302</p> 18303 18304 18305</DD> 18306 18307<DT><b><a name="virtual_maps">virtual_maps</a> 18308(default: empty)</b></DT><DD> 18309 18310<p> Optional lookup tables with a) names of domains for which all 18311addresses are aliased to addresses in other local or remote domains, 18312and b) addresses that are aliased to addresses in other local or 18313remote domains. Available before Postfix version 2.0. With Postfix 18314version 2.0 and later, this is replaced by separate controls: <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> 18315and <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. </p> 18316 18317 18318</DD> 18319 18320<DT><b><a name="virtual_minimum_uid">virtual_minimum_uid</a> 18321(default: 100)</b></DT><DD> 18322 18323<p> 18324The minimum user ID value that the <a href="virtual.8.html">virtual(8)</a> delivery agent accepts 18325as a result from $<a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> table lookup. Returned 18326values less than this will be rejected, and the message will be 18327deferred. 18328</p> 18329 18330<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 18331It does not apply when mail is delivered with a different mail 18332delivery program. </p> 18333 18334 18335</DD> 18336 18337<DT><b><a name="virtual_transport">virtual_transport</a> 18338(default: virtual)</b></DT><DD> 18339 18340<p> 18341The default mail delivery transport and next-hop destination for 18342final delivery to domains listed with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. 18343This information can be overruled with the <a href="transport.5.html">transport(5)</a> table. 18344</p> 18345 18346<p> 18347Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 18348is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>. 18349The <i>:nexthop</i> destination is optional; its syntax is documented 18350in the manual page of the corresponding delivery agent. 18351</p> 18352 18353<p> 18354This feature is available in Postfix 2.0 and later. 18355</p> 18356 18357 18358</DD> 18359 18360<DT><b><a name="virtual_uid_maps">virtual_uid_maps</a> 18361(default: empty)</b></DT><DD> 18362 18363<p> 18364Lookup tables with the per-recipient user ID that the <a href="virtual.8.html">virtual(8)</a> 18365delivery agent uses while writing to the recipient's mailbox. 18366</p> 18367 18368<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 18369It does not apply when mail is delivered with a different mail 18370delivery program. </p> 18371 18372<p> 18373In a lookup table, specify a left-hand side of "@domain.tld" 18374to match any user in the specified domain that does not have a 18375specific "user@domain.tld" entry. 18376</p> 18377 18378<p> 18379When a recipient address has an optional address extension 18380(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up 18381the full address first, and when the lookup fails, it looks up the 18382unextended address (user@domain.tld). 18383</p> 18384 18385<p> 18386Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows 18387regular expression substitution of $1 etc. in regular expression 18388lookup tables, because that would open a security hole. 18389</p> 18390 18391<p> 18392Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will 18393silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead 18394it will open the table directly. Before Postfix version 2.2, the 18395<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error. 18396</p> 18397 18398 18399</DD> 18400 18401</dl> 18402 18403</body> 18404 18405</html> 18406
