1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3 4<html> 5 6<head> 7 8<title>Postfix Configuration Parameters </title> 9 10<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 11 12</head> 13 14<body> 15 16<h1><img src="postfix-logo.jpg" width="203" height="98" alt="">Postfix Configuration Parameters </h1> 17 18<hr> 19 20<h2> Postfix main.cf file format </h2> 21 22<p> The Postfix main.cf configuration file specifies a very small 23subset of all the parameters that control the operation of the 24Postfix mail system. Parameters not explicitly specified are left 25at their default values. </p> 26 27<p> The general format of the main.cf file is as follows: </p> 28 29<ul> 30 31<li> <p> Each logical line is in the form "parameter = value". 32Whitespace around the "=" is ignored, as is whitespace at the end 33of a logical line. </p> 34 35<li> <p> Empty lines and whitespace-only lines are ignored, as are 36lines whose first non-whitespace character is a `#'. </p> 37 38<li> <p> A logical line starts with non-whitespace text. A line 39that starts with whitespace continues a logical line. </p> 40 41<li> <p> A parameter value may refer to other parameters. </p> 42 43<ul> 44 45<li> <p> The expressions "$name", "${name}" or "$(name)" are 46recursively replaced by the value of the named parameter. </p> 47 48<li> <p> The expression "${name?value}" expands to "value" when 49"$name" is non-empty. This form is supported with Postfix version 502.2 and later. </p> 51 52<li> <p> The expression "${name:value}" expands to "value" when 53"$name" is empty. This form is supported with Postfix version 2.2 54and later. </p> 55 56<li> <p> Specify "$$" to produce a single "$" character. </p> 57 58</ul> 59 60<li> <p> When the same parameter is defined multiple times, only 61the last instance is remembered. </p> 62 63<li> <p> Otherwise, the order of main.cf parameter definitions does 64not matter. </p> 65 66</ul> 67 68<p> The remainder of this document is a description of all Postfix 69configuration parameters. Default values are shown after the 70parameter name in parentheses, and can be looked up with the 71"<b>postconf -d</b>" command. </p> 72 73<p> Note: this is not an invitation to make changes to Postfix 74configuration parameters. Unnecessary changes are likely to impair 75the operation of the mail system. </p> 76 77<dl> 78<DT><b><a name="2bounce_notice_recipient">2bounce_notice_recipient</a> 79(default: postmaster)</b></DT><DD> 80 81<p> The recipient of undeliverable mail that cannot be returned to 82the sender. This feature is enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a> 83parameter. </p> 84 85 86</DD> 87 88<DT><b><a name="access_map_defer_code">access_map_defer_code</a> 89(default: 450)</b></DT><DD> 90 91<p> 92The numerical Postfix SMTP server response code for 93an <a href="access.5.html">access(5)</a> map "defer" action, including "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" 94or "<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>". Prior to Postfix 2.6, the response 95is hard-coded as "450". 96</p> 97 98<p> 99Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. 100</p> 101 102<p> 103This feature is available in Postfix 2.6 and later. 104</p> 105 106 107</DD> 108 109<DT><b><a name="access_map_reject_code">access_map_reject_code</a> 110(default: 554)</b></DT><DD> 111 112<p> 113The numerical Postfix SMTP server response code for 114an <a href="access.5.html">access(5)</a> map "reject" action. 115</p> 116 117<p> 118Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. 119</p> 120 121 122</DD> 123 124<DT><b><a name="address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a> 125(default: 12h)</b></DT><DD> 126 127<p> The amount of time between <a href="verify.8.html">verify(8)</a> address verification 128database cleanup runs. This feature requires that the database 129supports the "delete" and "sequence" operators. Specify a zero 130interval to disable database cleanup. </p> 131 132<p> After each database cleanup run, the <a href="verify.8.html">verify(8)</a> daemon logs the 133number of entries that were retained and dropped. A cleanup run is 134logged as "partial" when the daemon terminates early after "<b>postfix 135reload</b>", "<b>postfix stop</b>", or no requests for $<a href="postconf.5.html#max_idle">max_idle</a> 136seconds. </p> 137 138<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 139(weeks). </p> 140 141<p> This feature is available in Postfix 2.7. </p> 142 143 144</DD> 145 146<DT><b><a name="address_verify_default_transport">address_verify_default_transport</a> 147(default: $<a href="postconf.5.html#default_transport">default_transport</a>)</b></DT><DD> 148 149<p> 150Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting for address 151verification probes. 152</p> 153 154<p> 155This feature is available in Postfix 2.1 and later. 156</p> 157 158 159</DD> 160 161<DT><b><a name="address_verify_local_transport">address_verify_local_transport</a> 162(default: $<a href="postconf.5.html#local_transport">local_transport</a>)</b></DT><DD> 163 164<p> 165Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for address 166verification probes. 167</p> 168 169<p> 170This feature is available in Postfix 2.1 and later. 171</p> 172 173 174</DD> 175 176<DT><b><a name="address_verify_map">address_verify_map</a> 177(default: see "postconf -d" output)</b></DT><DD> 178 179<p> 180Lookup table for persistent address verification status 181storage. The table is maintained by the <a href="verify.8.html">verify(8)</a> service, and 182is opened before the process releases privileges. 183</p> 184 185<p> 186The lookup table is persistent by default (Postfix 2.7 and later). 187Specify an empty table name to keep the information in volatile 188memory which is lost after "<b>postfix reload</b>" or "<b>postfix 189stop</b>". This is the default with Postfix version 2.6 and earlier. 190</p> 191 192<p> 193Specify a location in a file system that will not fill up. If the 194database becomes corrupted, the world comes to an end. To recover 195delete (NOT: truncate) the file and do "<b>postfix reload</b>". 196</p> 197 198<p> Postfix daemon processes do not use root privileges when opening 199this file (Postfix 2.5 and later). The file must therefore be 200stored under a Postfix-owned directory such as the <a href="postconf.5.html#data_directory">data_directory</a>. 201As a migration aid, an attempt to open the file under a non-Postfix 202directory is redirected to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a 203warning is logged. </p> 204 205<p> 206Examples: 207</p> 208 209<pre> 210<a href="postconf.5.html#address_verify_map">address_verify_map</a> = hash:/var/db/postfix/verify 211<a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:/var/db/postfix/verify 212</pre> 213 214<p> 215This feature is available in Postfix 2.1 and later. 216</p> 217 218 219</DD> 220 221<DT><b><a name="address_verify_negative_cache">address_verify_negative_cache</a> 222(default: yes)</b></DT><DD> 223 224<p> 225Enable caching of failed address verification probe results. When 226this feature is enabled, the cache may pollute quickly with garbage. 227When this feature is disabled, Postfix will generate an address 228probe for every lookup. 229</p> 230 231<p> 232This feature is available in Postfix 2.1 and later. 233</p> 234 235 236</DD> 237 238<DT><b><a name="address_verify_negative_expire_time">address_verify_negative_expire_time</a> 239(default: 3d)</b></DT><DD> 240 241<p> 242The time after which a failed probe expires from the address 243verification cache. 244</p> 245 246<p> 247Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 248</p> 249 250<p> 251This feature is available in Postfix 2.1 and later. 252</p> 253 254 255</DD> 256 257<DT><b><a name="address_verify_negative_refresh_time">address_verify_negative_refresh_time</a> 258(default: 3h)</b></DT><DD> 259 260<p> 261The time after which a failed address verification probe needs to 262be refreshed. 263</p> 264 265<p> 266Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 267</p> 268 269<p> 270This feature is available in Postfix 2.1 and later. 271</p> 272 273 274</DD> 275 276<DT><b><a name="address_verify_poll_count">address_verify_poll_count</a> 277(default: normal: 3, overload: 1)</b></DT><DD> 278 279<p> 280How many times to query the <a href="verify.8.html">verify(8)</a> service for the completion 281of an address verification request in progress. 282</p> 283 284<p> By default, the Postfix SMTP server polls the <a href="verify.8.html">verify(8)</a> service 285up to three times under non-overload conditions, and only once when 286under overload. With Postfix version 2.5 and earlier, the SMTP 287server always polls the <a href="verify.8.html">verify(8)</a> service up to three times by 288default. </p> 289 290<p> 291Specify 1 to implement a crude form of greylisting, that is, always 292defer the first delivery request for a new address. 293</p> 294 295<p> 296Examples: 297</p> 298 299<pre> 300# Postfix ≤ 2.6 default 301<a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> = 3 302# Poor man's greylisting 303<a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> = 1 304</pre> 305 306<p> 307This feature is available in Postfix 2.1 and later. 308</p> 309 310 311</DD> 312 313<DT><b><a name="address_verify_poll_delay">address_verify_poll_delay</a> 314(default: 3s)</b></DT><DD> 315 316<p> 317The delay between queries for the completion of an address 318verification request in progress. 319</p> 320 321<p> 322The default polling delay is 3 seconds. 323</p> 324 325<p> 326Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 327</p> 328 329<p> 330This feature is available in Postfix 2.1 and later. 331</p> 332 333 334</DD> 335 336<DT><b><a name="address_verify_positive_expire_time">address_verify_positive_expire_time</a> 337(default: 31d)</b></DT><DD> 338 339<p> 340The time after which a successful probe expires from the address 341verification cache. 342</p> 343 344<p> 345Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 346</p> 347 348<p> 349This feature is available in Postfix 2.1 and later. 350</p> 351 352 353</DD> 354 355<DT><b><a name="address_verify_positive_refresh_time">address_verify_positive_refresh_time</a> 356(default: 7d)</b></DT><DD> 357 358<p> 359The time after which a successful address verification probe needs 360to be refreshed. The address verification status is not updated 361when the probe fails (optimistic caching). 362</p> 363 364<p> 365Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 366</p> 367 368<p> 369This feature is available in Postfix 2.1 and later. 370</p> 371 372 373</DD> 374 375<DT><b><a name="address_verify_relay_transport">address_verify_relay_transport</a> 376(default: $<a href="postconf.5.html#relay_transport">relay_transport</a>)</b></DT><DD> 377 378<p> 379Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for address 380verification probes. 381</p> 382 383<p> 384This feature is available in Postfix 2.1 and later. 385</p> 386 387 388</DD> 389 390<DT><b><a name="address_verify_relayhost">address_verify_relayhost</a> 391(default: $<a href="postconf.5.html#relayhost">relayhost</a>)</b></DT><DD> 392 393<p> 394Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verification 395probes. This information can be overruled with the <a href="transport.5.html">transport(5)</a> table. 396</p> 397 398<p> 399This feature is available in Postfix 2.1 and later. 400</p> 401 402 403</DD> 404 405<DT><b><a name="address_verify_sender">address_verify_sender</a> 406(default: $<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b></DT><DD> 407 408<p> The sender address to use in address verification probes; prior 409to Postfix 2.5 the default was "postmaster". To 410avoid problems with address probes that are sent in response to 411address probes, the Postfix SMTP server excludes the probe sender 412address from all SMTPD access blocks. </p> 413 414<p> 415Specify an empty value (<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> =) or <> if you want 416to use the null sender address. Beware, some sites reject mail from 417<>, even though RFCs require that such addresses be accepted. 418</p> 419 420<p> 421Examples: 422</p> 423 424<pre> 425<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> = <> 426<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> = postmaster@my.domain 427</pre> 428 429<p> 430This feature is available in Postfix 2.1 and later. 431</p> 432 433 434</DD> 435 436<DT><b><a name="address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a> 437(default: $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>)</b></DT><DD> 438 439<p> Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter 440setting for address verification probes. </p> 441 442<p> This feature is available in Postfix 2.7 and later. </p> 443 444 445</DD> 446 447<DT><b><a name="address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> 448(default: $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>)</b></DT><DD> 449 450<p> 451Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> parameter setting for address 452verification probes. 453</p> 454 455<p> 456This feature is available in Postfix 2.3 and later. 457</p> 458 459 460</DD> 461 462<DT><b><a name="address_verify_sender_ttl">address_verify_sender_ttl</a> 463(default: 0s)</b></DT><DD> 464 465<p> The time between changes in the time-dependent portion of address 466verification probe sender addresses. The time-dependent portion is 467appended to the localpart of the address specified with the 468<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> parameter. This feature is ignored when the 469probe sender addresses is the null sender, i.e. the <a href="postconf.5.html#address_verify_sender">address_verify_sender</a> 470value is empty or <>. </p> 471 472<p> Historically, the probe sender address was fixed. This has 473caused such addresses to end up on spammer mailing lists, and has 474resulted in wasted network and processing resources. </p> 475 476<p> To enable time-dependent probe sender addresses, specify a 477non-zero time value (an integral value plus an optional one-letter 478suffix that specifies the time unit). Specify a value of at least 479several hours, to avoid problems with senders that use greylisting. 480Avoid nice TTL values, to make the result less predictable. Time 481units are: s (seconds), m (minutes), h (hours), d (days), w (weeks). 482</p> 483 484<p> This feature is available in Postfix 2.9 and later. </p> 485 486 487</DD> 488 489<DT><b><a name="address_verify_service_name">address_verify_service_name</a> 490(default: verify)</b></DT><DD> 491 492<p> 493The name of the <a href="verify.8.html">verify(8)</a> address verification service. This service 494maintains the status of sender and/or recipient address verification 495probes, and generates probes on request by other Postfix processes. 496</p> 497 498 499</DD> 500 501<DT><b><a name="address_verify_transport_maps">address_verify_transport_maps</a> 502(default: $<a href="postconf.5.html#transport_maps">transport_maps</a>)</b></DT><DD> 503 504<p> 505Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for address verification 506probes. 507</p> 508 509<p> 510This feature is available in Postfix 2.1 and later. 511</p> 512 513 514</DD> 515 516<DT><b><a name="address_verify_virtual_transport">address_verify_virtual_transport</a> 517(default: $<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b></DT><DD> 518 519<p> 520Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting for address 521verification probes. 522</p> 523 524<p> 525This feature is available in Postfix 2.1 and later. 526</p> 527 528 529</DD> 530 531<DT><b><a name="alias_database">alias_database</a> 532(default: see "postconf -d" output)</b></DT><DD> 533 534<p> 535The alias databases for <a href="local.8.html">local(8)</a> delivery that are updated with 536"<b>newaliases</b>" or with "<b>sendmail -bi</b>". 537</p> 538 539<p> 540This is a separate configuration parameter because not all the 541tables specified with $<a href="postconf.5.html#alias_maps">alias_maps</a> have to be local files. 542</p> 543 544<p> 545Examples: 546</p> 547 548<pre> 549<a href="postconf.5.html#alias_database">alias_database</a> = hash:/etc/aliases 550<a href="postconf.5.html#alias_database">alias_database</a> = hash:/etc/mail/aliases 551</pre> 552 553 554</DD> 555 556<DT><b><a name="alias_maps">alias_maps</a> 557(default: see "postconf -d" output)</b></DT><DD> 558 559<p> 560The alias databases that are used for <a href="local.8.html">local(8)</a> delivery. See 561<a href="aliases.5.html">aliases(5)</a> for syntax details. 562</p> 563 564<p> 565The default list is system dependent. On systems with NIS, the 566default is to search the local alias database, then the NIS alias 567database. 568</p> 569 570<p> 571If you change the alias database, run "<b>postalias /etc/aliases</b>" 572(or wherever your system stores the mail alias file), or simply 573run "<b>newaliases</b>" to build the necessary DBM or DB file. 574</p> 575 576<p> 577The <a href="local.8.html">local(8)</a> delivery agent disallows regular expression substitution 578of $1 etc. in <a href="postconf.5.html#alias_maps">alias_maps</a>, because that would open a security hole. 579</p> 580 581<p> 582The <a href="local.8.html">local(8)</a> delivery agent will silently ignore requests to use 583the <a href="proxymap.8.html">proxymap(8)</a> server within <a href="postconf.5.html#alias_maps">alias_maps</a>. Instead it will open the 584table directly. Before Postfix version 2.2, the <a href="local.8.html">local(8)</a> delivery 585agent will terminate with a fatal error. 586</p> 587 588<p> 589Examples: 590</p> 591 592<pre> 593<a href="postconf.5.html#alias_maps">alias_maps</a> = hash:/etc/aliases, nis:mail.aliases 594<a href="postconf.5.html#alias_maps">alias_maps</a> = hash:/etc/aliases 595</pre> 596 597 598</DD> 599 600<DT><b><a name="allow_mail_to_commands">allow_mail_to_commands</a> 601(default: alias, forward)</b></DT><DD> 602 603<p> 604Restrict <a href="local.8.html">local(8)</a> mail delivery to external commands. The default 605is to disallow delivery to "|command" in :include: files (see 606<a href="aliases.5.html">aliases(5)</a> for the text that defines this terminology). 607</p> 608 609<p> 610Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>, 611in order to allow commands in <a href="aliases.5.html">aliases(5)</a>, .forward files or in 612:include: files, respectively. 613</p> 614 615<p> 616Example: 617</p> 618 619<pre> 620<a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> = alias,forward,include 621</pre> 622 623 624</DD> 625 626<DT><b><a name="allow_mail_to_files">allow_mail_to_files</a> 627(default: alias, forward)</b></DT><DD> 628 629<p> 630Restrict <a href="local.8.html">local(8)</a> mail delivery to external files. The default is 631to disallow "/file/name" destinations in :include: files (see 632<a href="aliases.5.html">aliases(5)</a> for the text that defines this terminology). 633</p> 634 635<p> 636Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>, 637in order to allow "/file/name" destinations in <a href="aliases.5.html">aliases(5)</a>, .forward 638files and in :include: files, respectively. 639</p> 640 641<p> 642Example: 643</p> 644 645<pre> 646<a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a> = alias,forward,include 647</pre> 648 649 650</DD> 651 652<DT><b><a name="allow_min_user">allow_min_user</a> 653(default: no)</b></DT><DD> 654 655<p> 656Allow a sender or recipient address to have `-' as the first 657character. By 658default, this is not allowed, to avoid accidents with software that 659passes email addresses via the command line. Such software 660would not be able to distinguish a malicious address from a 661bona fide command-line option. Although this can be prevented by 662inserting a "--" option terminator into the command line, this is 663difficult to enforce consistently and globally. </p> 664 665<p> As of Postfix version 2.5, this feature is implemented by 666<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>. With earlier versions this feature was implemented 667by <a href="qmgr.8.html">qmgr(8)</a> and was limited to recipient addresses only. </p> 668 669 670</DD> 671 672<DT><b><a name="allow_percent_hack">allow_percent_hack</a> 673(default: yes)</b></DT><DD> 674 675<p> 676Enable the rewriting of the form "user%domain" to "user@domain". 677This is enabled by default. 678</p> 679 680<p> Note: with Postfix version 2.2, message header address rewriting 681happens only when one of the following conditions is true: </p> 682 683<ul> 684 685<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 686 687<li> The message is received from a network client that matches 688$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 689 690<li> The message is received from the network, and the 691<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 692 693</ul> 694 695<p> To get the behavior before Postfix version 2.2, specify 696"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 697 698<p> 699Example: 700</p> 701 702<pre> 703<a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a> = no 704</pre> 705 706 707</DD> 708 709<DT><b><a name="allow_untrusted_routing">allow_untrusted_routing</a> 710(default: no)</b></DT><DD> 711 712<p> 713Forward mail with sender-specified routing (user[@%!]remote[@%!]site) 714from untrusted clients to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>. 715</p> 716 717<p> 718By default, this feature is turned off. This closes a nasty open 719relay loophole where a backup MX host can be tricked into forwarding 720junk mail to a primary MX host which then spams it out to the world. 721</p> 722 723<p> 724This parameter also controls if non-local addresses with sender-specified 725routing can match Postfix access tables. By default, such addresses 726cannot match Postfix access tables, because the address is ambiguous. 727</p> 728 729 730</DD> 731 732<DT><b><a name="alternate_config_directories">alternate_config_directories</a> 733(default: empty)</b></DT><DD> 734 735<p> 736A list of non-default Postfix configuration directories that may 737be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line, or 738via the MAIL_CONFIG environment parameter. 739</p> 740 741<p> 742This list must be specified in the default Postfix configuration 743directory, and is used by set-gid Postfix commands such as <a href="postqueue.1.html">postqueue(1)</a> 744and <a href="postdrop.1.html">postdrop(1)</a>. 745</p> 746 747 748</DD> 749 750<DT><b><a name="always_add_missing_headers">always_add_missing_headers</a> 751(default: no)</b></DT><DD> 752 753<p> Always add (Resent-) From:, To:, Date: or Message-ID: headers 754when not present. Postfix 2.6 and later add these headers only 755when clients match the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter 756setting. Earlier Postfix versions always add these headers; this 757may break DKIM signatures that cover non-existent headers. </p> 758 759 760</DD> 761 762<DT><b><a name="always_bcc">always_bcc</a> 763(default: empty)</b></DT><DD> 764 765<p> 766Optional address that receives a "blind carbon copy" of each message 767that is received by the Postfix mail system. 768</p> 769 770<p> 771Note: if mail to the BCC address bounces it will be returned to 772the sender. 773</p> 774 775<p> Note: automatic BCC recipients are produced only for new mail. 776To avoid mailer loops, automatic BCC recipients are not generated 777after Postfix forwards mail internally, or after Postfix generates 778mail itself. </p> 779 780 781</DD> 782 783<DT><b><a name="anvil_rate_time_unit">anvil_rate_time_unit</a> 784(default: 60s)</b></DT><DD> 785 786<p> 787The time unit over which client connection rates and other rates 788are calculated. 789</p> 790 791<p> 792This feature is implemented by the <a href="anvil.8.html">anvil(8)</a> service which is available 793in Postfix version 2.2 and later. 794</p> 795 796<p> 797The default interval is relatively short. Because of the high 798frequency of updates, the <a href="anvil.8.html">anvil(8)</a> server uses volatile memory 799only. Thus, information is lost whenever the process terminates. 800</p> 801 802<p> 803Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 804The default time unit is s (seconds). 805</p> 806 807 808</DD> 809 810<DT><b><a name="anvil_status_update_time">anvil_status_update_time</a> 811(default: 600s)</b></DT><DD> 812 813<p> 814How frequently the <a href="anvil.8.html">anvil(8)</a> connection and rate limiting server 815logs peak usage information. 816</p> 817 818<p> 819This feature is available in Postfix 2.2 and later. 820</p> 821 822<p> 823Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 824The default time unit is s (seconds). 825</p> 826 827 828</DD> 829 830<DT><b><a name="append_at_myorigin">append_at_myorigin</a> 831(default: yes)</b></DT><DD> 832 833<p> 834With locally submitted mail, append the string "@$<a href="postconf.5.html#myorigin">myorigin</a>" to mail 835addresses without domain information. With remotely submitted mail, 836append the string "@$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>" instead. 837</p> 838 839<p> 840Note 1: this feature is enabled by default and must not be turned off. 841Postfix does not support domain-less addresses. 842</p> 843 844<p> Note 2: with Postfix version 2.2, message header address rewriting 845happens only when one of the following conditions is true: </p> 846 847<ul> 848 849<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 850 851<li> The message is received from a network client that matches 852$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 853 854<li> The message is received from the network, and the 855<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 856 857</ul> 858 859<p> To get the behavior before Postfix version 2.2, specify 860"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 861 862 863</DD> 864 865<DT><b><a name="append_dot_mydomain">append_dot_mydomain</a> 866(default: yes)</b></DT><DD> 867 868<p> 869With locally submitted mail, append the string ".$<a href="postconf.5.html#mydomain">mydomain</a>" to 870addresses that have no ".domain" information. With remotely submitted 871mail, append the string ".$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>" 872instead. 873</p> 874 875<p> 876Note 1: this feature is enabled by default. If disabled, users will not be 877able to send mail to "user@partialdomainname" but will have to 878specify full domain names instead. 879</p> 880 881<p> Note 2: with Postfix version 2.2, message header address rewriting 882happens only when one of the following conditions is true: </p> 883 884<ul> 885 886<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 887 888<li> The message is received from a network client that matches 889$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 890 891<li> The message is received from the network, and the 892<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 893 894</ul> 895 896<p> To get the behavior before Postfix version 2.2, specify 897"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 898 899 900</DD> 901 902<DT><b><a name="application_event_drain_time">application_event_drain_time</a> 903(default: 100s)</b></DT><DD> 904 905<p> 906How long the <a href="postkick.1.html">postkick(1)</a> command waits for a request to enter the 907Postfix daemon process input buffer before giving up. 908</p> 909 910<p> 911Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 912The default time unit is s (seconds). 913</p> 914 915<p> 916This feature is available in Postfix 2.1 and later. 917</p> 918 919 920</DD> 921 922<DT><b><a name="authorized_flush_users">authorized_flush_users</a> 923(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD> 924 925<p> 926List of users who are authorized to flush the queue. 927</p> 928 929<p> 930By default, all users are allowed to flush the queue. Access is 931always granted if the invoking user is the super-user or the 932$<a href="postconf.5.html#mail_owner">mail_owner</a> user. Otherwise, the real UID of the process is looked 933up in the system password file, and access is granted only if the 934corresponding login name is on the access list. The username 935"unknown" is used for processes whose real UID is not found in the 936password file. </p> 937 938<p> 939Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns, 940separated by commas and/or whitespace. The list is matched left to 941right, and the search stops on the first match. A "/file/name" 942pattern is replaced 943by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name 944matches a lookup key (the lookup result is ignored). Continue long 945lines by starting the next line with whitespace. Specify "!pattern" 946to exclude a name from the list. The form "!/file/name" is supported 947only in Postfix version 2.4 and later. </p> 948 949<p> 950This feature is available in Postfix 2.2 and later. 951</p> 952 953 954</DD> 955 956<DT><b><a name="authorized_mailq_users">authorized_mailq_users</a> 957(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD> 958 959<p> 960List of users who are authorized to view the queue. 961</p> 962 963<p> 964By default, all users are allowed to view the queue. Access is 965always granted if the invoking user is the super-user or the 966$<a href="postconf.5.html#mail_owner">mail_owner</a> user. Otherwise, the real UID of the process is looked 967up in the system password file, and access is granted only if the 968corresponding login name is on the access list. The username 969"unknown" is used for processes whose real UID is not found in the 970password file. </p> 971 972<p> 973Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns, 974separated by commas and/or whitespace. The list is matched left to 975right, and the search stops on the first match. A "/file/name" 976pattern is replaced 977by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name 978matches a lookup key (the lookup result is ignored). Continue long 979lines by starting the next line with whitespace. Specify "!pattern" 980to exclude a user name from the list. The form "!/file/name" is 981supported only in Postfix version 2.4 and later. </p> 982 983<p> 984This feature is available in Postfix 2.2 and later. 985</p> 986 987 988</DD> 989 990<DT><b><a name="authorized_submit_users">authorized_submit_users</a> 991(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD> 992 993<p> 994List of users who are authorized to submit mail with the <a href="sendmail.1.html">sendmail(1)</a> 995command (and with the privileged <a href="postdrop.1.html">postdrop(1)</a> helper command). 996</p> 997 998<p> 999By default, all users are allowed to submit mail. Otherwise, the 1000real UID of the process is looked up in the system password file, 1001and access is granted only if the corresponding login name is on 1002the access list. The username "unknown" is used for processes 1003whose real UID is not found in the password file. To deny mail 1004submission access to all users specify an empty list. </p> 1005 1006<p> 1007Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns, 1008separated by commas and/or whitespace. The list is matched left to right, 1009and the search stops on the first match. A "/file/name" pattern is 1010replaced by its contents; 1011a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name matches a lookup key 1012(the lookup result is ignored). Continue long lines by starting the 1013next line with whitespace. Specify "!pattern" to exclude a user 1014name from the list. The form "!/file/name" is supported only in 1015Postfix version 2.4 and later. </p> 1016 1017<p> 1018Example: 1019</p> 1020 1021<pre> 1022<a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> = !www, <a href="DATABASE_README.html#types">static</a>:all 1023</pre> 1024 1025<p> 1026This feature is available in Postfix 2.2 and later. 1027</p> 1028 1029 1030</DD> 1031 1032<DT><b><a name="authorized_verp_clients">authorized_verp_clients</a> 1033(default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)</b></DT><DD> 1034 1035<p> What remote SMTP clients are allowed to specify the XVERP command. 1036This command requests that mail be delivered one recipient at a 1037time with a per recipient return address. </p> 1038 1039<p> By default, only trusted clients are allowed to specify XVERP. 1040</p> 1041 1042<p> This parameter was introduced with Postfix version 1.1. Postfix 1043version 2.1 renamed this parameter to <a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> 1044and changed the default to none. </p> 1045 1046<p> Specify a list of network/netmask patterns, separated by commas 1047and/or whitespace. The mask specifies the number of bits in the 1048network part of a host address. You can also specify hostnames or 1049.domain names (the initial dot causes the domain to match any name 1050below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" 1051pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 1052is matched when a table entry matches a lookup string (the lookup 1053result is ignored). Continue long lines by starting the next line 1054with whitespace. Specify "!pattern" to exclude an address or network 1055block from the list. The form "!/file/name" is supported only in 1056Postfix version 2.4 and later. </p> 1057 1058<p> Note: IP version 6 address information must be specified inside 1059<tt>[]</tt> in the <a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> value, and in files 1060specified with "/file/name". IP version 6 addresses contain the 1061":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 1062pattern. </p> 1063 1064 1065</DD> 1066 1067<DT><b><a name="backwards_bounce_logfile_compatibility">backwards_bounce_logfile_compatibility</a> 1068(default: yes)</b></DT><DD> 1069 1070<p> 1071Produce additional <a href="bounce.8.html">bounce(8)</a> logfile records that can be read by 1072Postfix versions before 2.0. The current and more extensible "name = 1073value" format is needed in order to implement more sophisticated 1074functionality. 1075</p> 1076 1077<p> 1078This feature is available in Postfix 2.1 and later. 1079</p> 1080 1081 1082</DD> 1083 1084<DT><b><a name="berkeley_db_create_buffer_size">berkeley_db_create_buffer_size</a> 1085(default: 16777216)</b></DT><DD> 1086 1087<p> 1088The per-table I/O buffer size for programs that create Berkeley DB 1089hash or btree tables. Specify a byte count. 1090</p> 1091 1092<p> 1093This feature is available in Postfix 2.0 and later. 1094</p> 1095 1096 1097</DD> 1098 1099<DT><b><a name="berkeley_db_read_buffer_size">berkeley_db_read_buffer_size</a> 1100(default: 131072)</b></DT><DD> 1101 1102<p> 1103The per-table I/O buffer size for programs that read Berkeley DB 1104hash or btree tables. Specify a byte count. 1105</p> 1106 1107<p> 1108This feature is available in Postfix 2.0 and later. 1109</p> 1110 1111 1112</DD> 1113 1114<DT><b><a name="best_mx_transport">best_mx_transport</a> 1115(default: empty)</b></DT><DD> 1116 1117<p> 1118Where the Postfix SMTP client should deliver mail when it detects 1119a "mail loops back to myself" error condition. This happens when 1120the local MTA is the best SMTP mail exchanger for a destination 1121not listed in $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, 1122$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. By default, 1123the Postfix SMTP client returns such mail as undeliverable. 1124</p> 1125 1126<p> 1127Specify, for example, "<a href="postconf.5.html#best_mx_transport">best_mx_transport</a> = local" to pass the mail 1128from the Postfix SMTP client to the <a href="local.8.html">local(8)</a> delivery agent. You 1129can specify 1130any message delivery "transport" or "transport:nexthop" that is 1131defined in the <a href="master.5.html">master.cf</a> file. See the <a href="transport.5.html">transport(5)</a> manual page 1132for the syntax and meaning of "transport" or "transport:nexthop". 1133</p> 1134 1135<p> 1136However, this feature is expensive because it ties up a Postfix 1137SMTP client process while the <a href="local.8.html">local(8)</a> delivery agent is doing its 1138work. It is more efficient (for Postfix) to list all <a href="VIRTUAL_README.html#canonical">hosted domains</a> 1139in a table or database. 1140</p> 1141 1142 1143</DD> 1144 1145<DT><b><a name="biff">biff</a> 1146(default: yes)</b></DT><DD> 1147 1148<p> 1149Whether or not to use the local <a href="postconf.5.html#biff">biff</a> service. This service sends 1150"new mail" notifications to users who have requested new mail 1151notification with the UNIX command "<a href="postconf.5.html#biff">biff</a> y". 1152</p> 1153 1154<p> 1155For compatibility reasons this feature is on by default. On systems 1156with lots of interactive users, the <a href="postconf.5.html#biff">biff</a> service can be a performance 1157drain. Specify "<a href="postconf.5.html#biff">biff</a> = no" in <a href="postconf.5.html">main.cf</a> to disable. 1158</p> 1159 1160 1161</DD> 1162 1163<DT><b><a name="body_checks">body_checks</a> 1164(default: empty)</b></DT><DD> 1165 1166<p> Optional lookup tables for content inspection as specified in 1167the <a href="header_checks.5.html">body_checks(5)</a> manual page. </p> 1168 1169<p> Note: with Postfix versions before 2.0, these rules inspect 1170all content after the primary message headers. </p> 1171 1172 1173</DD> 1174 1175<DT><b><a name="body_checks_size_limit">body_checks_size_limit</a> 1176(default: 51200)</b></DT><DD> 1177 1178<p> 1179How much text in a message body segment (or attachment, if you 1180prefer to use that term) is subjected to <a href="postconf.5.html#body_checks">body_checks</a> inspection. 1181The amount of text is limited to avoid scanning huge attachments. 1182</p> 1183 1184<p> 1185This feature is available in Postfix 2.0 and later. 1186</p> 1187 1188 1189</DD> 1190 1191<DT><b><a name="bounce_notice_recipient">bounce_notice_recipient</a> 1192(default: postmaster)</b></DT><DD> 1193 1194<p> 1195The recipient of postmaster notifications with the message headers 1196of mail that Postfix did not deliver and of SMTP conversation 1197transcripts of mail that Postfix did not receive. This feature is 1198enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a> parameter. </p> 1199 1200 1201</DD> 1202 1203<DT><b><a name="bounce_queue_lifetime">bounce_queue_lifetime</a> 1204(default: 5d)</b></DT><DD> 1205 1206<p> 1207The maximal time a bounce message is queued before it is considered 1208undeliverable. By default, this is the same as the queue life time 1209for regular mail. 1210</p> 1211 1212<p> 1213Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 1214The default time unit is d (days). 1215</p> 1216 1217<p> 1218Specify 0 when mail delivery should be tried only once. 1219</p> 1220 1221<p> 1222This feature is available in Postfix 2.1 and later. 1223</p> 1224 1225 1226</DD> 1227 1228<DT><b><a name="bounce_service_name">bounce_service_name</a> 1229(default: bounce)</b></DT><DD> 1230 1231<p> 1232The name of the <a href="bounce.8.html">bounce(8)</a> service. This service maintains a record 1233of failed delivery attempts and generates non-delivery notifications. 1234</p> 1235 1236<p> 1237This feature is available in Postfix 2.0 and later. 1238</p> 1239 1240 1241</DD> 1242 1243<DT><b><a name="bounce_size_limit">bounce_size_limit</a> 1244(default: 50000)</b></DT><DD> 1245 1246<p> The maximal amount of original message text that is sent in a 1247non-delivery notification. Specify a byte count. A message is 1248returned as either message/rfc822 (the complete original) or as 1249text/rfc822-headers (the headers only). With Postfix version 2.4 1250and earlier, a message is always returned as message/rfc822 and is 1251truncated when it exceeds the size limit. 1252</p> 1253 1254<p> Notes: </p> 1255 1256<ul> 1257 1258<li> <p> If you increase this limit, then you should increase the 1259<a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> value proportionally. </p> 1260 1261<li> <p> Be careful when making changes. Excessively large values 1262will result in the loss of non-delivery notifications, when a bounce 1263message size exceeds a local or remote MTA's message size limit. 1264</p> 1265 1266</ul> 1267 1268 1269</DD> 1270 1271<DT><b><a name="bounce_template_file">bounce_template_file</a> 1272(default: empty)</b></DT><DD> 1273 1274<p> Pathname of a configuration file with bounce message templates. 1275These override the built-in templates of delivery status notification 1276(DSN) messages for undeliverable mail, for delayed mail, successful 1277delivery, or delivery verification. The <a href="bounce.5.html">bounce(5)</a> manual page 1278describes how to edit and test template files. </p> 1279 1280<p> Template message body text may contain $name references to 1281Postfix configuration parameters. The result of $name expansion can 1282be previewed with "<b>postconf -b <i>file_name</i></b>" before the file 1283is placed into the Postfix configuration directory. </p> 1284 1285<p> This feature is available in Postfix 2.3 and later. </p> 1286 1287 1288</DD> 1289 1290<DT><b><a name="broken_sasl_auth_clients">broken_sasl_auth_clients</a> 1291(default: no)</b></DT><DD> 1292 1293<p> 1294Enable inter-operability with remote SMTP clients that implement an obsolete 1295version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>). Examples of such clients 1296are MicroSoft Outlook Express version 4 and MicroSoft Exchange 1297version 5.0. 1298</p> 1299 1300<p> 1301Specify "<a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> = yes" to have Postfix advertise 1302AUTH support in a non-standard way. 1303</p> 1304 1305 1306</DD> 1307 1308<DT><b><a name="canonical_classes">canonical_classes</a> 1309(default: envelope_sender, envelope_recipient, header_sender, header_recipient)</b></DT><DD> 1310 1311<p> What addresses are subject to <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping. 1312By default, <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping is applied to envelope 1313sender and recipient addresses, and to header sender and header 1314recipient addresses. </p> 1315 1316<p> Specify one or more of: envelope_sender, envelope_recipient, 1317header_sender, header_recipient </p> 1318 1319<p> This feature is available in Postfix 2.2 and later. </p> 1320 1321 1322</DD> 1323 1324<DT><b><a name="canonical_maps">canonical_maps</a> 1325(default: empty)</b></DT><DD> 1326 1327<p> 1328Optional address mapping lookup tables for message headers and 1329envelopes. The mapping is applied to both sender and recipient 1330addresses, in both envelopes and in headers, as controlled 1331with the <a href="postconf.5.html#canonical_classes">canonical_classes</a> parameter. This is typically used 1332to clean up dirty addresses from legacy mail systems, or to replace 1333login names by Firstname.Lastname. The table format and lookups 1334are documented in <a href="canonical.5.html">canonical(5)</a>. For an overview of Postfix address 1335manipulations see the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document. 1336</p> 1337 1338<p> 1339If you use this feature, run "<b>postmap /etc/postfix/canonical</b>" to 1340build the necessary DBM or DB file after every change. The changes 1341will become visible after a minute or so. Use "<b>postfix reload</b>" 1342to eliminate the delay. 1343</p> 1344 1345<p> Note: with Postfix version 2.2, message header address mapping 1346happens only when message header address rewriting is enabled: </p> 1347 1348<ul> 1349 1350<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 1351 1352<li> The message is received from a network client that matches 1353$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 1354 1355<li> The message is received from the network, and the 1356<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 1357 1358</ul> 1359 1360<p> To get the behavior before Postfix version 2.2, specify 1361"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 1362 1363<p> 1364Examples: 1365</p> 1366 1367<pre> 1368<a href="postconf.5.html#canonical_maps">canonical_maps</a> = dbm:/etc/postfix/canonical 1369<a href="postconf.5.html#canonical_maps">canonical_maps</a> = hash:/etc/postfix/canonical 1370</pre> 1371 1372 1373</DD> 1374 1375<DT><b><a name="cleanup_service_name">cleanup_service_name</a> 1376(default: cleanup)</b></DT><DD> 1377 1378<p> 1379The name of the <a href="cleanup.8.html">cleanup(8)</a> service. This service rewrites addresses 1380into the standard form, and performs <a href="canonical.5.html">canonical(5)</a> address mapping 1381and <a href="virtual.5.html">virtual(5)</a> aliasing. 1382</p> 1383 1384<p> 1385This feature is available in Postfix 2.0 and later. 1386</p> 1387 1388 1389</DD> 1390 1391<DT><b><a name="command_directory">command_directory</a> 1392(default: see "postconf -d" output)</b></DT><DD> 1393 1394<p> 1395The location of all postfix administrative commands. 1396</p> 1397 1398 1399</DD> 1400 1401<DT><b><a name="command_execution_directory">command_execution_directory</a> 1402(default: empty)</b></DT><DD> 1403 1404<p> The <a href="local.8.html">local(8)</a> delivery agent working directory for delivery to 1405external command. Failure to change directory causes the delivery 1406to be deferred. </p> 1407 1408<p> The following $name expansions are done on <a href="postconf.5.html#command_execution_directory">command_execution_directory</a> 1409before the directory is changed. Expansion happens in the context 1410of the delivery request. The result of $name expansion is filtered 1411with the character set that is specified with the 1412<a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> parameter. </p> 1413 1414<dl> 1415 1416<dt><b>$user</b></dt> 1417 1418<dd>The recipient's username. </dd> 1419 1420<dt><b>$shell</b></dt> 1421 1422<dd>The recipient's login shell pathname. </dd> 1423 1424<dt><b>$home</b></dt> 1425 1426<dd>The recipient's home directory. </dd> 1427 1428<dt><b>$recipient</b></dt> 1429 1430<dd>The full recipient address. </dd> 1431 1432<dt><b>$extension</b></dt> 1433 1434<dd>The optional recipient address extension. </dd> 1435 1436<dt><b>$domain</b></dt> 1437 1438<dd>The recipient domain. </dd> 1439 1440<dt><b>$local</b></dt> 1441 1442<dd>The entire recipient localpart. </dd> 1443 1444<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt> 1445 1446<dd>The system-wide recipient address extension delimiter. </dd> 1447 1448<dt><b>${name?value}</b></dt> 1449 1450<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd> 1451 1452<dt><b>${name:value}</b></dt> 1453 1454<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd> 1455 1456</dl> 1457 1458<p> 1459Instead of $name you can also specify ${name} or $(name). 1460</p> 1461 1462<p> This feature is available in Postfix 2.2 and later. </p> 1463 1464 1465</DD> 1466 1467<DT><b><a name="command_expansion_filter">command_expansion_filter</a> 1468(default: see "postconf -d" output)</b></DT><DD> 1469 1470<p> 1471Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows in 1472$name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_command</a> and $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>. 1473Characters outside the 1474allowed set are replaced by underscores. 1475</p> 1476 1477 1478</DD> 1479 1480<DT><b><a name="command_time_limit">command_time_limit</a> 1481(default: 1000s)</b></DT><DD> 1482 1483<p> 1484Time limit for delivery to external commands. This limit is used 1485by the <a href="local.8.html">local(8)</a> delivery agent, and is the default time limit for 1486delivery by the <a href="pipe.8.html">pipe(8)</a> delivery agent. 1487</p> 1488 1489<p> 1490Note: if you set this time limit to a large value you must update the 1491global <a href="postconf.5.html#ipc_timeout">ipc_timeout</a> parameter as well. 1492</p> 1493 1494 1495</DD> 1496 1497<DT><b><a name="config_directory">config_directory</a> 1498(default: see "postconf -d" output)</b></DT><DD> 1499 1500<p> The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> 1501configuration files. This can be overruled via the following 1502mechanisms: </p> 1503 1504<ul> 1505 1506<li> <p> The MAIL_CONFIG environment variable (daemon processes 1507and commands). </p> 1508 1509<li> <p> The "-c" command-line option (commands only). </p> 1510 1511</ul> 1512 1513<p> With Postfix command that run with set-gid privileges, a 1514<a href="postconf.5.html#config_directory">config_directory</a> override requires either root privileges, or it 1515requires that the directory is listed with the <a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> 1516parameter in the default <a href="postconf.5.html">main.cf</a> file. </p> 1517 1518 1519</DD> 1520 1521<DT><b><a name="connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> 1522(default: 5s)</b></DT><DD> 1523 1524<p> Time limit for connection cache connect, send or receive 1525operations. The time limit is enforced in the client. </p> 1526 1527<p> This feature is available in Postfix 2.3 and later. </p> 1528 1529 1530</DD> 1531 1532<DT><b><a name="connection_cache_service_name">connection_cache_service_name</a> 1533(default: scache)</b></DT><DD> 1534 1535<p> The name of the <a href="scache.8.html">scache(8)</a> connection cache service. This service 1536maintains a limited pool of cached sessions. </p> 1537 1538<p> This feature is available in Postfix 2.2 and later. </p> 1539 1540 1541</DD> 1542 1543<DT><b><a name="connection_cache_status_update_time">connection_cache_status_update_time</a> 1544(default: 600s)</b></DT><DD> 1545 1546<p> How frequently the <a href="scache.8.html">scache(8)</a> server logs usage statistics with 1547connection cache hit and miss rates for logical destinations and for 1548physical endpoints. </p> 1549 1550 1551</DD> 1552 1553<DT><b><a name="connection_cache_ttl_limit">connection_cache_ttl_limit</a> 1554(default: 2s)</b></DT><DD> 1555 1556<p> The maximal time-to-live value that the <a href="scache.8.html">scache(8)</a> connection 1557cache server 1558allows. Requests that specify a larger TTL will be stored with the 1559maximum allowed TTL. The purpose of this additional control is to 1560protect the infrastructure against careless people. The cache TTL 1561is already bounded by $<a href="postconf.5.html#max_idle">max_idle</a>. </p> 1562 1563 1564</DD> 1565 1566<DT><b><a name="content_filter">content_filter</a> 1567(default: empty)</b></DT><DD> 1568 1569<p> After the message is queued, send the entire message to the 1570specified <i>transport:destination</i>. The <i>transport</i> name 1571specifies the first field of a mail delivery agent definition in 1572<a href="master.5.html">master.cf</a>; the syntax of the next-hop <i>destination</i> is described 1573in the manual page of the corresponding delivery agent. More 1574information about external content filters is in the Postfix 1575<a href="FILTER_README.html">FILTER_README</a> file. </p> 1576 1577<p> Notes: </p> 1578 1579<ul> 1580 1581<li> <p> This setting has lower precedence than a FILTER action 1582that is specified in an <a href="access.5.html">access(5)</a>, <a href="header_checks.5.html">header_checks(5)</a> or <a href="header_checks.5.html">body_checks(5)</a> 1583table. </p> 1584 1585<li> <p> The meaning of an empty next-hop filter <i>destination</i> 1586is version dependent. Postfix 2.7 and later will use the recipient 1587domain; earlier versions will use $<a href="postconf.5.html#myhostname">myhostname</a>. Specify 1588"<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility with Postfix 15892.6 or earlier, or specify a <a href="postconf.5.html#content_filter">content_filter</a> value with an explicit 1590next-hop <i>destination</i>. </p> 1591 1592</ul> 1593 1594 1595</DD> 1596 1597<DT><b><a name="cyrus_sasl_config_path">cyrus_sasl_config_path</a> 1598(default: empty)</b></DT><DD> 1599 1600<p> Search path for Cyrus SASL application configuration files, 1601currently used only to locate the $<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file. 1602Specify zero or more directories separated by a colon character, 1603or an empty value to use Cyrus SASL's built-in search path. </p> 1604 1605<p> This feature is available in Postfix 2.5 and later when compiled 1606with Cyrus SASL 2.1.22 or later. </p> 1607 1608 1609</DD> 1610 1611<DT><b><a name="daemon_directory">daemon_directory</a> 1612(default: see "postconf -d" output)</b></DT><DD> 1613 1614<p> 1615The directory with Postfix support programs and daemon programs. 1616These should not be invoked directly by humans. The directory must 1617be owned by root. 1618</p> 1619 1620 1621</DD> 1622 1623<DT><b><a name="daemon_table_open_error_is_fatal">daemon_table_open_error_is_fatal</a> 1624(default: no)</b></DT><DD> 1625 1626<p> How a Postfix daemon process handles errors while opening lookup 1627tables: gradual degradation or immediate termination. </p> 1628 1629<dl> 1630 1631<dt> <b> no </b> (default) </dt> <dd> <p> Gradual degradation: a 1632daemon process logs a message of type "error" and continues execution 1633with reduced functionality. Features that do not depend on the 1634unavailable table will work normally, while features that depend 1635on the table will result in a type "warning" message. <br> When 1636the <a href="postconf.5.html#notify_classes">notify_classes</a> parameter value contains the "data" class, the 1637Postfix SMTP server and client will report transcripts of sessions 1638with an error because a table is unavailable. </p> </dd> 1639 1640<dt> <b> yes </b> (historical behavior) </dt> <dd> <p> Immediate 1641termination: a daemon process logs a type "fatal" message and 1642terminates immediately. This option reduces the number of possible 1643code paths through Postfix, and may therefore be slightly more 1644secure than the default. </p> </dd> 1645 1646</dl> 1647 1648<p> For the sake of sanity, the number of type "error" messages is 1649limited to 13 over the lifetime of a daemon process. </p> 1650 1651<p> This feature is available in Postfix 2.9 and later. </p> 1652 1653 1654</DD> 1655 1656<DT><b><a name="daemon_timeout">daemon_timeout</a> 1657(default: 18000s)</b></DT><DD> 1658 1659<p> How much time a Postfix daemon process may take to handle a 1660request before it is terminated by a built-in watchdog timer. </p> 1661 1662<p> 1663Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 1664The default time unit is s (seconds). 1665</p> 1666 1667 1668</DD> 1669 1670<DT><b><a name="data_directory">data_directory</a> 1671(default: see "postconf -d" output)</b></DT><DD> 1672 1673<p> The directory with Postfix-writable data files (for example: 1674caches, pseudo-random numbers). This directory must be owned by 1675the <a href="postconf.5.html#mail_owner">mail_owner</a> account, and must not be shared with non-Postfix 1676software. </p> 1677 1678<p> This feature is available in Postfix 2.5 and later. </p> 1679 1680 1681</DD> 1682 1683<DT><b><a name="debug_peer_level">debug_peer_level</a> 1684(default: 2)</b></DT><DD> 1685 1686<p> The increment in verbose logging level when a remote client or 1687server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. </p> 1688 1689 1690</DD> 1691 1692<DT><b><a name="debug_peer_list">debug_peer_list</a> 1693(default: empty)</b></DT><DD> 1694 1695<p> Optional list of remote client or server hostname or network 1696address patterns that cause the verbose logging level to increase 1697by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>. </p> 1698 1699<p> Specify domain names, network/netmask patterns, "/file/name" 1700patterns or "<a href="DATABASE_README.html">type:table</a>" lookup tables. The right-hand side result 1701from "<a href="DATABASE_README.html">type:table</a>" lookups is ignored. </p> 1702 1703<p> Pattern matching of domain names is controlled by the 1704<a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> parameter. </p> 1705 1706<p> 1707Examples: 1708</p> 1709 1710<pre> 1711<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = 127.0.0.1 1712<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = example.com 1713</pre> 1714 1715 1716</DD> 1717 1718<DT><b><a name="debugger_command">debugger_command</a> 1719(default: empty)</b></DT><DD> 1720 1721<p> 1722The external command to execute when a Postfix daemon program is 1723invoked with the -D option. 1724</p> 1725 1726<p> 1727Use "command .. & sleep 5" so that the debugger can attach before 1728the process marches on. If you use an X-based debugger, be sure to 1729set up your XAUTHORITY environment variable before starting Postfix. 1730</p> 1731 1732<p> 1733Example: 1734</p> 1735 1736<pre> 1737<a href="postconf.5.html#debugger_command">debugger_command</a> = 1738 PATH=/usr/bin:/usr/X11R6/bin 1739 ddd $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/$<a href="postconf.5.html#process_name">process_name</a> $<a href="postconf.5.html#process_id">process_id</a> & sleep 5 1740</pre> 1741 1742 1743</DD> 1744 1745<DT><b><a name="default_database_type">default_database_type</a> 1746(default: see "postconf -d" output)</b></DT><DD> 1747 1748<p> 1749The default database type for use in <a href="newaliases.1.html">newaliases(1)</a>, <a href="postalias.1.html">postalias(1)</a> 1750and <a href="postmap.1.html">postmap(1)</a> commands. On many UNIX systems the default type is 1751either <b>dbm</b> or <b>hash</b>. The default setting is frozen 1752when the Postfix system is built. 1753</p> 1754 1755<p> 1756Examples: 1757</p> 1758 1759<pre> 1760<a href="postconf.5.html#default_database_type">default_database_type</a> = hash 1761<a href="postconf.5.html#default_database_type">default_database_type</a> = dbm 1762</pre> 1763 1764 1765</DD> 1766 1767<DT><b><a name="default_delivery_slot_cost">default_delivery_slot_cost</a> 1768(default: 5)</b></DT><DD> 1769 1770<p> 1771How often the Postfix queue manager's scheduler is allowed to 1772preempt delivery of one message with another. 1773</p> 1774 1775<p> 1776Each transport maintains a so-called "available delivery slot counter" 1777for each message. One message can be preempted by another one when 1778the other message can be delivered using no more delivery slots 1779(i.e., invocations of delivery agents) than the current message 1780counter has accumulated (or will eventually accumulate - see about 1781slot loans below). This parameter controls how often is the counter 1782incremented - it happens after each <a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> 1783recipients have been delivered. 1784</p> 1785 1786<p> 1787The cost of 0 is used to disable the preempting scheduling completely. 1788The minimum value the scheduling algorithm can use is 2 - use it 1789if you want to maximize the message throughput rate. Although there 1790is no maximum, it doesn't make much sense to use values above say 179150. 1792</p> 1793 1794<p> 1795The only reason why the value of 2 is not the default is the way 1796this parameter affects the delivery of mailing-list mail. In the 1797worst case, their delivery can take somewhere between (cost+1/cost) 1798and (cost/cost-1) times more than if the preemptive scheduler was 1799disabled. The default value of 5 turns out to provide reasonable 1800message response times while making sure the mailing-list deliveries 1801are not extended by more than 20-25 percent even in the worst case. 1802</p> 1803 1804<p> Use <a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> to specify a 1805transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 1806name of the message delivery transport. 1807</p> 1808 1809<p> 1810Examples: 1811</p> 1812 1813<pre> 1814<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> = 0 1815<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> = 2 1816</pre> 1817 1818 1819</DD> 1820 1821<DT><b><a name="default_delivery_slot_discount">default_delivery_slot_discount</a> 1822(default: 50)</b></DT><DD> 1823 1824<p> 1825The default value for transport-specific _delivery_slot_discount 1826settings. 1827</p> 1828 1829<p> 1830This parameter speeds up the moment when a message preemption can 1831happen. Instead of waiting until the full amount of delivery slots 1832required is available, the preemption can happen when 1833transport_delivery_slot_discount percent of the required amount 1834plus transport_delivery_slot_loan still remains to be accumulated. 1835Note that the full amount will still have to be accumulated before 1836another preemption can take place later. 1837</p> 1838 1839<p> Use <a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> to specify a 1840transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 1841name of the message delivery transport. 1842</p> 1843 1844 1845</DD> 1846 1847<DT><b><a name="default_delivery_slot_loan">default_delivery_slot_loan</a> 1848(default: 3)</b></DT><DD> 1849 1850<p> 1851The default value for transport-specific _delivery_slot_loan 1852settings. 1853</p> 1854 1855<p> 1856This parameter speeds up the moment when a message preemption can 1857happen. Instead of waiting until the full amount of delivery slots 1858required is available, the preemption can happen when 1859transport_delivery_slot_discount percent of the required amount 1860plus transport_delivery_slot_loan still remains to be accumulated. 1861Note that the full amount will still have to be accumulated before 1862another preemption can take place later. 1863</p> 1864 1865<p> Use <a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> to specify a 1866transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 1867name of the message delivery transport. 1868</p> 1869 1870 1871</DD> 1872 1873<DT><b><a name="default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> 1874(default: 1)</b></DT><DD> 1875 1876<p> How many pseudo-cohorts must suffer connection or handshake 1877failure before a specific destination is considered unavailable 1878(and further delivery is suspended). Specify zero to disable this 1879feature. A destination's pseudo-cohort failure count is reset each 1880time a delivery completes without connection or handshake failure 1881for that specific destination. </p> 1882 1883<p> A pseudo-cohort is the number of deliveries equal to a destination's 1884delivery concurrency. </p> 1885 1886<p> Use <a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> to specify 1887a transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 1888name of the message delivery transport. </p> 1889 1890<p> This feature is available in Postfix 2.5. The default setting 1891is compatible with earlier Postfix versions. </p> 1892 1893 1894</DD> 1895 1896<DT><b><a name="default_destination_concurrency_limit">default_destination_concurrency_limit</a> 1897(default: 20)</b></DT><DD> 1898 1899<p> 1900The default maximal number of parallel deliveries to the same 1901destination. This is the default limit for delivery via the <a href="lmtp.8.html">lmtp(8)</a>, 1902<a href="pipe.8.html">pipe(8)</a>, <a href="smtp.8.html">smtp(8)</a> and <a href="virtual.8.html">virtual(8)</a> delivery agents. 1903With per-destination recipient limit > 1, a destination is a domain, 1904otherwise it is a recipient. 1905</p> 1906 1907<p> Use <a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> to specify a 1908transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 1909name of the message delivery transport. 1910</p> 1911 1912 1913</DD> 1914 1915<DT><b><a name="default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> 1916(default: 1)</b></DT><DD> 1917 1918<p> The per-destination amount of delivery concurrency negative 1919feedback, after a delivery completes with a connection or handshake 1920failure. Feedback values are in the range 0..1 inclusive. With 1921negative feedback, concurrency is decremented at the beginning of 1922a sequence of length 1/feedback. This is unlike positive feedback, 1923where concurrency is incremented at the end of a sequence of length 19241/feedback. </p> 1925 1926<p> As of Postfix version 2.5, negative feedback cannot reduce 1927delivery concurrency to zero. Instead, a destination is marked 1928dead (further delivery suspended) after the failed pseudo-cohort 1929count reaches $<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> 1930(or $<a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a>). 1931To make the scheduler completely immune to connection or handshake 1932failures, specify a zero feedback value and a zero failed pseudo-cohort 1933limit. </p> 1934 1935<p> Specify one of the following forms: </p> 1936 1937<dl> 1938 1939<dt> <b><i>number</i> </b> </dt> 1940 1941<dt> <b><i>number</i> / <i>number</i> </b> </dt> 1942 1943<dd> Constant feedback. The value must be in the range 0..1 inclusive. 1944The default setting of "1" is compatible with Postfix versions 1945before 2.5, where a destination's delivery concurrency is throttled 1946down to zero (and further delivery suspended) after a single failed 1947pseudo-cohort. </dd> 1948 1949<dt> <b><i>number</i> / concurrency </b> </dt> 1950 1951<dd> Variable feedback of "<i>number</i> / (delivery concurrency)". 1952The <i>number</i> must be in the range 0..1 inclusive. With 1953<i>number</i> equal to "1", a destination's delivery concurrency 1954is decremented by 1 after each failed pseudo-cohort. </dd> 1955 1956</dl> 1957 1958<p> A pseudo-cohort is the number of deliveries equal to a destination's 1959delivery concurrency. </p> 1960 1961<p> Use <a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> 1962to specify a transport-specific override, where <i>transport</i> 1963is the <a href="master.5.html">master.cf</a> 1964name of the message delivery transport. </p> 1965 1966<p> This feature is available in Postfix 2.5. The default setting 1967is compatible with earlier Postfix versions. </p> 1968 1969 1970</DD> 1971 1972<DT><b><a name="default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> 1973(default: 1)</b></DT><DD> 1974 1975<p> The per-destination amount of delivery concurrency positive 1976feedback, after a delivery completes without connection or handshake 1977failure. Feedback values are in the range 0..1 inclusive. The 1978concurrency increases until it reaches the per-destination maximal 1979concurrency limit. With positive feedback, concurrency is incremented 1980at the end of a sequence with length 1/feedback. This is unlike 1981negative feedback, where concurrency is decremented at the start 1982of a sequence of length 1/feedback. </p> 1983 1984<p> Specify one of the following forms: </p> 1985 1986<dl> 1987 1988<dt> <b><i>number</i> </b> </dt> 1989 1990<dt> <b><i>number</i> / <i>number</i> </b> </dt> 1991 1992<dd> Constant feedback. The value must be in the range 0..1 1993inclusive. The default setting of "1" is compatible with Postfix 1994versions before 2.5, where a destination's delivery concurrency 1995doubles after each successful pseudo-cohort. </dd> 1996 1997<dt> <b><i>number</i> / concurrency </b> </dt> 1998 1999<dd> Variable feedback of "<i>number</i> / (delivery concurrency)". 2000The <i>number</i> must be in the range 0..1 inclusive. With 2001<i>number</i> equal to "1", a destination's delivery concurrency 2002is incremented by 1 after each successful pseudo-cohort. </dd> 2003 2004</dl> 2005 2006<p> A pseudo-cohort is the number of deliveries equal to a destination's 2007delivery concurrency. </p> 2008 2009<p> Use <a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a> 2010to specify a transport-specific override, where <i>transport</i> 2011is the <a href="master.5.html">master.cf</a> name of the message delivery transport. </p> 2012 2013<p> This feature is available in Postfix 2.5 and later. </p> 2014 2015 2016</DD> 2017 2018<DT><b><a name="default_destination_rate_delay">default_destination_rate_delay</a> 2019(default: 0s)</b></DT><DD> 2020 2021<p> The default amount of delay that is inserted between individual 2022deliveries to the same destination; with per-destination recipient 2023limit > 1, a destination is a domain, otherwise it is a recipient. 2024</p> 2025 2026<p> To enable the delay, specify a non-zero time value (an integral 2027value plus an optional one-letter suffix that specifies the time 2028unit). </p> 2029 2030<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 2031(weeks). The default time unit is s (seconds). </p> 2032 2033<p> NOTE: the delay is enforced by the queue manager. The delay 2034timer state does not survive "<b>postfix reload</b>" or "<b>postfix 2035stop</b>". 2036</p> 2037 2038<p> Use <a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> to specify a 2039transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2040name of the message delivery transport. 2041</p> 2042 2043<p> NOTE: with a non-zero _destination_rate_delay, specify a 2044<a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> of 10 2045or more to prevent Postfix from deferring all mail for the same 2046destination after only one connection or handshake error. </p> 2047 2048<p> This feature is available in Postfix 2.5 and later. </p> 2049 2050 2051</DD> 2052 2053<DT><b><a name="default_destination_recipient_limit">default_destination_recipient_limit</a> 2054(default: 50)</b></DT><DD> 2055 2056<p> 2057The default maximal number of recipients per message delivery. 2058This is the default limit for delivery via the <a href="lmtp.8.html">lmtp(8)</a>, <a href="pipe.8.html">pipe(8)</a>, 2059<a href="smtp.8.html">smtp(8)</a> and <a href="virtual.8.html">virtual(8)</a> delivery agents. 2060</p> 2061 2062<p> Setting this parameter to a value of 1 changes the meaning of 2063the corresponding per-destination concurrency limit from concurrency 2064per domain into concurrency per recipient. </p> 2065 2066<p> Use <a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> to specify a 2067transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2068name of the message delivery transport. 2069</p> 2070 2071 2072</DD> 2073 2074<DT><b><a name="default_extra_recipient_limit">default_extra_recipient_limit</a> 2075(default: 1000)</b></DT><DD> 2076 2077<p> 2078The default value for the extra per-transport limit imposed on the 2079number of in-memory recipients. This extra recipient space is 2080reserved for the cases when the Postfix queue manager's scheduler 2081preempts one message with another and suddenly needs some extra 2082recipients slots for the chosen message in order to avoid performance 2083degradation. 2084</p> 2085 2086<p> Use <a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> to specify a 2087transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2088name of the message delivery transport. 2089</p> 2090 2091 2092</DD> 2093 2094<DT><b><a name="default_filter_nexthop">default_filter_nexthop</a> 2095(default: empty)</b></DT><DD> 2096 2097<p> When a <a href="postconf.5.html#content_filter">content_filter</a> or FILTER request specifies no explicit 2098next-hop destination, use $<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> instead; when 2099that value is empty, use the domain in the recipient address. 2100Specify "<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility 2101with Postfix version 2.6 and earlier, or specify an explicit next-hop 2102destination with each <a href="postconf.5.html#content_filter">content_filter</a> value or FILTER action. </p> 2103 2104<p> This feature is available in Postfix 2.7 and later. </p> 2105 2106 2107</DD> 2108 2109<DT><b><a name="default_minimum_delivery_slots">default_minimum_delivery_slots</a> 2110(default: 3)</b></DT><DD> 2111 2112<p> 2113How many recipients a message must have in order to invoke the 2114Postfix queue manager's scheduling algorithm at all. Messages 2115which would never accumulate at least this many delivery slots 2116(subject to slot cost parameter as well) are never preempted. 2117</p> 2118 2119<p> Use <a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> to specify a 2120transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2121name of the message delivery transport. 2122</p> 2123 2124 2125</DD> 2126 2127<DT><b><a name="default_privs">default_privs</a> 2128(default: nobody)</b></DT><DD> 2129 2130<p> 2131The default rights used by the <a href="local.8.html">local(8)</a> delivery agent for delivery 2132to external file or command. These rights are used when delivery 2133is requested from an <a href="aliases.5.html">aliases(5)</a> file that is owned by <b>root</b>, or 2134when delivery is done on behalf of <b>root</b>. <b>DO NOT SPECIFY A 2135PRIVILEGED USER OR THE POSTFIX OWNER</b>. 2136</p> 2137 2138 2139</DD> 2140 2141<DT><b><a name="default_process_limit">default_process_limit</a> 2142(default: 100)</b></DT><DD> 2143 2144<p> 2145The default maximal number of Postfix child processes that provide 2146a given service. This limit can be overruled for specific services 2147in the <a href="master.5.html">master.cf</a> file. 2148</p> 2149 2150 2151</DD> 2152 2153<DT><b><a name="default_rbl_reply">default_rbl_reply</a> 2154(default: see "postconf -d" output)</b></DT><DD> 2155 2156<p> 2157The default Postfix SMTP server response template for a request that is 2158rejected by an RBL-based restriction. This template can be overruled 2159by specific entries in the optional <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> lookup table. 2160</p> 2161 2162<p> 2163This feature is available in Postfix 2.0 and later. 2164</p> 2165 2166<p> 2167The template is subject to exactly one level of $name substitution: 2168</p> 2169 2170<dl> 2171 2172<dt><b>$client</b></dt> 2173 2174<dd>The client hostname and IP address, formatted as name[address]. </dd> 2175 2176<dt><b>$client_address</b></dt> 2177 2178<dd>The client IP address. </dd> 2179 2180<dt><b>$client_name</b></dt> 2181 2182<dd>The client hostname or "unknown". See <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> 2183for more details. </dd> 2184 2185<dt><b>$reverse_client_name</b></dt> 2186 2187<dd>The client hostname from address->name lookup, or "unknown". 2188See <a href="postconf.5.html#reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a> for more details. </dd> 2189 2190<dt><b>$helo_name</b></dt> 2191 2192<dd>The hostname given in HELO or EHLO command or empty string. </dd> 2193 2194<dt><b>$rbl_class</b></dt> 2195 2196<dd>The blacklisted entity type: Client host, Helo command, Sender 2197address, or Recipient address. </dd> 2198 2199<dt><b>$rbl_code</b></dt> 2200 2201<dd>The numerical SMTP response code, as specified with the 2202<a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> configuration parameter. Note: The numerical 2203SMTP response code is required, and must appear at the start of the 2204reply. With Postfix version 2.3 and later this information may be followed 2205by an <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> enhanced status code. </dd> 2206 2207<dt><b>$rbl_domain</b></dt> 2208 2209<dd>The RBL domain where $rbl_what is blacklisted. </dd> 2210 2211<dt><b>$rbl_reason</b></dt> 2212 2213<dd>The reason why $rbl_what is blacklisted, or an empty string. </dd> 2214 2215<dt><b>$rbl_what</b></dt> 2216 2217<dd>The entity that is blacklisted (an IP address, a hostname, a domain 2218name, or an email address whose domain was blacklisted). </dd> 2219 2220<dt><b>$recipient</b></dt> 2221 2222<dd>The recipient address or <> in case of the null address. </dd> 2223 2224<dt><b>$recipient_domain</b></dt> 2225 2226<dd>The recipient domain or empty string. </dd> 2227 2228<dt><b>$recipient_name</b></dt> 2229 2230<dd>The recipient address localpart or <> in case of null address. </dd> 2231 2232<dt><b>$sender</b></dt> 2233 2234<dd>The sender address or <> in case of the null address. </dd> 2235 2236<dt><b>$sender_domain</b></dt> 2237 2238<dd>The sender domain or empty string. </dd> 2239 2240<dt><b>$sender_name</b></dt> 2241 2242<dd>The sender address localpart or <> in case of the null address. </dd> 2243 2244<dt><b>${name?text}</b></dt> 2245 2246<dd>Expands to `text' if $name is not empty. </dd> 2247 2248<dt><b>${name:text}</b></dt> 2249 2250<dd>Expands to `text' if $name is empty. </dd> 2251 2252</dl> 2253 2254<p> 2255Instead of $name you can also specify ${name} or $(name). 2256</p> 2257 2258<p> Note: when an enhanced status code is specified in an RBL reply 2259template, it is subject to modification. The following transformations 2260are needed when the same RBL reply template is used for client, 2261helo, sender, or recipient access restrictions. </p> 2262 2263<ul> 2264 2265<li> <p> When rejecting a sender address, the Postfix SMTP server 2266will transform a recipient DSN status (e.g., 4.1.1-4.1.6) into the 2267corresponding sender DSN status, and vice versa. </p> 2268 2269<li> <p> When rejecting non-address information (such as the HELO 2270command argument or the client hostname/address), the Postfix SMTP 2271server will transform a sender or recipient DSN status into a generic 2272non-address DSN status (e.g., 4.0.0). </p> 2273 2274</ul> 2275 2276 2277</DD> 2278 2279<DT><b><a name="default_recipient_limit">default_recipient_limit</a> 2280(default: 20000)</b></DT><DD> 2281 2282<p> 2283The default per-transport upper limit on the number of in-memory 2284recipients. These limits take priority over the global 2285<a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> after the message has been assigned 2286to the respective transports. See also <a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a> 2287and <a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a>. 2288</p> 2289 2290<p> Use <a href="postconf.5.html#transport_recipient_limit"><i>transport</i>_recipient_limit</a> to specify a 2291transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2292name of the message delivery transport. 2293</p> 2294 2295 2296</DD> 2297 2298<DT><b><a name="default_recipient_refill_delay">default_recipient_refill_delay</a> 2299(default: 5s)</b></DT><DD> 2300 2301<p> 2302The default per-transport maximum delay between recipients refills. 2303When not all message recipients fit into the memory at once, keep loading 2304more of them at least once every this many seconds. This is used to 2305make sure the recipients are refilled in timely manner even when 2306$<a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a> is too high for too slow deliveries. 2307</p> 2308 2309<p> Use <a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a> to specify a 2310transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2311name of the message delivery transport. 2312</p> 2313 2314<p> This feature is available in Postfix 2.4 and later. </p> 2315 2316 2317</DD> 2318 2319<DT><b><a name="default_recipient_refill_limit">default_recipient_refill_limit</a> 2320(default: 100)</b></DT><DD> 2321 2322<p> 2323The default per-transport limit on the number of recipients refilled at 2324once. When not all message recipients fit into the memory at once, keep 2325loading more of them in batches of at least this many at a time. See also 2326$<a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>, which may result in recipient batches 2327lower than this when this limit is too high for too slow deliveries. 2328</p> 2329 2330<p> Use <a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a> to specify a 2331transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2332name of the message delivery transport. 2333</p> 2334 2335<p> This feature is available in Postfix 2.4 and later. </p> 2336 2337 2338</DD> 2339 2340<DT><b><a name="default_transport">default_transport</a> 2341(default: smtp)</b></DT><DD> 2342 2343<p> 2344The default mail delivery transport and next-hop destination for 2345destinations that do not match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, 2346$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, 2347or $<a href="postconf.5.html#relay_domains">relay_domains</a>. This information can be overruled with the 2348<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter and with the 2349<a href="transport.5.html">transport(5)</a> table. </p> 2350 2351<p> 2352In order of decreasing precedence, the nexthop destination is taken 2353from $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, $<a href="postconf.5.html#default_transport">default_transport</a>, 2354$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>, or from the recipient 2355domain. 2356</p> 2357 2358<p> 2359Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 2360is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>. 2361The <i>:nexthop</i> destination is optional; its syntax is documented 2362in the manual page of the corresponding delivery agent. 2363</p> 2364 2365<p> 2366Example: 2367</p> 2368 2369<pre> 2370<a href="postconf.5.html#default_transport">default_transport</a> = uucp:relayhostname 2371</pre> 2372 2373 2374</DD> 2375 2376<DT><b><a name="default_verp_delimiters">default_verp_delimiters</a> 2377(default: +=)</b></DT><DD> 2378 2379<p> The two default VERP delimiter characters. These are used when 2380no explicit delimiters are specified with the SMTP XVERP command 2381or with the "<b>sendmail -V</b>" command-line option. Specify 2382characters that are allowed by the <a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> setting. 2383</p> 2384 2385<p> 2386This feature is available in Postfix 1.1 and later. 2387</p> 2388 2389 2390</DD> 2391 2392<DT><b><a name="defer_code">defer_code</a> 2393(default: 450)</b></DT><DD> 2394 2395<p> 2396The numerical Postfix SMTP server response code when a remote SMTP 2397client request is rejected by the "defer" restriction. 2398</p> 2399 2400<p> 2401Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. 2402</p> 2403 2404 2405</DD> 2406 2407<DT><b><a name="defer_service_name">defer_service_name</a> 2408(default: defer)</b></DT><DD> 2409 2410<p> 2411The name of the defer service. This service is implemented by the 2412<a href="bounce.8.html">bounce(8)</a> daemon and maintains a record 2413of failed delivery attempts and generates non-delivery notifications. 2414</p> 2415 2416<p> 2417This feature is available in Postfix 2.0 and later. 2418</p> 2419 2420 2421</DD> 2422 2423<DT><b><a name="defer_transports">defer_transports</a> 2424(default: empty)</b></DT><DD> 2425 2426<p> 2427The names of message delivery transports that should not deliver mail 2428unless someone issues "<b>sendmail -q</b>" or equivalent. Specify zero 2429or more names of mail delivery transports names that appear in the 2430first field of <a href="master.5.html">master.cf</a>. 2431</p> 2432 2433<p> 2434Example: 2435</p> 2436 2437<pre> 2438<a href="postconf.5.html#defer_transports">defer_transports</a> = smtp 2439</pre> 2440 2441 2442</DD> 2443 2444<DT><b><a name="delay_logging_resolution_limit">delay_logging_resolution_limit</a> 2445(default: 2)</b></DT><DD> 2446 2447<p> The maximal number of digits after the decimal point when logging 2448sub-second delay values. Specify a number in the range 0..6. </p> 2449 2450<p> Large delay values are rounded off to an integral number seconds; 2451delay values below the <a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> are logged 2452as "0", and small delay values are logged with at most two-digit 2453precision. </p> 2454 2455<p> The format of the "delays=a/b/c/d" logging is as follows: </p> 2456 2457<ul> 2458 2459<li> a = time from message arrival to last <a href="QSHAPE_README.html#active_queue">active queue</a> entry 2460 2461<li> b = time from last <a href="QSHAPE_README.html#active_queue">active queue</a> entry to connection setup 2462 2463<li> c = time in connection setup, including DNS, EHLO and STARTTLS 2464 2465<li> d = time in message transmission 2466 2467</ul> 2468 2469<p> This feature is available in Postfix 2.3 and later. </p> 2470 2471 2472</DD> 2473 2474<DT><b><a name="delay_notice_recipient">delay_notice_recipient</a> 2475(default: postmaster)</b></DT><DD> 2476 2477<p> 2478The recipient of postmaster notifications with the message headers 2479of mail that cannot be delivered within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a> time 2480units. </p> 2481 2482<p> 2483This feature is enabled with the <a href="postconf.5.html#delay_warning_time">delay_warning_time</a> parameter. 2484</p> 2485 2486 2487</DD> 2488 2489<DT><b><a name="delay_warning_time">delay_warning_time</a> 2490(default: 0h)</b></DT><DD> 2491 2492<p> 2493The time after which the sender receives the message headers of 2494mail that is still queued. 2495</p> 2496 2497<p> 2498To enable this feature, specify a non-zero time value (an integral 2499value plus an optional one-letter suffix that specifies the time 2500unit). 2501</p> 2502 2503<p> 2504Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2505The default time unit is h (hours). 2506</p> 2507 2508 2509</DD> 2510 2511<DT><b><a name="deliver_lock_attempts">deliver_lock_attempts</a> 2512(default: 20)</b></DT><DD> 2513 2514<p> 2515The maximal number of attempts to acquire an exclusive lock on a 2516mailbox file or <a href="bounce.8.html">bounce(8)</a> logfile. 2517</p> 2518 2519 2520</DD> 2521 2522<DT><b><a name="deliver_lock_delay">deliver_lock_delay</a> 2523(default: 1s)</b></DT><DD> 2524 2525<p> 2526The time between attempts to acquire an exclusive lock on a mailbox 2527file or <a href="bounce.8.html">bounce(8)</a> logfile. 2528</p> 2529 2530<p> 2531Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2532The default time unit is s (seconds). 2533</p> 2534 2535 2536</DD> 2537 2538<DT><b><a name="destination_concurrency_feedback_debug">destination_concurrency_feedback_debug</a> 2539(default: no)</b></DT><DD> 2540 2541<p> Make the queue manager's feedback algorithm verbose for performance 2542analysis purposes. </p> 2543 2544<p> This feature is available in Postfix 2.5 and later. </p> 2545 2546 2547</DD> 2548 2549<DT><b><a name="detect_8bit_encoding_header">detect_8bit_encoding_header</a> 2550(default: yes)</b></DT><DD> 2551 2552<p> Automatically detect 8BITMIME body content by looking at 2553Content-Transfer-Encoding: message headers; historically, this 2554behavior was hard-coded to be "always on". </p> 2555 2556<p> This feature is available in Postfix 2.5 and later. </p> 2557 2558 2559</DD> 2560 2561<DT><b><a name="disable_dns_lookups">disable_dns_lookups</a> 2562(default: no)</b></DT><DD> 2563 2564<p> 2565Disable DNS lookups in the Postfix SMTP and LMTP clients. When 2566disabled, hosts are looked up with the getaddrinfo() system 2567library routine which normally also looks in /etc/hosts. 2568</p> 2569 2570<p> 2571DNS lookups are enabled by default. 2572</p> 2573 2574 2575</DD> 2576 2577<DT><b><a name="disable_mime_input_processing">disable_mime_input_processing</a> 2578(default: no)</b></DT><DD> 2579 2580<p> 2581Turn off MIME processing while receiving mail. This means that no 2582special treatment is given to Content-Type: message headers, and 2583that all text after the initial message headers is considered to 2584be part of the message body. 2585</p> 2586 2587<p> 2588This feature is available in Postfix 2.0 and later. 2589</p> 2590 2591<p> 2592Mime input processing is enabled by default, and is needed in order 2593to recognize MIME headers in message content. 2594</p> 2595 2596 2597</DD> 2598 2599<DT><b><a name="disable_mime_output_conversion">disable_mime_output_conversion</a> 2600(default: no)</b></DT><DD> 2601 2602<p> 2603Disable the conversion of 8BITMIME format to 7BIT format. Mime 2604output conversion is needed when the destination does not advertise 26058BITMIME support. 2606</p> 2607 2608<p> 2609This feature is available in Postfix 2.0 and later. 2610</p> 2611 2612 2613</DD> 2614 2615<DT><b><a name="disable_verp_bounces">disable_verp_bounces</a> 2616(default: no)</b></DT><DD> 2617 2618<p> 2619Disable sending one bounce report per recipient. 2620</p> 2621 2622<p> 2623The default, one per recipient, is what ezmlm needs. 2624</p> 2625 2626<p> 2627This feature is available in Postfix 1.1 and later. 2628</p> 2629 2630 2631</DD> 2632 2633<DT><b><a name="disable_vrfy_command">disable_vrfy_command</a> 2634(default: no)</b></DT><DD> 2635 2636<p> 2637Disable the SMTP VRFY command. This stops some techniques used to 2638harvest email addresses. 2639</p> 2640 2641<p> 2642Example: 2643</p> 2644 2645<pre> 2646<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> = no 2647</pre> 2648 2649 2650</DD> 2651 2652<DT><b><a name="dnsblog_reply_delay">dnsblog_reply_delay</a> 2653(default: 0s)</b></DT><DD> 2654 2655<p> A debugging aid to artifically delay DNS responses. </p> 2656 2657<p> This feature is available in Postfix 2.8. </p> 2658 2659 2660</DD> 2661 2662<DT><b><a name="dnsblog_service_name">dnsblog_service_name</a> 2663(default: dnsblog)</b></DT><DD> 2664 2665<p> The name of the <a href="dnsblog.8.html">dnsblog(8)</a> service entry in <a href="master.5.html">master.cf</a>. This 2666service performs DNS white/blacklist lookups. </p> 2667 2668<p> This feature is available in Postfix 2.8 and later. </p> 2669 2670 2671</DD> 2672 2673<DT><b><a name="dont_remove">dont_remove</a> 2674(default: 0)</b></DT><DD> 2675 2676<p> 2677Don't remove queue files and save them to the "saved" mail queue. 2678This is a debugging aid. To inspect the envelope information and 2679content of a Postfix queue file, use the <a href="postcat.1.html">postcat(1)</a> command. 2680</p> 2681 2682 2683</DD> 2684 2685<DT><b><a name="double_bounce_sender">double_bounce_sender</a> 2686(default: double-bounce)</b></DT><DD> 2687 2688<p> The sender address of postmaster notifications that are generated 2689by the mail system. All mail to this address is silently discarded, 2690in order to terminate mail bounce loops. </p> 2691 2692 2693</DD> 2694 2695<DT><b><a name="duplicate_filter_limit">duplicate_filter_limit</a> 2696(default: 1000)</b></DT><DD> 2697 2698<p> The maximal number of addresses remembered by the address 2699duplicate filter for <a href="aliases.5.html">aliases(5)</a> or <a href="virtual.5.html">virtual(5)</a> alias expansion, or 2700for <a href="showq.8.html">showq(8)</a> queue displays. </p> 2701 2702 2703</DD> 2704 2705<DT><b><a name="empty_address_default_transport_maps_lookup_key">empty_address_default_transport_maps_lookup_key</a> 2706(default: <>)</b></DT><DD> 2707 2708<p> The <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> search string that 2709will be used instead of the null sender address. </p> 2710 2711<p> This feature is available in Postfix 2.7 and later. </p> 2712 2713 2714</DD> 2715 2716<DT><b><a name="empty_address_recipient">empty_address_recipient</a> 2717(default: MAILER-DAEMON)</b></DT><DD> 2718 2719<p> 2720The recipient of mail addressed to the null address. Postfix does 2721not accept such addresses in SMTP commands, but they may still be 2722created locally as the result of configuration or software error. 2723</p> 2724 2725 2726</DD> 2727 2728<DT><b><a name="empty_address_relayhost_maps_lookup_key">empty_address_relayhost_maps_lookup_key</a> 2729(default: <>)</b></DT><DD> 2730 2731<p> The <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> search string that will be 2732used instead of the null sender address. </p> 2733 2734<p> This feature is available in Postfix 2.5 and later. With 2735earlier versions, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> lookups were 2736skipped for the null sender address. </p> 2737 2738 2739</DD> 2740 2741<DT><b><a name="enable_errors_to">enable_errors_to</a> 2742(default: no)</b></DT><DD> 2743 2744<p> Report mail delivery errors to the address specified with the 2745non-standard Errors-To: message header, instead of the envelope 2746sender address (this feature is removed with Postfix version 2.2, is 2747turned off by default with Postfix version 2.1, and is always turned on 2748with older Postfix versions). </p> 2749 2750 2751</DD> 2752 2753<DT><b><a name="enable_long_queue_ids">enable_long_queue_ids</a> 2754(default: no)</b></DT><DD> 2755 2756<p> Enable long, non-repeating, queue IDs (queue file names). The 2757benefit of non-repeating names is simpler logfile analysis and 2758easier queue migration (there is no need to run "postsuper" to 2759change queue file names that don't match their message file inode 2760number). </p> 2761 2762<p> Note: see below for how to prepare long queue file names 2763for migration to Postfix ≤ 2.8. </p> 2764 2765<p> Changing the parameter value to "yes" has the following effects: 2766</p> 2767 2768<ul> 2769 2770<li> <p> Existing queue file names are not affected. </p> 2771 2772<li> <p> New queue files are created with names such as 3Pt2mN2VXxznjll. 2773These are encoded in a 52-character alphabet that contains digits 2774(0-9), upper-case letters (B-Z) and lower-case letters (b-z). For 2775safety reasons the vowels (AEIOUaeiou) are excluded from the alphabet. 2776The name format is: 6 or more characters for the time in seconds, 27774 characters for the time in microseconds, the 'z'; the remainder 2778is the file inode number encoded in the first 51 characters of the 277952-character alphabet. </p> 2780 2781<li> <p> New messages have a Message-ID header with 2782<i>queueID</i>@<i><a href="postconf.5.html#myhostname">myhostname</a></i>. </p> 2783 2784<li> <p> The mailq (postqueue -p) output has a wider Queue ID column. 2785The number of whitespace-separated fields is not changed. <p> 2786 2787<li> <p> The <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> algorithm uses the first characters 2788of the queue file creation time in microseconds, after conversion 2789into hexadecimal representation. This produces the same queue hashing 2790behavior as if the queue file name was created with "<a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> 2791= no". </p> 2792 2793</ul> 2794 2795<p> Changing the parameter value to "no" has the following effects: 2796</p> 2797 2798<ul> 2799 2800<li> <p> Existing long queue file names are renamed to the short 2801form (while running "postfix reload" or "postsuper"). </p> 2802 2803<li> <p> New queue files are created with names such as C3CD21F3E90 2804from a hexadecimal alphabet that contains digits (0-9) and upper-case 2805letters (A-F). The name format is: 5 characters for the time in 2806microseconds; the remainder is the file inode number. </p> 2807 2808<li> <p> New messages have a Message-ID header with 2809<i>YYYYMMDDHHMMSS.queueid</i>@<i><a href="postconf.5.html#myhostname">myhostname</a></i>, where 2810<i>YYYYMMDDHHMMSS</i> are the year, month, day, hour, minute and 2811second. 2812 2813<li> <p> The mailq (postqueue -p) output has the same format as 2814with Postfix ≤ 2.8. <p> 2815 2816<li> <p> The <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> algorithm uses the first characters 2817of the queue file name, with the hexadecimal representation of the 2818file creation time in microseconds. </p> 2819 2820</ul> 2821 2822<p> Before migration to Postfix ≤ 2.8, the following commands 2823are required to convert long queue file names into short names: </p> 2824 2825<pre> 2826# postfix stop 2827# postconf <a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a>=no 2828# postsuper 2829</pre> 2830 2831<p> Repeat the postsuper command until it reports no more queue file 2832name changes. </p> 2833 2834<p> This feature is available in Postfix 2.9 and later. </p> 2835 2836 2837</DD> 2838 2839<DT><b><a name="enable_original_recipient">enable_original_recipient</a> 2840(default: yes)</b></DT><DD> 2841 2842<p> Enable support for the X-Original-To message header. This header 2843is needed for multi-recipient mailboxes. </p> 2844 2845<p> When this parameter is set to yes, the <a href="cleanup.8.html">cleanup(8)</a> daemon performs 2846duplicate elimination on distinct pairs of (original recipient, 2847rewritten recipient), and generates non-empty original recipient 2848queue file records. </p> 2849 2850<p> When this parameter is set to no, the <a href="cleanup.8.html">cleanup(8)</a> daemon performs 2851duplicate elimination on the rewritten recipient address only, and 2852generates empty original recipient queue file records. </p> 2853 2854<p> This feature is available in Postfix 2.1 and later. With Postfix 2855version 2.0, support for the X-Original-To message header is always turned 2856on. Postfix versions before 2.0 have no support for the X-Original-To 2857message header. </p> 2858 2859 2860</DD> 2861 2862<DT><b><a name="error_notice_recipient">error_notice_recipient</a> 2863(default: postmaster)</b></DT><DD> 2864 2865<p> The recipient of postmaster notifications about mail delivery 2866problems that are caused by policy, resource, software or protocol 2867errors. These notifications are enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a> 2868parameter. </p> 2869 2870 2871</DD> 2872 2873<DT><b><a name="error_service_name">error_service_name</a> 2874(default: error)</b></DT><DD> 2875 2876<p> 2877The name of the <a href="error.8.html">error(8)</a> pseudo delivery agent. This service always 2878returns mail as undeliverable. 2879</p> 2880 2881<p> 2882This feature is available in Postfix 2.0 and later. 2883</p> 2884 2885 2886</DD> 2887 2888<DT><b><a name="execution_directory_expansion_filter">execution_directory_expansion_filter</a> 2889(default: see "postconf -d" output)</b></DT><DD> 2890 2891<p> Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows 2892in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>. Characters 2893outside the allowed set are replaced by underscores. </p> 2894 2895<p> This feature is available in Postfix 2.2 and later. </p> 2896 2897 2898</DD> 2899 2900<DT><b><a name="expand_owner_alias">expand_owner_alias</a> 2901(default: no)</b></DT><DD> 2902 2903<p> 2904When delivering to an alias "aliasname" that has an "owner-aliasname" 2905companion alias, set the envelope sender address to the expansion 2906of the "owner-aliasname" alias. Normally, Postfix sets the envelope 2907sender address to the name of the "owner-aliasname" alias. 2908</p> 2909 2910 2911</DD> 2912 2913<DT><b><a name="export_environment">export_environment</a> 2914(default: see "postconf -d" output)</b></DT><DD> 2915 2916<p> 2917The list of environment variables that a Postfix process will export 2918to non-Postfix processes. The TZ variable is needed for sane 2919time keeping on System-V-ish systems. 2920</p> 2921 2922<p> 2923Specify a list of names and/or name=value pairs, separated by 2924whitespace or comma. The name=value form is supported with 2925Postfix version 2.1 and later. 2926</p> 2927 2928<p> 2929Example: 2930</p> 2931 2932<pre> 2933<a href="postconf.5.html#export_environment">export_environment</a> = TZ PATH=/bin:/usr/bin 2934</pre> 2935 2936 2937</DD> 2938 2939<DT><b><a name="extract_recipient_limit">extract_recipient_limit</a> 2940(default: 10240)</b></DT><DD> 2941 2942<p> 2943The maximal number of recipient addresses that Postfix will extract 2944from message headers when mail is submitted with "<b>sendmail -t</b>". 2945</p> 2946 2947<p> 2948This feature was removed in Postfix version 2.1. 2949</p> 2950 2951 2952</DD> 2953 2954<DT><b><a name="fallback_relay">fallback_relay</a> 2955(default: empty)</b></DT><DD> 2956 2957<p> 2958Optional list of relay hosts for SMTP destinations that can't be 2959found or that are unreachable. With Postfix 2.3 this parameter 2960is renamed to <a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a>. </p> 2961 2962<p> 2963By default, mail is returned to the sender when a destination is 2964not found, and delivery is deferred when a destination is unreachable. 2965</p> 2966 2967<p> The fallback relays must be SMTP destinations. Specify a domain, 2968host, host:port, [host]:port, [address] or [address]:port; the form 2969[host] turns off MX lookups. If you specify multiple SMTP 2970destinations, Postfix will try them in the specified order. </p> 2971 2972<p> Note: before Postfix 2.2, do not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature 2973when relaying mail 2974for a backup or primary MX domain. Mail would loop between the 2975Postfix MX host and the <a href="postconf.5.html#fallback_relay">fallback_relay</a> host when the final destination 2976is unavailable. </p> 2977 2978<ul> 2979 2980<li> In <a href="postconf.5.html">main.cf</a> specify "<a href="postconf.5.html#relay_transport">relay_transport</a> = relay", 2981 2982<li> In <a href="master.5.html">master.cf</a> specify "-o <a href="postconf.5.html#fallback_relay">fallback_relay</a> =" (i.e., empty) at 2983the end of the <tt>relay</tt> entry. 2984 2985<li> In transport maps, specify "relay:<i>nexthop...</i>" 2986as the right-hand side for backup or primary MX domain entries. 2987 2988</ul> 2989 2990<p> Postfix version 2.2 and later will not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature 2991for destinations that it is MX host for. 2992</p> 2993 2994 2995</DD> 2996 2997<DT><b><a name="fallback_transport">fallback_transport</a> 2998(default: empty)</b></DT><DD> 2999 3000<p> 3001Optional message delivery transport that the <a href="local.8.html">local(8)</a> delivery 3002agent should use for names that are not found in the <a href="aliases.5.html">aliases(5)</a> 3003or UNIX password database. 3004</p> 3005 3006<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 3007is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 3008<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 3009<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 3010 3011 3012</DD> 3013 3014<DT><b><a name="fallback_transport_maps">fallback_transport_maps</a> 3015(default: empty)</b></DT><DD> 3016 3017<p> Optional lookup tables with per-recipient message delivery 3018transports for recipients that the <a href="local.8.html">local(8)</a> delivery agent could 3019not find in the <a href="aliases.5.html">aliases(5)</a> or UNIX password database. </p> 3020 3021<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 3022is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 3023<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 3024<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 3025 3026<p> For safety reasons, this feature does not allow $number 3027substitutions in regular expression maps. </p> 3028 3029<p> This feature is available in Postfix 2.3 and later. </p> 3030 3031 3032</DD> 3033 3034<DT><b><a name="fast_flush_domains">fast_flush_domains</a> 3035(default: $<a href="postconf.5.html#relay_domains">relay_domains</a>)</b></DT><DD> 3036 3037<p> 3038Optional list of destinations that are eligible for per-destination 3039logfiles with mail that is queued to those destinations. 3040</p> 3041 3042<p> 3043By default, Postfix maintains "fast flush" logfiles only for 3044destinations that the Postfix SMTP server is willing to relay to 3045(i.e. the default is: "<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> = $<a href="postconf.5.html#relay_domains">relay_domains</a>"; see 3046the <a href="postconf.5.html#relay_domains">relay_domains</a> parameter in the <a href="postconf.5.html">postconf(5)</a> manual). 3047</p> 3048 3049<p> Specify a list of hosts or domains, "/file/name" patterns or 3050"<a href="DATABASE_README.html">type:table</a>" lookup tables, separated by commas and/or whitespace. 3051Continue long lines by starting the next line with whitespace. A 3052"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" 3053lookup table is matched when the domain or its parent domain appears 3054as lookup key. </p> 3055 3056<p> 3057Specify "<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> =" (i.e., empty) to disable the feature 3058altogether. 3059</p> 3060 3061 3062</DD> 3063 3064<DT><b><a name="fast_flush_purge_time">fast_flush_purge_time</a> 3065(default: 7d)</b></DT><DD> 3066 3067<p> 3068The time after which an empty per-destination "fast flush" logfile 3069is deleted. 3070</p> 3071 3072<p> 3073You can specify the time as a number, or as a number followed by 3074a letter that indicates the time unit: s=seconds, m=minutes, h=hours, 3075d=days, w=weeks. The default time unit is days. 3076</p> 3077 3078 3079</DD> 3080 3081<DT><b><a name="fast_flush_refresh_time">fast_flush_refresh_time</a> 3082(default: 12h)</b></DT><DD> 3083 3084<p> 3085The time after which a non-empty but unread per-destination "fast 3086flush" logfile needs to be refreshed. The contents of a logfile 3087are refreshed by requesting delivery of all messages listed in the 3088logfile. 3089</p> 3090 3091<p> 3092You can specify the time as a number, or as a number followed by 3093a letter that indicates the time unit: s=seconds, m=minutes, h=hours, 3094d=days, w=weeks. The default time unit is hours. 3095</p> 3096 3097 3098</DD> 3099 3100<DT><b><a name="fault_injection_code">fault_injection_code</a> 3101(default: 0)</b></DT><DD> 3102 3103<p> 3104Force specific internal tests to fail, to test the handling of 3105errors that are difficult to reproduce otherwise. 3106</p> 3107 3108 3109</DD> 3110 3111<DT><b><a name="flush_service_name">flush_service_name</a> 3112(default: flush)</b></DT><DD> 3113 3114<p> 3115The name of the <a href="flush.8.html">flush(8)</a> service. This service maintains per-destination 3116logfiles with the queue file names of mail that is queued for those 3117destinations. 3118</p> 3119 3120<p> 3121This feature is available in Postfix 2.0 and later. 3122</p> 3123 3124 3125</DD> 3126 3127<DT><b><a name="fork_attempts">fork_attempts</a> 3128(default: 5)</b></DT><DD> 3129 3130<p> The maximal number of attempts to fork() a child process. </p> 3131 3132 3133</DD> 3134 3135<DT><b><a name="fork_delay">fork_delay</a> 3136(default: 1s)</b></DT><DD> 3137 3138<p> The delay between attempts to fork() a child process. </p> 3139 3140<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 3141(weeks). The default time unit is s (seconds). </p> 3142 3143 3144</DD> 3145 3146<DT><b><a name="forward_expansion_filter">forward_expansion_filter</a> 3147(default: see "postconf -d" output)</b></DT><DD> 3148 3149<p> 3150Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows in 3151$name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>. Characters outside the 3152allowed set are replaced by underscores. 3153</p> 3154 3155 3156</DD> 3157 3158<DT><b><a name="forward_path">forward_path</a> 3159(default: see "postconf -d" output)</b></DT><DD> 3160 3161<p> The <a href="local.8.html">local(8)</a> delivery agent search list for finding a .forward 3162file with user-specified delivery methods. The first file that is 3163found is used. </p> 3164 3165<p> The following $name expansions are done on <a href="postconf.5.html#forward_path">forward_path</a> before 3166the search actually happens. The result of $name expansion is 3167filtered with the character set that is specified with the 3168<a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> parameter. </p> 3169 3170<dl> 3171 3172<dt><b>$user</b></dt> 3173 3174<dd>The recipient's username. </dd> 3175 3176<dt><b>$shell</b></dt> 3177 3178<dd>The recipient's login shell pathname. </dd> 3179 3180<dt><b>$home</b></dt> 3181 3182<dd>The recipient's home directory. </dd> 3183 3184<dt><b>$recipient</b></dt> 3185 3186<dd>The full recipient address. </dd> 3187 3188<dt><b>$extension</b></dt> 3189 3190<dd>The optional recipient address extension. </dd> 3191 3192<dt><b>$domain</b></dt> 3193 3194<dd>The recipient domain. </dd> 3195 3196<dt><b>$local</b></dt> 3197 3198<dd>The entire recipient localpart. </dd> 3199 3200<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt> 3201 3202<dd>The system-wide recipient address extension delimiter. </dd> 3203 3204<dt><b>${name?value}</b></dt> 3205 3206<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd> 3207 3208<dt><b>${name:value}</b></dt> 3209 3210<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd> 3211 3212</dl> 3213 3214<p> 3215Instead of $name you can also specify ${name} or $(name). 3216</p> 3217 3218<p> 3219Examples: 3220</p> 3221 3222<pre> 3223<a href="postconf.5.html#forward_path">forward_path</a> = /var/forward/$user 3224<a href="postconf.5.html#forward_path">forward_path</a> = 3225 /var/forward/$user/.forward$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>$extension, 3226 /var/forward/$user/.forward 3227</pre> 3228 3229 3230</DD> 3231 3232<DT><b><a name="frozen_delivered_to">frozen_delivered_to</a> 3233(default: yes)</b></DT><DD> 3234 3235<p> Update the <a href="local.8.html">local(8)</a> delivery agent's idea of the Delivered-To: 3236address (see <a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a>) only once, at the start of 3237a delivery attempt; do not update the Delivered-To: address while 3238expanding aliases or .forward files. </p> 3239 3240<p> This feature is available in Postfix 2.3 and later. With older 3241Postfix releases, the behavior is as if this parameter is set to 3242"no". The old setting can be expensive with deeply nested aliases 3243or .forward files. When an alias or .forward file changes the 3244Delivered-To: address, it ties up one queue file and one cleanup 3245process instance while mail is being forwarded. </p> 3246 3247 3248</DD> 3249 3250<DT><b><a name="hash_queue_depth">hash_queue_depth</a> 3251(default: 1)</b></DT><DD> 3252 3253<p> 3254The number of subdirectory levels for queue directories listed with 3255the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> parameter. Queue hashing is implemented by 3256creating one or more levels of directories with one-character names. 3257Originally, these directory names were equal to the first characters 3258of the queue file name, with the hexadecimal representation of the 3259file creation time in microseconds. </p> 3260 3261<p> With long queue file names, queue hashing produces the same 3262results as with short names. The file creation time in microseconds 3263is converted into hexadecimal form before the result is used for 3264queue hashing. The base 16 encoding gives finer control over the 3265number of subdirectories than is possible with the base 52 encoding 3266of long queue file names. </p> 3267 3268<p> 3269After changing the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> or <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> parameter, 3270execute the command "<b>postfix reload</b>". 3271</p> 3272 3273 3274</DD> 3275 3276<DT><b><a name="hash_queue_names">hash_queue_names</a> 3277(default: deferred, defer)</b></DT><DD> 3278 3279<p> 3280The names of queue directories that are split across multiple 3281subdirectory levels. 3282</p> 3283 3284<p> Before Postfix version 2.2, the default list of hashed queues 3285was significantly larger. Claims about improvements in file system 3286technology suggest that hashing of the <a href="QSHAPE_README.html#incoming_queue">incoming</a> and <a href="QSHAPE_README.html#active_queue">active queues</a> 3287is no longer needed. Fewer hashed directories speed up the time 3288needed to restart Postfix. </p> 3289 3290<p> 3291After changing the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> or <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> parameter, 3292execute the command "<b>postfix reload</b>". 3293</p> 3294 3295 3296</DD> 3297 3298<DT><b><a name="header_address_token_limit">header_address_token_limit</a> 3299(default: 10240)</b></DT><DD> 3300 3301<p> 3302The maximal number of address tokens are allowed in an address 3303message header. Information that exceeds the limit is discarded. 3304The limit is enforced by the <a href="cleanup.8.html">cleanup(8)</a> server. 3305</p> 3306 3307 3308</DD> 3309 3310<DT><b><a name="header_checks">header_checks</a> 3311(default: empty)</b></DT><DD> 3312 3313<p> 3314Optional lookup tables for content inspection of primary non-MIME 3315message headers, as specified in the <a href="header_checks.5.html">header_checks(5)</a> manual page. 3316</p> 3317 3318 3319</DD> 3320 3321<DT><b><a name="header_size_limit">header_size_limit</a> 3322(default: 102400)</b></DT><DD> 3323 3324<p> 3325The maximal amount of memory in bytes for storing a message header. 3326If a header is larger, the excess is discarded. The limit is 3327enforced by the <a href="cleanup.8.html">cleanup(8)</a> server. 3328</p> 3329 3330 3331</DD> 3332 3333<DT><b><a name="helpful_warnings">helpful_warnings</a> 3334(default: yes)</b></DT><DD> 3335 3336<p> 3337Log warnings about problematic configuration settings, and provide 3338helpful suggestions. 3339</p> 3340 3341<p> 3342This feature is available in Postfix 2.0 and later. 3343</p> 3344 3345 3346</DD> 3347 3348<DT><b><a name="home_mailbox">home_mailbox</a> 3349(default: empty)</b></DT><DD> 3350 3351<p> 3352Optional pathname of a mailbox file relative to a <a href="local.8.html">local(8)</a> user's 3353home directory. 3354</p> 3355 3356<p> 3357Specify a pathname ending in "/" for qmail-style delivery. 3358</p> 3359 3360<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 3361is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 3362<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 3363<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 3364 3365<p> 3366Examples: 3367</p> 3368 3369<pre> 3370<a href="postconf.5.html#home_mailbox">home_mailbox</a> = Mailbox 3371<a href="postconf.5.html#home_mailbox">home_mailbox</a> = Maildir/ 3372</pre> 3373 3374 3375</DD> 3376 3377<DT><b><a name="hopcount_limit">hopcount_limit</a> 3378(default: 50)</b></DT><DD> 3379 3380<p> 3381The maximal number of Received: message headers that is allowed 3382in the primary message headers. A message that exceeds the limit 3383is bounced, in order to stop a mailer loop. 3384</p> 3385 3386 3387</DD> 3388 3389<DT><b><a name="html_directory">html_directory</a> 3390(default: see "postconf -d" output)</b></DT><DD> 3391 3392<p> 3393The location of Postfix HTML files that describe how to build, 3394configure or operate a specific Postfix subsystem or feature. 3395</p> 3396 3397 3398</DD> 3399 3400<DT><b><a name="ignore_mx_lookup_error">ignore_mx_lookup_error</a> 3401(default: no)</b></DT><DD> 3402 3403<p> Ignore DNS MX lookups that produce no response. By default, 3404the Postfix SMTP client defers delivery and tries again after some 3405delay. This behavior is required by the SMTP standard. </p> 3406 3407<p> 3408Specify "<a href="postconf.5.html#ignore_mx_lookup_error">ignore_mx_lookup_error</a> = yes" to force a DNS A record 3409lookup instead. This violates the SMTP standard and can result in 3410mis-delivery of mail. 3411</p> 3412 3413 3414</DD> 3415 3416<DT><b><a name="import_environment">import_environment</a> 3417(default: see "postconf -d" output)</b></DT><DD> 3418 3419<p> 3420The list of environment parameters that a Postfix process will 3421import from a non-Postfix parent process. Examples of relevant 3422parameters: 3423</p> 3424 3425<dl> 3426 3427<dt><b>TZ</b></dt> 3428 3429<dd>Needed for sane time keeping on most System-V-ish systems. </dd> 3430 3431<dt><b>DISPLAY</b></dt> 3432 3433<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd> 3434 3435<dt><b>XAUTHORITY</b></dt> 3436 3437<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd> 3438 3439<dt><b>MAIL_CONFIG</b></dt> 3440 3441<dd>Needed to make "<b>postfix -c</b>" work. </dd> 3442 3443</dl> 3444 3445<p> Specify a list of names and/or name=value pairs, separated by 3446whitespace or comma. The name=value form is supported with 3447Postfix version 2.1 and later. </p> 3448 3449 3450</DD> 3451 3452<DT><b><a name="in_flow_delay">in_flow_delay</a> 3453(default: 1s)</b></DT><DD> 3454 3455<p> Time to pause before accepting a new message, when the message 3456arrival rate exceeds the message delivery rate. This feature is 3457turned on by default (it's disabled on SCO UNIX due to an SCO bug). 3458</p> 3459 3460<p> 3461With the default 100 Postfix SMTP server process limit, "<a href="postconf.5.html#in_flow_delay">in_flow_delay</a> 3462= 1s" limits the mail inflow to 100 messages per second above the 3463number of messages delivered per second. 3464</p> 3465 3466<p> 3467Specify 0 to disable the feature. Valid delays are 0..10. 3468</p> 3469 3470 3471</DD> 3472 3473<DT><b><a name="inet_interfaces">inet_interfaces</a> 3474(default: all)</b></DT><DD> 3475 3476<p> The network interface addresses that this mail system receives 3477mail on. Specify "all" to receive mail on all network 3478interfaces (default), and "loopback-only" to receive mail 3479on loopback network interfaces only (Postfix version 2.2 and later). The 3480parameter also controls delivery of mail to <tt>user@[ip.address]</tt>. 3481</p> 3482 3483<p> 3484Note 1: you need to stop and start Postfix when this parameter changes. 3485</p> 3486 3487<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 3488but this form is not required here. </p> 3489 3490<p> When <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies just one IPv4 and/or IPv6 address 3491that is not a loopback address, the Postfix SMTP client will use 3492this address as the IP source address for outbound mail. Support 3493for IPv6 is available in Postfix version 2.2 and later. </p> 3494 3495<p> 3496On a multi-homed firewall with separate Postfix instances listening on the 3497"inside" and "outside" interfaces, this can prevent each instance from 3498being able to reach remote SMTP servers on the "other side" of the 3499firewall. Setting 3500<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> to 0.0.0.0 avoids the potential problem for 3501IPv4, and setting <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> to :: solves the problem 3502for IPv6. </p> 3503 3504<p> 3505A better solution for multi-homed firewalls is to leave <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 3506at the default value and instead use explicit IP addresses in 3507the <a href="master.5.html">master.cf</a> SMTP server definitions. This preserves the Postfix 3508SMTP client's 3509loop detection, by ensuring that each side of the firewall knows that the 3510other IP address is still the same host. Setting $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> to a 3511single IPv4 and/or IPV6 address is primarily useful with virtual 3512hosting of domains on 3513secondary IP addresses, when each IP address serves a different domain 3514(and has a different $<a href="postconf.5.html#myhostname">myhostname</a> setting). </p> 3515 3516<p> 3517See also the <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> parameter, for network addresses that 3518are forwarded to Postfix by way of a proxy or address translator. 3519</p> 3520 3521<p> 3522Examples: 3523</p> 3524 3525<pre> 3526<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = all (DEFAULT) 3527<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only (Postfix version 2.2 and later) 3528<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1 3529<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1, [::1] (Postfix version 2.2 and later) 3530<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 192.168.1.2, 127.0.0.1 3531</pre> 3532 3533 3534</DD> 3535 3536<DT><b><a name="inet_protocols">inet_protocols</a> 3537(default: all)</b></DT><DD> 3538 3539<p> The Internet protocols Postfix will attempt to use when making 3540or accepting connections. Specify one or more of "ipv4" 3541or "ipv6", separated by whitespace or commas. The form 3542"all" is equivalent to "ipv4, ipv6" or "ipv4", depending 3543on whether the operating system implements IPv6. </p> 3544 3545<p> With Postfix 2.8 and earlier the default is "ipv4". For backwards 3546compatibility with these releases, the Postfix 2.9 and later upgrade 3547procedure appends an explicit "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4" setting to 3548<a href="postconf.5.html">main.cf</a> when no explicit setting is present. This compatibility 3549workaround will be phased out as IPv6 deployment becomes more common. 3550</p> 3551 3552<p> This feature is available in Postfix 2.2 and later. </p> 3553 3554<p> Note: you MUST stop and start Postfix after changing this 3555parameter. </p> 3556 3557<p> On systems that pre-date IPV6_V6ONLY support (<a href="http://tools.ietf.org/html/rfc3493">RFC 3493</a>), an 3558IPv6 server will also accept IPv4 connections, even when IPv4 is 3559turned off with the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter. On systems with 3560IPV6_V6ONLY support, Postfix will use separate server sockets for 3561IPv6 and IPv4, and each will accept only connections for the 3562corresponding protocol. </p> 3563 3564<p> When IPv4 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter, 3565Postfix will look up DNS type A records, and will convert 3566IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original 3567IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date 3568IPV6_V6ONLY support (<a href="http://tools.ietf.org/html/rfc3493">RFC 3493</a>). </p> 3569 3570<p> When IPv6 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter, 3571Postfix will do DNS type AAAA record lookups. </p> 3572 3573<p> When both IPv4 and IPv6 support are enabled, the Postfix SMTP 3574client will attempt to connect via IPv6 before attempting to use 3575IPv4. </p> 3576 3577<p> 3578Examples: 3579</p> 3580 3581<pre> 3582<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4 3583<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all (DEFAULT) 3584<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6 3585<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6 3586</pre> 3587 3588 3589</DD> 3590 3591<DT><b><a name="initial_destination_concurrency">initial_destination_concurrency</a> 3592(default: 5)</b></DT><DD> 3593 3594<p> 3595The initial per-destination concurrency level for parallel delivery 3596to the same destination. 3597With per-destination recipient limit > 1, a destination is a domain, 3598otherwise it is a recipient. 3599</p> 3600 3601<p> Use <a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> to specify 3602a transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 3603name of the message delivery transport (Postfix 2.5 and later). </p> 3604 3605<p> 3606Warning: with concurrency of 1, one bad message can be enough to 3607block all mail to a site. 3608</p> 3609 3610 3611</DD> 3612 3613<DT><b><a name="internal_mail_filter_classes">internal_mail_filter_classes</a> 3614(default: empty)</b></DT><DD> 3615 3616<p> What categories of Postfix-generated mail are subject to 3617before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> 3618and <a href="postconf.5.html#body_checks">body_checks</a>. Specify zero or more of the following, separated 3619by whitespace or comma. </p> 3620 3621<dl> 3622 3623<dt><b>bounce</b></dt> <dd> Inspect the content of delivery 3624status notifications. </dd> 3625 3626<dt><b>notify</b></dt> <dd> Inspect the content of postmaster 3627notifications by the <a href="smtp.8.html">smtp(8)</a> and <a href="smtpd.8.html">smtpd(8)</a> processes. </dd> 3628 3629</dl> 3630 3631<p> NOTE: It's generally not safe to enable content inspection of 3632Postfix-generated email messages. The user is warned. </p> 3633 3634<p> This feature is available in Postfix 2.3 and later. </p> 3635 3636 3637</DD> 3638 3639<DT><b><a name="invalid_hostname_reject_code">invalid_hostname_reject_code</a> 3640(default: 501)</b></DT><DD> 3641 3642<p> 3643The numerical Postfix SMTP server response code when the client 3644HELO or EHLO command parameter is rejected by the <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> 3645restriction. 3646</p> 3647 3648<p> 3649Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. 3650</p> 3651 3652 3653</DD> 3654 3655<DT><b><a name="ipc_idle">ipc_idle</a> 3656(default: version dependent)</b></DT><DD> 3657 3658<p> 3659The time after which a client closes an idle internal communication 3660channel. The purpose is to allow Postfix daemon processes to 3661terminate voluntarily after they become idle. This is used, for 3662example, by the Postfix address resolving and rewriting clients. 3663</p> 3664 3665<p> With Postfix 2.4 the default value was reduced from 100s to 5s. </p> 3666 3667<p> 3668Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3669The default time unit is s (seconds). 3670</p> 3671 3672 3673</DD> 3674 3675<DT><b><a name="ipc_timeout">ipc_timeout</a> 3676(default: 3600s)</b></DT><DD> 3677 3678<p> 3679The time limit for sending or receiving information over an internal 3680communication channel. The purpose is to break out of deadlock 3681situations. If the time limit is exceeded the software aborts with a 3682fatal error. 3683</p> 3684 3685<p> 3686Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3687The default time unit is s (seconds). 3688</p> 3689 3690 3691</DD> 3692 3693<DT><b><a name="ipc_ttl">ipc_ttl</a> 3694(default: 1000s)</b></DT><DD> 3695 3696<p> 3697The time after which a client closes an active internal communication 3698channel. The purpose is to allow Postfix daemon processes to 3699terminate voluntarily 3700after reaching their client limit. This is used, for example, by 3701the Postfix address resolving and rewriting clients. 3702</p> 3703 3704<p> 3705Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3706The default time unit is s (seconds). 3707</p> 3708 3709<p> 3710This feature is available in Postfix 2.1 and later. 3711</p> 3712 3713 3714</DD> 3715 3716<DT><b><a name="line_length_limit">line_length_limit</a> 3717(default: 2048)</b></DT><DD> 3718 3719<p> Upon input, long lines are chopped up into pieces of at most 3720this length; upon delivery, long lines are reconstructed. </p> 3721 3722 3723</DD> 3724 3725<DT><b><a name="lmtp_address_preference">lmtp_address_preference</a> 3726(default: ipv6)</b></DT><DD> 3727 3728<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> 3729configuration parameter. See there for details. </p> 3730 3731<p> This feature is available in Postfix 2.8 and later. </p> 3732 3733 3734</DD> 3735 3736<DT><b><a name="lmtp_assume_final">lmtp_assume_final</a> 3737(default: no)</b></DT><DD> 3738 3739<p> When a remote LMTP server announces no DSN support, assume that 3740the 3741server performs final delivery, and send "delivered" delivery status 3742notifications instead of "relayed". The default setting is backwards 3743compatible to avoid the infinetisimal possibility of breaking 3744existing LMTP-based content filters. </p> 3745 3746 3747</DD> 3748 3749<DT><b><a name="lmtp_bind_address">lmtp_bind_address</a> 3750(default: empty)</b></DT><DD> 3751 3752<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> configuration 3753parameter. See there for details. </p> 3754 3755<p> This feature is available in Postfix 2.3 and later. </p> 3756 3757 3758</DD> 3759 3760<DT><b><a name="lmtp_bind_address6">lmtp_bind_address6</a> 3761(default: empty)</b></DT><DD> 3762 3763<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> configuration 3764parameter. See there for details. </p> 3765 3766<p> This feature is available in Postfix 2.3 and later. </p> 3767 3768 3769</DD> 3770 3771<DT><b><a name="lmtp_body_checks">lmtp_body_checks</a> 3772(default: empty)</b></DT><DD> 3773 3774<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> configuration 3775parameter. See there for details. </p> 3776 3777<p> This feature is available in Postfix 2.5 and later. </p> 3778 3779 3780</DD> 3781 3782<DT><b><a name="lmtp_cache_connection">lmtp_cache_connection</a> 3783(default: yes)</b></DT><DD> 3784 3785<p> 3786Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a> 3787seconds. When the LMTP client receives a request for the same 3788connection the connection is reused. 3789</p> 3790 3791<p> This parameter is available in Postfix version 2.2 and earlier. 3792With Postfix version 2.3 and later, see <a href="postconf.5.html#lmtp_connection_cache_on_demand">lmtp_connection_cache_on_demand</a>, 3793<a href="postconf.5.html#lmtp_connection_cache_destinations">lmtp_connection_cache_destinations</a>, or <a href="postconf.5.html#lmtp_connection_reuse_time_limit">lmtp_connection_reuse_time_limit</a>. 3794</p> 3795 3796<p> 3797The effectiveness of cached connections will be determined by the 3798number of remote LMTP servers in use, and the concurrency limit specified 3799for the Postfix LMTP client. Cached connections are closed under any of 3800the following conditions: 3801</p> 3802 3803<ul> 3804 3805<li> The Postfix LMTP client idle time limit is reached. This limit is 3806specified with the Postfix <a href="postconf.5.html#max_idle">max_idle</a> configuration parameter. 3807 3808<li> A delivery request specifies a different destination than the 3809one currently cached. 3810 3811<li> The per-process limit on the number of delivery requests is 3812reached. This limit is specified with the Postfix <a href="postconf.5.html#max_use">max_use</a> 3813configuration parameter. 3814 3815<li> Upon the onset of another delivery request, the remote LMTP server 3816associated with the current session does not respond to the RSET 3817command. 3818 3819</ul> 3820 3821<p> 3822Most of these limitations have been with the Postfix 3823a connection cache that is shared among multiple LMTP client 3824programs. 3825</p> 3826 3827 3828</DD> 3829 3830<DT><b><a name="lmtp_cname_overrides_servername">lmtp_cname_overrides_servername</a> 3831(default: yes)</b></DT><DD> 3832 3833<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> 3834configuration parameter. See there for details. </p> 3835 3836<p> This feature is available in Postfix 2.3 and later. </p> 3837 3838 3839</DD> 3840 3841<DT><b><a name="lmtp_connect_timeout">lmtp_connect_timeout</a> 3842(default: 0s)</b></DT><DD> 3843 3844<p> The Postfix LMTP client time limit for completing a TCP connection, or 3845zero (use the operating system built-in time limit). When no 3846connection can be made within the deadline, the LMTP client tries 3847the next address on the mail exchanger list. </p> 3848 3849<p> 3850Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3851The default time unit is s (seconds). 3852</p> 3853 3854<p> 3855Example: 3856</p> 3857 3858<pre> 3859<a href="postconf.5.html#lmtp_connect_timeout">lmtp_connect_timeout</a> = 30s 3860</pre> 3861 3862 3863</DD> 3864 3865<DT><b><a name="lmtp_connection_cache_destinations">lmtp_connection_cache_destinations</a> 3866(default: empty)</b></DT><DD> 3867 3868<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> 3869configuration parameter. See there for details. </p> 3870 3871<p> This feature is available in Postfix 2.3 and later. </p> 3872 3873 3874</DD> 3875 3876<DT><b><a name="lmtp_connection_cache_on_demand">lmtp_connection_cache_on_demand</a> 3877(default: yes)</b></DT><DD> 3878 3879<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> 3880configuration parameter. See there for details. </p> 3881 3882<p> This feature is available in Postfix 2.3 and later. </p> 3883 3884 3885</DD> 3886 3887<DT><b><a name="lmtp_connection_cache_time_limit">lmtp_connection_cache_time_limit</a> 3888(default: 2s)</b></DT><DD> 3889 3890<p> The LMTP-specific version of the 3891<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> configuration parameter. 3892See there for details. </p> 3893 3894<p> This feature is available in Postfix 2.3 and later. </p> 3895 3896 3897</DD> 3898 3899<DT><b><a name="lmtp_connection_reuse_time_limit">lmtp_connection_reuse_time_limit</a> 3900(default: 300s)</b></DT><DD> 3901 3902<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> 3903configuration parameter. See there for details. </p> 3904 3905<p> This feature is available in Postfix 2.3 and later. </p> 3906 3907 3908</DD> 3909 3910<DT><b><a name="lmtp_data_done_timeout">lmtp_data_done_timeout</a> 3911(default: 600s)</b></DT><DD> 3912 3913<p> The Postfix LMTP client time limit for sending the LMTP ".", 3914and for receiving the remote LMTP server response. When no response 3915is received within the deadline, a warning is logged that the mail 3916may be delivered multiple times. </p> 3917 3918<p> 3919Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3920The default time unit is s (seconds). 3921</p> 3922 3923 3924</DD> 3925 3926<DT><b><a name="lmtp_data_init_timeout">lmtp_data_init_timeout</a> 3927(default: 120s)</b></DT><DD> 3928 3929<p> 3930The Postfix LMTP client time limit for sending the LMTP DATA command, 3931and 3932for receiving the remote LMTP server response. 3933</p> 3934 3935<p> 3936Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3937The default time unit is s (seconds). 3938</p> 3939 3940 3941</DD> 3942 3943<DT><b><a name="lmtp_data_xfer_timeout">lmtp_data_xfer_timeout</a> 3944(default: 180s)</b></DT><DD> 3945 3946<p> 3947The Postfix LMTP client time limit for sending the LMTP message 3948content. 3949When the connection stalls for more than $<a href="postconf.5.html#lmtp_data_xfer_timeout">lmtp_data_xfer_timeout</a> 3950the LMTP client terminates the transfer. 3951</p> 3952 3953<p> 3954Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3955The default time unit is s (seconds). 3956</p> 3957 3958 3959</DD> 3960 3961<DT><b><a name="lmtp_defer_if_no_mx_address_found">lmtp_defer_if_no_mx_address_found</a> 3962(default: no)</b></DT><DD> 3963 3964<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> 3965configuration parameter. See there for details. </p> 3966 3967<p> This feature is available in Postfix 2.3 and later. </p> 3968 3969 3970</DD> 3971 3972<DT><b><a name="lmtp_destination_concurrency_limit">lmtp_destination_concurrency_limit</a> 3973(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 3974 3975<p> The maximal number of parallel deliveries to the same destination 3976via the lmtp message delivery transport. This limit is enforced by 3977the queue manager. The message delivery transport name is the first 3978field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 3979 3980 3981</DD> 3982 3983<DT><b><a name="lmtp_destination_recipient_limit">lmtp_destination_recipient_limit</a> 3984(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 3985 3986<p> The maximal number of recipients per message for the lmtp 3987message delivery transport. This limit is enforced by the queue 3988manager. The message delivery transport name is the first field in 3989the entry in the <a href="master.5.html">master.cf</a> file. </p> 3990 3991<p> Setting this parameter to a value of 1 changes the meaning of 3992<a href="postconf.5.html#lmtp_destination_concurrency_limit">lmtp_destination_concurrency_limit</a> from concurrency per domain into 3993concurrency per recipient. </p> 3994 3995 3996</DD> 3997 3998<DT><b><a name="lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> 3999(default: empty)</b></DT><DD> 4000 4001<p> Lookup tables, indexed by the remote LMTP server address, with 4002case insensitive lists of LHLO keywords (pipelining, starttls, 4003auth, etc.) that the Postfix LMTP client will ignore in the LHLO 4004response 4005from a remote LMTP server. See <a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> for 4006details. The table is not indexed by hostname for consistency with 4007<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>. </p> 4008 4009<p> This feature is available in Postfix 2.3 and later. </p> 4010 4011 4012</DD> 4013 4014<DT><b><a name="lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> 4015(default: empty)</b></DT><DD> 4016 4017<p> A case insensitive list of LHLO keywords (pipelining, starttls, 4018auth, etc.) that the Postfix LMTP client will ignore in the LHLO 4019response 4020from a remote LMTP server. </p> 4021 4022<p> This feature is available in Postfix 2.3 and later. </p> 4023 4024<p> Notes: </p> 4025 4026<ul> 4027 4028<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 4029this action from being logged. </p> 4030 4031<li> <p> Use the <a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> feature to 4032discard LHLO keywords selectively. </p> 4033 4034</ul> 4035 4036 4037</DD> 4038 4039<DT><b><a name="lmtp_dns_resolver_options">lmtp_dns_resolver_options</a> 4040(default: empty)</b></DT><DD> 4041 4042<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a> 4043configuration parameter. See there for details. </p> 4044 4045<p> This feature is available in Postfix 2.8 and later. </p> 4046 4047 4048</DD> 4049 4050<DT><b><a name="lmtp_enforce_tls">lmtp_enforce_tls</a> 4051(default: no)</b></DT><DD> 4052 4053<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> configuration 4054parameter. See there for details. </p> 4055 4056<p> This feature is available in Postfix 2.3 and later. </p> 4057 4058 4059</DD> 4060 4061<DT><b><a name="lmtp_generic_maps">lmtp_generic_maps</a> 4062(default: empty)</b></DT><DD> 4063 4064<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> configuration 4065parameter. See there for details. </p> 4066 4067<p> This feature is available in Postfix 2.3 and later. </p> 4068 4069 4070</DD> 4071 4072<DT><b><a name="lmtp_header_checks">lmtp_header_checks</a> 4073(default: empty)</b></DT><DD> 4074 4075<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> configuration 4076parameter. See there for details. </p> 4077 4078<p> This feature is available in Postfix 2.5 and later. </p> 4079 4080 4081</DD> 4082 4083<DT><b><a name="lmtp_host_lookup">lmtp_host_lookup</a> 4084(default: dns)</b></DT><DD> 4085 4086<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> configuration 4087parameter. See there for details. </p> 4088 4089<p> This feature is available in Postfix 2.3 and later. </p> 4090 4091 4092</DD> 4093 4094<DT><b><a name="lmtp_lhlo_name">lmtp_lhlo_name</a> 4095(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 4096 4097<p> 4098The hostname to send in the LMTP LHLO command. 4099</p> 4100 4101<p> 4102The default value is the machine hostname. Specify a hostname or 4103[ip.add.re.ss]. 4104</p> 4105 4106<p> 4107This information can be specified in the <a href="postconf.5.html">main.cf</a> file for all LMTP 4108clients, or it can be specified in the <a href="master.5.html">master.cf</a> file for a specific 4109client, for example: 4110</p> 4111 4112<blockquote> 4113<pre> 4114/etc/postfix/<a href="master.5.html">master.cf</a>: 4115 mylmtp ... lmtp -o <a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a>=foo.bar.com 4116</pre> 4117</blockquote> 4118 4119<p> 4120This feature is available in Postfix 2.3 and later. 4121</p> 4122 4123 4124</DD> 4125 4126<DT><b><a name="lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> 4127(default: 300s)</b></DT><DD> 4128 4129<p> The Postfix LMTP client time limit for sending the LHLO command, 4130and for receiving the initial remote LMTP server response. </p> 4131 4132<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 4133(weeks). The default time unit is s (seconds). </p> 4134 4135 4136</DD> 4137 4138<DT><b><a name="lmtp_line_length_limit">lmtp_line_length_limit</a> 4139(default: 990)</b></DT><DD> 4140 4141<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_line_length_limit">smtp_line_length_limit</a> 4142configuration parameter. See there for details. </p> 4143 4144<p> This feature is available in Postfix 2.3 and later. </p> 4145 4146 4147</DD> 4148 4149<DT><b><a name="lmtp_mail_timeout">lmtp_mail_timeout</a> 4150(default: 300s)</b></DT><DD> 4151 4152<p> 4153The Postfix LMTP client time limit for sending the MAIL FROM command, 4154and for receiving the remote LMTP server response. 4155</p> 4156 4157<p> 4158Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4159The default time unit is s (seconds). 4160</p> 4161 4162 4163</DD> 4164 4165<DT><b><a name="lmtp_mime_header_checks">lmtp_mime_header_checks</a> 4166(default: empty)</b></DT><DD> 4167 4168<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> 4169configuration parameter. See there for details. </p> 4170 4171<p> This feature is available in Postfix 2.5 and later. </p> 4172 4173 4174</DD> 4175 4176<DT><b><a name="lmtp_mx_address_limit">lmtp_mx_address_limit</a> 4177(default: 5)</b></DT><DD> 4178 4179<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> configuration 4180parameter. See there for details. </p> 4181 4182<p> This feature is available in Postfix 2.3 and later. </p> 4183 4184 4185</DD> 4186 4187<DT><b><a name="lmtp_mx_session_limit">lmtp_mx_session_limit</a> 4188(default: 2)</b></DT><DD> 4189 4190<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> configuration 4191parameter. See there for details. </p> 4192 4193<p> This feature is available in Postfix 2.3 and later. </p> 4194 4195 4196</DD> 4197 4198<DT><b><a name="lmtp_nested_header_checks">lmtp_nested_header_checks</a> 4199(default: empty)</b></DT><DD> 4200 4201<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> 4202configuration parameter. See there for details. </p> 4203 4204<p> This feature is available in Postfix 2.5 and later. </p> 4205 4206 4207</DD> 4208 4209<DT><b><a name="lmtp_per_record_deadline">lmtp_per_record_deadline</a> 4210(default: no)</b></DT><DD> 4211 4212<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> 4213configuration parameter. See there for details. </p> 4214 4215<p> This feature is available in Postfix 2.9 and later. </p> 4216 4217 4218</DD> 4219 4220<DT><b><a name="lmtp_pix_workaround_delay_time">lmtp_pix_workaround_delay_time</a> 4221(default: 10s)</b></DT><DD> 4222 4223<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> 4224configuration parameter. See there for details. </p> 4225 4226<p> This feature is available in Postfix 2.3 and later. </p> 4227 4228 4229</DD> 4230 4231<DT><b><a name="lmtp_pix_workaround_maps">lmtp_pix_workaround_maps</a> 4232(default: empty)</b></DT><DD> 4233 4234<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> 4235configuration parameter. See there for details. </p> 4236 4237<p> This feature is available in Postfix 2.4 and later. </p> 4238 4239 4240</DD> 4241 4242<DT><b><a name="lmtp_pix_workaround_threshold_time">lmtp_pix_workaround_threshold_time</a> 4243(default: 500s)</b></DT><DD> 4244 4245<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> 4246configuration parameter. See there for details. </p> 4247 4248<p> This feature is available in Postfix 2.3 and later. </p> 4249 4250 4251</DD> 4252 4253<DT><b><a name="lmtp_pix_workarounds">lmtp_pix_workarounds</a> 4254(default: empty)</b></DT><DD> 4255 4256<p> The LMTP-specific version of the smtp_pix_workaround 4257configuration parameter. See there for details. </p> 4258 4259<p> This feature is available in Postfix 2.4 and later. </p> 4260 4261 4262</DD> 4263 4264<DT><b><a name="lmtp_quit_timeout">lmtp_quit_timeout</a> 4265(default: 300s)</b></DT><DD> 4266 4267<p> 4268The Postfix LMTP client time limit for sending the QUIT command, 4269and for receiving the remote LMTP server response. 4270</p> 4271 4272<p> 4273Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4274The default time unit is s (seconds). 4275</p> 4276 4277 4278</DD> 4279 4280<DT><b><a name="lmtp_quote_rfc821_envelope">lmtp_quote_rfc821_envelope</a> 4281(default: yes)</b></DT><DD> 4282 4283<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> 4284configuration parameter. See there for details. </p> 4285 4286<p> This feature is available in Postfix 2.3 and later. </p> 4287 4288 4289</DD> 4290 4291<DT><b><a name="lmtp_randomize_addresses">lmtp_randomize_addresses</a> 4292(default: yes)</b></DT><DD> 4293 4294<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> 4295configuration parameter. See there for details. </p> 4296 4297<p> This feature is available in Postfix 2.3 and later. </p> 4298 4299 4300</DD> 4301 4302<DT><b><a name="lmtp_rcpt_timeout">lmtp_rcpt_timeout</a> 4303(default: 300s)</b></DT><DD> 4304 4305<p> 4306The Postfix LMTP client time limit for sending the RCPT TO command, 4307and for receiving the remote LMTP server response. 4308</p> 4309 4310<p> 4311Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4312The default time unit is s (seconds). 4313</p> 4314 4315 4316</DD> 4317 4318<DT><b><a name="lmtp_reply_filter">lmtp_reply_filter</a> 4319(default: empty)</b></DT><DD> 4320 4321<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> 4322configuration parameter. See there for details. </p> 4323 4324<p> This feature is available in Postfix 2.7 and later. </p> 4325 4326 4327</DD> 4328 4329<DT><b><a name="lmtp_rset_timeout">lmtp_rset_timeout</a> 4330(default: 20s)</b></DT><DD> 4331 4332<p> The Postfix LMTP client time limit for sending the RSET command, 4333and for receiving the remote LMTP server response. The LMTP client 4334sends RSET in 4335order to finish a recipient address probe, or to verify that a 4336cached connection is still alive. </p> 4337 4338<p> 4339Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4340The default time unit is s (seconds). 4341</p> 4342 4343 4344</DD> 4345 4346<DT><b><a name="lmtp_sasl_auth_cache_name">lmtp_sasl_auth_cache_name</a> 4347(default: empty)</b></DT><DD> 4348 4349<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> 4350configuration parameter. See there for details. </p> 4351 4352<p> This feature is available in Postfix 2.5 and later. </p> 4353 4354 4355</DD> 4356 4357<DT><b><a name="lmtp_sasl_auth_cache_time">lmtp_sasl_auth_cache_time</a> 4358(default: 90d)</b></DT><DD> 4359 4360<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> 4361configuration parameter. See there for details. </p> 4362 4363<p> This feature is available in Postfix 2.5 and later. </p> 4364 4365 4366</DD> 4367 4368<DT><b><a name="lmtp_sasl_auth_enable">lmtp_sasl_auth_enable</a> 4369(default: no)</b></DT><DD> 4370 4371<p> 4372Enable SASL authentication in the Postfix LMTP client. 4373</p> 4374 4375 4376</DD> 4377 4378<DT><b><a name="lmtp_sasl_auth_soft_bounce">lmtp_sasl_auth_soft_bounce</a> 4379(default: yes)</b></DT><DD> 4380 4381<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> 4382configuration parameter. See there for details. </p> 4383 4384<p> This feature is available in Postfix 2.5 and later. </p> 4385 4386 4387</DD> 4388 4389<DT><b><a name="lmtp_sasl_mechanism_filter">lmtp_sasl_mechanism_filter</a> 4390(default: empty)</b></DT><DD> 4391 4392<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> 4393configuration parameter. See there for details. </p> 4394 4395<p> This feature is available in Postfix 2.3 and later. </p> 4396 4397 4398</DD> 4399 4400<DT><b><a name="lmtp_sasl_password_maps">lmtp_sasl_password_maps</a> 4401(default: empty)</b></DT><DD> 4402 4403<p> 4404Optional Postfix LMTP client lookup tables with one username:password entry 4405per host or domain. If a remote host or domain has no username:password 4406entry, then the Postfix LMTP client will not attempt to authenticate 4407to the remote host. 4408</p> 4409 4410 4411</DD> 4412 4413<DT><b><a name="lmtp_sasl_path">lmtp_sasl_path</a> 4414(default: empty)</b></DT><DD> 4415 4416<p> Implementation-specific information that is passed through to 4417the SASL plug-in implementation that is selected with 4418<b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b>. Typically this specifies the name of a 4419configuration file or rendezvous point. </p> 4420 4421<p> This feature is available in Postfix 2.3 and later. </p> 4422 4423 4424</DD> 4425 4426<DT><b><a name="lmtp_sasl_security_options">lmtp_sasl_security_options</a> 4427(default: noplaintext, noanonymous)</b></DT><DD> 4428 4429<p> SASL security options; as of Postfix 2.3 the list of available 4430features depends on the SASL client implementation that is selected 4431with <b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b>. </p> 4432 4433<p> The following security features are defined for the <b>cyrus</b> 4434client SASL implementation: </p> 4435 4436<dl> 4437 4438<dt><b>noplaintext</b></dt> 4439 4440<dd>Disallow authentication methods that use plaintext passwords. </dd> 4441 4442<dt><b>noactive</b></dt> 4443 4444<dd>Disallow authentication methods that are vulnerable to non-dictionary 4445active attacks. </dd> 4446 4447<dt><b>nodictionary</b></dt> 4448 4449<dd>Disallow authentication methods that are vulnerable to passive 4450dictionary attack. </dd> 4451 4452<dt><b>noanonymous</b></dt> 4453 4454<dd>Disallow anonymous logins. </dd> 4455 4456</dl> 4457 4458<p> 4459Example: 4460</p> 4461 4462<pre> 4463<a href="postconf.5.html#lmtp_sasl_security_options">lmtp_sasl_security_options</a> = noplaintext 4464</pre> 4465 4466 4467</DD> 4468 4469<DT><b><a name="lmtp_sasl_tls_security_options">lmtp_sasl_tls_security_options</a> 4470(default: $<a href="postconf.5.html#lmtp_sasl_security_options">lmtp_sasl_security_options</a>)</b></DT><DD> 4471 4472<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> 4473configuration parameter. See there for details. </p> 4474 4475<p> This feature is available in Postfix 2.3 and later. </p> 4476 4477 4478</DD> 4479 4480<DT><b><a name="lmtp_sasl_tls_verified_security_options">lmtp_sasl_tls_verified_security_options</a> 4481(default: $<a href="postconf.5.html#lmtp_sasl_tls_security_options">lmtp_sasl_tls_security_options</a>)</b></DT><DD> 4482 4483<p> The LMTP-specific version of the 4484<a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> configuration parameter. 4485See there for details. </p> 4486 4487<p> This feature is available in Postfix 2.3 and later. </p> 4488 4489 4490</DD> 4491 4492<DT><b><a name="lmtp_sasl_type">lmtp_sasl_type</a> 4493(default: cyrus)</b></DT><DD> 4494 4495<p> The SASL plug-in type that the Postfix LMTP client should use 4496for authentication. The available types are listed with the 4497"<b>postconf -A</b>" command. </p> 4498 4499<p> This feature is available in Postfix 2.3 and later. </p> 4500 4501 4502</DD> 4503 4504<DT><b><a name="lmtp_send_dummy_mail_auth">lmtp_send_dummy_mail_auth</a> 4505(default: no)</b></DT><DD> 4506 4507<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> 4508configuration parameter. See there for details. </p> 4509 4510<p> This feature is available in Postfix 2.9 and later. </p> 4511 4512 4513</DD> 4514 4515<DT><b><a name="lmtp_send_xforward_command">lmtp_send_xforward_command</a> 4516(default: no)</b></DT><DD> 4517 4518<p> 4519Send an XFORWARD command to the remote LMTP server when the LMTP LHLO 4520server response announces XFORWARD support. This allows an <a href="lmtp.8.html">lmtp(8)</a> 4521delivery agent, used for content filter message injection, to 4522forward the name, address, protocol and HELO name of the original 4523client to the content filter and downstream queuing LMTP server. 4524Before you change the value to yes, it is best to make sure that 4525your content filter supports this command. 4526</p> 4527 4528<p> 4529This feature is available in Postfix 2.1 and later. 4530</p> 4531 4532 4533</DD> 4534 4535<DT><b><a name="lmtp_sender_dependent_authentication">lmtp_sender_dependent_authentication</a> 4536(default: no)</b></DT><DD> 4537 4538<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> 4539configuration parameter. See there for details. </p> 4540 4541<p> This feature is available in Postfix 2.3 and later. </p> 4542 4543 4544</DD> 4545 4546<DT><b><a name="lmtp_skip_5xx_greeting">lmtp_skip_5xx_greeting</a> 4547(default: yes)</b></DT><DD> 4548 4549<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> 4550configuration parameter. See there for details. </p> 4551 4552<p> This feature is available in Postfix 2.3 and later. </p> 4553 4554 4555</DD> 4556 4557<DT><b><a name="lmtp_skip_quit_response">lmtp_skip_quit_response</a> 4558(default: no)</b></DT><DD> 4559 4560<p> 4561Wait for the response to the LMTP QUIT command. 4562</p> 4563 4564 4565</DD> 4566 4567<DT><b><a name="lmtp_starttls_timeout">lmtp_starttls_timeout</a> 4568(default: 300s)</b></DT><DD> 4569 4570<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> configuration 4571parameter. See there for details. </p> 4572 4573<p> This feature is available in Postfix 2.3 and later. </p> 4574 4575 4576</DD> 4577 4578<DT><b><a name="lmtp_tcp_port">lmtp_tcp_port</a> 4579(default: 24)</b></DT><DD> 4580 4581<p> 4582The default TCP port that the Postfix LMTP client connects to. 4583</p> 4584 4585 4586</DD> 4587 4588<DT><b><a name="lmtp_tls_CAfile">lmtp_tls_CAfile</a> 4589(default: empty)</b></DT><DD> 4590 4591<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> 4592configuration parameter. See there for details. </p> 4593 4594<p> This feature is available in Postfix 2.3 and later. </p> 4595 4596 4597</DD> 4598 4599<DT><b><a name="lmtp_tls_CApath">lmtp_tls_CApath</a> 4600(default: empty)</b></DT><DD> 4601 4602<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> 4603configuration parameter. See there for details. </p> 4604 4605<p> This feature is available in Postfix 2.3 and later. </p> 4606 4607 4608</DD> 4609 4610<DT><b><a name="lmtp_tls_block_early_mail_reply">lmtp_tls_block_early_mail_reply</a> 4611(default: empty)</b></DT><DD> 4612 4613<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> 4614configuration parameter. See there for details. </p> 4615 4616<p> This feature is available in Postfix 2.7 and later. </p> 4617 4618 4619</DD> 4620 4621<DT><b><a name="lmtp_tls_cert_file">lmtp_tls_cert_file</a> 4622(default: empty)</b></DT><DD> 4623 4624<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> 4625configuration parameter. See there for details. </p> 4626 4627<p> This feature is available in Postfix 2.3 and later. </p> 4628 4629 4630</DD> 4631 4632<DT><b><a name="lmtp_tls_ciphers">lmtp_tls_ciphers</a> 4633(default: export)</b></DT><DD> 4634 4635<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> configuration 4636parameter. See there for details. </p> 4637 4638<p> This feature is available in Postfix 2.6 and later. </p> 4639 4640 4641</DD> 4642 4643<DT><b><a name="lmtp_tls_dcert_file">lmtp_tls_dcert_file</a> 4644(default: empty)</b></DT><DD> 4645 4646<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> 4647configuration parameter. See there for details. </p> 4648 4649<p> This feature is available in Postfix 2.3 and later. </p> 4650 4651 4652</DD> 4653 4654<DT><b><a name="lmtp_tls_dkey_file">lmtp_tls_dkey_file</a> 4655(default: $<a href="postconf.5.html#lmtp_tls_dcert_file">lmtp_tls_dcert_file</a>)</b></DT><DD> 4656 4657<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> 4658configuration parameter. See there for details. </p> 4659 4660<p> This feature is available in Postfix 2.3 and later. </p> 4661 4662 4663</DD> 4664 4665<DT><b><a name="lmtp_tls_eccert_file">lmtp_tls_eccert_file</a> 4666(default: empty)</b></DT><DD> 4667 4668<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> configuration 4669parameter. See there for details. </p> 4670 4671<p> This feature is available in Postfix 2.6 and later, when Postfix is 4672compiled and linked with OpenSSL 1.0.0 or later. </p> 4673 4674 4675</DD> 4676 4677<DT><b><a name="lmtp_tls_eckey_file">lmtp_tls_eckey_file</a> 4678(default: empty)</b></DT><DD> 4679 4680<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> configuration 4681parameter. See there for details. </p> 4682 4683<p> This feature is available in Postfix 2.6 and later, when Postfix is 4684compiled and linked with OpenSSL 1.0.0 or later. </p> 4685 4686 4687</DD> 4688 4689<DT><b><a name="lmtp_tls_enforce_peername">lmtp_tls_enforce_peername</a> 4690(default: yes)</b></DT><DD> 4691 4692<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> 4693configuration parameter. See there for details. </p> 4694 4695<p> This feature is available in Postfix 2.3 and later. </p> 4696 4697 4698</DD> 4699 4700<DT><b><a name="lmtp_tls_exclude_ciphers">lmtp_tls_exclude_ciphers</a> 4701(default: empty)</b></DT><DD> 4702 4703<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> 4704configuration parameter. See there for details. </p> 4705 4706<p> This feature is available in Postfix 2.3 and later. </p> 4707 4708 4709</DD> 4710 4711<DT><b><a name="lmtp_tls_fingerprint_cert_match">lmtp_tls_fingerprint_cert_match</a> 4712(default: empty)</b></DT><DD> 4713 4714<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> 4715configuration parameter. See there for details. </p> 4716 4717<p> This feature is available in Postfix 2.5 and later. </p> 4718 4719 4720</DD> 4721 4722<DT><b><a name="lmtp_tls_fingerprint_digest">lmtp_tls_fingerprint_digest</a> 4723(default: md5)</b></DT><DD> 4724 4725<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> 4726configuration parameter. See there for details. </p> 4727 4728<p> This feature is available in Postfix 2.5 and later. </p> 4729 4730 4731</DD> 4732 4733<DT><b><a name="lmtp_tls_key_file">lmtp_tls_key_file</a> 4734(default: $<a href="postconf.5.html#lmtp_tls_cert_file">lmtp_tls_cert_file</a>)</b></DT><DD> 4735 4736<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> 4737configuration parameter. See there for details. </p> 4738 4739<p> This feature is available in Postfix 2.3 and later. </p> 4740 4741 4742</DD> 4743 4744<DT><b><a name="lmtp_tls_loglevel">lmtp_tls_loglevel</a> 4745(default: 0)</b></DT><DD> 4746 4747<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> 4748configuration parameter. See there for details. </p> 4749 4750<p> This feature is available in Postfix 2.3 and later. </p> 4751 4752 4753</DD> 4754 4755<DT><b><a name="lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a> 4756(default: empty)</b></DT><DD> 4757 4758<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> 4759configuration parameter. See there for details. </p> 4760 4761<p> This feature is available in Postfix 2.3 and later. </p> 4762 4763 4764</DD> 4765 4766<DT><b><a name="lmtp_tls_mandatory_exclude_ciphers">lmtp_tls_mandatory_exclude_ciphers</a> 4767(default: empty)</b></DT><DD> 4768 4769<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> 4770configuration parameter. See there for details. </p> 4771 4772<p> This feature is available in Postfix 2.3 and later. </p> 4773 4774 4775</DD> 4776 4777<DT><b><a name="lmtp_tls_mandatory_protocols">lmtp_tls_mandatory_protocols</a> 4778(default: !SSLv2)</b></DT><DD> 4779 4780<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> 4781configuration parameter. See there for details. </p> 4782 4783<p> This feature is available in Postfix 2.3 and later. </p> 4784 4785 4786</DD> 4787 4788<DT><b><a name="lmtp_tls_note_starttls_offer">lmtp_tls_note_starttls_offer</a> 4789(default: no)</b></DT><DD> 4790 4791<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> 4792configuration parameter. See there for details. </p> 4793 4794<p> This feature is available in Postfix 2.3 and later. </p> 4795 4796 4797</DD> 4798 4799<DT><b><a name="lmtp_tls_per_site">lmtp_tls_per_site</a> 4800(default: empty)</b></DT><DD> 4801 4802<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> configuration 4803parameter. See there for details. </p> 4804 4805<p> This feature is available in Postfix 2.3 and later. </p> 4806 4807 4808</DD> 4809 4810<DT><b><a name="lmtp_tls_policy_maps">lmtp_tls_policy_maps</a> 4811(default: empty)</b></DT><DD> 4812 4813<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> 4814configuration parameter. See there for details. </p> 4815 4816<p> This feature is available in Postfix 2.3 and later. </p> 4817 4818 4819</DD> 4820 4821<DT><b><a name="lmtp_tls_protocols">lmtp_tls_protocols</a> 4822(default: empty)</b></DT><DD> 4823 4824<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> configuration 4825parameter. See there for details. </p> 4826 4827<p> This feature is available in Postfix 2.6 and later. </p> 4828 4829 4830</DD> 4831 4832<DT><b><a name="lmtp_tls_scert_verifydepth">lmtp_tls_scert_verifydepth</a> 4833(default: 9)</b></DT><DD> 4834 4835<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> 4836configuration parameter. See there for details. </p> 4837 4838<p> This feature is available in Postfix 2.3 and later. </p> 4839 4840 4841</DD> 4842 4843<DT><b><a name="lmtp_tls_secure_cert_match">lmtp_tls_secure_cert_match</a> 4844(default: nexthop)</b></DT><DD> 4845 4846<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> 4847configuration parameter. See there for details. </p> 4848 4849<p> This feature is available in Postfix 2.3 and later. </p> 4850 4851 4852</DD> 4853 4854<DT><b><a name="lmtp_tls_security_level">lmtp_tls_security_level</a> 4855(default: empty)</b></DT><DD> 4856 4857<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> configuration 4858parameter. See there for details. </p> 4859 4860<p> This feature is available in Postfix 2.3 and later. </p> 4861 4862 4863</DD> 4864 4865<DT><b><a name="lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a> 4866(default: empty)</b></DT><DD> 4867 4868<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> 4869configuration parameter. See there for details. </p> 4870 4871<p> This feature is available in Postfix 2.3 and later. </p> 4872 4873 4874</DD> 4875 4876<DT><b><a name="lmtp_tls_session_cache_timeout">lmtp_tls_session_cache_timeout</a> 4877(default: 3600s)</b></DT><DD> 4878 4879<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> 4880configuration parameter. See there for details. </p> 4881 4882<p> This feature is available in Postfix 2.3 and later. </p> 4883 4884 4885</DD> 4886 4887<DT><b><a name="lmtp_tls_verify_cert_match">lmtp_tls_verify_cert_match</a> 4888(default: hostname)</b></DT><DD> 4889 4890<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> 4891configuration parameter. See there for details. </p> 4892 4893<p> This feature is available in Postfix 2.3 and later. </p> 4894 4895 4896</DD> 4897 4898<DT><b><a name="lmtp_use_tls">lmtp_use_tls</a> 4899(default: no)</b></DT><DD> 4900 4901<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> configuration 4902parameter. See there for details. </p> 4903 4904<p> This feature is available in Postfix 2.3 and later. </p> 4905 4906 4907</DD> 4908 4909<DT><b><a name="lmtp_xforward_timeout">lmtp_xforward_timeout</a> 4910(default: 300s)</b></DT><DD> 4911 4912<p> 4913The Postfix LMTP client time limit for sending the XFORWARD command, 4914and for receiving the remote LMTP server response. 4915</p> 4916 4917<p> 4918In case of problems the client does NOT try the next address on 4919the mail exchanger list. 4920</p> 4921 4922<p> 4923Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4924The default time unit is s (seconds). 4925</p> 4926 4927<p> 4928This feature is available in Postfix 2.1 and later. 4929</p> 4930 4931 4932</DD> 4933 4934<DT><b><a name="local_command_shell">local_command_shell</a> 4935(default: empty)</b></DT><DD> 4936 4937<p> 4938Optional shell program for <a href="local.8.html">local(8)</a> delivery to non-Postfix command. 4939By default, non-Postfix commands are executed directly; commands 4940are given to given to the default shell (typically, /bin/sh) only 4941when they contain shell meta characters or shell built-in commands. 4942</p> 4943 4944<p> "sendmail's restricted shell" (smrsh) is what most people will 4945use in order to restrict what programs can be run from e.g. .forward 4946files (smrsh is part of the Sendmail distribution). </p> 4947 4948<p> Note: when a shell program is specified, it is invoked even 4949when the command contains no shell built-in commands or meta 4950characters. </p> 4951 4952<p> 4953Example: 4954</p> 4955 4956<pre> 4957<a href="postconf.5.html#local_command_shell">local_command_shell</a> = /some/where/smrsh -c 4958<a href="postconf.5.html#local_command_shell">local_command_shell</a> = /bin/bash -c 4959</pre> 4960 4961 4962</DD> 4963 4964<DT><b><a name="local_destination_concurrency_limit">local_destination_concurrency_limit</a> 4965(default: 2)</b></DT><DD> 4966 4967<p> The maximal number of parallel deliveries via the local mail 4968delivery transport to the same recipient (when 4969"<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or the maximal number of 4970parallel deliveries to the same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when 4971"<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> > 1"). This limit is enforced by 4972the queue manager. The message delivery transport name is the first 4973field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 4974 4975<p> A low limit of 2 is recommended, just in case someone has an 4976expensive shell command in a .forward file or in an alias (e.g., 4977a mailing list manager). You don't want to run lots of those at 4978the same time. </p> 4979 4980 4981</DD> 4982 4983<DT><b><a name="local_destination_recipient_limit">local_destination_recipient_limit</a> 4984(default: 1)</b></DT><DD> 4985 4986<p> The maximal number of recipients per message delivery via the 4987local mail delivery transport. This limit is enforced by the queue 4988manager. The message delivery transport name is the first field in 4989the entry in the <a href="master.5.html">master.cf</a> file. </p> 4990 4991<p> Setting this parameter to a value > 1 changes the meaning of 4992<a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> from concurrency per recipient 4993into concurrency per domain. </p> 4994 4995 4996</DD> 4997 4998<DT><b><a name="local_header_rewrite_clients">local_header_rewrite_clients</a> 4999(default: <a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b></DT><DD> 5000 5001<p> Rewrite message header addresses in mail from these clients and 5002update incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or 5003$<a href="postconf.5.html#mydomain">mydomain</a>; either don't rewrite message headers from other clients 5004at all, or rewrite message headers and update incomplete addresses 5005with the domain specified in the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> 5006parameter. </p> 5007 5008<p> See the <a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a> and <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> parameters 5009for details of how domain names are appended to incomplete addresses. 5010</p> 5011 5012<p> Specify a list of zero or more of the following: </p> 5013 5014<dl> 5015 5016<dt><b><a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a></b></dt> 5017 5018<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5019client IP address matches $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. This is enabled by 5020default. </dd> 5021 5022<dt><b><a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a></b></dt> 5023 5024<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5025client IP address matches any network or network address listed in 5026$<a href="postconf.5.html#mynetworks">mynetworks</a>. This setting will not prevent remote mail header 5027address rewriting when mail from a remote client is forwarded by 5028a neighboring system. </dd> 5029 5030<dt><b><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> </b></dt> 5031 5032<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5033client is successfully authenticated via the <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH) 5034protocol. </dd> 5035 5036<dt><b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> </b></dt> 5037 5038<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5039remote SMTP client TLS certificate fingerprint or public key fingerprint 5040(Postfix 2.9 and later) is listed in $<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a>. 5041The fingerprint digest algorithm is configurable via the 5042<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to 5043Postfix version 2.5). </dd> 5044 5045<dt><b><a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> </b></dt> 5046 5047<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5048remote SMTP client TLS certificate is successfully verified, regardless of 5049whether it is listed on the server, and regardless of the certifying 5050authority. </dd> 5051 5052<dt><b><a name="check_address_map">check_address_map</a> <i><a href="DATABASE_README.html">type:table</a></i> </b></dt> 5053 5054<dt><b><i><a href="DATABASE_README.html">type:table</a></i> </b></dt> 5055 5056<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5057client IP address matches the specified lookup table. 5058The lookup result is ignored, and no subnet lookup is done. This 5059is suitable for, e.g., pop-before-smtp lookup tables. </dd> 5060 5061</dl> 5062 5063<p> Examples: </p> 5064 5065<p> The Postfix < 2.2 backwards compatible setting: always rewrite 5066message headers, and always append my own domain to incomplete 5067header addresses. </p> 5068 5069<blockquote> 5070<pre> 5071<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all 5072</pre> 5073</blockquote> 5074 5075<p> The purist (and default) setting: rewrite headers only in mail 5076from Postfix sendmail and in SMTP mail from this machine. </p> 5077 5078<blockquote> 5079<pre> 5080<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a> 5081</pre> 5082</blockquote> 5083 5084<p> The intermediate setting: rewrite header addresses and append 5085$<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> information only with mail from Postfix 5086sendmail, from local clients, or from authorized SMTP clients. </p> 5087 5088<p> Note: this setting will not prevent remote mail header address 5089rewriting when mail from a remote client is forwarded by a neighboring 5090system. </p> 5091 5092<blockquote> 5093<pre> 5094<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, 5095 <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> 5096 <a href="postconf.5.html#check_address_map">check_address_map</a> hash:/etc/postfix/pop-before-smtp 5097</pre> 5098</blockquote> 5099 5100 5101</DD> 5102 5103<DT><b><a name="local_recipient_maps">local_recipient_maps</a> 5104(default: <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b></DT><DD> 5105 5106<p> Lookup tables with all names or addresses of local recipients: 5107a recipient address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, 5108$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. Specify @domain as a 5109wild-card for domains that do not have a valid recipient list. 5110Technically, tables listed with $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> are used as 5111lists: Postfix needs to know only if a lookup string is found or 5112not, but it does not use the result from table lookup. </p> 5113 5114<p> 5115If this parameter is non-empty (the default), then the Postfix SMTP 5116server will reject mail for unknown local users. 5117</p> 5118 5119<p> 5120To turn off local recipient checking in the Postfix SMTP server, 5121specify "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =" (i.e. empty). 5122</p> 5123 5124<p> 5125The default setting assumes that you use the default Postfix local 5126delivery agent for local delivery. You need to update the 5127<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> setting if: 5128</p> 5129 5130<ul> 5131 5132<li>You redefine the local delivery agent in <a href="master.5.html">master.cf</a>. 5133 5134<li>You redefine the "<a href="postconf.5.html#local_transport">local_transport</a>" setting in <a href="postconf.5.html">main.cf</a>. 5135 5136<li>You use the "<a href="postconf.5.html#luser_relay">luser_relay</a>", "<a href="postconf.5.html#mailbox_transport">mailbox_transport</a>", or "<a href="postconf.5.html#fallback_transport">fallback_transport</a>" 5137feature of the Postfix <a href="local.8.html">local(8)</a> delivery agent. 5138 5139</ul> 5140 5141<p> 5142Details are described in the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> file. 5143</p> 5144 5145<p> 5146Beware: if the Postfix SMTP server runs chrooted, you need to access 5147the passwd file via the <a href="proxymap.8.html">proxymap(8)</a> service, in order to overcome 5148chroot access restrictions. The alternative, maintaining a copy of 5149the system password file in the chroot jail is not practical. 5150</p> 5151 5152<p> 5153Examples: 5154</p> 5155 5156<pre> 5157<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = 5158</pre> 5159 5160 5161</DD> 5162 5163<DT><b><a name="local_transport">local_transport</a> 5164(default: <a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 5165 5166<p> The default mail delivery transport and next-hop destination 5167for final delivery to domains listed with <a href="postconf.5.html#mydestination">mydestination</a>, and for 5168[ipaddress] destinations that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 5169This information can be overruled with the <a href="transport.5.html">transport(5)</a> table. </p> 5170 5171<p> 5172By default, local mail is delivered to the transport called "local", 5173which is just the name of a service that is defined the <a href="master.5.html">master.cf</a> file. 5174</p> 5175 5176<p> 5177Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 5178is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>. 5179The <i>:nexthop</i> destination is optional; its syntax is documented 5180in the manual page of the corresponding delivery agent. 5181</p> 5182 5183<p> 5184Beware: if you override the default local delivery agent then you 5185need to review the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> document, otherwise the 5186SMTP server may reject mail for local recipients. 5187</p> 5188 5189 5190</DD> 5191 5192<DT><b><a name="luser_relay">luser_relay</a> 5193(default: empty)</b></DT><DD> 5194 5195<p> 5196Optional catch-all destination for unknown <a href="local.8.html">local(8)</a> recipients. 5197By default, mail for unknown recipients in domains that match 5198$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> is returned 5199as undeliverable. 5200</p> 5201 5202<p> 5203The following $name expansions are done on <a href="postconf.5.html#luser_relay">luser_relay</a>: 5204</p> 5205 5206<dl> 5207 5208<dt><b>$domain</b></dt> 5209 5210<dd>The recipient domain. </dd> 5211 5212<dt><b>$extension</b></dt> 5213 5214<dd>The recipient address extension. </dd> 5215 5216<dt><b>$home</b></dt> 5217 5218<dd>The recipient's home directory. </dd> 5219 5220<dt><b>$local</b></dt> 5221 5222<dd>The entire recipient address localpart. </dd> 5223 5224<dt><b>$recipient</b></dt> 5225 5226<dd>The full recipient address. </dd> 5227 5228<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt> 5229 5230<dd>The system-wide recipient address extension delimiter. </dd> 5231 5232<dt><b>$shell</b></dt> 5233 5234<dd>The recipient's login shell. </dd> 5235 5236<dt><b>$user</b></dt> 5237 5238<dd>The recipient username. </dd> 5239 5240<dt><b>${name?value}</b></dt> 5241 5242<dd>Expands to <i>value</i> when <i>$name</i> has a non-empty value. </dd> 5243 5244<dt><b>${name:value}</b></dt> 5245 5246<dd>Expands to <i>value</i> when <i>$name</i> has an empty value. </dd> 5247 5248</dl> 5249 5250<p> 5251Instead of $name you can also specify ${name} or $(name). 5252</p> 5253 5254<p> 5255Note: <a href="postconf.5.html#luser_relay">luser_relay</a> works only for the Postfix <a href="local.8.html">local(8)</a> delivery agent. 5256</p> 5257 5258<p> 5259Note: if you use this feature for accounts not in the UNIX password 5260file, then you must specify "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =" (i.e. empty) 5261in the <a href="postconf.5.html">main.cf</a> file, otherwise the Postfix SMTP server will reject mail 5262for non-UNIX accounts with "User unknown in local recipient table". 5263</p> 5264 5265<p> 5266Examples: 5267</p> 5268 5269<pre> 5270<a href="postconf.5.html#luser_relay">luser_relay</a> = $user@other.host 5271<a href="postconf.5.html#luser_relay">luser_relay</a> = $local@other.host 5272<a href="postconf.5.html#luser_relay">luser_relay</a> = admin+$local 5273</pre> 5274 5275 5276</DD> 5277 5278<DT><b><a name="mail_name">mail_name</a> 5279(default: Postfix)</b></DT><DD> 5280 5281<p> 5282The mail system name that is displayed in Received: headers, in 5283the SMTP greeting banner, and in bounced mail. 5284</p> 5285 5286 5287</DD> 5288 5289<DT><b><a name="mail_owner">mail_owner</a> 5290(default: postfix)</b></DT><DD> 5291 5292<p> 5293The UNIX system account that owns the Postfix queue and most Postfix 5294daemon processes. Specify the name of a user account that does 5295not share a group with other accounts and that owns no other files 5296or processes on the system. In particular, don't specify nobody 5297or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID. 5298</p> 5299 5300<p> 5301When this parameter value is changed you need to re-run "<b>postfix 5302set-permissions</b>" (with Postfix version 2.0 and earlier: 5303"<b>/etc/postfix/post-install set-permissions</b>". 5304</p> 5305 5306 5307</DD> 5308 5309<DT><b><a name="mail_release_date">mail_release_date</a> 5310(default: see "postconf -d" output)</b></DT><DD> 5311 5312<p> 5313The Postfix release date, in "YYYYMMDD" format. 5314</p> 5315 5316 5317</DD> 5318 5319<DT><b><a name="mail_spool_directory">mail_spool_directory</a> 5320(default: see "postconf -d" output)</b></DT><DD> 5321 5322<p> 5323The directory where <a href="local.8.html">local(8)</a> UNIX-style mailboxes are kept. The 5324default setting depends on the system type. Specify a name ending 5325in / for maildir-style delivery. 5326</p> 5327 5328<p> 5329Note: maildir delivery is done with the privileges of the recipient. 5330If you use the <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> setting for maildir style 5331delivery, then you must create the top-level maildir directory in 5332advance. Postfix will not create it. 5333</p> 5334 5335<p> 5336Examples: 5337</p> 5338 5339<pre> 5340<a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> = /var/mail 5341<a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> = /var/spool/mail 5342</pre> 5343 5344 5345</DD> 5346 5347<DT><b><a name="mail_version">mail_version</a> 5348(default: see "postconf -d" output)</b></DT><DD> 5349 5350<p> 5351The version of the mail system. Stable releases are named 5352<i>major</i>.<i>minor</i>.<i>patchlevel</i>. Experimental releases 5353also include the release date. The version string can be used in, 5354for example, the SMTP greeting banner. 5355</p> 5356 5357 5358</DD> 5359 5360<DT><b><a name="mailbox_command">mailbox_command</a> 5361(default: empty)</b></DT><DD> 5362 5363<p> 5364Optional external command that the <a href="local.8.html">local(8)</a> delivery agent should 5365use for mailbox delivery. The command is run with the user ID and 5366the primary group ID privileges of the recipient. Exception: 5367command delivery for root executes with $<a href="postconf.5.html#default_privs">default_privs</a> privileges. 5368This is not a problem, because 1) mail for root should always be 5369aliased to a real user and 2) don't log in as root, use "su" instead. 5370</p> 5371 5372<p> 5373The following environment variables are exported to the command: 5374</p> 5375 5376<dl> 5377 5378<dt><b>CLIENT_ADDRESS</b></dt> 5379 5380<dd>Remote client network address. Available in Postfix version 2.2 and 5381later. </dd> 5382 5383<dt><b>CLIENT_HELO</b></dt> 5384 5385<dd>Remote client EHLO command parameter. Available in Postfix version 2.2 5386and later.</dd> 5387 5388<dt><b>CLIENT_HOSTNAME</b></dt> 5389 5390<dd>Remote client hostname. Available in Postfix version 2.2 and later. 5391</dd> 5392 5393<dt><b>CLIENT_PROTOCOL</b></dt> 5394 5395<dd>Remote client protocol. Available in Postfix version 2.2 and later. 5396</dd> 5397 5398<dt><b>DOMAIN</b></dt> 5399 5400<dd>The domain part of the recipient address. </dd> 5401 5402<dt><b>EXTENSION</b></dt> 5403 5404<dd>The optional address extension. </dd> 5405 5406<dt><b>HOME</b></dt> 5407 5408<dd>The recipient home directory. </dd> 5409 5410<dt><b>LOCAL</b></dt> 5411 5412<dd>The recipient address localpart. </dd> 5413 5414<dt><b>LOGNAME</b></dt> 5415 5416<dd>The recipient's username. </dd> 5417 5418<dt><b>ORIGINAL_RECIPIENT</b></dt> 5419 5420<dd>The entire recipient address, before any address rewriting or 5421aliasing. </dd> 5422 5423<dt><b>RECIPIENT</b></dt> 5424 5425<dd>The full recipient address. </dd> 5426 5427<dt><b>SASL_METHOD</b></dt> 5428 5429<dd>SASL authentication method specified in the remote client AUTH 5430command. Available in Postfix version 2.2 and later. </dd> 5431 5432<dt><b>SASL_SENDER</b></dt> 5433 5434<dd>SASL sender address specified in the remote client MAIL FROM 5435command. Available in Postfix version 2.2 and later. </dd> 5436 5437<dt><b>SASL_USER</b></dt> 5438 5439<dd>SASL username specified in the remote client AUTH command. 5440Available in Postfix version 2.2 and later. </dd> 5441 5442<dt><b>SENDER</b></dt> 5443 5444<dd>The full sender address. </dd> 5445 5446<dt><b>SHELL</b></dt> 5447 5448<dd>The recipient's login shell. </dd> 5449 5450<dt><b>USER</b></dt> 5451 5452<dd>The recipient username. </dd> 5453 5454</dl> 5455 5456<p> 5457Unlike other Postfix configuration parameters, the <a href="postconf.5.html#mailbox_command">mailbox_command</a> 5458parameter is not subjected to $name substitutions. This is to make 5459it easier to specify shell syntax (see example below). 5460</p> 5461 5462<p> 5463If you can, avoid shell meta characters because they will force 5464Postfix to run an expensive shell process. If you're delivering 5465via Procmail then running a shell won't make a noticeable difference 5466in the total cost. 5467</p> 5468 5469<p> 5470Note: if you use the <a href="postconf.5.html#mailbox_command">mailbox_command</a> feature to deliver mail 5471system-wide, you must set up an alias that forwards mail for root 5472to a real user. 5473</p> 5474 5475<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 5476is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 5477<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 5478<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 5479 5480<p> 5481Examples: 5482</p> 5483 5484<pre> 5485<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/procmail 5486<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/procmail -a "$EXTENSION" 5487<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/maildrop -d "$USER" 5488 -f "$SENDER" "$EXTENSION" 5489</pre> 5490 5491 5492</DD> 5493 5494<DT><b><a name="mailbox_command_maps">mailbox_command_maps</a> 5495(default: empty)</b></DT><DD> 5496 5497<p> 5498Optional lookup tables with per-recipient external commands to use 5499for <a href="local.8.html">local(8)</a> mailbox delivery. Behavior is as with <a href="postconf.5.html#mailbox_command">mailbox_command</a>. 5500</p> 5501 5502<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 5503is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 5504<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 5505<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 5506 5507 5508</DD> 5509 5510<DT><b><a name="mailbox_delivery_lock">mailbox_delivery_lock</a> 5511(default: see "postconf -d" output)</b></DT><DD> 5512 5513<p> 5514How to lock a UNIX-style <a href="local.8.html">local(8)</a> mailbox before attempting delivery. 5515For a list of available file locking methods, use the "<b>postconf 5516-l</b>" command. 5517</p> 5518 5519<p> 5520This setting is ignored with <b>maildir</b> style delivery, 5521because such deliveries are safe without explicit locks. 5522</p> 5523 5524<p> 5525Note: The <b>dotlock</b> method requires that the recipient UID or 5526GID has write access to the parent directory of the mailbox file. 5527</p> 5528 5529<p> 5530Note: the default setting of this parameter is system dependent. 5531</p> 5532 5533 5534</DD> 5535 5536<DT><b><a name="mailbox_size_limit">mailbox_size_limit</a> 5537(default: 51200000)</b></DT><DD> 5538 5539<p> The maximal size of any <a href="local.8.html">local(8)</a> individual mailbox or maildir 5540file, or zero (no limit). In fact, this limits the size of any 5541file that is written to upon local delivery, including files written 5542by external commands that are executed by the <a href="local.8.html">local(8)</a> delivery 5543agent. </p> 5544 5545<p> 5546This limit must not be smaller than the message size limit. 5547</p> 5548 5549 5550</DD> 5551 5552<DT><b><a name="mailbox_transport">mailbox_transport</a> 5553(default: empty)</b></DT><DD> 5554 5555<p> 5556Optional message delivery transport that the <a href="local.8.html">local(8)</a> delivery 5557agent should use for mailbox delivery to all local recipients, 5558whether or not they are found in the UNIX passwd database. 5559</p> 5560 5561<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 5562is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 5563<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 5564<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 5565 5566 5567</DD> 5568 5569<DT><b><a name="mailbox_transport_maps">mailbox_transport_maps</a> 5570(default: empty)</b></DT><DD> 5571 5572<p> Optional lookup tables with per-recipient message delivery 5573transports to use for <a href="local.8.html">local(8)</a> mailbox delivery, whether or not the 5574recipients are found in the UNIX passwd database. </p> 5575 5576<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 5577is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 5578<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 5579<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 5580 5581<p> For safety reasons, this feature does not allow $number 5582substitutions in regular expression maps. </p> 5583 5584<p> This feature is available in Postfix 2.3 and later. </p> 5585 5586 5587</DD> 5588 5589<DT><b><a name="mailq_path">mailq_path</a> 5590(default: see "postconf -d" output)</b></DT><DD> 5591 5592<p> 5593Sendmail compatibility feature that specifies where the Postfix 5594<a href="mailq.1.html">mailq(1)</a> command is installed. This command can be used to 5595list the Postfix mail queue. 5596</p> 5597 5598 5599</DD> 5600 5601<DT><b><a name="manpage_directory">manpage_directory</a> 5602(default: see "postconf -d" output)</b></DT><DD> 5603 5604<p> 5605Where the Postfix manual pages are installed. 5606</p> 5607 5608 5609</DD> 5610 5611<DT><b><a name="maps_rbl_domains">maps_rbl_domains</a> 5612(default: empty)</b></DT><DD> 5613 5614<p> 5615Obsolete feature: use the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> feature instead. 5616</p> 5617 5618 5619</DD> 5620 5621<DT><b><a name="maps_rbl_reject_code">maps_rbl_reject_code</a> 5622(default: 554)</b></DT><DD> 5623 5624<p> 5625The numerical Postfix SMTP server response code when a remote SMTP 5626client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>, 5627<a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>, <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or 5628<a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction. 5629</p> 5630 5631<p> 5632Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. 5633</p> 5634 5635 5636</DD> 5637 5638<DT><b><a name="masquerade_classes">masquerade_classes</a> 5639(default: envelope_sender, header_sender, header_recipient)</b></DT><DD> 5640 5641<p> 5642What addresses are subject to address masquerading. 5643</p> 5644 5645<p> 5646By default, address masquerading is limited to envelope sender 5647addresses, and to header sender and header recipient addresses. 5648This allows you to use address masquerading on a mail gateway while 5649still being able to forward mail to users on individual machines. 5650</p> 5651 5652<p> 5653Specify zero or more of: envelope_sender, envelope_recipient, 5654header_sender, header_recipient 5655</p> 5656 5657 5658</DD> 5659 5660<DT><b><a name="masquerade_domains">masquerade_domains</a> 5661(default: empty)</b></DT><DD> 5662 5663<p> 5664Optional list of domains whose subdomain structure will be stripped 5665off in email addresses. 5666</p> 5667 5668<p> 5669The list is processed left to right, and processing stops at the 5670first match. Thus, 5671</p> 5672 5673<blockquote> 5674<pre> 5675<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = foo.example.com example.com 5676</pre> 5677</blockquote> 5678 5679<p> 5680strips "user@any.thing.foo.example.com" to "user@foo.example.com", 5681but strips "user@any.thing.else.example.com" to "user@example.com". 5682</p> 5683 5684<p> 5685A domain name prefixed with ! means do not masquerade this domain 5686or its subdomains. Thus, 5687</p> 5688 5689<blockquote> 5690<pre> 5691<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = !foo.example.com example.com 5692</pre> 5693</blockquote> 5694 5695<p> 5696does not change "user@any.thing.foo.example.com" or "user@foo.example.com", 5697but strips "user@any.thing.else.example.com" to "user@example.com". 5698</p> 5699 5700<p> Note: with Postfix version 2.2, message header address masquerading 5701happens only when message header address rewriting is enabled: </p> 5702 5703<ul> 5704 5705<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 5706 5707<li> The message is received from a network client that matches 5708$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 5709 5710<li> The message is received from the network, and the 5711<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 5712 5713</ul> 5714 5715<p> To get the behavior before Postfix version 2.2, specify 5716"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 5717 5718<p> 5719Example: 5720</p> 5721 5722<pre> 5723<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = $<a href="postconf.5.html#mydomain">mydomain</a> 5724</pre> 5725 5726 5727</DD> 5728 5729<DT><b><a name="masquerade_exceptions">masquerade_exceptions</a> 5730(default: empty)</b></DT><DD> 5731 5732<p> 5733Optional list of user names that are not subjected to address 5734masquerading, even when their address matches $<a href="postconf.5.html#masquerade_domains">masquerade_domains</a>. 5735</p> 5736 5737<p> 5738By default, address masquerading makes no exceptions. 5739</p> 5740 5741<p> 5742Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns, 5743separated by commas and/or whitespace. The list is matched left to 5744right, and the search stops on the first match. A "/file/name" 5745pattern is replaced 5746by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name 5747matches a lookup key (the lookup result is ignored). Continue long 5748lines by starting the next line with whitespace. Specify "!pattern" 5749to exclude a name from the list. The form "!/file/name" is supported 5750only in Postfix version 2.4 and later. </p> 5751 5752<p> 5753Examples: 5754</p> 5755 5756<pre> 5757<a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> = root, mailer-daemon 5758<a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> = root 5759</pre> 5760 5761 5762</DD> 5763 5764<DT><b><a name="master_service_disable">master_service_disable</a> 5765(default: empty)</b></DT><DD> 5766 5767<p> Selectively disable <a href="master.8.html">master(8)</a> listener ports by service type 5768or by service name and type. Specify a list of service types 5769("inet", "unix", "fifo", or "pass") or "name.type" tuples, where 5770"name" is the first field of a <a href="master.5.html">master.cf</a> entry and "type" is a 5771service type. As with other Postfix matchlists, a search stops at 5772the first match. Specify "!pattern" to exclude a service from the 5773list. By default, all <a href="master.8.html">master(8)</a> listener ports are enabled. </p> 5774 5775<p> Note: this feature does not support "/file/name" or "<a href="DATABASE_README.html">type:table</a>" 5776patterns, nor does it support wildcards such as "*" or "all". This 5777is intentional. </p> 5778 5779<p> Examples: </p> 5780 5781<pre> 5782# Turn on all <a href="master.8.html">master(8)</a> listener ports (the default). 5783<a href="postconf.5.html#master_service_disable">master_service_disable</a> = 5784# Turn off only the main SMTP listener port. 5785<a href="postconf.5.html#master_service_disable">master_service_disable</a> = smtp.inet 5786# Turn off all TCP/IP listener ports. 5787<a href="postconf.5.html#master_service_disable">master_service_disable</a> = inet 5788# Turn off all TCP/IP listener ports except "foo". 5789<a href="postconf.5.html#master_service_disable">master_service_disable</a> = !foo.inet, inet 5790</pre> 5791 5792<p> This feature is available in Postfix 2.6 and later. </p> 5793 5794 5795</DD> 5796 5797<DT><b><a name="max_idle">max_idle</a> 5798(default: 100s)</b></DT><DD> 5799 5800<p> 5801The maximum amount of time that an idle Postfix daemon process waits 5802for an incoming connection before terminating voluntarily. This 5803parameter 5804is ignored by the Postfix queue manager and by other long-lived 5805Postfix daemon processes. 5806</p> 5807 5808<p> 5809Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 5810The default time unit is s (seconds). 5811</p> 5812 5813 5814</DD> 5815 5816<DT><b><a name="max_use">max_use</a> 5817(default: 100)</b></DT><DD> 5818 5819<p> 5820The maximal number of incoming connections that a Postfix daemon 5821process will service before terminating voluntarily. This parameter 5822is ignored by the Postfix queue 5823manager and by other long-lived Postfix daemon processes. 5824</p> 5825 5826 5827</DD> 5828 5829<DT><b><a name="maximal_backoff_time">maximal_backoff_time</a> 5830(default: 4000s)</b></DT><DD> 5831 5832<p> 5833The maximal time between attempts to deliver a deferred message. 5834</p> 5835 5836<p> This parameter should be set to a value greater than or equal 5837to $<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a>. See also $<a href="postconf.5.html#queue_run_delay">queue_run_delay</a>. </p> 5838 5839<p> 5840Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 5841The default time unit is s (seconds). 5842</p> 5843 5844 5845</DD> 5846 5847<DT><b><a name="maximal_queue_lifetime">maximal_queue_lifetime</a> 5848(default: 5d)</b></DT><DD> 5849 5850<p> 5851The maximal time a message is queued before it is sent back as 5852undeliverable. 5853</p> 5854 5855<p> 5856Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 5857The default time unit is d (days). 5858</p> 5859 5860<p> 5861Specify 0 when mail delivery should be tried only once. 5862</p> 5863 5864 5865</DD> 5866 5867<DT><b><a name="message_reject_characters">message_reject_characters</a> 5868(default: empty)</b></DT><DD> 5869 5870<p> The set of characters that Postfix will reject in message 5871content. The usual C-like escape sequences are recognized: <tt>\a 5872\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and 5873<tt>\\</tt>. </p> 5874 5875<p> Note 1: this feature does not recognize text that requires MIME 5876decoding. It inspects raw message content, just like <a href="postconf.5.html#header_checks">header_checks</a> 5877and <a href="postconf.5.html#body_checks">body_checks</a>. </p> 5878 5879<p> Note 2: this feature is disabled with "<a href="postconf.5.html#receive_override_options">receive_override_options</a> 5880= <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>". </p> 5881 5882<p> Example: </p> 5883 5884<pre> 5885<a href="postconf.5.html#message_reject_characters">message_reject_characters</a> = \0 5886</pre> 5887 5888<p> This feature is available in Postfix 2.3 and later. </p> 5889 5890 5891</DD> 5892 5893<DT><b><a name="message_size_limit">message_size_limit</a> 5894(default: 10240000)</b></DT><DD> 5895 5896<p> 5897The maximal size in bytes of a message, including envelope information. 5898</p> 5899 5900<p> Note: be careful when making changes. Excessively small values 5901will result in the loss of non-delivery notifications, when a bounce 5902message size exceeds the local or remote MTA's message size limit. 5903</p> 5904 5905 5906</DD> 5907 5908<DT><b><a name="message_strip_characters">message_strip_characters</a> 5909(default: empty)</b></DT><DD> 5910 5911<p> The set of characters that Postfix will remove from message 5912content. The usual C-like escape sequences are recognized: <tt>\a 5913\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and 5914<tt>\\</tt>. </p> 5915 5916<p> Note 1: this feature does not recognize text that requires MIME 5917decoding. It inspects raw message content, just like <a href="postconf.5.html#header_checks">header_checks</a> 5918and <a href="postconf.5.html#body_checks">body_checks</a>. </p> 5919 5920<p> Note 2: this feature is disabled with "<a href="postconf.5.html#receive_override_options">receive_override_options</a> 5921= <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>". </p> 5922 5923<p> Example: </p> 5924 5925<pre> 5926<a href="postconf.5.html#message_strip_characters">message_strip_characters</a> = \0 5927</pre> 5928 5929<p> This feature is available in Postfix 2.3 and later. </p> 5930 5931 5932</DD> 5933 5934<DT><b><a name="milter_command_timeout">milter_command_timeout</a> 5935(default: 30s)</b></DT><DD> 5936 5937<p> The time limit for sending an SMTP command to a Milter (mail 5938filter) application, and for receiving the response. </p> 5939 5940<p> Specify a non-zero time value (an integral value plus an optional 5941one-letter suffix that specifies the time unit). </p> 5942 5943<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 5944(weeks). The default time unit is s (seconds). </p> 5945 5946<p> This feature is available in Postfix 2.3 and later. </p> 5947 5948 5949</DD> 5950 5951<DT><b><a name="milter_connect_macros">milter_connect_macros</a> 5952(default: see "postconf -d" output)</b></DT><DD> 5953 5954<p> The macros that are sent to Milter (mail filter) applications 5955after completion of an SMTP connection. See <a href="MILTER_README.html">MILTER_README</a> 5956for a list of available macro names and their meanings. </p> 5957 5958<p> This feature is available in Postfix 2.3 and later. </p> 5959 5960 5961</DD> 5962 5963<DT><b><a name="milter_connect_timeout">milter_connect_timeout</a> 5964(default: 30s)</b></DT><DD> 5965 5966<p> The time limit for connecting to a Milter (mail filter) 5967application, and for negotiating protocol options. </p> 5968 5969<p> Specify a non-zero time value (an integral value plus an optional 5970one-letter suffix that specifies the time unit). </p> 5971 5972<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 5973(weeks). The default time unit is s (seconds). </p> 5974 5975<p> This feature is available in Postfix 2.3 and later. </p> 5976 5977 5978</DD> 5979 5980<DT><b><a name="milter_content_timeout">milter_content_timeout</a> 5981(default: 300s)</b></DT><DD> 5982 5983<p> The time limit for sending message content to a Milter (mail 5984filter) application, and for receiving the response. </p> 5985 5986<p> Specify a non-zero time value (an integral value plus an optional 5987one-letter suffix that specifies the time unit). </p> 5988 5989<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 5990(weeks). The default time unit is s (seconds). </p> 5991 5992<p> This feature is available in Postfix 2.3 and later. </p> 5993 5994 5995</DD> 5996 5997<DT><b><a name="milter_data_macros">milter_data_macros</a> 5998(default: see "postconf -d" output)</b></DT><DD> 5999 6000<p> The macros that are sent to version 4 or higher Milter (mail 6001filter) applications after the SMTP DATA command. See <a href="MILTER_README.html">MILTER_README</a> 6002for a list of available macro names and their meanings. </p> 6003 6004<p> This feature is available in Postfix 2.3 and later. </p> 6005 6006 6007</DD> 6008 6009<DT><b><a name="milter_default_action">milter_default_action</a> 6010(default: tempfail)</b></DT><DD> 6011 6012<p> The default action when a Milter (mail filter) application is 6013unavailable or mis-configured. Specify one of the following: </p> 6014 6015<dl compact> 6016 6017<dt>accept</dt> <dd>Proceed as if the mail filter was not present. 6018</dd> 6019 6020<dt>reject</dt> <dd>Reject all further commands in this session 6021with a permanent status code.</dd> 6022 6023<dt>tempfail</dt> <dd>Reject all further commands in this session 6024with a temporary status code. </dd> 6025 6026<dt>quarantine</dt> <dd>Like "accept", but freeze the message in 6027the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a>. Available with Postfix 2.6 and later. </dd> 6028 6029</dl> 6030 6031<p> This feature is available in Postfix 2.3 and later. </p> 6032 6033 6034</DD> 6035 6036<DT><b><a name="milter_end_of_data_macros">milter_end_of_data_macros</a> 6037(default: see "postconf -d" output)</b></DT><DD> 6038 6039<p> The macros that are sent to Milter (mail filter) applications 6040after the message end-of-data. See <a href="MILTER_README.html">MILTER_README</a> for a list of 6041available macro names and their meanings. </p> 6042 6043<p> This feature is available in Postfix 2.3 and later. </p> 6044 6045 6046</DD> 6047 6048<DT><b><a name="milter_end_of_header_macros">milter_end_of_header_macros</a> 6049(default: see "postconf -d" output)</b></DT><DD> 6050 6051<p> The macros that are sent to Milter (mail filter) applications 6052after the end of the message header. See <a href="MILTER_README.html">MILTER_README</a> for a list 6053of available macro names and their meanings. </p> 6054 6055<p> This feature is available in Postfix 2.5 and later. </p> 6056 6057 6058</DD> 6059 6060<DT><b><a name="milter_header_checks">milter_header_checks</a> 6061(default: empty)</b></DT><DD> 6062 6063<p> Optional lookup tables for content inspection of message headers 6064that are produced by Milter applications. See the <a href="header_checks.5.html">header_checks(5)</a> 6065manual page available actions. Currently, PREPEND is not implemented. 6066</p> 6067 6068<p> The following example sends all mail that is marked as SPAM to 6069a spam handling machine. Note that matches are case-insensitive 6070by default. </p> 6071 6072<pre> 6073/etc/postfix/<a href="postconf.5.html">main.cf</a>: 6074 <a href="postconf.5.html#milter_header_checks">milter_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/<a href="postconf.5.html#milter_header_checks">milter_header_checks</a> 6075</pre> 6076 6077<pre> 6078/etc/postfix/<a href="postconf.5.html#milter_header_checks">milter_header_checks</a>: 6079 /^X-SPAM-FLAG:\s+YES/ FILTER mysmtp:sanitizer.example.com:25 6080</pre> 6081 6082<p> The <a href="postconf.5.html#milter_header_checks">milter_header_checks</a> mechanism could also be used for 6083whitelisting. For example it could be used to skip heavy content 6084inspection for DKIM-signed mail from known friendly domains. </p> 6085 6086<p> This feature is available in Postfix 2.7, and as an optional 6087patch for Postfix 2.6. </p> 6088 6089 6090</DD> 6091 6092<DT><b><a name="milter_helo_macros">milter_helo_macros</a> 6093(default: see "postconf -d" output)</b></DT><DD> 6094 6095<p> The macros that are sent to Milter (mail filter) applications 6096after the SMTP HELO or EHLO command. See 6097<a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their meanings. 6098</p> 6099 6100<p> This feature is available in Postfix 2.3 and later. </p> 6101 6102 6103</DD> 6104 6105<DT><b><a name="milter_macro_daemon_name">milter_macro_daemon_name</a> 6106(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 6107 6108<p> The {daemon_name} macro value for Milter (mail filter) applications. 6109See <a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their 6110meanings. </p> 6111 6112<p> This feature is available in Postfix 2.3 and later. </p> 6113 6114 6115</DD> 6116 6117<DT><b><a name="milter_macro_v">milter_macro_v</a> 6118(default: $<a href="postconf.5.html#mail_name">mail_name</a> $<a href="postconf.5.html#mail_version">mail_version</a>)</b></DT><DD> 6119 6120<p> The {v} macro value for Milter (mail filter) applications. 6121See <a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their 6122meanings. </p> 6123 6124<p> This feature is available in Postfix 2.3 and later. </p> 6125 6126 6127</DD> 6128 6129<DT><b><a name="milter_mail_macros">milter_mail_macros</a> 6130(default: see "postconf -d" output)</b></DT><DD> 6131 6132<p> The macros that are sent to Milter (mail filter) applications 6133after the SMTP MAIL FROM command. See <a href="MILTER_README.html">MILTER_README</a> 6134for a list of available macro names and their meanings. </p> 6135 6136<p> This feature is available in Postfix 2.3 and later. </p> 6137 6138 6139</DD> 6140 6141<DT><b><a name="milter_protocol">milter_protocol</a> 6142(default: 6)</b></DT><DD> 6143 6144<p> The mail filter protocol version and optional protocol extensions 6145for communication with a Milter application; prior to Postfix 2.6 6146the default protocol is 2. Postfix 6147sends this version number during the initial protocol handshake. 6148It should match the version number that is expected by the mail 6149filter application (or by its Milter library). </p> 6150 6151<p>Protocol versions: </p> 6152 6153<dl compact> 6154 6155<dt>2</dt> <dd>Use Sendmail 8 mail filter protocol version 2 (default 6156with Sendmail version 8.11 .. 8.13 and Postfix version 2.3 .. 61572.5).</dd> 6158 6159<dt>3</dt> <dd>Use Sendmail 8 mail filter protocol version 3.</dd> 6160 6161<dt>4</dt> <dd>Use Sendmail 8 mail filter protocol version 4.</dd> 6162 6163<dt>6</dt> <dd>Use Sendmail 8 mail filter protocol version 6 (default 6164with Sendmail version 8.14 and Postfix version 2.6).</dd> 6165 6166</dl> 6167 6168<p>Protocol extensions: </p> 6169 6170<dl compact> 6171 6172<dt>no_header_reply</dt> <dd> Specify this when the Milter application 6173will not reply for each individual message header.</dd> 6174 6175</dl> 6176 6177<p> This feature is available in Postfix 2.3 and later. </p> 6178 6179 6180</DD> 6181 6182<DT><b><a name="milter_rcpt_macros">milter_rcpt_macros</a> 6183(default: see "postconf -d" output)</b></DT><DD> 6184 6185<p> The macros that are sent to Milter (mail filter) applications 6186after the SMTP RCPT TO command. See <a href="MILTER_README.html">MILTER_README</a> 6187for a list of available macro names and their meanings. </p> 6188 6189<p> This feature is available in Postfix 2.3 and later. </p> 6190 6191 6192</DD> 6193 6194<DT><b><a name="milter_unknown_command_macros">milter_unknown_command_macros</a> 6195(default: see "postconf -d" output)</b></DT><DD> 6196 6197<p> The macros that are sent to version 3 or higher Milter (mail 6198filter) applications after an unknown SMTP command. See <a href="MILTER_README.html">MILTER_README</a> 6199for a list of available macro names and their meanings. </p> 6200 6201<p> This feature is available in Postfix 2.3 and later. </p> 6202 6203 6204</DD> 6205 6206<DT><b><a name="mime_boundary_length_limit">mime_boundary_length_limit</a> 6207(default: 2048)</b></DT><DD> 6208 6209<p> 6210The maximal length of MIME multipart boundary strings. The MIME 6211processor is unable to distinguish between boundary strings that 6212do not differ in the first $<a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> characters. 6213</p> 6214 6215<p> 6216This feature is available in Postfix 2.0 and later. 6217</p> 6218 6219 6220</DD> 6221 6222<DT><b><a name="mime_header_checks">mime_header_checks</a> 6223(default: $<a href="postconf.5.html#header_checks">header_checks</a>)</b></DT><DD> 6224 6225<p> 6226Optional lookup tables for content inspection of MIME related 6227message headers, as described in the <a href="header_checks.5.html">header_checks(5)</a> manual page. 6228</p> 6229 6230<p> 6231This feature is available in Postfix 2.0 and later. 6232</p> 6233 6234 6235</DD> 6236 6237<DT><b><a name="mime_nesting_limit">mime_nesting_limit</a> 6238(default: 100)</b></DT><DD> 6239 6240<p> 6241The maximal recursion level that the MIME processor will handle. 6242Postfix refuses mail that is nested deeper than the specified limit. 6243</p> 6244 6245<p> 6246This feature is available in Postfix 2.0 and later. 6247</p> 6248 6249 6250</DD> 6251 6252<DT><b><a name="minimal_backoff_time">minimal_backoff_time</a> 6253(default: 300s)</b></DT><DD> 6254 6255<p> 6256The minimal time between attempts to deliver a deferred message; 6257prior to Postfix 2.4 the default value was 1000s. 6258</p> 6259 6260<p> 6261This parameter also limits the time an unreachable destination is 6262kept in the short-term, in-memory, destination status cache. 6263</p> 6264 6265<p> This parameter should be set greater than or equal to 6266$<a href="postconf.5.html#queue_run_delay">queue_run_delay</a>. See also $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>. </p> 6267 6268<p> 6269Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6270The default time unit is s (seconds). 6271</p> 6272 6273 6274</DD> 6275 6276<DT><b><a name="multi_instance_directories">multi_instance_directories</a> 6277(default: empty)</b></DT><DD> 6278 6279<p> An optional list of non-default Postfix configuration directories; 6280these directories belong to additional Postfix instances that share 6281the Postfix executable files and documentation with the default 6282Postfix instance, and that are started, stopped, etc., together 6283with the default Postfix instance. Specify a list of pathnames 6284separated by comma or whitespace. </p> 6285 6286<p> When $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> is empty, the <a href="postfix.1.html">postfix(1)</a> command 6287runs in single-instance mode and operates on a single Postfix 6288instance only. Otherwise, the <a href="postfix.1.html">postfix(1)</a> command runs in multi-instance 6289mode and invokes the multi-instance manager specified with the 6290<a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> parameter. The multi-instance manager in 6291turn executes <a href="postfix.1.html">postfix(1)</a> commands for the default instance and for 6292all Postfix instances in $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>. </p> 6293 6294<p> Currently, this parameter setting is ignored except for the 6295default <a href="postconf.5.html">main.cf</a> file. </p> 6296 6297<p> This feature is available in Postfix 2.6 and later. </p> 6298 6299 6300</DD> 6301 6302<DT><b><a name="multi_instance_enable">multi_instance_enable</a> 6303(default: no)</b></DT><DD> 6304 6305<p> Allow this Postfix instance to be started, stopped, etc., by a 6306multi-instance manager. By default, new instances are created in 6307a safe state that prevents them from being started inadvertently. 6308This parameter is reserved for the multi-instance manager. </p> 6309 6310<p> This feature is available in Postfix 2.6 and later. </p> 6311 6312 6313</DD> 6314 6315<DT><b><a name="multi_instance_group">multi_instance_group</a> 6316(default: empty)</b></DT><DD> 6317 6318<p> The optional instance group name of this Postfix instance. A 6319group identifies closely-related Postfix instances that the 6320multi-instance manager can start, stop, etc., as a unit. This 6321parameter is reserved for the multi-instance manager. </p> 6322 6323<p> This feature is available in Postfix 2.6 and later. </p> 6324 6325 6326</DD> 6327 6328<DT><b><a name="multi_instance_name">multi_instance_name</a> 6329(default: empty)</b></DT><DD> 6330 6331<p> The optional instance name of this Postfix instance. This name 6332becomes also the default value for the <a href="postconf.5.html#syslog_name">syslog_name</a> parameter. </p> 6333 6334<p> This feature is available in Postfix 2.6 and later. </p> 6335 6336 6337</DD> 6338 6339<DT><b><a name="multi_instance_wrapper">multi_instance_wrapper</a> 6340(default: empty)</b></DT><DD> 6341 6342<p> The pathname of a multi-instance manager command that the 6343<a href="postfix.1.html">postfix(1)</a> command invokes when the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> 6344parameter value is non-empty. The pathname may be followed by 6345initial command arguments separated by whitespace; shell 6346metacharacters such as quotes are not supported in this context. 6347</p> 6348 6349<p> The <a href="postfix.1.html">postfix(1)</a> command invokes the manager command with the 6350<a href="postfix.1.html">postfix(1)</a> non-option command arguments on the manager command line, 6351and with all installation configuration parameters exported into 6352the manager command process environment. The manager command in 6353turn invokes the <a href="postfix.1.html">postfix(1)</a> command for individual Postfix instances 6354as "postfix -c <i><a href="postconf.5.html#config_directory">config_directory</a></i> <i>command</i>". </p> 6355 6356<p> This feature is available in Postfix 2.6 and later. </p> 6357 6358 6359</DD> 6360 6361<DT><b><a name="multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> 6362(default: 550)</b></DT><DD> 6363 6364<p> 6365The numerical Postfix SMTP server response code when a remote SMTP 6366client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> 6367restriction. 6368</p> 6369 6370<p> 6371Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. 6372</p> 6373 6374<p> 6375This feature is available in Postfix 2.1 and later. 6376</p> 6377 6378 6379</DD> 6380 6381<DT><b><a name="mydestination">mydestination</a> 6382(default: $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b></DT><DD> 6383 6384<p> The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a> 6385mail delivery transport. By default this is the Postfix <a href="local.8.html">local(8)</a> 6386delivery agent which looks up all recipients in /etc/passwd and 6387/etc/aliases. The SMTP server validates recipient addresses with 6388$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> and rejects non-existent recipients. See also 6389the <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. 6390</p> 6391 6392<p> 6393The default <a href="postconf.5.html#mydestination">mydestination</a> value specifies names for the local 6394machine only. On a mail domain gateway, you should also include 6395$<a href="postconf.5.html#mydomain">mydomain</a>. 6396</p> 6397 6398<p> 6399The $<a href="postconf.5.html#local_transport">local_transport</a> delivery method is also selected for mail 6400addressed to user@[the.net.work.address] of the mail system (the 6401IP addresses specified with the <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> and <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> 6402parameters). 6403</p> 6404 6405<p> 6406Warnings: 6407</p> 6408 6409<ul> 6410 6411<li><p>Do not specify the names of virtual domains - those domains 6412are specified elsewhere. See <a href="VIRTUAL_README.html">VIRTUAL_README</a> for more information. </p> 6413 6414<li><p>Do not specify the names of domains that this machine is 6415backup MX host for. See <a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> for how to 6416set up backup MX hosts. </p> 6417 6418<li><p>By default, the Postfix SMTP server rejects mail for recipients 6419not listed with the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> parameter. See the 6420<a href="postconf.5.html">postconf(5)</a> manual for a description of the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> 6421and <a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> parameters. </p> 6422 6423</ul> 6424 6425<p> 6426Specify a list of host or domain names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" 6427patterns, separated by commas and/or whitespace. A "/file/name" 6428pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 6429is matched when a name matches a lookup key (the lookup result is 6430ignored). Continue long lines by starting the next line with 6431whitespace. </p> 6432 6433<p> 6434Examples: 6435</p> 6436 6437<pre> 6438<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a> $<a href="postconf.5.html#mydomain">mydomain</a> 6439<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a> www.$<a href="postconf.5.html#mydomain">mydomain</a>, ftp.$<a href="postconf.5.html#mydomain">mydomain</a> 6440</pre> 6441 6442 6443</DD> 6444 6445<DT><b><a name="mydomain">mydomain</a> 6446(default: see "postconf -d" output)</b></DT><DD> 6447 6448<p> 6449The internet domain name of this mail system. The default is to 6450use $<a href="postconf.5.html#myhostname">myhostname</a> minus the first component, or "localdomain" (Postfix 64512.3 and later). $<a href="postconf.5.html#mydomain">mydomain</a> is used as 6452a default value for many other configuration parameters. 6453</p> 6454 6455<p> 6456Example: 6457</p> 6458 6459<pre> 6460<a href="postconf.5.html#mydomain">mydomain</a> = domain.tld 6461</pre> 6462 6463 6464</DD> 6465 6466<DT><b><a name="myhostname">myhostname</a> 6467(default: see "postconf -d" output)</b></DT><DD> 6468 6469<p> 6470The internet hostname of this mail system. The default is to use 6471the fully-qualified domain name (FQDN) from gethostname(), or to 6472use the non-FQDN result from gethostname() and append ".$<a href="postconf.5.html#mydomain">mydomain</a>". 6473$<a href="postconf.5.html#myhostname">myhostname</a> is used as a default value for many other configuration 6474parameters. </p> 6475 6476<p> 6477Example: 6478</p> 6479 6480<pre> 6481<a href="postconf.5.html#myhostname">myhostname</a> = host.example.com 6482</pre> 6483 6484 6485</DD> 6486 6487<DT><b><a name="mynetworks">mynetworks</a> 6488(default: see "postconf -d" output)</b></DT><DD> 6489 6490<p> 6491The list of "trusted" remote SMTP clients that have more privileges than 6492"strangers". 6493</p> 6494 6495<p> 6496In particular, "trusted" SMTP clients are allowed to relay mail 6497through Postfix. See the <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameter 6498description in the <a href="postconf.5.html">postconf(5)</a> manual. 6499</p> 6500 6501<p> 6502You can specify the list of "trusted" network addresses by hand 6503or you can let Postfix do it for you (which is the default). 6504See the description of the <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> parameter for more 6505information. 6506</p> 6507 6508<p> 6509If you specify the <a href="postconf.5.html#mynetworks">mynetworks</a> list by hand, 6510Postfix ignores the <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> setting. 6511</p> 6512 6513<p> Specify a list of network addresses or network/netmask patterns, 6514separated by commas and/or whitespace. Continue long lines by 6515starting the next line with whitespace. </p> 6516 6517<p> The netmask specifies the number of bits in the network part 6518of a host address. You can also specify "/file/name" or "<a href="DATABASE_README.html">type:table</a>" 6519patterns. A "/file/name" pattern is replaced by its contents; a 6520"<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a table entry matches a 6521lookup string (the lookup result is ignored). </p> 6522 6523<p> The list is matched left to right, and the search stops on the 6524first match. Specify "!pattern" to exclude an address or network 6525block from the list. The form "!/file/name" is supported only 6526in Postfix version 2.4 and later. </p> 6527 6528<p> Note: IP version 6 address information must be specified inside 6529<tt>[]</tt> in the <a href="postconf.5.html#mynetworks">mynetworks</a> value, and in files specified with 6530"/file/name". IP version 6 addresses contain the ":" character, 6531and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" pattern. </p> 6532 6533<p> Examples: </p> 6534 6535<pre> 6536<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 6537<a href="postconf.5.html#mynetworks">mynetworks</a> = !192.168.0.1, 192.168.0.0/28 6538<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64 6539<a href="postconf.5.html#mynetworks">mynetworks</a> = $<a href="postconf.5.html#config_directory">config_directory</a>/mynetworks 6540<a href="postconf.5.html#mynetworks">mynetworks</a> = hash:/etc/postfix/network_table 6541</pre> 6542 6543 6544</DD> 6545 6546<DT><b><a name="mynetworks_style">mynetworks_style</a> 6547(default: subnet)</b></DT><DD> 6548 6549<p> 6550The method to generate the default value for the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter. 6551This is the list of trusted networks for relay access control etc. 6552</p> 6553 6554<ul> 6555 6556<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host" when Postfix should 6557"trust" only the local machine. </p> 6558 6559<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" when Postfix 6560should "trust" remote SMTP clients in the same IP subnetworks as the local 6561machine. On Linux, this works correctly only with interfaces 6562specified with the "ifconfig" command. </p> 6563 6564<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" when Postfix should 6565"trust" remote SMTP clients in the same IP class A/B/C networks as the 6566local machine. Don't do this with a dialup site - it would cause 6567Postfix to "trust" your entire provider's network. Instead, specify 6568an explicit <a href="postconf.5.html#mynetworks">mynetworks</a> list by hand, as described with the <a href="postconf.5.html#mynetworks">mynetworks</a> 6569configuration parameter. </p> 6570 6571</ul> 6572 6573 6574</DD> 6575 6576<DT><b><a name="myorigin">myorigin</a> 6577(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 6578 6579<p> 6580The domain name that locally-posted mail appears to come 6581from, and that locally posted mail is delivered to. The default, 6582$<a href="postconf.5.html#myhostname">myhostname</a>, is adequate for small sites. If you run a domain with 6583multiple machines, you should (1) change this to $<a href="postconf.5.html#mydomain">mydomain</a> and (2) 6584set up a domain-wide alias database that aliases each user to 6585user@that.users.mailhost. 6586</p> 6587 6588<p> 6589Example: 6590</p> 6591 6592<pre> 6593<a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a> 6594</pre> 6595 6596 6597</DD> 6598 6599<DT><b><a name="nested_header_checks">nested_header_checks</a> 6600(default: $<a href="postconf.5.html#header_checks">header_checks</a>)</b></DT><DD> 6601 6602<p> 6603Optional lookup tables for content inspection of non-MIME message 6604headers in attached messages, as described in the <a href="header_checks.5.html">header_checks(5)</a> 6605manual page. 6606</p> 6607 6608<p> 6609This feature is available in Postfix 2.0 and later. 6610</p> 6611 6612 6613</DD> 6614 6615<DT><b><a name="newaliases_path">newaliases_path</a> 6616(default: see "postconf -d" output)</b></DT><DD> 6617 6618<p> 6619Sendmail compatibility feature that specifies the location of the 6620<a href="newaliases.1.html">newaliases(1)</a> command. This command can be used to rebuild the 6621<a href="local.8.html">local(8)</a> <a href="aliases.5.html">aliases(5)</a> database. 6622</p> 6623 6624 6625</DD> 6626 6627<DT><b><a name="non_fqdn_reject_code">non_fqdn_reject_code</a> 6628(default: 504)</b></DT><DD> 6629 6630<p> 6631The numerical Postfix SMTP server reply code when a client request 6632is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>, <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> 6633or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction. 6634</p> 6635 6636 6637</DD> 6638 6639<DT><b><a name="non_smtpd_milters">non_smtpd_milters</a> 6640(default: empty)</b></DT><DD> 6641 6642<p> A list of Milter (mail filter) applications for new mail that 6643does not arrive via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server. This includes local 6644submission via the <a href="sendmail.1.html">sendmail(1)</a> command line, new mail that arrives 6645via the Postfix <a href="qmqpd.8.html">qmqpd(8)</a> server, and old mail that is re-injected 6646into the queue with "postsuper -r". Specify space or comma as 6647separator. See the <a href="MILTER_README.html">MILTER_README</a> document for details. </p> 6648 6649<p> This feature is available in Postfix 2.3 and later. </p> 6650 6651 6652</DD> 6653 6654<DT><b><a name="notify_classes">notify_classes</a> 6655(default: resource, software)</b></DT><DD> 6656 6657<p> 6658The list of error classes that are reported to the postmaster. The 6659default is to report only the most serious problems. The paranoid 6660may wish to turn on the policy (UCE and mail relaying) and protocol 6661error (broken mail software) reports. 6662</p> 6663 6664<p> NOTE: postmaster notifications may contain confidential information 6665such as SASL passwords or message content. It is the system 6666administrator's responsibility to treat such information with care. 6667</p> 6668 6669<p> 6670The error classes are: 6671</p> 6672 6673<dl> 6674 6675<dt><b>bounce</b> (also implies <b>2bounce</b>)</dt> 6676 6677<dd>Send the postmaster copies of the headers of bounced mail, and 6678send transcripts of SMTP sessions when Postfix rejects mail. The 6679notification is sent to the address specified with the 6680<a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> configuration parameter (default: postmaster). 6681</dd> 6682 6683<dt><b>2bounce</b></dt> 6684 6685<dd>Send undeliverable bounced mail to the postmaster. The notification 6686is sent to the address specified with the <a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> 6687configuration parameter (default: postmaster). </dd> 6688 6689<dt><b>data</b></dt> 6690 6691<dd>Send the postmaster a transcript of the SMTP session with an 6692error because a critical data file was unavailable. The notification 6693is sent to the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> 6694configuration parameter (default: postmaster). <br> This feature 6695is available in Postfix 2.9 and later. </dd> 6696 6697<dt><b>delay</b></dt> 6698 6699<dd>Send the postmaster copies of the headers of delayed mail. The 6700notification is sent to the address specified with the 6701<a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> configuration parameter (default: postmaster). 6702</dd> 6703 6704<dt><b>policy</b></dt> 6705 6706<dd>Send the postmaster a transcript of the SMTP session when a 6707client request was rejected because of (UCE) policy. The notification 6708is sent to the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> 6709configuration parameter (default: postmaster). </dd> 6710 6711<dt><b>protocol</b></dt> 6712 6713<dd>Send the postmaster a transcript of the SMTP session in case 6714of client or server protocol errors. The notification is sent to 6715the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration 6716parameter (default: postmaster). </dd> 6717 6718<dt><b>resource</b></dt> 6719 6720<dd>Inform the postmaster of mail not delivered due to resource 6721problems. The notification is sent to the address specified with 6722the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration parameter (default: 6723postmaster). </dd> 6724 6725<dt><b>software</b></dt> 6726 6727<dd>Inform the postmaster of mail not delivered due to software 6728problems. The notification is sent to the address specified with 6729the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration parameter (default: 6730postmaster). </dd> 6731 6732</dl> 6733 6734<p> 6735Examples: 6736</p> 6737 6738<pre> 6739<a href="postconf.5.html#notify_classes">notify_classes</a> = bounce, delay, policy, protocol, resource, software 6740<a href="postconf.5.html#notify_classes">notify_classes</a> = 2bounce, resource, software 6741</pre> 6742 6743 6744</DD> 6745 6746<DT><b><a name="owner_request_special">owner_request_special</a> 6747(default: yes)</b></DT><DD> 6748 6749<p> 6750Give special treatment to owner-listname and listname-request 6751address localparts: don't split such addresses when the 6752<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is set to "-". This feature is useful for 6753mailing lists. 6754</p> 6755 6756 6757</DD> 6758 6759<DT><b><a name="parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> 6760(default: see "postconf -d" output)</b></DT><DD> 6761 6762<p> 6763What Postfix features match subdomains of "domain.tld" automatically, 6764instead of requiring an explicit ".domain.tld" pattern. This is 6765planned backwards compatibility: eventually, all Postfix features 6766are expected to require explicit ".domain.tld" style patterns when 6767you really want to match subdomains. 6768</p> 6769 6770 6771</DD> 6772 6773<DT><b><a name="permit_mx_backup_networks">permit_mx_backup_networks</a> 6774(default: empty)</b></DT><DD> 6775 6776<p> 6777Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to 6778only domains whose primary MX hosts match the listed networks. 6779The parameter value syntax is the same as with the <a href="postconf.5.html#mynetworks">mynetworks</a> 6780parameter; note, however, that the default value is empty. </p> 6781 6782 6783</DD> 6784 6785<DT><b><a name="pickup_service_name">pickup_service_name</a> 6786(default: pickup)</b></DT><DD> 6787 6788<p> 6789The name of the <a href="pickup.8.html">pickup(8)</a> service. This service picks up local mail 6790submissions from the Postfix <a href="QSHAPE_README.html#maildrop_queue">maildrop queue</a>. 6791</p> 6792 6793<p> 6794This feature is available in Postfix 2.0 and later. 6795</p> 6796 6797 6798</DD> 6799 6800<DT><b><a name="plaintext_reject_code">plaintext_reject_code</a> 6801(default: 450)</b></DT><DD> 6802 6803<p> 6804The numerical Postfix SMTP server response code when a request 6805is rejected by the <b><a href="postconf.5.html#reject_plaintext_session">reject_plaintext_session</a></b> restriction. 6806</p> 6807 6808<p> This feature is available in Postfix 2.3 and later. </p> 6809 6810 6811</DD> 6812 6813<DT><b><a name="postmulti_control_commands">postmulti_control_commands</a> 6814(default: reload flush)</b></DT><DD> 6815 6816<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager 6817treats as "control" commands, that operate on running instances. For 6818these commands, disabled instances are skipped. </p> 6819 6820<p> This feature is available in Postfix 2.6 and later. </p> 6821 6822 6823</DD> 6824 6825<DT><b><a name="postmulti_start_commands">postmulti_start_commands</a> 6826(default: start)</b></DT><DD> 6827 6828<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager treats 6829as "start" commands. For these commands, disabled instances are "checked" 6830rather than "started", and failure to "start" a member instance of an 6831instance group will abort the start-up of later instances. </p> 6832 6833<p> This feature is available in Postfix 2.6 and later. </p> 6834 6835 6836</DD> 6837 6838<DT><b><a name="postmulti_stop_commands">postmulti_stop_commands</a> 6839(default: see "postconf -d" output)</b></DT><DD> 6840 6841<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager treats 6842as "stop" commands. For these commands, disabled instances are skipped, 6843and enabled instances are processed in reverse order. </p> 6844 6845<p> This feature is available in Postfix 2.6 and later. </p> 6846 6847 6848</DD> 6849 6850<DT><b><a name="postscreen_access_list">postscreen_access_list</a> 6851(default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>)</b></DT><DD> 6852 6853<p> Permanent white/blacklist for remote SMTP client IP addresses. 6854<a href="postscreen.8.html">postscreen(8)</a> searches this list immediately after a remote SMTP 6855client connects. Specify a comma- or whitespace-separated list of 6856commands (in upper or lower case) or lookup tables. The search stops 6857upon the first command that fires for the client IP address. </p> 6858 6859<dl> 6860 6861<dt> <b> <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> </b> </dt> <dd> Whitelist the client and 6862terminate the search if the client IP address matches $<a href="postconf.5.html#mynetworks">mynetworks</a>. 6863Do not subject the client to any before/after 220 greeting tests. 6864Pass the connection immediately to a Postfix SMTP server process. 6865</dd> 6866 6867<dt> <b> <a href="DATABASE_README.html">type:table</a> </b> </dt> <dd> Query the specified lookup 6868table. Each table lookup result is an access list, except that 6869access lists inside a table cannot specify <a href="DATABASE_README.html">type:table</a> entries. <br> 6870To discourage the use of hash, btree, etc. tables, there is no 6871support for substring matching like <a href="smtpd.8.html">smtpd(8)</a>. Use CIDR tables 6872instead. </dd> 6873 6874<dt> <b> permit </b> </dt> <dd> Whitelist the client and terminate 6875the search. Do not subject the client to any before/after 220 6876greeting tests. Pass the connection immediately to a Postfix SMTP 6877server process. </dd> 6878 6879<dt> <b> reject </b> </dt> <dd> Blacklist the client and terminate 6880the search. Subject the client to the action configured with the 6881<a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> configuration parameter. </dd> 6882 6883<dt> <b> dunno </b> </dt> <dd> All <a href="postscreen.8.html">postscreen(8)</a> access lists 6884implicitly have this command at the end. <br> When <b> dunno </b> 6885is executed inside a lookup table, return from the lookup table and 6886evaluate the next command. <br> When <b> dunno </b> is executed 6887outside a lookup table, terminate the search, and subject the client 6888to the configured before/after 220 greeting tests. </dd> 6889 6890</dl> 6891 6892<p> Example: </p> 6893 6894<pre> 6895/etc/postfix/<a href="postconf.5.html">main.cf</a>: 6896 <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, 6897 <a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr 6898 <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> = enforce 6899</pre> 6900 6901<pre> 6902/etc/postfix/postscreen_access.<a href="cidr_table.5.html">cidr</a>: 6903 # Rules are evaluated in the order as specified. 6904 # Blacklist 192.168.* except 192.168.0.1. 6905 192.168.0.1 dunno 6906 192.168.0.0/16 reject 6907</pre> 6908 6909<p> This feature is available in Postfix 2.8. </p> 6910 6911 6912</DD> 6913 6914<DT><b><a name="postscreen_bare_newline_action">postscreen_bare_newline_action</a> 6915(default: ignore)</b></DT><DD> 6916 6917<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client sends 6918a bare newline character, that is, a newline not preceded by carriage 6919return. Specify one of the following: </p> 6920 6921<dl> 6922 6923<dt> <b>ignore</b> </dt> 6924 6925<dd> Ignore the failure of this test. Allow other tests to complete. 6926Do <i>not</i> repeat this test before some the result from some 6927other test expires. 6928This option is useful for testing and collecting statistics 6929without blocking mail permanently. </dd> 6930 6931<dt> <b>enforce</b> </dt> 6932 6933<dd> Allow other tests to complete. Reject attempts to deliver mail 6934with a 550 SMTP reply, and log the helo/sender/recipient information. 6935Repeat this test the next time the client connects. </dd> 6936 6937<dt> <b>drop</b> </dt> 6938 6939<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 6940this test the next time the client connects. </dd> 6941 6942</dl> 6943 6944<p> This feature is available in Postfix 2.8. </p> 6945 6946 6947</DD> 6948 6949<DT><b><a name="postscreen_bare_newline_enable">postscreen_bare_newline_enable</a> 6950(default: no)</b></DT><DD> 6951 6952<p> Enable "bare newline" SMTP protocol tests in the <a href="postscreen.8.html">postscreen(8)</a> 6953server. These tests are expensive: a remote SMTP client must 6954disconnect after 6955it passes the test, before it can talk to a real Postfix SMTP server. 6956</p> 6957 6958<p> This feature is available in Postfix 2.8. </p> 6959 6960 6961</DD> 6962 6963<DT><b><a name="postscreen_bare_newline_ttl">postscreen_bare_newline_ttl</a> 6964(default: 30d)</b></DT><DD> 6965 6966<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from 6967a successful "bare newline" SMTP protocol test. During this 6968time, the client IP address is excluded from this test. The default 6969is long because a remote SMTP client must disconnect after it passes 6970the test, 6971before it can talk to a real Postfix SMTP server. </p> 6972 6973<p> Specify a non-zero time value (an integral value plus an optional 6974one-letter suffix that specifies the time unit). Time units: s 6975(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 6976 6977<p> This feature is available in Postfix 2.8. </p> 6978 6979 6980</DD> 6981 6982<DT><b><a name="postscreen_blacklist_action">postscreen_blacklist_action</a> 6983(default: ignore)</b></DT><DD> 6984 6985<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client is 6986permanently blacklisted with the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parameter. 6987Specify one of the following: </p> 6988 6989<dl> 6990 6991<dt> <b>ignore</b> (default) </dt> 6992 6993<dd> Ignore this result. Allow other tests to complete. Repeat 6994this test the next time the client connects. 6995This option is useful for testing and collecting statistics 6996without blocking mail. </dd> 6997 6998<dt> <b>enforce</b> </dt> 6999 7000<dd> Allow other tests to complete. Reject attempts to deliver mail 7001with a 550 SMTP reply, and log the helo/sender/recipient information. 7002Repeat this test the next time the client connects. </dd> 7003 7004<dt> <b>drop</b> </dt> 7005 7006<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7007this test the next time the client connects. </dd> 7008 7009</dl> 7010 7011<p> This feature is available in Postfix 2.8. </p> 7012 7013 7014</DD> 7015 7016<DT><b><a name="postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> 7017(default: 12h)</b></DT><DD> 7018 7019<p> The amount of time between <a href="postscreen.8.html">postscreen(8)</a> cache cleanup runs. 7020Cache cleanup increases the load on the cache database and should 7021therefore not be run frequently. This feature requires that the 7022cache database supports the "delete" and "sequence" operators. 7023Specify a zero interval to disable cache cleanup. </p> 7024 7025<p> After each cache cleanup run, the <a href="postscreen.8.html">postscreen(8)</a> daemon logs the 7026number of entries that were retained and dropped. A cleanup run is 7027logged as "partial" when the daemon terminates early after "<b>postfix 7028reload</b>", "<b>postfix stop</b>", or no requests for $<a href="postconf.5.html#max_idle">max_idle</a> 7029seconds. </p> 7030 7031<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 7032(weeks). </p> 7033 7034<p> This feature is available in Postfix 2.8. </p> 7035 7036 7037</DD> 7038 7039<DT><b><a name="postscreen_cache_map">postscreen_cache_map</a> 7040(default: btree:$<a href="postconf.5.html#data_directory">data_directory</a>/postscreen_cache)</b></DT><DD> 7041 7042<p> Persistent storage for the <a href="postscreen.8.html">postscreen(8)</a> server decisions. </p> 7043 7044<p> To share a <a href="postscreen.8.html">postscreen(8)</a> cache between multiple <a href="postscreen.8.html">postscreen(8)</a> 7045instances, use "<a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> = <a href="proxymap.8.html">proxy</a>:btree:/path/to/file". 7046This requires Postfix version 2.9 or later; earlier <a href="proxymap.8.html">proxymap(8)</a> 7047implementations don't support cache cleanup. For an alternative 7048approach see the <a href="memcache_table.5.html">memcache_table(5)</a> manpage. </p> 7049 7050<p> This feature is available in Postfix 2.8. </p> 7051 7052 7053</DD> 7054 7055<DT><b><a name="postscreen_cache_retention_time">postscreen_cache_retention_time</a> 7056(default: 7d)</b></DT><DD> 7057 7058<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will cache an expired 7059temporary whitelist entry before it is removed. This prevents clients 7060from being logged as "NEW" just because their cache entry expired 7061an hour ago. It also prevents the cache from filling up with clients 7062that passed some deep protocol test once and never came back. </p> 7063 7064<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 7065(weeks). </p> 7066 7067<p> This feature is available in Postfix 2.8. </p> 7068 7069 7070</DD> 7071 7072<DT><b><a name="postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a> 7073(default: $<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>)</b></DT><DD> 7074 7075<p> How many simultaneous connections any remote SMTP client is 7076allowed to have 7077with the <a href="postscreen.8.html">postscreen(8)</a> daemon. By default, this limit is the same 7078as with the Postfix SMTP server. Note that the triage process can 7079take several seconds, with the time spent in <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> 7080delay, and with the time spent talking to the <a href="postscreen.8.html">postscreen(8)</a> built-in 7081dummy SMTP protocol engine. </p> 7082 7083<p> This feature is available in Postfix 2.8. </p> 7084 7085 7086</DD> 7087 7088<DT><b><a name="postscreen_command_count_limit">postscreen_command_count_limit</a> 7089(default: 20)</b></DT><DD> 7090 7091<p> The limit on the total number of commands per SMTP session for 7092<a href="postscreen.8.html">postscreen(8)</a>'s built-in SMTP protocol engine. This SMTP engine 7093defers or rejects all attempts to deliver mail, therefore there is 7094no need to enforce separate limits on the number of junk commands 7095and error commands. </p> 7096 7097<p> This feature is available in Postfix 2.8. </p> 7098 7099 7100</DD> 7101 7102<DT><b><a name="postscreen_command_filter">postscreen_command_filter</a> 7103(default: $<a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>)</b></DT><DD> 7104 7105<p> A mechanism to transform commands from remote SMTP clients. 7106See <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> for further details. </p> 7107 7108<p> This feature is available in Postfix 2.8 and later. </p> 7109 7110 7111</DD> 7112 7113<DT><b><a name="postscreen_command_time_limit">postscreen_command_time_limit</a> 7114(default: ${stress?10}${stress:300}s)</b></DT><DD> 7115 7116<p> The time limit to read an entire command line with <a href="postscreen.8.html">postscreen(8)</a>'s 7117built-in SMTP protocol engine. </p> 7118 7119<p> This feature is available in Postfix 2.8. </p> 7120 7121 7122</DD> 7123 7124<DT><b><a name="postscreen_disable_vrfy_command">postscreen_disable_vrfy_command</a> 7125(default: $<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a>)</b></DT><DD> 7126 7127<p> Disable the SMTP VRFY command in the <a href="postscreen.8.html">postscreen(8)</a> daemon. See 7128<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> for details. </p> 7129 7130<p> This feature is available in Postfix 2.8. </p> 7131 7132 7133</DD> 7134 7135<DT><b><a name="postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a> 7136(default: $<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>)</b></DT><DD> 7137 7138<p> Lookup tables, indexed by the remote SMTP client address, with 7139case insensitive lists of EHLO keywords (pipelining, starttls, auth, 7140etc.) that the <a href="postscreen.8.html">postscreen(8)</a> server will not send in the EHLO response 7141to a remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> for details. 7142The table is not searched by hostname for robustness reasons. </p> 7143 7144<p> This feature is available in Postfix 2.8 and later. </p> 7145 7146 7147</DD> 7148 7149<DT><b><a name="postscreen_discard_ehlo_keywords">postscreen_discard_ehlo_keywords</a> 7150(default: $<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>)</b></DT><DD> 7151 7152<p> A case insensitive list of EHLO keywords (pipelining, starttls, 7153auth, etc.) that the <a href="postscreen.8.html">postscreen(8)</a> server will not send in the EHLO 7154response to a remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> 7155for details. </p> 7156 7157<p> This feature is available in Postfix 2.8 and later. </p> 7158 7159 7160</DD> 7161 7162<DT><b><a name="postscreen_dnsbl_action">postscreen_dnsbl_action</a> 7163(default: ignore)</b></DT><DD> 7164 7165<p>The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client's combined 7166DNSBL score is equal to or greater than a threshold (as defined 7167with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> 7168parameters). Specify one of the following: </p> 7169 7170<dl> 7171 7172<dt> <b>ignore</b> (default) </dt> 7173 7174<dd> Ignore the failure of this test. Allow other tests to complete. 7175Repeat this test the next time the client connects. 7176This option is useful for testing and collecting statistics 7177without blocking mail. </dd> 7178 7179<dt> <b>enforce</b> </dt> 7180 7181<dd> Allow other tests to complete. Reject attempts to deliver mail 7182with a 550 SMTP reply, and log the helo/sender/recipient information. 7183Repeat this test the next time the client connects. </dd> 7184 7185<dt> <b>drop</b> </dt> 7186 7187<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7188this test the next time the client connects. </dd> 7189 7190</dl> 7191 7192<p> This feature is available in Postfix 2.8. </p> 7193 7194 7195</DD> 7196 7197<DT><b><a name="postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> 7198(default: empty)</b></DT><DD> 7199 7200<p> A mapping from actual DNSBL domain name which includes a secret 7201password, to the DNSBL domain name that postscreen will reply with 7202when it rejects mail. When no mapping is found, the actual DNSBL 7203domain will be used. </p> 7204 7205<p> For maximal stability it is best to use a file that is read 7206into memory such as <a href="pcre_table.5.html">pcre</a>:, <a href="regexp_table.5.html">regexp</a>: or <a href="DATABASE_README.html#types">texthash</a>: (<a href="DATABASE_README.html#types">texthash</a>: is similar 7207to hash:, except a) there is no need to run <a href="postmap.1.html">postmap(1)</a> before the 7208file can be used, and b) <a href="DATABASE_README.html#types">texthash</a>: does not detect changes after 7209the file is read). </p> 7210 7211<p> Example: </p> 7212 7213<pre> 7214/etc/postfix/<a href="postconf.5.html">main.cf</a>: 7215 <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> = <a href="DATABASE_README.html#types">texthash</a>:/etc/postfix/dnsbl_reply 7216</pre> 7217 7218<pre> 7219/etc/postfix/dnsbl_reply: 7220 secret.zen.spamhaus.org zen.spamhaus.org 7221</pre> 7222 7223<p> This feature is available in Postfix 2.8. </p> 7224 7225 7226</DD> 7227 7228<DT><b><a name="postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> 7229(default: empty)</b></DT><DD> 7230 7231<p>Optional list of DNS white/blacklist domains, filters and weight 7232factors. When the list is non-empty, the <a href="dnsblog.8.html">dnsblog(8)</a> daemon will 7233query these domains with the IP addresses of remote SMTP clients, 7234and <a href="postscreen.8.html">postscreen(8)</a> will update an SMTP client's DNSBL score with 7235each non-error reply. </p> 7236 7237<p> Caution: when postscreen rejects mail, it replies with the DNSBL 7238domain name. Use the <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> feature to hide 7239"password" information in DNSBL domain names. </p> 7240 7241<p> When a client's score is equal to or greater than the threshold 7242specified with <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a>, <a href="postscreen.8.html">postscreen(8)</a> can drop 7243the connection with the remote SMTP client. </p> 7244 7245<p> Specify a list of domain=filter*weight entries, separated by 7246comma or whitespace. </p> 7247 7248<ul> 7249 7250<li> <p> When no "=filter" is specified, <a href="postscreen.8.html">postscreen(8)</a> will use any 7251non-error DNSBL reply. Otherwise, <a href="postscreen.8.html">postscreen(8)</a> uses only DNSBL 7252replies that match the filter. The filter has the form d.d.d.d, 7253where each d is a number, or a pattern inside [] that contains one 7254or more ";"-separated numbers or number..number ranges. </p> 7255 7256<li> <p> When no "*weight" is specified, <a href="postscreen.8.html">postscreen(8)</a> increments 7257the remote SMTP client's DNSBL score by 1. Otherwise, the weight must be 7258an integral number, and <a href="postscreen.8.html">postscreen(8)</a> adds the specified weight to 7259the remote SMTP client's DNSBL score. Specify a negative number for 7260whitelisting. </p> 7261 7262<li> <p> When one <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> entry produces multiple 7263DNSBL responses, <a href="postscreen.8.html">postscreen(8)</a> applies the weight at most once. 7264</p> 7265 7266</ul> 7267 7268<p> Examples: </p> 7269 7270<p> To use example.com as a high-confidence blocklist, and to 7271block mail with example.net and example.org only when both agree: 7272</p> 7273 7274<pre> 7275<a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> = 2 7276<a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = example.com*2, example.net, example.org 7277</pre> 7278 7279<p> To filter only DNSBL replies containing 127.0.0.4: </p> 7280 7281<pre> 7282<a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = example.com=127.0.0.4 7283</pre> 7284 7285<p> This feature is available in Postfix 2.8. </p> 7286 7287 7288</DD> 7289 7290<DT><b><a name="postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> 7291(default: 1)</b></DT><DD> 7292 7293<p> The inclusive lower bound for blocking a remote SMTP client, based on 7294its combined DNSBL score as defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> 7295parameter. </p> 7296 7297<p> This feature is available in Postfix 2.8. </p> 7298 7299 7300</DD> 7301 7302<DT><b><a name="postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a> 7303(default: 1h)</b></DT><DD> 7304 7305<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from 7306a successful DNS blocklist test. During this time, the client IP address 7307is excluded from this test. The default is relatively short, because a 7308good client can immediately talk to a real Postfix SMTP server. 7309</p> 7310 7311<p> Specify a non-zero time value (an integral value plus an optional 7312one-letter suffix that specifies the time unit). Time units: s 7313(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7314 7315<p> This feature is available in Postfix 2.8. </p> 7316 7317 7318</DD> 7319 7320<DT><b><a name="postscreen_enforce_tls">postscreen_enforce_tls</a> 7321(default: $<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b></DT><DD> 7322 7323<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, and 7324require that clients use TLS encryption. See smtpd_postscreen_enforce_tls 7325for details. </p> 7326 7327<p> This feature is available in Postfix 2.8 and later. 7328Preferably, use <a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> instead. </p> 7329 7330 7331</DD> 7332 7333<DT><b><a name="postscreen_expansion_filter">postscreen_expansion_filter</a> 7334(default: see "postconf -d" output)</b></DT><DD> 7335 7336<p> List of characters that are permitted in <a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> 7337attribute expansions. See <a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> for further 7338details. </p> 7339 7340<p> This feature is available in Postfix 2.8 and later. </p> 7341 7342 7343</DD> 7344 7345<DT><b><a name="postscreen_forbidden_commands">postscreen_forbidden_commands</a> 7346(default: $<a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>)</b></DT><DD> 7347 7348<p> List of commands that the <a href="postscreen.8.html">postscreen(8)</a> server considers in 7349violation of the SMTP protocol. See <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> for 7350syntax, and <a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> for possible actions. 7351</p> 7352 7353<p> This feature is available in Postfix 2.8. </p> 7354 7355 7356</DD> 7357 7358<DT><b><a name="postscreen_greet_action">postscreen_greet_action</a> 7359(default: ignore)</b></DT><DD> 7360 7361<p>The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client speaks 7362before its turn within the time specified with the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> 7363parameter. Specify one of the following: </p> 7364 7365<dl> 7366 7367<dt> <b>ignore</b> (default) </dt> 7368 7369<dd> Ignore the failure of this test. Allow other tests to complete. 7370Repeat this test the next time the client connects. 7371This option is useful for testing and collecting statistics 7372without blocking mail. </dd> 7373 7374<dt> <b>enforce</b> </dt> 7375 7376<dd> Allow other tests to complete. Reject attempts to deliver mail 7377with a 550 SMTP reply, and log the helo/sender/recipient information. 7378Repeat this test the next time the client connects. </dd> 7379 7380<dt> <b>drop</b> </dt> 7381 7382<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7383this test the next time the client connects. </dd> 7384 7385</dl> 7386 7387<p> In either case, <a href="postscreen.8.html">postscreen(8)</a> will not whitelist the remote SMTP client 7388IP address. </p> 7389 7390<p> This feature is available in Postfix 2.8. </p> 7391 7392 7393</DD> 7394 7395<DT><b><a name="postscreen_greet_banner">postscreen_greet_banner</a> 7396(default: $<a href="postconf.5.html#smtpd_banner">smtpd_banner</a>)</b></DT><DD> 7397 7398<p> The <i>text</i> in the optional "220-<i>text</i>..." server 7399response that 7400<a href="postscreen.8.html">postscreen(8)</a> sends ahead of the real Postfix SMTP server's "220 7401text..." response, in an attempt to confuse bad SMTP clients so 7402that they speak before their turn (pre-greet). Specify an empty 7403value to disable this feature. </p> 7404 7405<p> This feature is available in Postfix 2.8. </p> 7406 7407 7408</DD> 7409 7410<DT><b><a name="postscreen_greet_ttl">postscreen_greet_ttl</a> 7411(default: 1d)</b></DT><DD> 7412 7413<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from 7414a successful PREGREET test. During this time, the client IP address 7415is excluded from this test. The default is relatively short, because 7416a good client can immediately talk to a real Postfix SMTP server. </p> 7417 7418<p> Specify a non-zero time value (an integral value plus an optional 7419one-letter suffix that specifies the time unit). Time units: s 7420(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7421 7422<p> This feature is available in Postfix 2.8. </p> 7423 7424 7425</DD> 7426 7427<DT><b><a name="postscreen_greet_wait">postscreen_greet_wait</a> 7428(default: ${stress?2}${stress:6}s)</b></DT><DD> 7429 7430<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will wait for an SMTP 7431client to send a command before its turn, and for DNS blocklist 7432lookup results to arrive (default: up to 2 seconds under stress, 7433up to 6 seconds otherwise). <p> 7434 7435<p> Specify a non-zero time value (an integral value plus an optional 7436one-letter suffix that specifies the time unit). </p> 7437 7438<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 7439(weeks). </p> 7440 7441<p> This feature is available in Postfix 2.8. </p> 7442 7443 7444</DD> 7445 7446<DT><b><a name="postscreen_helo_required">postscreen_helo_required</a> 7447(default: $<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a>)</b></DT><DD> 7448 7449<p> Require that a remote SMTP client sends HELO or EHLO before 7450commencing a MAIL transaction. </p> 7451 7452<p> This feature is available in Postfix 2.8. </p> 7453 7454 7455</DD> 7456 7457<DT><b><a name="postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> 7458(default: drop)</b></DT><DD> 7459 7460<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client sends 7461non-SMTP commands as specified with the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> 7462parameter. Specify one of the following: </p> 7463 7464<dl> 7465 7466<dt> <b>ignore</b> </dt> 7467 7468<dd> Ignore the failure of this test. Allow other tests to complete. 7469Do <i>not</i> repeat this test before some the result from some 7470other test expires. 7471This option is useful for testing and collecting statistics 7472without blocking mail permanently. </dd> 7473 7474<dt> <b>enforce</b> </dt> 7475 7476<dd> Allow other tests to complete. Reject attempts to deliver mail 7477with a 550 SMTP reply, and log the helo/sender/recipient information. 7478Repeat this test the next time the client connects. </dd> 7479 7480<dt> <b>drop</b> </dt> 7481 7482<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7483this test the next time the client connects. This action is the 7484same as with the Postfix SMTP server's <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> 7485feature. </dd> 7486 7487</dl> 7488 7489<p> This feature is available in Postfix 2.8. </p> 7490 7491 7492</DD> 7493 7494<DT><b><a name="postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> 7495(default: no)</b></DT><DD> 7496 7497<p> Enable "non-SMTP command" tests in the <a href="postscreen.8.html">postscreen(8)</a> server. These 7498tests are expensive: a client must disconnect after it passes the 7499test, before it can talk to a real Postfix SMTP server. </p> 7500 7501<p> This feature is available in Postfix 2.8. </p> 7502 7503 7504</DD> 7505 7506<DT><b><a name="postscreen_non_smtp_command_ttl">postscreen_non_smtp_command_ttl</a> 7507(default: 30d)</b></DT><DD> 7508 7509<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from 7510a successful "non_smtp_command" SMTP protocol test. During this 7511time, the client IP address is excluded from this test. The default 7512is long because a client must disconnect after it passes the test, 7513before it can talk to a real Postfix SMTP server. </p> 7514 7515<p> Specify a non-zero time value (an integral value plus an optional 7516one-letter suffix that specifies the time unit). Time units: s 7517(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7518 7519<p> This feature is available in Postfix 2.8. </p> 7520 7521 7522</DD> 7523 7524<DT><b><a name="postscreen_pipelining_action">postscreen_pipelining_action</a> 7525(default: enforce)</b></DT><DD> 7526 7527<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client 7528sends 7529multiple commands instead of sending one command and waiting for 7530the server to respond. Specify one of the following: </p> 7531 7532<dl> 7533 7534<dt> <b>ignore</b> </dt> 7535 7536<dd> Ignore the failure of this test. Allow other tests to complete. 7537Do <i>not</i> repeat this test before some the result from some 7538other test expires. 7539This option is useful for testing and collecting statistics 7540without blocking mail permanently. </dd> 7541 7542<dt> <b>enforce</b> </dt> 7543 7544<dd> Allow other tests to complete. Reject attempts to deliver mail 7545with a 550 SMTP reply, and log the helo/sender/recipient information. 7546Repeat this test the next time the client connects. </dd> 7547 7548<dt> <b>drop</b> </dt> 7549 7550<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7551this test the next time the client connects. </dd> 7552 7553</dl> 7554 7555<p> This feature is available in Postfix 2.8. </p> 7556 7557 7558</DD> 7559 7560<DT><b><a name="postscreen_pipelining_enable">postscreen_pipelining_enable</a> 7561(default: no)</b></DT><DD> 7562 7563<p> Enable "pipelining" SMTP protocol tests in the <a href="postscreen.8.html">postscreen(8)</a> 7564server. These tests are expensive: a good client must disconnect 7565after it passes the test, before it can talk to a real Postfix SMTP 7566server. </p> 7567 7568<p> This feature is available in Postfix 2.8. </p> 7569 7570 7571</DD> 7572 7573<DT><b><a name="postscreen_pipelining_ttl">postscreen_pipelining_ttl</a> 7574(default: 30d)</b></DT><DD> 7575 7576<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from 7577a successful "pipelining" SMTP protocol test. During this time, the 7578client IP address is excluded from this test. The default is 7579long because a good client must disconnect after it passes the test, 7580before it can talk to a real Postfix SMTP server. </p> 7581 7582<p> Specify a non-zero time value (an integral value plus an optional 7583one-letter suffix that specifies the time unit). Time units: s 7584(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7585 7586<p> This feature is available in Postfix 2.8. </p> 7587 7588 7589</DD> 7590 7591<DT><b><a name="postscreen_post_queue_limit">postscreen_post_queue_limit</a> 7592(default: $<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b></DT><DD> 7593 7594<p> The number of clients that can be waiting for service from a 7595real Postfix SMTP server process. When this queue is full, all 7596clients will 7597receive a 421 reponse. </p> 7598 7599<p> This feature is available in Postfix 2.8. </p> 7600 7601 7602</DD> 7603 7604<DT><b><a name="postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> 7605(default: $<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b></DT><DD> 7606 7607<p> The number of non-whitelisted clients that can be waiting for 7608a decision whether they will receive service from a real Postfix 7609SMTP server 7610process. When this queue is full, all non-whitelisted clients will 7611receive a 421 reponse. </p> 7612 7613<p> This feature is available in Postfix 2.8. </p> 7614 7615 7616</DD> 7617 7618<DT><b><a name="postscreen_reject_footer">postscreen_reject_footer</a> 7619(default: $<a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a>)</b></DT><DD> 7620 7621<p> Optional information that is appended after a 4XX or 5XX 7622<a href="postscreen.8.html">postscreen(8)</a> server 7623response. See <a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> for further details. </p> 7624 7625<p> This feature is available in Postfix 2.8 and later. </p> 7626 7627 7628</DD> 7629 7630<DT><b><a name="postscreen_tls_security_level">postscreen_tls_security_level</a> 7631(default: $<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b></DT><DD> 7632 7633<p> The SMTP TLS security level for the <a href="postscreen.8.html">postscreen(8)</a> server; when 7634a non-empty value is specified, this overrides the obsolete parameters 7635<a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>. See <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> 7636for details. </p> 7637 7638<p> This feature is available in Postfix 2.8 and later. </p> 7639 7640 7641</DD> 7642 7643<DT><b><a name="postscreen_use_tls">postscreen_use_tls</a> 7644(default: $<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b></DT><DD> 7645 7646<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients, 7647but do not require that clients use TLS encryption. </p> 7648 7649<p> This feature is available in Postfix 2.8 and later. 7650Preferably, use <a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> instead. </p> 7651 7652 7653</DD> 7654 7655<DT><b><a name="postscreen_watchdog_timeout">postscreen_watchdog_timeout</a> 7656(default: 10s)</b></DT><DD> 7657 7658<p> How much time a <a href="postscreen.8.html">postscreen(8)</a> process may take to respond to 7659a remote SMTP client command or to perform a cache operation before it 7660is terminated by a built-in watchdog timer. This is a safety 7661mechanism that prevents <a href="postscreen.8.html">postscreen(8)</a> from becoming non-responsive 7662due to a bug in Postfix itself or in system software. To avoid 7663false alarms and unnecessary cache corruption this limit cannot be 7664set under 10s. </p> 7665 7666<p> Specify a non-zero time value (an integral value plus an optional 7667one-letter suffix that specifies the time unit). Time units: s 7668(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7669 7670<p> This feature is available in Postfix 2.8. </p> 7671 7672 7673</DD> 7674 7675<DT><b><a name="postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> 7676(default: <a href="DATABASE_README.html#types">static</a>:all)</b></DT><DD> 7677 7678<p> A list of local <a href="postscreen.8.html">postscreen(8)</a> server IP addresses where a 7679non-whitelisted remote SMTP client can obtain <a href="postscreen.8.html">postscreen(8)</a>'s temporary 7680whitelist status. This status is required before the client can 7681talk to a Postfix SMTP server process. By default, a client can 7682obtain <a href="postscreen.8.html">postscreen(8)</a>'s whitelist status on any local <a href="postscreen.8.html">postscreen(8)</a> 7683server IP address. </p> 7684 7685<p> When <a href="postscreen.8.html">postscreen(8)</a> listens on both primary and backup MX 7686addresses, the <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> parameter can be 7687configured to give the temporary whitelist status only when a client 7688connects to a primary MX address. Once a client is whitelisted it 7689can talk to a Postfix SMTP server on any address. Thus, clients 7690that connect only to backup MX addresses will never become whitelisted, 7691and will never be allowed to talk to a Postfix SMTP server process. 7692</p> 7693 7694<p> Example: </p> 7695 7696<pre> 7697/etc/postfix/<a href="postconf.5.html">main.cf</a>: 7698 # Don't whitelist connections to the backup IP address. 7699 <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> = !168.100.189.8, <a href="DATABASE_README.html#types">static</a>:all 7700</pre> 7701 7702<p> This feature is available in Postfix 2.9 and later. </p> 7703 7704 7705</DD> 7706 7707<DT><b><a name="prepend_delivered_header">prepend_delivered_header</a> 7708(default: command, file, forward)</b></DT><DD> 7709 7710<p> The message delivery contexts where the Postfix <a href="local.8.html">local(8)</a> delivery 7711agent prepends a Delivered-To: message header with the address 7712that the mail was delivered to. This information is used for mail 7713delivery loop detection. </p> 7714 7715<p> 7716By default, the Postfix local delivery agent prepends a Delivered-To: 7717header when forwarding mail and when delivering to file (mailbox) 7718and command. Turning off the Delivered-To: header when forwarding 7719mail is not recommended. 7720</p> 7721 7722<p> 7723Specify zero or more of <b>forward</b>, <b>file</b>, or <b>command</b>. 7724</p> 7725 7726<p> 7727Example: 7728</p> 7729 7730<pre> 7731<a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a> = forward 7732</pre> 7733 7734 7735</DD> 7736 7737<DT><b><a name="process_id">process_id</a> 7738(read-only)</b></DT><DD> 7739 7740<p> 7741The process ID of a Postfix command or daemon process. 7742</p> 7743 7744 7745</DD> 7746 7747<DT><b><a name="process_id_directory">process_id_directory</a> 7748(default: pid)</b></DT><DD> 7749 7750<p> 7751The location of Postfix PID files relative to $<a href="postconf.5.html#queue_directory">queue_directory</a>. 7752This is a read-only parameter. 7753</p> 7754 7755 7756</DD> 7757 7758<DT><b><a name="process_name">process_name</a> 7759(read-only)</b></DT><DD> 7760 7761<p> 7762The process name of a Postfix command or daemon process. 7763</p> 7764 7765 7766</DD> 7767 7768<DT><b><a name="propagate_unmatched_extensions">propagate_unmatched_extensions</a> 7769(default: canonical, virtual)</b></DT><DD> 7770 7771<p> 7772What address lookup tables copy an address extension from the lookup 7773key to the lookup result. 7774</p> 7775 7776<p> 7777For example, with a <a href="virtual.5.html">virtual(5)</a> mapping of "<i>joe@example.com => 7778joe.user@example.net</i>", the address "<i>joe+foo@example.com</i>" 7779would rewrite to "<i>joe.user+foo@example.net</i>". 7780</p> 7781 7782<p> 7783Specify zero or more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, 7784<b>forward</b>, <b>include</b> or <b>generic</b>. These cause 7785address extension 7786propagation with <a href="canonical.5.html">canonical(5)</a>, <a href="virtual.5.html">virtual(5)</a>, and <a href="aliases.5.html">aliases(5)</a> maps, 7787with <a href="local.8.html">local(8)</a> .forward and :include: file lookups, and with <a href="smtp.8.html">smtp(8)</a> 7788generic maps, respectively. </p> 7789 7790<p> 7791Note: enabling this feature for types other than <b>canonical</b> 7792and <b>virtual</b> is likely to cause problems when mail is forwarded 7793to other sites, especially with mail that is sent to a mailing list 7794exploder address. 7795</p> 7796 7797<p> 7798Examples: 7799</p> 7800 7801<pre> 7802<a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> = canonical, virtual, alias, 7803 forward, include 7804<a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> = canonical, virtual 7805</pre> 7806 7807 7808</DD> 7809 7810<DT><b><a name="proxy_interfaces">proxy_interfaces</a> 7811(default: empty)</b></DT><DD> 7812 7813<p> 7814The network interface addresses that this mail system receives mail 7815on by way of a proxy or network address translation unit. 7816</p> 7817 7818<p> 7819This feature is available in Postfix 2.0 and later. 7820</p> 7821 7822<p> You must specify your "outside" proxy/NAT addresses when your 7823system is a backup MX host for other domains, otherwise mail delivery 7824loops will happen when the primary MX host is down. </p> 7825 7826<p> 7827Example: 7828</p> 7829 7830<pre> 7831<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4 7832</pre> 7833 7834 7835</DD> 7836 7837<DT><b><a name="proxy_read_maps">proxy_read_maps</a> 7838(default: see "postconf -d" output)</b></DT><DD> 7839 7840<p> 7841The lookup tables that the <a href="proxymap.8.html">proxymap(8)</a> server is allowed to 7842access for the read-only service. 7843Table references that don't begin with <a href="proxymap.8.html">proxy</a>: are ignored. 7844</p> 7845 7846<p> 7847This feature is available in Postfix 2.0 and later. 7848</p> 7849 7850 7851</DD> 7852 7853<DT><b><a name="proxy_write_maps">proxy_write_maps</a> 7854(default: see "postconf -d" output)</b></DT><DD> 7855 7856<p> The lookup tables that the <a href="proxymap.8.html">proxymap(8)</a> server is allowed to 7857access for the read-write service. Postfix-owned local database 7858files should be stored under the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>. 7859Table references that don't begin with <a href="proxymap.8.html">proxy</a>: are ignored. </p> 7860 7861<p> 7862This feature is available in Postfix 2.5 and later. 7863</p> 7864 7865 7866</DD> 7867 7868<DT><b><a name="proxymap_service_name">proxymap_service_name</a> 7869(default: proxymap)</b></DT><DD> 7870 7871<p> The name of the proxymap read-only table lookup service. This 7872service is normally implemented by the <a href="proxymap.8.html">proxymap(8)</a> daemon. </p> 7873 7874<p> This feature is available in Postfix 2.6 and later. </p> 7875 7876 7877</DD> 7878 7879<DT><b><a name="proxywrite_service_name">proxywrite_service_name</a> 7880(default: proxywrite)</b></DT><DD> 7881 7882<p> The name of the proxywrite read-write table lookup service. 7883This service is normally implemented by the <a href="proxymap.8.html">proxymap(8)</a> daemon. 7884</p> 7885 7886<p> This feature is available in Postfix 2.6 and later. </p> 7887 7888 7889</DD> 7890 7891<DT><b><a name="qmgr_clog_warn_time">qmgr_clog_warn_time</a> 7892(default: 300s)</b></DT><DD> 7893 7894<p> 7895The minimal delay between warnings that a specific destination is 7896clogging up the Postfix <a href="QSHAPE_README.html#active_queue">active queue</a>. Specify 0 to disable. 7897</p> 7898 7899<p> 7900This feature is enabled with the <a href="postconf.5.html#helpful_warnings">helpful_warnings</a> parameter. 7901</p> 7902 7903<p> 7904This feature is available in Postfix 2.0 and later. 7905</p> 7906 7907 7908</DD> 7909 7910<DT><b><a name="qmgr_daemon_timeout">qmgr_daemon_timeout</a> 7911(default: 1000s)</b></DT><DD> 7912 7913<p> How much time a Postfix queue manager process may take to handle 7914a request before it is terminated by a built-in watchdog timer. 7915</p> 7916 7917<p> 7918Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 7919The default time unit is s (seconds). 7920</p> 7921 7922<p> This feature is available in Postfix 2.8 and later. </p> 7923 7924 7925</DD> 7926 7927<DT><b><a name="qmgr_fudge_factor">qmgr_fudge_factor</a> 7928(default: 100)</b></DT><DD> 7929 7930<p> 7931Obsolete feature: the percentage of delivery resources that a busy 7932mail system will use up for delivery of a large mailing list 7933message. 7934</p> 7935 7936<p> 7937This feature exists only in the <a href="qmgr.8.html">oqmgr(8)</a> old queue manager. The 7938current queue manager solves the problem in a better way. 7939</p> 7940 7941 7942</DD> 7943 7944<DT><b><a name="qmgr_ipc_timeout">qmgr_ipc_timeout</a> 7945(default: 60s)</b></DT><DD> 7946 7947<p> The time limit for the queue manager to send or receive information 7948over an internal communication channel. The purpose is to break 7949out of deadlock situations. If the time limit is exceeded the 7950software either retries or aborts the operation. </p> 7951 7952<p> 7953Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 7954The default time unit is s (seconds). 7955</p> 7956 7957<p> This feature is available in Postfix 2.8 and later. </p> 7958 7959 7960</DD> 7961 7962<DT><b><a name="qmgr_message_active_limit">qmgr_message_active_limit</a> 7963(default: 20000)</b></DT><DD> 7964 7965<p> 7966The maximal number of messages in the <a href="QSHAPE_README.html#active_queue">active queue</a>. 7967</p> 7968 7969 7970</DD> 7971 7972<DT><b><a name="qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> 7973(default: 20000)</b></DT><DD> 7974 7975<p> The maximal number of recipients held in memory by the Postfix 7976queue manager, and the maximal size of the size of the short-term, 7977in-memory "dead" destination status cache. </p> 7978 7979 7980</DD> 7981 7982<DT><b><a name="qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> 7983(default: 10)</b></DT><DD> 7984 7985<p> 7986The minimal number of in-memory recipients for any message. This 7987takes priority over any other in-memory recipient limits (i.e., 7988the global <a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> and the per transport 7989_recipient_limit) if necessary. The minimum value allowed for this 7990parameter is 1. 7991</p> 7992 7993 7994</DD> 7995 7996<DT><b><a name="qmqpd_authorized_clients">qmqpd_authorized_clients</a> 7997(default: empty)</b></DT><DD> 7998 7999<p> 8000What remote QMQP clients are allowed to connect to the Postfix QMQP 8001server port. 8002</p> 8003 8004<p> 8005By default, no client is allowed to use the service. This is 8006because the QMQP server will relay mail to any destination. 8007</p> 8008 8009<p> 8010Specify a list of client patterns. A list pattern specifies a host 8011name, a domain name, an internet address, or a network/mask pattern, 8012where the mask specifies the number of bits in the network part. 8013When a pattern specifies a file name, its contents are substituted 8014for the file name; when a pattern is a "<a href="DATABASE_README.html">type:table</a>" table specification, 8015table lookup is used instead. </p> 8016 8017<p> 8018Patterns are separated by whitespace and/or commas. In order to 8019reverse the result, precede a pattern with an 8020exclamation point (!). The form "!/file/name" is supported only 8021in Postfix version 2.4 and later. 8022</p> 8023 8024<p> 8025Example: 8026</p> 8027 8028<pre> 8029<a href="postconf.5.html#qmqpd_authorized_clients">qmqpd_authorized_clients</a> = !192.168.0.1, 192.168.0.0/24 8030</pre> 8031 8032 8033</DD> 8034 8035<DT><b><a name="qmqpd_client_port_logging">qmqpd_client_port_logging</a> 8036(default: no)</b></DT><DD> 8037 8038<p> Enable logging of the remote QMQP client port in addition to 8039the hostname and IP address. The logging format is "host[address]:port". 8040</p> 8041 8042<p> This feature is available in Postfix 2.5 and later. </p> 8043 8044 8045</DD> 8046 8047<DT><b><a name="qmqpd_error_delay">qmqpd_error_delay</a> 8048(default: 1s)</b></DT><DD> 8049 8050<p> 8051How long the Postfix QMQP server will pause before sending a negative 8052reply to the remote QMQP client. The purpose is to slow down confused 8053or malicious clients. 8054</p> 8055 8056<p> 8057Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 8058The default time unit is s (seconds). 8059</p> 8060 8061 8062</DD> 8063 8064<DT><b><a name="qmqpd_timeout">qmqpd_timeout</a> 8065(default: 300s)</b></DT><DD> 8066 8067<p> 8068The time limit for sending or receiving information over the network. 8069If a read or write operation blocks for more than $<a href="postconf.5.html#qmqpd_timeout">qmqpd_timeout</a> 8070seconds the Postfix QMQP server gives up and disconnects. 8071</p> 8072 8073<p> 8074Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 8075The default time unit is s (seconds). 8076</p> 8077 8078 8079</DD> 8080 8081<DT><b><a name="queue_directory">queue_directory</a> 8082(default: see "postconf -d" output)</b></DT><DD> 8083 8084<p> 8085The location of the Postfix top-level queue directory. This is the 8086root directory of Postfix daemon processes that run chrooted. 8087</p> 8088 8089 8090</DD> 8091 8092<DT><b><a name="queue_file_attribute_count_limit">queue_file_attribute_count_limit</a> 8093(default: 100)</b></DT><DD> 8094 8095<p> 8096The maximal number of (name=value) attributes that may be stored 8097in a Postfix queue file. The limit is enforced by the <a href="cleanup.8.html">cleanup(8)</a> 8098server. 8099</p> 8100 8101<p> 8102This feature is available in Postfix 2.0 and later. 8103</p> 8104 8105 8106</DD> 8107 8108<DT><b><a name="queue_minfree">queue_minfree</a> 8109(default: 0)</b></DT><DD> 8110 8111<p> 8112The minimal amount of free space in bytes in the queue file system 8113that is needed to receive mail. This is currently used by the 8114Postfix SMTP server to decide if it will accept any mail at all. 8115</p> 8116 8117<p> 8118By default, the Postfix SMTP server rejects MAIL FROM commands when 8119the amount of free space is less than 1.5*$<a href="postconf.5.html#message_size_limit">message_size_limit</a> 8120(Postfix version 2.1 and later). 8121To specify a higher minimum free space limit, specify a <a href="postconf.5.html#queue_minfree">queue_minfree</a> 8122value that is at least 1.5*$<a href="postconf.5.html#message_size_limit">message_size_limit</a>. 8123</p> 8124 8125<p> 8126With Postfix versions 2.0 and earlier, a <a href="postconf.5.html#queue_minfree">queue_minfree</a> value of 8127zero means there is no minimum required amount of free space. 8128</p> 8129 8130 8131</DD> 8132 8133<DT><b><a name="queue_run_delay">queue_run_delay</a> 8134(default: 300s)</b></DT><DD> 8135 8136<p> 8137The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager; 8138prior to Postfix 2.4 the default value was 1000s. 8139</p> 8140 8141<p> This parameter should be set less than or equal to 8142$<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a>. See also $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>. </p> 8143 8144<p> 8145Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 8146The default time unit is s (seconds). 8147</p> 8148 8149 8150</DD> 8151 8152<DT><b><a name="queue_service_name">queue_service_name</a> 8153(default: qmgr)</b></DT><DD> 8154 8155<p> 8156The name of the <a href="qmgr.8.html">qmgr(8)</a> service. This service manages the Postfix 8157queue and schedules delivery requests. 8158</p> 8159 8160<p> 8161This feature is available in Postfix 2.0 and later. 8162</p> 8163 8164 8165</DD> 8166 8167<DT><b><a name="rbl_reply_maps">rbl_reply_maps</a> 8168(default: empty)</b></DT><DD> 8169 8170<p> 8171Optional lookup tables with RBL response templates. The tables are 8172indexed by the RBL domain name. By default, Postfix uses the default 8173template as specified with the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> configuration 8174parameter. See there for a discussion of the syntax of RBL reply 8175templates. 8176</p> 8177 8178<p> 8179This feature is available in Postfix 2.0 and later. 8180</p> 8181 8182 8183</DD> 8184 8185<DT><b><a name="readme_directory">readme_directory</a> 8186(default: see "postconf -d" output)</b></DT><DD> 8187 8188<p> 8189The location of Postfix README files that describe how to build, 8190configure or operate a specific Postfix subsystem or feature. 8191</p> 8192 8193 8194</DD> 8195 8196<DT><b><a name="receive_override_options">receive_override_options</a> 8197(default: empty)</b></DT><DD> 8198 8199<p> Enable or disable recipient validation, built-in content 8200filtering, or address mapping. Typically, these are specified in 8201<a href="master.5.html">master.cf</a> as command-line arguments for the <a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a> or 8202<a href="pickup.8.html">pickup(8)</a> daemons. </p> 8203 8204<p> Specify zero or more of the following options. The options 8205override <a href="postconf.5.html">main.cf</a> settings and are either implemented by <a href="smtpd.8.html">smtpd(8)</a>, 8206<a href="qmqpd.8.html">qmqpd(8)</a>, or <a href="pickup.8.html">pickup(8)</a> themselves, or they are forwarded to the 8207cleanup server. </p> 8208 8209<dl> 8210 8211<dt><b><a name="no_unknown_recipient_checks">no_unknown_recipient_checks</a></b></dt> 8212 8213<dd>Do not try to reject unknown recipients (SMTP server only). 8214This is typically specified AFTER an external content filter. 8215</dd> 8216 8217<dt><b><a name="no_address_mappings">no_address_mappings</a></b></dt> 8218 8219<dd>Disable canonical address mapping, virtual alias map expansion, 8220address masquerading, and automatic BCC (blind carbon-copy) 8221recipients. This is typically specified BEFORE an external content 8222filter. </dd> 8223 8224<dt><b><a name="no_header_body_checks">no_header_body_checks</a></b></dt> 8225 8226<dd>Disable header/body_checks. This is typically specified AFTER 8227an external content filter. </dd> 8228 8229<dt><b><a name="no_milters">no_milters</a></b></dt> 8230 8231<dd>Disable Milter (mail filter) applications. This is typically 8232specified AFTER an external content filter. </dd> 8233 8234</dl> 8235 8236<p> 8237Note: when the "BEFORE content filter" <a href="postconf.5.html#receive_override_options">receive_override_options</a> 8238setting is specified in the <a href="postconf.5.html">main.cf</a> file, specify the "AFTER content 8239filter" <a href="postconf.5.html#receive_override_options">receive_override_options</a> setting in <a href="master.5.html">master.cf</a> (and vice 8240versa). 8241</p> 8242 8243<p> 8244Examples: 8245</p> 8246 8247<pre> 8248<a href="postconf.5.html#receive_override_options">receive_override_options</a> = 8249 <a href="postconf.5.html#no_unknown_recipient_checks">no_unknown_recipient_checks</a>, <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a> 8250<a href="postconf.5.html#receive_override_options">receive_override_options</a> = <a href="postconf.5.html#no_address_mappings">no_address_mappings</a> 8251</pre> 8252 8253<p> 8254This feature is available in Postfix 2.1 and later. 8255</p> 8256 8257 8258</DD> 8259 8260<DT><b><a name="recipient_bcc_maps">recipient_bcc_maps</a> 8261(default: empty)</b></DT><DD> 8262 8263<p> 8264Optional BCC (blind carbon-copy) address lookup tables, indexed by 8265recipient address. The BCC address (multiple results are not 8266supported) is added when mail enters from outside of Postfix. 8267</p> 8268 8269<p> 8270This feature is available in Postfix 2.1 and later. 8271</p> 8272 8273<p> 8274The table search order is as follows: 8275</p> 8276 8277<ul> 8278 8279<li> Look up the "user+extension@domain.tld" address including the 8280optional address extension. 8281 8282<li> Look up the "user@domain.tld" address without the optional 8283address extension. 8284 8285<li> Look up the "user+extension" address local part when the 8286recipient domain equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 8287or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 8288 8289<li> Look up the "user" address local part when the recipient domain 8290equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 8291 8292<li> Look up the "@domain.tld" part. 8293 8294</ul> 8295 8296<p> 8297Specify the types and names of databases to use. After change, 8298run "<b>postmap /etc/postfix/recipient_bcc</b>". 8299</p> 8300 8301<p> 8302Note: if mail to the BCC address bounces it will be returned to 8303the sender. 8304</p> 8305 8306<p> Note: automatic BCC recipients are produced only for new mail. 8307To avoid mailer loops, automatic BCC recipients are not generated 8308after Postfix forwards mail internally, or after Postfix generates 8309mail itself. </p> 8310 8311<p> 8312Example: 8313</p> 8314 8315<pre> 8316<a href="postconf.5.html#recipient_bcc_maps">recipient_bcc_maps</a> = hash:/etc/postfix/recipient_bcc 8317</pre> 8318 8319 8320</DD> 8321 8322<DT><b><a name="recipient_canonical_classes">recipient_canonical_classes</a> 8323(default: envelope_recipient, header_recipient)</b></DT><DD> 8324 8325<p> What addresses are subject to <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> address 8326mapping. By default, <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> address mapping is 8327applied to envelope recipient addresses, and to header recipient 8328addresses. </p> 8329 8330<p> Specify one or more of: envelope_recipient, header_recipient 8331</p> 8332 8333<p> This feature is available in Postfix 2.2 and later. </p> 8334 8335 8336</DD> 8337 8338<DT><b><a name="recipient_canonical_maps">recipient_canonical_maps</a> 8339(default: empty)</b></DT><DD> 8340 8341<p> 8342Optional address mapping lookup tables for envelope and header 8343recipient addresses. 8344The table format and lookups are documented in <a href="canonical.5.html">canonical(5)</a>. 8345</p> 8346 8347<p> 8348Note: $<a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> is processed before $<a href="postconf.5.html#canonical_maps">canonical_maps</a>. 8349</p> 8350 8351<p> 8352Example: 8353</p> 8354 8355<pre> 8356<a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> = hash:/etc/postfix/recipient_canonical 8357</pre> 8358 8359 8360</DD> 8361 8362<DT><b><a name="recipient_delimiter">recipient_delimiter</a> 8363(default: empty)</b></DT><DD> 8364 8365<p> 8366The separator between user names and address extensions (user+foo). 8367See <a href="canonical.5.html">canonical(5)</a>, <a href="local.8.html">local(8)</a>, <a href="relocated.5.html">relocated(5)</a> and <a href="virtual.5.html">virtual(5)</a> for the 8368effects this has on aliases, canonical, virtual, relocated and 8369on .forward file lookups. Basically, the software tries user+foo 8370and .forward+foo before trying user and .forward. 8371</p> 8372 8373<p> 8374Example: 8375</p> 8376 8377<pre> 8378<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = + 8379</pre> 8380 8381 8382</DD> 8383 8384<DT><b><a name="reject_code">reject_code</a> 8385(default: 554)</b></DT><DD> 8386 8387<p> 8388The numerical Postfix SMTP server response code when a remote SMTP 8389client request is rejected by the "reject" restriction. 8390</p> 8391 8392<p> 8393Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. 8394</p> 8395 8396 8397</DD> 8398 8399<DT><b><a name="reject_tempfail_action">reject_tempfail_action</a> 8400(default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>)</b></DT><DD> 8401 8402<p> The Postfix SMTP server's action when a reject-type restriction 8403fails due to a temporary error condition. Specify "defer" to defer 8404the remote SMTP client request immediately. With the default 8405"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look 8406for opportunities to reject mail, and defers the client request 8407only if it would otherwise be accepted. </p> 8408 8409<p> For finer control, see: <a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a>, 8410<a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a>, <a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a>, 8411and <a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a>. </p> 8412 8413<p> This feature is available in Postfix 2.6 and later. </p> 8414 8415 8416</DD> 8417 8418<DT><b><a name="relay_clientcerts">relay_clientcerts</a> 8419(default: empty)</b></DT><DD> 8420 8421<p> List of tables with remote SMTP client-certificate fingerprints or 8422public key fingerprints (Postfix 2.9 and later) for which the Postfix 8423SMTP server will allow access with the <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> 8424feature. The fingerprint digest algorithm is configurable via the 8425<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to 8426Postfix version 2.5). </p> 8427 8428<p> Postfix lookup tables are in the form of (key, value) pairs. 8429Since we only need the key, the value can be chosen freely, e.g. 8430the name of the user or host: 8431D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home </p> 8432 8433<p> Example: </p> 8434 8435<pre> 8436<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a> = hash:/etc/postfix/relay_clientcerts 8437</pre> 8438 8439<p>For more fine-grained control, use <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> to select 8440an appropriate <a href="access.5.html">access(5)</a> policy for each client. 8441See <a href="RESTRICTION_CLASS_README.html">RESTRICTION_CLASS_README</a>.</p> 8442 8443<p>This feature is available with Postfix version 2.2.</p> 8444 8445 8446</DD> 8447 8448<DT><b><a name="relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> 8449(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 8450 8451<p> The maximal number of parallel deliveries to the same destination 8452via the relay message delivery transport. This limit is enforced 8453by the queue manager. The message delivery transport name is the 8454first field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 8455 8456<p> This feature is available in Postfix 2.0 and later. </p> 8457 8458 8459</DD> 8460 8461<DT><b><a name="relay_destination_recipient_limit">relay_destination_recipient_limit</a> 8462(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 8463 8464<p> The maximal number of recipients per message for the relay 8465message delivery transport. This limit is enforced by the queue 8466manager. The message delivery transport name is the first field in 8467the entry in the <a href="master.5.html">master.cf</a> file. </p> 8468 8469<p> Setting this parameter to a value of 1 changes the meaning of 8470<a href="postconf.5.html#relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> from concurrency per domain 8471into concurrency per recipient. </p> 8472 8473<p> This feature is available in Postfix 2.0 and later. </p> 8474 8475 8476</DD> 8477 8478<DT><b><a name="relay_domains">relay_domains</a> 8479(default: $<a href="postconf.5.html#mydestination">mydestination</a>)</b></DT><DD> 8480 8481<p> What destination domains (and subdomains thereof) this system 8482will relay mail to. Subdomain matching is controlled with the 8483<a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> parameter. For details about how 8484the <a href="postconf.5.html#relay_domains">relay_domains</a> value is used, see the description of the 8485<a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> and <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> SMTP recipient 8486restrictions. </p> 8487 8488<p> Domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a> are delivered with the 8489$<a href="postconf.5.html#relay_transport">relay_transport</a> mail delivery transport. The SMTP server validates 8490recipient addresses with $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> and rejects non-existent 8491recipients. See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the 8492<a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p> 8493 8494<p> Note: Postfix will not automatically forward mail for domains 8495that list this system as their primary or backup MX host. See the 8496<a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> restriction in the <a href="postconf.5.html">postconf(5)</a> manual page. </p> 8497 8498<p> Specify a list of host or domain names, "/file/name" patterns 8499or "<a href="DATABASE_README.html">type:table</a>" lookup tables, separated by commas and/or whitespace. 8500Continue long lines by starting the next line with whitespace. A 8501"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" 8502lookup table is matched when a (parent) domain appears as lookup 8503key. Specify "!pattern" to exclude a domain from the list. The form 8504"!/file/name" is supported only in Postfix version 2.4 and later. 8505</p> 8506 8507 8508</DD> 8509 8510<DT><b><a name="relay_domains_reject_code">relay_domains_reject_code</a> 8511(default: 554)</b></DT><DD> 8512 8513<p> 8514The numerical Postfix SMTP server response code when a client 8515request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient 8516restriction. 8517</p> 8518 8519<p> 8520Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. 8521</p> 8522 8523 8524</DD> 8525 8526<DT><b><a name="relay_recipient_maps">relay_recipient_maps</a> 8527(default: empty)</b></DT><DD> 8528 8529<p> Optional lookup tables with all valid addresses in the domains 8530that match $<a href="postconf.5.html#relay_domains">relay_domains</a>. Specify @domain as a wild-card for 8531domains that have no valid recipient list, and become a source of 8532backscatter mail: Postfix accepts spam for non-existent recipients 8533and then floods innocent people with undeliverable mail. Technically, 8534tables 8535listed with $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> are used as lists: Postfix needs 8536to know only if a lookup string is found or not, but it does not 8537use the result from table lookup. </p> 8538 8539<p> 8540If this parameter is non-empty, then the Postfix SMTP server will reject 8541mail to unknown relay users. This feature is off by default. 8542</p> 8543 8544<p> 8545See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> 8546file. 8547</p> 8548 8549<p> 8550Example: 8551</p> 8552 8553<pre> 8554<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> = hash:/etc/postfix/relay_recipients 8555</pre> 8556 8557<p> 8558This feature is available in Postfix 2.0 and later. 8559</p> 8560 8561 8562</DD> 8563 8564<DT><b><a name="relay_transport">relay_transport</a> 8565(default: relay)</b></DT><DD> 8566 8567<p> 8568The default mail delivery transport and next-hop destination for 8569remote delivery to domains listed with $<a href="postconf.5.html#relay_domains">relay_domains</a>. In order of 8570decreasing precedence, the nexthop destination is taken from 8571$<a href="postconf.5.html#relay_transport">relay_transport</a>, $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>, or 8572from the recipient domain. This information can be overruled with 8573the <a href="transport.5.html">transport(5)</a> table. 8574</p> 8575 8576<p> 8577Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 8578is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>. 8579The <i>:nexthop</i> destination is optional; its syntax is documented 8580in the manual page of the corresponding delivery agent. 8581</p> 8582 8583<p> 8584See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> 8585file. 8586</p> 8587 8588<p> 8589This feature is available in Postfix 2.0 and later. 8590</p> 8591 8592 8593</DD> 8594 8595<DT><b><a name="relayhost">relayhost</a> 8596(default: empty)</b></DT><DD> 8597 8598<p> 8599The next-hop destination of non-local mail; overrides non-local 8600domains in recipient addresses. This information is overruled with 8601<a href="postconf.5.html#relay_transport">relay_transport</a>, <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, 8602<a href="postconf.5.html#default_transport">default_transport</a>, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> 8603and with the <a href="transport.5.html">transport(5)</a> table. 8604</p> 8605 8606<p> 8607On an intranet, specify the organizational domain name. If your 8608internal DNS uses no MX records, specify the name of the intranet 8609gateway host instead. 8610</p> 8611 8612<p> 8613In the case of SMTP, specify a domain name, hostname, hostname:port, 8614[hostname]:port, [hostaddress] or [hostaddress]:port. The form 8615[hostname] turns off MX lookups. 8616</p> 8617 8618<p> 8619If you're connected via UUCP, see the <a href="UUCP_README.html">UUCP_README</a> file for useful 8620information. 8621</p> 8622 8623<p> 8624Examples: 8625</p> 8626 8627<pre> 8628<a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a> 8629<a href="postconf.5.html#relayhost">relayhost</a> = [gateway.example.com] 8630<a href="postconf.5.html#relayhost">relayhost</a> = uucphost 8631<a href="postconf.5.html#relayhost">relayhost</a> = [an.ip.add.ress] 8632</pre> 8633 8634 8635</DD> 8636 8637<DT><b><a name="relocated_maps">relocated_maps</a> 8638(default: empty)</b></DT><DD> 8639 8640<p> 8641Optional lookup tables with new contact information for users or 8642domains that no longer exist. The table format and lookups are 8643documented in <a href="relocated.5.html">relocated(5)</a>. 8644</p> 8645 8646<p> 8647If you use this feature, run "<b>postmap /etc/postfix/relocated</b>" to 8648build the necessary DBM or DB file after change, then "<b>postfix 8649reload</b>" to make the changes visible. 8650</p> 8651 8652<p> 8653Examples: 8654</p> 8655 8656<pre> 8657<a href="postconf.5.html#relocated_maps">relocated_maps</a> = dbm:/etc/postfix/relocated 8658<a href="postconf.5.html#relocated_maps">relocated_maps</a> = hash:/etc/postfix/relocated 8659</pre> 8660 8661 8662</DD> 8663 8664<DT><b><a name="remote_header_rewrite_domain">remote_header_rewrite_domain</a> 8665(default: empty)</b></DT><DD> 8666 8667<p> Don't rewrite message headers from remote clients at all when 8668this parameter is empty; otherwise, rewrite message headers and 8669append the specified domain name to incomplete addresses. The 8670<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls what clients Postfix 8671considers local. </p> 8672 8673<p> Examples: </p> 8674 8675<p> The safe setting: append "domain.invalid" to incomplete header 8676addresses from remote SMTP clients, so that those addresses cannot 8677be confused with local addresses. </p> 8678 8679<blockquote> 8680<pre> 8681<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> = domain.invalid 8682</pre> 8683</blockquote> 8684 8685<p> The default, purist, setting: don't rewrite headers from remote 8686clients at all. </p> 8687 8688<blockquote> 8689<pre> 8690<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> = 8691</pre> 8692</blockquote> 8693 8694 8695</DD> 8696 8697<DT><b><a name="require_home_directory">require_home_directory</a> 8698(default: no)</b></DT><DD> 8699 8700<p> 8701Require that a <a href="local.8.html">local(8)</a> recipient's home directory exists 8702before mail delivery is attempted. By default this test is disabled. 8703It can be useful for environments that import home directories to 8704the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED). 8705</p> 8706 8707 8708</DD> 8709 8710<DT><b><a name="reset_owner_alias">reset_owner_alias</a> 8711(default: no)</b></DT><DD> 8712 8713<p> Reset the <a href="local.8.html">local(8)</a> delivery agent's idea of the owner-alias 8714attribute, when delivering mail to a child alias that does not have 8715its own owner alias. </p> 8716 8717<p> This feature is available in Postfix 2.8 and later. With older 8718Postfix releases, the behavior is as if this parameter is set to 8719"yes". </p> 8720 8721<p> As documented in <a href="aliases.5.html">aliases(5)</a>, when an alias <i>name</i> has a 8722companion alias named owner-<i>name</i>, delivery errors will be 8723reported to the owner alias instead of the sender. This configuration 8724is recommended for mailing lists. <p> 8725 8726<p> A less known property of the owner alias is that it also forces 8727the <a href="local.8.html">local(8)</a> delivery agent to write local and remote addresses 8728from alias expansion to a new queue file, instead of attempting to 8729deliver mail to local addresses as soon as they come out of alias 8730expansion. </p> 8731 8732<p> Writing local addresses from alias expansion to a new queue 8733file allows for robust handling of temporary delivery errors: errors 8734with one local member have no effect on deliveries to other members 8735of the list. On the other hand, delivery to local addresses as 8736soon as they come out of alias expansion is fragile: a temporary 8737error with one local address from alias expansion will cause the 8738entire alias to be expanded repeatedly until the error goes away, 8739or until the message expires in the queue. In that case, a problem 8740with one list member results in multiple message deliveries to other 8741list members. </p> 8742 8743<p> The default behavior of Postfix 2.8 and later is to keep the 8744owner-alias attribute of the parent alias, when delivering mail to 8745a child alias that does not have its own owner alias. Then, local 8746addresses from that child alias will be written to a new queue file, 8747and a temporary error with one local address will not affect delivery 8748to other mailing list members. </p> 8749 8750<p> Unfortunately, older Postfix releases reset the owner-alias 8751attribute when delivering mail to a child alias that does not have 8752its own owner alias. The <a href="local.8.html">local(8)</a> delivery agent then attempts to 8753deliver local addresses as soon as they come out of child alias 8754expansion. If delivery to any address from child alias expansion 8755fails with a temporary error condition, the entire mailing list may 8756be expanded repeatedly until the mail expires in the queue, resulting 8757in multiple deliveries of the same message to mailing list members. 8758</p> 8759 8760 8761</DD> 8762 8763<DT><b><a name="resolve_dequoted_address">resolve_dequoted_address</a> 8764(default: yes)</b></DT><DD> 8765 8766<p> Resolve a recipient address safely instead of correctly, by 8767looking inside quotes. </p> 8768 8769<p> By default, the Postfix address resolver does not quote the 8770address localpart as per <a href="http://tools.ietf.org/html/rfc822">RFC 822</a>, so that additional @ or % or ! 8771operators remain visible. This behavior is safe but it is also 8772technically incorrect. </p> 8773 8774<p> If you specify "<a href="postconf.5.html#resolve_dequoted_address">resolve_dequoted_address</a> = no", then 8775the Postfix 8776resolver will not know about additional @ etc. operators in the 8777address localpart. This opens opportunities for obscure mail relay 8778attacks with user@domain@domain addresses when Postfix provides 8779backup MX service for Sendmail systems. </p> 8780 8781 8782</DD> 8783 8784<DT><b><a name="resolve_null_domain">resolve_null_domain</a> 8785(default: no)</b></DT><DD> 8786 8787<p> Resolve an address that ends in the "@" null domain as if the 8788local hostname were specified, instead of rejecting the address as 8789invalid. </p> 8790 8791<p> This feature is available in Postfix 2.1 and later. 8792Earlier versions always resolve the null domain as the local 8793hostname. </p> 8794 8795<p> The Postfix SMTP server uses this feature to reject mail from 8796or to addresses that end in the "@" null domain, and from addresses 8797that rewrite into a form that ends in the "@" null domain. </p> 8798 8799 8800</DD> 8801 8802<DT><b><a name="resolve_numeric_domain">resolve_numeric_domain</a> 8803(default: no)</b></DT><DD> 8804 8805<p> Resolve "user@ipaddress" as "user@[ipaddress]", instead of 8806rejecting the address as invalid. </p> 8807 8808<p> This feature is available in Postfix 2.3 and later. 8809 8810 8811</DD> 8812 8813<DT><b><a name="rewrite_service_name">rewrite_service_name</a> 8814(default: rewrite)</b></DT><DD> 8815 8816<p> 8817The name of the address rewriting service. This service rewrites 8818addresses to standard form and resolves them to a (delivery method, 8819next-hop host, recipient) triple. 8820</p> 8821 8822<p> 8823This feature is available in Postfix 2.0 and later. 8824</p> 8825 8826 8827</DD> 8828 8829<DT><b><a name="sample_directory">sample_directory</a> 8830(default: /etc/postfix)</b></DT><DD> 8831 8832<p> 8833The name of the directory with example Postfix configuration files. 8834Starting with Postfix 2.1, these files have been replaced with the 8835<a href="postconf.5.html">postconf(5)</a> manual page. 8836</p> 8837 8838 8839</DD> 8840 8841<DT><b><a name="send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> 8842(default: no)</b></DT><DD> 8843 8844<p> When authenticating to a remote SMTP or LMTP server with the 8845default setting "no", send no SASL authoriZation ID (authzid); send 8846only the SASL authentiCation ID (authcid) plus the authcid's password. 8847</p> 8848 8849<p> The non-default setting "yes" enables the behavior of older 8850Postfix versions. These always send a SASL authzid that is equal 8851to the SASL authcid, but this causes inter-operability problems 8852with some SMTP servers. </p> 8853 8854<p> This feature is available in Postfix 2.4.4 and later. </p> 8855 8856 8857</DD> 8858 8859<DT><b><a name="sender_based_routing">sender_based_routing</a> 8860(default: no)</b></DT><DD> 8861 8862<p> 8863This parameter should not be used. It was replaced by <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> 8864in Postfix version 2.3. 8865</p> 8866 8867 8868</DD> 8869 8870<DT><b><a name="sender_bcc_maps">sender_bcc_maps</a> 8871(default: empty)</b></DT><DD> 8872 8873<p> Optional BCC (blind carbon-copy) address lookup tables, indexed 8874by sender address. The BCC address (multiple results are not 8875supported) is added when mail enters from outside of Postfix. </p> 8876 8877<p> 8878This feature is available in Postfix 2.1 and later. 8879</p> 8880 8881<p> 8882The table search order is as follows: 8883</p> 8884 8885<ul> 8886 8887<li> Look up the "user+extension@domain.tld" address including the 8888optional address extension. 8889 8890<li> Look up the "user@domain.tld" address without the optional 8891address extension. 8892 8893<li> Look up the "user+extension" address local part when the 8894sender domain equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 8895or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 8896 8897<li> Look up the "user" address local part when the sender domain 8898equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 8899 8900<li> Look up the "@domain.tld" part. 8901 8902</ul> 8903 8904<p> 8905Specify the types and names of databases to use. After change, 8906run "<b>postmap /etc/postfix/sender_bcc</b>". 8907</p> 8908 8909<p> 8910Note: if mail to the BCC address bounces it will be returned to 8911the sender. 8912</p> 8913 8914<p> Note: automatic BCC recipients are produced only for new mail. 8915To avoid mailer loops, automatic BCC recipients are not generated 8916after Postfix forwards mail internally, or after Postfix generates 8917mail itself. </p> 8918 8919<p> 8920Example: 8921</p> 8922 8923<pre> 8924<a href="postconf.5.html#sender_bcc_maps">sender_bcc_maps</a> = hash:/etc/postfix/sender_bcc 8925</pre> 8926 8927 8928</DD> 8929 8930<DT><b><a name="sender_canonical_classes">sender_canonical_classes</a> 8931(default: envelope_sender, header_sender)</b></DT><DD> 8932 8933<p> What addresses are subject to <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address 8934mapping. By default, <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address mapping is 8935applied to envelope sender addresses, and to header sender addresses. 8936</p> 8937 8938<p> Specify one or more of: envelope_sender, header_sender </p> 8939 8940<p> This feature is available in Postfix 2.2 and later. </p> 8941 8942 8943</DD> 8944 8945<DT><b><a name="sender_canonical_maps">sender_canonical_maps</a> 8946(default: empty)</b></DT><DD> 8947 8948<p> 8949Optional address mapping lookup tables for envelope and header 8950sender addresses. 8951The table format and lookups are documented in <a href="canonical.5.html">canonical(5)</a>. 8952</p> 8953 8954<p> 8955Example: you want to rewrite the SENDER address "user@ugly.domain" 8956to "user@pretty.domain", while still being able to send mail to 8957the RECIPIENT address "user@ugly.domain". 8958</p> 8959 8960<p> 8961Note: $<a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> is processed before $<a href="postconf.5.html#canonical_maps">canonical_maps</a>. 8962</p> 8963 8964<p> 8965Example: 8966</p> 8967 8968<pre> 8969<a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> = hash:/etc/postfix/sender_canonical 8970</pre> 8971 8972 8973</DD> 8974 8975<DT><b><a name="sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> 8976(default: empty)</b></DT><DD> 8977 8978<p> A sender-dependent override for the global <a href="postconf.5.html#default_transport">default_transport</a> 8979parameter setting. The tables are searched by the envelope sender 8980address and @domain. A lookup result of DUNNO terminates the search 8981without overriding the global <a href="postconf.5.html#default_transport">default_transport</a> parameter setting. 8982This information is overruled with the <a href="transport.5.html">transport(5)</a> table. </p> 8983 8984<p> Note: this overrides <a href="postconf.5.html#default_transport">default_transport</a>, not <a href="postconf.5.html#transport_maps">transport_maps</a>, and 8985therefore the expected syntax is that of <a href="postconf.5.html#default_transport">default_transport</a>, not the 8986syntax of <a href="postconf.5.html#transport_maps">transport_maps</a>. Specifically, this does not support the 8987<a href="postconf.5.html#transport_maps">transport_maps</a> syntax for null transport, null nexthop, or null 8988email addresses. </p> 8989 8990<p> For safety reasons, this feature does not allow $number 8991substitutions in regular expression maps. </p> 8992 8993<p> This feature is available in Postfix 2.7 and later. </p> 8994 8995 8996</DD> 8997 8998<DT><b><a name="sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> 8999(default: empty)</b></DT><DD> 9000 9001<p> A sender-dependent override for the global <a href="postconf.5.html#relayhost">relayhost</a> parameter 9002setting. The tables are searched by the envelope sender address and 9003@domain. A lookup result of DUNNO terminates the search without 9004overriding the global <a href="postconf.5.html#relayhost">relayhost</a> parameter setting (Postfix 2.6 and 9005later). This information is overruled with <a href="postconf.5.html#relay_transport">relay_transport</a>, 9006<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, <a href="postconf.5.html#default_transport">default_transport</a> and with 9007the <a href="transport.5.html">transport(5)</a> table. </p> 9008 9009<p> For safety reasons, this feature does not allow $number 9010substitutions in regular expression maps. </p> 9011 9012<p> 9013This feature is available in Postfix 2.3 and later. 9014</p> 9015 9016 9017</DD> 9018 9019<DT><b><a name="sendmail_fix_line_endings">sendmail_fix_line_endings</a> 9020(default: always)</b></DT><DD> 9021 9022<p> Controls how the Postfix sendmail command converts email message 9023line endings from <CR><LF> into UNIX format (<LF>). 9024</p> 9025 9026<dl> 9027 9028<dt> <b>always</b> </dt> <dd> Always convert message lines ending 9029in <CR><LF>. This setting is the default with Postfix 90302.9 and later. </dd> 9031 9032<dt> <b>strict</b> </dt> <dd> Convert message lines ending in 9033<CR><LF> only if the first input line ends in 9034<CR><LF>. This setting is backwards-compatible with 9035Postfix 2.8 and earlier. </dd> 9036 9037<dt> <b>never</b> </dt> <dd> Never convert message lines ending in 9038<CR><LF>. This setting exists for completeness only. 9039</dd> 9040 9041</dl> 9042 9043<p> This feature is available in Postfix 2.9 and later. </p> 9044 9045 9046</DD> 9047 9048<DT><b><a name="sendmail_path">sendmail_path</a> 9049(default: see "postconf -d" output)</b></DT><DD> 9050 9051<p> 9052A Sendmail compatibility feature that specifies the location of 9053the Postfix <a href="sendmail.1.html">sendmail(1)</a> command. This command can be used to 9054submit mail into the Postfix queue. 9055</p> 9056 9057 9058</DD> 9059 9060<DT><b><a name="service_throttle_time">service_throttle_time</a> 9061(default: 60s)</b></DT><DD> 9062 9063<p> 9064How long the Postfix <a href="master.8.html">master(8)</a> waits before forking a server that 9065appears to be malfunctioning. 9066</p> 9067 9068<p> 9069Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9070The default time unit is s (seconds). 9071</p> 9072 9073 9074</DD> 9075 9076<DT><b><a name="setgid_group">setgid_group</a> 9077(default: postdrop)</b></DT><DD> 9078 9079<p> 9080The group ownership of set-gid Postfix commands and of group-writable 9081Postfix directories. When this parameter value is changed you need 9082to re-run "<b>postfix set-permissions</b>" (with Postfix version 2.0 and 9083earlier: "<b>/etc/postfix/post-install set-permissions</b>". 9084</p> 9085 9086 9087</DD> 9088 9089<DT><b><a name="show_user_unknown_table_name">show_user_unknown_table_name</a> 9090(default: yes)</b></DT><DD> 9091 9092<p> 9093Display the name of the recipient table in the "User unknown" 9094responses. The extra detail makes trouble shooting easier but also 9095reveals information that is nobody elses business. 9096</p> 9097 9098<p> 9099This feature is available in Postfix 2.0 and later. 9100</p> 9101 9102 9103</DD> 9104 9105<DT><b><a name="showq_service_name">showq_service_name</a> 9106(default: showq)</b></DT><DD> 9107 9108<p> 9109The name of the <a href="showq.8.html">showq(8)</a> service. This service produces mail queue 9110status reports. 9111</p> 9112 9113<p> 9114This feature is available in Postfix 2.0 and later. 9115</p> 9116 9117 9118</DD> 9119 9120<DT><b><a name="smtp_address_preference">smtp_address_preference</a> 9121(default: any)</b></DT><DD> 9122 9123<p> The address type ("ipv6", "ipv4" or "any") that the Postfix 9124SMTP client will try first, when a destination has IPv6 and IPv4 9125addresses with equal MX preference. This feature has no effect 9126unless the <a href="postconf.5.html#inet_protocols">inet_protocols</a> setting enables both IPv4 and IPv6. 9127With Postfix 2.8 the default is "ipv6". </p> 9128 9129<p> This feature is available in Postfix 2.8 and later. </p> 9130 9131 9132</DD> 9133 9134<DT><b><a name="smtp_always_send_ehlo">smtp_always_send_ehlo</a> 9135(default: yes)</b></DT><DD> 9136 9137<p> 9138Always send EHLO at the start of an SMTP session. 9139</p> 9140 9141<p> 9142With "<a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> = no", the Postfix SMTP client sends 9143EHLO only when 9144the word "ESMTP" appears in the server greeting banner (example: 9145220 spike.porcupine.org ESMTP Postfix). 9146</p> 9147 9148 9149</DD> 9150 9151<DT><b><a name="smtp_bind_address">smtp_bind_address</a> 9152(default: empty)</b></DT><DD> 9153 9154<p> 9155An optional numerical network address that the Postfix SMTP client 9156should bind to when making an IPv4 connection. 9157</p> 9158 9159<p> 9160This can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP clients, or 9161it can be specified in the <a href="master.5.html">master.cf</a> file for a specific client, 9162for example: 9163</p> 9164 9165<blockquote> 9166<pre> 9167/etc/postfix/<a href="master.5.html">master.cf</a>: 9168 smtp ... smtp -o <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>=11.22.33.44 9169</pre> 9170</blockquote> 9171 9172<p> Note 1: when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies no more than one IPv4 9173address, and that address is a non-loopback address, it is 9174automatically used as the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>. This supports virtual 9175IP hosting, but can be a problem on multi-homed firewalls. See the 9176<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> documentation for more detail. </p> 9177 9178<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 9179but this form is not required here. </p> 9180 9181 9182</DD> 9183 9184<DT><b><a name="smtp_bind_address6">smtp_bind_address6</a> 9185(default: empty)</b></DT><DD> 9186 9187<p> 9188An optional numerical network address that the Postfix SMTP client 9189should bind to when making an IPv6 connection. 9190</p> 9191 9192<p> This feature is available in Postfix 2.2 and later. </p> 9193 9194<p> 9195This can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP clients, or 9196it can be specified in the <a href="master.5.html">master.cf</a> file for a specific client, 9197for example: 9198</p> 9199 9200<blockquote> 9201<pre> 9202/etc/postfix/<a href="master.5.html">master.cf</a>: 9203 smtp ... smtp -o <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>=1:2:3:4:5:6:7:8 9204</pre> 9205</blockquote> 9206 9207<p> Note 1: when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies no more than one IPv6 9208address, and that address is a non-loopback address, it is 9209automatically used as the <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>. This supports virtual 9210IP hosting, but can be a problem on multi-homed firewalls. See the 9211<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> documentation for more detail. </p> 9212 9213<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 9214but this form is not recommended here. </p> 9215 9216 9217</DD> 9218 9219<DT><b><a name="smtp_body_checks">smtp_body_checks</a> 9220(default: empty)</b></DT><DD> 9221 9222<p> Restricted <a href="header_checks.5.html">body_checks(5)</a> tables for the Postfix SMTP client. 9223These tables are searched while mail is being delivered. Actions 9224that change the delivery time or destination are not available. 9225</p> 9226 9227<p> This feature is available in Postfix 2.5 and later. </p> 9228 9229 9230</DD> 9231 9232<DT><b><a name="smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> 9233(default: version dependent)</b></DT><DD> 9234 9235<p> Allow DNS CNAME records to override the servername that the 9236Postfix SMTP client uses for logging, SASL password lookup, TLS 9237policy decisions, or TLS certificate verification. The value "no" 9238hardens Postfix <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> hostname-based policies against 9239false hostname information in DNS CNAME records, and makes SASL 9240password file lookups more predictable. This is the default setting 9241as of Postfix 2.3. </p> 9242 9243<p> This feature is available in Postfix 2.2.9 and later. </p> 9244 9245 9246</DD> 9247 9248<DT><b><a name="smtp_connect_timeout">smtp_connect_timeout</a> 9249(default: 30s)</b></DT><DD> 9250 9251<p> 9252The Postfix SMTP client time limit for completing a TCP connection, or 9253zero (use the operating system built-in time limit). 9254</p> 9255 9256<p> 9257When no connection can be made within the deadline, the Postfix 9258SMTP client 9259tries the next address on the mail exchanger list. Specify 0 to 9260disable the time limit (i.e. use whatever timeout is implemented by 9261the operating system). 9262</p> 9263 9264<p> 9265Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9266The default time unit is s (seconds). 9267</p> 9268 9269 9270</DD> 9271 9272<DT><b><a name="smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> 9273(default: empty)</b></DT><DD> 9274 9275<p> Permanently enable SMTP connection caching for the specified 9276destinations. With SMTP connection caching, a connection is not 9277closed immediately after completion of a mail transaction. Instead, 9278the connection is kept open for up to $<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> 9279seconds. This allows connections to be reused for other deliveries, 9280and can improve mail delivery performance. </p> 9281 9282<p> Specify a comma or white space separated list of destinations 9283or pseudo-destinations: </p> 9284 9285<ul> 9286 9287<li> if mail is sent without a <a href="postconf.5.html#relayhost">relay host</a>: a domain name (the 9288right-hand side of an email address, without the [] around a numeric 9289IP address), 9290 9291<li> if mail is sent via a <a href="postconf.5.html#relayhost">relay host</a>: a <a href="postconf.5.html#relayhost">relay host</a> name (without 9292[] or non-default TCP port), as specified in <a href="postconf.5.html">main.cf</a> or in the 9293transport map, 9294 9295<li> if mail is sent via a UNIX-domain socket: a pathname (without 9296the unix: prefix), 9297 9298<li> a /file/name with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names as 9299defined above, 9300 9301<li> a "<a href="DATABASE_README.html">type:table</a>" with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names on 9302the left-hand side. The right-hand side result from "<a href="DATABASE_README.html">type:table</a>" 9303lookups is ignored. 9304 9305</ul> 9306 9307<p> This feature is available in Postfix 2.2 and later. </p> 9308 9309 9310</DD> 9311 9312<DT><b><a name="smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> 9313(default: yes)</b></DT><DD> 9314 9315<p> Temporarily enable SMTP connection caching while a destination 9316has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. With SMTP connection 9317caching, a connection is not closed immediately after completion 9318of a mail transaction. Instead, the connection is kept open for 9319up to $<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> seconds. This allows 9320connections to be reused for other deliveries, and can improve mail 9321delivery performance. </p> 9322 9323<p> This feature is available in Postfix 2.2 and later. </p> 9324 9325 9326</DD> 9327 9328<DT><b><a name="smtp_connection_cache_reuse_limit">smtp_connection_cache_reuse_limit</a> 9329(default: 10)</b></DT><DD> 9330 9331<p> When SMTP connection caching is enabled, the number of times that 9332an SMTP session may be reused before it is closed. 9333</p> 9334 9335<p> This feature is available in Postfix 2.2. In Postfix 2.3 it is 9336replaced by $<a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a>.</p> 9337 9338 9339</DD> 9340 9341<DT><b><a name="smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> 9342(default: 2s)</b></DT><DD> 9343 9344<p> When SMTP connection caching is enabled, the amount of time that 9345an unused SMTP client socket is kept open before it is closed. Do 9346not specify larger values without permission from the remote sites. 9347</p> 9348 9349<p> This feature is available in Postfix 2.2 and later. </p> 9350 9351 9352</DD> 9353 9354<DT><b><a name="smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> 9355(default: 300s)</b></DT><DD> 9356 9357<p> The amount of time during which Postfix will use an SMTP 9358connection repeatedly. The timer starts when the connection is 9359initiated (i.e. it includes the connect, greeting and helo latency, 9360in addition to the latencies of subsequent mail delivery transactions). 9361</p> 9362 9363<p> This feature addresses a performance stability problem with 9364remote SMTP servers. This problem is not specific to Postfix: it 9365can happen when any MTA sends large amounts of SMTP email to a site 9366that has multiple MX hosts. </p> 9367 9368<p> The problem starts when one of a set of MX hosts becomes slower 9369than the rest. Even though SMTP clients connect to fast and slow 9370MX hosts with equal probability, the slow MX host ends up with more 9371simultaneous inbound connections than the faster MX hosts, because 9372the slow MX host needs more time to serve each client request. </p> 9373 9374<p> The slow MX host becomes a connection attractor. If one MX 9375host becomes N times slower than the rest, it dominates mail delivery 9376latency unless there are more than N fast MX hosts to counter the 9377effect. And if the number of MX hosts is smaller than N, the mail 9378delivery latency becomes effectively that of the slowest MX host 9379divided by the total number of MX hosts. </p> 9380 9381<p> The solution uses connection caching in a way that differs from 9382Postfix version 2.2. By limiting the amount of time during which a connection 9383can be used repeatedly (instead of limiting the number of deliveries 9384over that connection), Postfix not only restores fairness in the 9385distribution of simultaneous connections across a set of MX hosts, 9386it also favors deliveries over connections that perform well, which 9387is exactly what we want. </p> 9388 9389<p> The default reuse time limit, 300s, is comparable to the various 9390smtp transaction timeouts which are fair estimates of maximum excess 9391latency for a slow delivery. Note that hosts may accept thousands 9392of messages over a single connection within the default connection 9393reuse time limit. This number is much larger than the default Postfix 9394version 2.2 limit of 10 messages per cached connection. It may prove necessary 9395to lower the limit to avoid interoperability issues with MTAs that 9396exhibit bugs when many messages are delivered via a single connection. 9397A lower reuse time limit risks losing the benefit of connection 9398reuse when the average connection and mail delivery latency exceeds 9399the reuse time limit. </p> 9400 9401<p> This feature is available in Postfix 2.3 and later. </p> 9402 9403 9404</DD> 9405 9406<DT><b><a name="smtp_data_done_timeout">smtp_data_done_timeout</a> 9407(default: 600s)</b></DT><DD> 9408 9409<p> 9410The Postfix SMTP client time limit for sending the SMTP ".", and 9411for receiving the remote SMTP server response. 9412</p> 9413 9414<p> 9415When no response is received within the deadline, a warning is 9416logged that the mail may be delivered multiple times. 9417</p> 9418 9419<p> 9420Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9421The default time unit is s (seconds). 9422</p> 9423 9424 9425</DD> 9426 9427<DT><b><a name="smtp_data_init_timeout">smtp_data_init_timeout</a> 9428(default: 120s)</b></DT><DD> 9429 9430<p> 9431The Postfix SMTP client time limit for sending the SMTP DATA command, 9432and for receiving the remote SMTP server response. 9433</p> 9434 9435<p> 9436Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9437The default time unit is s (seconds). 9438</p> 9439 9440 9441</DD> 9442 9443<DT><b><a name="smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> 9444(default: 180s)</b></DT><DD> 9445 9446<p> 9447The Postfix SMTP client time limit for sending the SMTP message content. 9448When the connection makes no progress for more than $<a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> 9449seconds the Postfix SMTP client terminates the transfer. 9450</p> 9451 9452<p> 9453Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9454The default time unit is s (seconds). 9455</p> 9456 9457 9458</DD> 9459 9460<DT><b><a name="smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> 9461(default: no)</b></DT><DD> 9462 9463<p> 9464Defer mail delivery when no MX record resolves to an IP address. 9465</p> 9466 9467<p> 9468The default (no) is to return the mail as undeliverable. With older 9469Postfix versions the default was to keep trying to deliver the mail 9470until someone fixed the MX record or until the mail was too old. 9471</p> 9472 9473<p> 9474Note: the Postfix SMTP client always ignores MX records with equal 9475or worse preference 9476than the local MTA itself. 9477</p> 9478 9479<p> 9480This feature is available in Postfix 2.1 and later. 9481</p> 9482 9483 9484</DD> 9485 9486<DT><b><a name="smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> 9487(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 9488 9489<p> The maximal number of parallel deliveries to the same destination 9490via the smtp message delivery transport. This limit is enforced by 9491the queue manager. The message delivery transport name is the first 9492field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 9493 9494 9495</DD> 9496 9497<DT><b><a name="smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> 9498(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 9499 9500<p> The maximal number of recipients per message for the smtp 9501message delivery transport. This limit is enforced by the queue 9502manager. The message delivery transport name is the first field in 9503the entry in the <a href="master.5.html">master.cf</a> file. </p> 9504 9505<p> Setting this parameter to a value of 1 changes the meaning of 9506<a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> from concurrency per domain 9507into concurrency per recipient. </p> 9508 9509 9510</DD> 9511 9512<DT><b><a name="smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> 9513(default: empty)</b></DT><DD> 9514 9515<p> Lookup tables, indexed by the remote SMTP server address, with 9516case insensitive lists of EHLO keywords (pipelining, starttls, auth, 9517etc.) that the Postfix SMTP client will ignore in the EHLO response from a 9518remote SMTP server. See <a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> for details. The 9519table is not indexed by hostname for consistency with 9520<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>. </p> 9521 9522<p> This feature is available in Postfix 2.2 and later. </p> 9523 9524 9525</DD> 9526 9527<DT><b><a name="smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> 9528(default: empty)</b></DT><DD> 9529 9530<p> A case insensitive list of EHLO keywords (pipelining, starttls, 9531auth, etc.) that the Postfix SMTP client will ignore in the EHLO 9532response from a remote SMTP server. </p> 9533 9534<p> This feature is available in Postfix 2.2 and later. </p> 9535 9536<p> Notes: </p> 9537 9538<ul> 9539 9540<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 9541this action from being logged. </p> 9542 9543<li> <p> Use the <a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> feature to 9544discard EHLO keywords selectively. </p> 9545 9546</ul> 9547 9548 9549</DD> 9550 9551<DT><b><a name="smtp_dns_resolver_options">smtp_dns_resolver_options</a> 9552(default: empty)</b></DT><DD> 9553 9554<p> DNS Resolver options for the Postfix SMTP client. Specify zero 9555or more of the following options, separated by comma or whitespace. 9556Option names are case-sensitive. Some options refer to domain names 9557that are specified in the file /etc/resolv.conf or equivalent. </p> 9558 9559<dl> 9560 9561<dt><b>res_defnames</b></dt> 9562 9563<dd> Append the current domain name to single-component names (those 9564that do not contain a "." character). This can produce incorrect 9565results, and is the hard-coded behavior prior to Postfix 2.8. </dd> 9566 9567<dt><b>res_dnsrch</b></dt> 9568 9569<dd> Search for host names in the current domain and in parent 9570domains. This can produce incorrect results and is therefore not 9571recommended. </dd> 9572 9573</dl> 9574 9575<p> This feature is available in Postfix 2.8 and later. </p> 9576 9577 9578</DD> 9579 9580<DT><b><a name="smtp_enforce_tls">smtp_enforce_tls</a> 9581(default: no)</b></DT><DD> 9582 9583<p> Enforcement mode: require that remote SMTP servers use TLS 9584encryption, and never send mail in the clear. This also requires 9585that the remote SMTP server hostname matches the information in 9586the remote server certificate, and that the remote SMTP server 9587certificate was issued by a CA that is trusted by the Postfix SMTP 9588client. If the certificate doesn't verify or the hostname doesn't 9589match, delivery is deferred and mail stays in the queue. </p> 9590 9591<p> The server hostname is matched against all names provided as 9592dNSNames in the SubjectAlternativeName. If no dNSNames are specified, 9593the CommonName is checked. The behavior may be changed with the 9594<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> option. </p> 9595 9596<p> This option is useful only if you are definitely sure that you 9597will only connect to servers that support <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> _and_ that 9598provide valid server certificates. Typical use is for clients that 9599send all their email to a dedicated mailhub. </p> 9600 9601<p> This feature is available in Postfix 2.2 and later. With 9602Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p> 9603 9604 9605</DD> 9606 9607<DT><b><a name="smtp_fallback_relay">smtp_fallback_relay</a> 9608(default: $<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b></DT><DD> 9609 9610<p> 9611Optional list of relay hosts for SMTP destinations that can't be 9612found or that are unreachable. With Postfix 2.2 and earlier this 9613parameter is called <a href="postconf.5.html#fallback_relay">fallback_relay</a>. </p> 9614 9615<p> 9616By default, mail is returned to the sender when a destination is 9617not found, and delivery is deferred when a destination is unreachable. 9618</p> 9619 9620<p> The fallback relays must be SMTP destinations. Specify a domain, 9621host, host:port, [host]:port, [address] or [address]:port; the form 9622[host] turns off MX lookups. If you specify multiple SMTP 9623destinations, Postfix will try them in the specified order. </p> 9624 9625<p> To prevent mailer loops between MX hosts and fall-back hosts, 9626Postfix version 2.2 and later will not use the fallback relays for 9627destinations that it is MX host for (assuming DNS lookup is turned on). 9628</p> 9629 9630 9631</DD> 9632 9633<DT><b><a name="smtp_generic_maps">smtp_generic_maps</a> 9634(default: empty)</b></DT><DD> 9635 9636<p> Optional lookup tables that perform address rewriting in the 9637Postfix SMTP client, typically to transform a locally valid address into 9638a globally valid address when sending mail across the Internet. 9639This is needed when the local machine does not have its own Internet 9640domain name, but uses something like <i>localdomain.local</i> 9641instead. </p> 9642 9643<p> The table format and lookups are documented in <a href="generic.5.html">generic(5)</a>; 9644examples are shown in the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> and 9645<a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> documents. </p> 9646 9647<p> This feature is available in Postfix 2.2 and later. </p> 9648 9649 9650</DD> 9651 9652<DT><b><a name="smtp_header_checks">smtp_header_checks</a> 9653(default: empty)</b></DT><DD> 9654 9655<p> Restricted <a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP client. 9656These tables are searched while mail is being delivered. Actions 9657that change the delivery time or destination are not available. 9658</p> 9659 9660<p> This feature is available in Postfix 2.5 and later. </p> 9661 9662 9663</DD> 9664 9665<DT><b><a name="smtp_helo_name">smtp_helo_name</a> 9666(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 9667 9668<p> 9669The hostname to send in the SMTP EHLO or HELO command. 9670</p> 9671 9672<p> 9673The default value is the machine hostname. Specify a hostname or 9674[ip.add.re.ss]. 9675</p> 9676 9677<p> 9678This information can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP 9679clients, or it can be specified in the <a href="master.5.html">master.cf</a> file for a specific 9680client, for example: 9681</p> 9682 9683<blockquote> 9684<pre> 9685/etc/postfix/<a href="master.5.html">master.cf</a>: 9686 mysmtp ... smtp -o <a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a>=foo.bar.com 9687</pre> 9688</blockquote> 9689 9690<p> 9691This feature is available in Postfix 2.0 and later. 9692</p> 9693 9694 9695</DD> 9696 9697<DT><b><a name="smtp_helo_timeout">smtp_helo_timeout</a> 9698(default: 300s)</b></DT><DD> 9699 9700<p> 9701The Postfix SMTP client time limit for sending the HELO or EHLO command, 9702and for receiving the initial remote SMTP server response. 9703</p> 9704 9705<p> 9706Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9707The default time unit is s (seconds). 9708</p> 9709 9710 9711</DD> 9712 9713<DT><b><a name="smtp_host_lookup">smtp_host_lookup</a> 9714(default: dns)</b></DT><DD> 9715 9716<p> 9717What mechanisms the Postfix SMTP client uses to look up a host's IP 9718address. This parameter is ignored when DNS lookups are disabled 9719(see: <a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a>). 9720</p> 9721 9722<p> 9723Specify one of the following: 9724</p> 9725 9726<dl> 9727 9728<dt><b>dns</b></dt> 9729 9730<dd>Hosts can be found in the DNS (preferred). </dd> 9731 9732<dt><b>native</b></dt> 9733 9734<dd>Use the native naming service only (nsswitch.conf, or equivalent 9735mechanism). </dd> 9736 9737<dt><b>dns, native</b></dt> 9738 9739<dd>Use the native service for hosts not found in the DNS. </dd> 9740 9741</dl> 9742 9743<p> 9744This feature is available in Postfix 2.1 and later. 9745</p> 9746 9747 9748</DD> 9749 9750<DT><b><a name="smtp_line_length_limit">smtp_line_length_limit</a> 9751(default: 998)</b></DT><DD> 9752 9753<p> 9754The maximal length of message header and body lines that Postfix 9755will send via SMTP. This limit does not include the <CR><LF> 9756at the end of each line. Longer lines are broken by inserting 9757"<CR><LF><SPACE>", to minimize the damage to MIME 9758formatted mail. 9759</p> 9760 9761<p> 9762The Postfix limit of 998 characters not including <CR><LF> 9763is consistent with the SMTP limit of 1000 characters including 9764<CR><LF>. The Postfix limit was 990 with Postfix 2.8 9765and earlier. 9766</p> 9767 9768 9769</DD> 9770 9771<DT><b><a name="smtp_mail_timeout">smtp_mail_timeout</a> 9772(default: 300s)</b></DT><DD> 9773 9774<p> 9775The Postfix SMTP client time limit for sending the MAIL FROM command, 9776and for receiving the remote SMTP server response. 9777</p> 9778 9779<p> 9780Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9781The default time unit is s (seconds). 9782</p> 9783 9784 9785</DD> 9786 9787<DT><b><a name="smtp_mime_header_checks">smtp_mime_header_checks</a> 9788(default: empty)</b></DT><DD> 9789 9790<p> Restricted mime_<a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP 9791client. These tables are searched while mail is being delivered. 9792Actions that change the delivery time or destination are not 9793available. </p> 9794 9795<p> This feature is available in Postfix 2.5 and later. </p> 9796 9797 9798</DD> 9799 9800<DT><b><a name="smtp_mx_address_limit">smtp_mx_address_limit</a> 9801(default: 5)</b></DT><DD> 9802 9803<p> 9804The maximal number of MX (mail exchanger) IP addresses that can 9805result from Postfix SMTP client mail exchanger lookups, or zero (no 9806limit). Prior to 9807Postfix version 2.3, this limit was disabled by default. 9808</p> 9809 9810<p> 9811This feature is available in Postfix 2.1 and later. 9812</p> 9813 9814 9815</DD> 9816 9817<DT><b><a name="smtp_mx_session_limit">smtp_mx_session_limit</a> 9818(default: 2)</b></DT><DD> 9819 9820<p> The maximal number of SMTP sessions per delivery request before 9821the Postfix SMTP client 9822gives up or delivers to a fall-back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no 9823limit). This restriction ignores sessions that fail to complete the 9824SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to 9825complete the EHLO and TLS handshake (Postfix version 2.3 and later). </p> 9826 9827<p> This feature is available in Postfix 2.1 and later. </p> 9828 9829 9830</DD> 9831 9832<DT><b><a name="smtp_nested_header_checks">smtp_nested_header_checks</a> 9833(default: empty)</b></DT><DD> 9834 9835<p> Restricted nested_<a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP 9836client. These tables are searched while mail is being delivered. 9837Actions that change the delivery time or destination are not 9838available. </p> 9839 9840<p> This feature is available in Postfix 2.5 and later. </p> 9841 9842 9843</DD> 9844 9845<DT><b><a name="smtp_never_send_ehlo">smtp_never_send_ehlo</a> 9846(default: no)</b></DT><DD> 9847 9848<p> Never send EHLO at the start of an SMTP session. See also the 9849<a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> parameter. </p> 9850 9851 9852</DD> 9853 9854<DT><b><a name="smtp_per_record_deadline">smtp_per_record_deadline</a> 9855(default: no)</b></DT><DD> 9856 9857<p> Change the behavior of the smtp_*_timeout time limits, from a 9858time limit per read or write system call, to a time limit to send 9859or receive a complete record (an SMTP command line, SMTP response 9860line, SMTP message content line, or TLS protocol message). This 9861limits the impact from hostile peers that trickle data one byte at 9862a time. </p> 9863 9864<p> Note: when per-record deadlines are enabled, a short timeout 9865may cause problems with TLS over very slow network connections. 9866The reasons are that a TLS protocol message can be up to 16 kbytes 9867long (with TLSv1), and that an entire TLS protocol message must be 9868sent or received within the per-record deadline. </p> 9869 9870<p> This feature is available in Postfix 2.9 and later. With older 9871Postfix releases, the behavior is as if this parameter is set to 9872"no". </p> 9873 9874 9875</DD> 9876 9877<DT><b><a name="smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> 9878(default: 10s)</b></DT><DD> 9879 9880<p> 9881How long the Postfix SMTP client pauses before sending 9882".<CR><LF>" in order to work around the PIX firewall 9883"<CR><LF>.<CR><LF>" bug. 9884</p> 9885 9886<p> 9887Choosing a too short time makes this workaround ineffective when 9888sending large messages over slow network connections. 9889</p> 9890 9891 9892</DD> 9893 9894<DT><b><a name="smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> 9895(default: empty)</b></DT><DD> 9896 9897<p> Lookup tables, indexed by the remote SMTP server address, with 9898per-destination workarounds for CISCO PIX firewall bugs. The table 9899is not indexed by hostname for consistency with 9900<a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a>. </p> 9901 9902<p> This feature is available in Postfix 2.4 and later. </p> 9903 9904 9905</DD> 9906 9907<DT><b><a name="smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> 9908(default: 500s)</b></DT><DD> 9909 9910<p> How long a message must be queued before the Postfix SMTP client 9911turns on the PIX firewall "<CR><LF>.<CR><LF>" 9912bug workaround for delivery through firewalls with "smtp fixup" 9913mode turned on. </p> 9914 9915<p> 9916By default, the workaround is turned off for mail that is queued 9917for less than 500 seconds. In other words, the workaround is normally 9918turned off for the first delivery attempt. 9919</p> 9920 9921<p> 9922Specify 0 to enable the PIX firewall 9923"<CR><LF>.<CR><LF>" bug workaround upon the 9924first delivery attempt. 9925</p> 9926 9927 9928</DD> 9929 9930<DT><b><a name="smtp_pix_workarounds">smtp_pix_workarounds</a> 9931(default: disable_esmtp, delay_dotcrlf)</b></DT><DD> 9932 9933<p> A list that specifies zero or more workarounds for CISCO PIX 9934firewall bugs. These workarounds are implemented by the Postfix 9935SMTP client. Workaround names are separated by comma or space, and 9936are case insensitive. This parameter setting can be overruled with 9937per-destination <a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> settings. </p> 9938 9939<dl> 9940 9941<dt><b>delay_dotcrlf</b><dd> Insert a delay before sending 9942".<CR><LF>" after the end of the message content. The 9943delay is subject to the <a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> and 9944<a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> parameter settings. </dd> 9945 9946<dt><b>disable_esmtp</b><dd> Disable all extended SMTP commands: 9947send HELO instead of EHLO. </dd> 9948 9949</dl> 9950 9951<p> This feature is available in Postfix 2.4 and later. The default 9952settings are backwards compatible with earlier Postfix versions. 9953</p> 9954 9955 9956</DD> 9957 9958<DT><b><a name="smtp_quit_timeout">smtp_quit_timeout</a> 9959(default: 300s)</b></DT><DD> 9960 9961<p> 9962The Postfix SMTP client time limit for sending the QUIT command, 9963and for receiving the remote SMTP server response. 9964</p> 9965 9966<p> 9967Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9968The default time unit is s (seconds). 9969</p> 9970 9971 9972</DD> 9973 9974<DT><b><a name="smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> 9975(default: yes)</b></DT><DD> 9976 9977<p> 9978Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands 9979as required 9980by <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. This includes putting quotes around an address localpart 9981that ends in ".". 9982</p> 9983 9984<p> 9985The default is to comply with <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. If you have to send mail to 9986a broken SMTP server, configure a special SMTP client in <a href="master.5.html">master.cf</a>: 9987</p> 9988 9989<blockquote> 9990<pre> 9991/etc/postfix/<a href="master.5.html">master.cf</a>: 9992 broken-smtp . . . smtp -o <a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a>=no 9993</pre> 9994</blockquote> 9995 9996<p> 9997and route mail for the destination in question to the "broken-smtp" 9998message delivery with a <a href="transport.5.html">transport(5)</a> table. 9999</p> 10000 10001<p> 10002This feature is available in Postfix 2.1 and later. 10003</p> 10004 10005 10006</DD> 10007 10008<DT><b><a name="smtp_randomize_addresses">smtp_randomize_addresses</a> 10009(default: yes)</b></DT><DD> 10010 10011<p> 10012Randomize the order of equal-preference MX host addresses. This 10013is a performance feature of the Postfix SMTP client. 10014</p> 10015 10016 10017</DD> 10018 10019<DT><b><a name="smtp_rcpt_timeout">smtp_rcpt_timeout</a> 10020(default: 300s)</b></DT><DD> 10021 10022<p> 10023The Postfix SMTP client time limit for sending the SMTP RCPT TO 10024command, and for receiving the remote SMTP server response. 10025</p> 10026 10027<p> 10028Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 10029The default time unit is s (seconds). 10030</p> 10031 10032 10033</DD> 10034 10035<DT><b><a name="smtp_reply_filter">smtp_reply_filter</a> 10036(default: empty)</b></DT><DD> 10037 10038<p> A mechanism to transform replies from remote SMTP servers one 10039line at a time. This is a last-resort tool to work around server 10040replies that break inter-operability with the Postfix SMTP client. 10041Other uses involve fault injection to test Postfix's handling of 10042invalid responses. </p> 10043 10044<p> Notes: </p> 10045 10046<ul> 10047 10048<li> <p> In the case of a multi-line reply, the Postfix SMTP client 10049uses the final reply line's numerical SMTP reply code and enhanced 10050status code. </p> 10051 10052<li> <p> The numerical SMTP reply code (XYZ) takes precedence over 10053the enhanced status code (X.Y.Z). When the enhanced status code 10054initial digit differs from the SMTP reply code initial digit, or 10055when no enhanced status code is present, the Postfix SMTP client 10056uses a generic enhanced status code (X.0.0) instead. </p> 10057 10058</ul> 10059 10060<p> Specify the name of a "<a href="DATABASE_README.html">type:table</a>" lookup table. The search 10061string is a single SMTP reply line as received from the remote SMTP 10062server, except that the trailing <CR><LF> are removed. 10063When the lookup succeeds, the result replaces the single SMTP reply 10064line. </p> 10065 10066<p> Examples: </p> 10067 10068<pre> 10069/etc/postfix/<a href="postconf.5.html">main.cf</a>: 10070 <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/reply_filter 10071</pre> 10072 10073<pre> 10074/etc/postfix/reply_filter: 10075 # Transform garbage into "250-filler..." so that it looks like 10076 # one line from a multi-line reply. It does not matter what we 10077 # substitute here as long it has the right syntax. The Postfix 10078 # SMTP client will use the final line's numerical SMTP reply 10079 # code and enhanced status code. 10080 !/^([2-5][0-9][0-9]($|[- ]))/ 250-filler for garbage 10081</pre> 10082 10083<p> This feature is available in Postfix 2.7. </p> 10084 10085 10086</DD> 10087 10088<DT><b><a name="smtp_rset_timeout">smtp_rset_timeout</a> 10089(default: 20s)</b></DT><DD> 10090 10091<p> The Postfix SMTP client time limit for sending the RSET command, 10092and for receiving the remote SMTP server response. The SMTP client 10093sends RSET in 10094order to finish a recipient address probe, or to verify that a 10095cached session is still usable. </p> 10096 10097<p> This feature is available in Postfix 2.1 and later. </p> 10098 10099 10100</DD> 10101 10102<DT><b><a name="smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> 10103(default: empty)</b></DT><DD> 10104 10105<p> An optional table to prevent repeated SASL authentication 10106failures with the same remote SMTP server hostname, username and 10107password. Each table (key, value) pair contains a server name, a 10108username and password, and the full server response. This information 10109is stored when a remote SMTP server rejects an authentication attempt 10110with a 535 reply code. As long as the <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> 10111information does no change, and as long as the <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> 10112information does not expire (see <a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a>) the 10113Postfix SMTP client avoids SASL authentication attempts with the 10114same server, username and password, and instead bounces or defers 10115mail as controlled with the <a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> configuration 10116parameter. </p> 10117 10118<p> Use a per-destination delivery concurrency of 1 (for example, 10119"<a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> = 1", 10120"<a href="postconf.5.html#relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> = 1", etc.), otherwise multiple 10121delivery agents may experience a login failure at the same time. 10122</p> 10123 10124<p> The table must be accessed via the proxywrite service, i.e. the 10125map name must start with "<a href="proxymap.8.html">proxy</a>:". The table should be stored under 10126the directory specified with the <a href="postconf.5.html#data_directory">data_directory</a> parameter. </p> 10127 10128<p> This feature uses cryptographic hashing to protect plain-text 10129passwords, and requires that Postfix is compiled with TLS support. 10130</p> 10131 10132<p> Example: </p> 10133 10134<pre> 10135<a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> = <a href="proxymap.8.html">proxy</a>:btree:/var/db/postfix/sasl_auth_cache 10136</pre> 10137 10138<p> This feature is available in Postfix 2.5 and later. </p> 10139 10140 10141</DD> 10142 10143<DT><b><a name="smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> 10144(default: 90d)</b></DT><DD> 10145 10146<p> The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it 10147is removed. </p> 10148 10149<p> This feature is available in Postfix 2.5 and later. </p> 10150 10151 10152</DD> 10153 10154<DT><b><a name="smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> 10155(default: no)</b></DT><DD> 10156 10157<p> 10158Enable SASL authentication in the Postfix SMTP client. By default, 10159the Postfix SMTP client uses no authentication. 10160</p> 10161 10162<p> 10163Example: 10164</p> 10165 10166<pre> 10167<a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> = yes 10168</pre> 10169 10170 10171</DD> 10172 10173<DT><b><a name="smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> 10174(default: yes)</b></DT><DD> 10175 10176<p> When a remote SMTP server rejects a SASL authentication request 10177with a 535 reply code, defer mail delivery instead of returning 10178mail as undeliverable. The latter behavior was hard-coded prior to 10179Postfix version 2.5. </p> 10180 10181<p> Note: the setting "yes" overrides the global <a href="postconf.5.html#soft_bounce">soft_bounce</a> 10182parameter, but the setting "no" does not. </p> 10183 10184<p> Example: </p> 10185 10186<pre> 10187# Default as of Postfix 2.5 10188<a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> = yes 10189# The old hard-coded default 10190<a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> = no 10191</pre> 10192 10193<p> This feature is available in Postfix 2.5 and later. </p> 10194 10195 10196</DD> 10197 10198<DT><b><a name="smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> 10199(default: empty)</b></DT><DD> 10200 10201<p> 10202If non-empty, a Postfix SMTP client filter for the remote SMTP 10203server's list of offered SASL mechanisms. Different client and 10204server implementations may support different mechanism lists. By 10205default, the Postfix SMTP client will use the intersection of the 10206two. <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> further restricts what server 10207mechanisms the client will take into consideration. </p> 10208 10209<p> Specify mechanism names, "/file/name" patterns or "<a href="DATABASE_README.html">type:table</a>" 10210lookup tables. The right-hand side result from "<a href="DATABASE_README.html">type:table</a>" lookups 10211is ignored. Specify "!pattern" to exclude a mechanism name from the 10212list. The form "!/file/name" is supported only in Postfix version 102132.4 and later. </p> 10214 10215<p> This feature is available in Postfix 2.2 and later. </p> 10216 10217<p> 10218Examples: 10219</p> 10220 10221<pre> 10222<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = plain, login 10223<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = /etc/postfix/smtp_mechs 10224<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = !gssapi, !login, <a href="DATABASE_README.html#types">static</a>:rest 10225</pre> 10226 10227 10228</DD> 10229 10230<DT><b><a name="smtp_sasl_password_maps">smtp_sasl_password_maps</a> 10231(default: empty)</b></DT><DD> 10232 10233<p> 10234Optional Postfix SMTP client lookup tables with one username:password 10235entry 10236per remote hostname or domain, or sender address when sender-dependent 10237authentication is enabled. If no username:password entry is found, 10238then the Postfix SMTP client will not 10239attempt to authenticate to the remote host. 10240</p> 10241 10242<p> 10243The Postfix SMTP client opens the lookup table before going to 10244chroot jail, so you can leave the password file in /etc/postfix. 10245</p> 10246 10247 10248</DD> 10249 10250<DT><b><a name="smtp_sasl_path">smtp_sasl_path</a> 10251(default: empty)</b></DT><DD> 10252 10253<p> Implementation-specific information that the Postfix SMTP client 10254passes through to 10255the SASL plug-in implementation that is selected with 10256<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. Typically this specifies the name of a 10257configuration file or rendezvous point. </p> 10258 10259<p> This feature is available in Postfix 2.3 and later. </p> 10260 10261 10262</DD> 10263 10264<DT><b><a name="smtp_sasl_security_options">smtp_sasl_security_options</a> 10265(default: noplaintext, noanonymous)</b></DT><DD> 10266 10267<p> Postfix SMTP client SASL security options; as of Postfix 2.3 10268the list of available 10269features depends on the SASL client implementation that is selected 10270with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. </p> 10271 10272<p> The following security features are defined for the <b>cyrus</b> 10273client SASL implementation: </p> 10274 10275<p> 10276Specify zero or more of the following: 10277</p> 10278 10279<dl> 10280 10281<dt><b>noplaintext</b></dt> 10282 10283<dd>Disallow methods that use plaintext passwords. </dd> 10284 10285<dt><b>noactive</b></dt> 10286 10287<dd>Disallow methods subject to active (non-dictionary) attack. 10288</dd> 10289 10290<dt><b>nodictionary</b></dt> 10291 10292<dd>Disallow methods subject to passive (dictionary) attack. </dd> 10293 10294<dt><b>noanonymous</b></dt> 10295 10296<dd>Disallow methods that allow anonymous authentication. </dd> 10297 10298<dt><b>mutual_auth</b></dt> 10299 10300<dd>Only allow methods that provide mutual authentication (not 10301available with SASL version 1). </dd> 10302 10303</dl> 10304 10305<p> 10306Example: 10307</p> 10308 10309<pre> 10310<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> = noplaintext 10311</pre> 10312 10313 10314</DD> 10315 10316<DT><b><a name="smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> 10317(default: $<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b></DT><DD> 10318 10319<p> The SASL authentication security options that the Postfix SMTP 10320client uses for TLS encrypted SMTP sessions. </p> 10321 10322<p> This feature is available in Postfix 2.2 and later. </p> 10323 10324 10325</DD> 10326 10327<DT><b><a name="smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> 10328(default: $<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b></DT><DD> 10329 10330<p> The SASL authentication security options that the Postfix SMTP 10331client uses for TLS encrypted SMTP sessions with a verified server 10332certificate. </p> 10333 10334<p> When mail is sent to the public MX host for the recipient's 10335domain, server certificates are by default optional, and delivery 10336proceeds even if certificate verification fails. For delivery via 10337a submission service that requires SASL authentication, it may be 10338appropriate to send plaintext passwords only when the connection 10339to the server is strongly encrypted <b>and</b> the server identity 10340is verified. </p> 10341 10342<p> The <a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> parameter makes it 10343possible to only enable plaintext mechanisms when a secure connection 10344to the server is available. Submission servers subject to this 10345policy must either have verifiable certificates or offer suitable 10346non-plaintext SASL mechanisms. </p> 10347 10348<p> This feature is available in Postfix 2.6 and later. </p> 10349 10350 10351</DD> 10352 10353<DT><b><a name="smtp_sasl_type">smtp_sasl_type</a> 10354(default: cyrus)</b></DT><DD> 10355 10356<p> The SASL plug-in type that the Postfix SMTP client should use 10357for authentication. The available types are listed with the 10358"<b>postconf -A</b>" command. </p> 10359 10360<p> This feature is available in Postfix 2.3 and later. </p> 10361 10362 10363</DD> 10364 10365<DT><b><a name="smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> 10366(default: no)</b></DT><DD> 10367 10368<p> Whether or not to append the "AUTH=<>" option to the MAIL 10369FROM command in SASL-authenticated SMTP sessions. The default is 10370not to send this, to avoid problems with broken remote SMTP servers. 10371Before Postfix 2.9 the behavior is as if "<a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> 10372= yes". 10373 10374<p> This feature is available in Postfix 2.9 and later. </p> 10375 10376 10377</DD> 10378 10379<DT><b><a name="smtp_send_xforward_command">smtp_send_xforward_command</a> 10380(default: no)</b></DT><DD> 10381 10382<p> 10383Send the non-standard XFORWARD command when the Postfix SMTP server 10384EHLO response announces XFORWARD support. 10385</p> 10386 10387<p> 10388This allows a Postfix SMTP delivery agent, used for injecting mail 10389into 10390a content filter, to forward the name, address, protocol and HELO 10391name of the original client to the content filter and downstream 10392queuing SMTP server. This can produce more useful logging than 10393localhost[127.0.0.1] etc. 10394</p> 10395 10396<p> 10397This feature is available in Postfix 2.1 and later. 10398</p> 10399 10400 10401</DD> 10402 10403<DT><b><a name="smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> 10404(default: no)</b></DT><DD> 10405 10406<p> 10407Enable sender-dependent authentication in the Postfix SMTP client; this is 10408available only with SASL authentication, and disables SMTP connection 10409caching to ensure that mail from different senders will use the 10410appropriate credentials. </p> 10411 10412<p> 10413This feature is available in Postfix 2.3 and later. 10414</p> 10415 10416 10417</DD> 10418 10419<DT><b><a name="smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> 10420(default: yes)</b></DT><DD> 10421 10422<p> 10423Skip SMTP servers that greet with a 4XX status code (go away, try 10424again later). 10425</p> 10426 10427<p> 10428By default, the Postfix SMTP client moves on the next mail exchanger. 10429Specify 10430"<a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> = no" if Postfix should defer delivery 10431immediately. 10432</p> 10433 10434<p> This feature is available in Postfix 2.0 and earlier. 10435Later Postfix versions always skip remote SMTP servers that greet 10436with a 104374XX status code. </p> 10438 10439 10440</DD> 10441 10442<DT><b><a name="smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> 10443(default: yes)</b></DT><DD> 10444 10445<p> 10446Skip remote SMTP servers that greet with a 5XX status code (go away, 10447do 10448not try again later). 10449</p> 10450 10451<p> By default, the Postfix SMTP client moves on the next mail 10452exchanger. Specify "<a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> = no" if Postfix should 10453bounce the mail immediately. The default setting is incorrect, but 10454it is what a lot of people expect to happen. </p> 10455 10456 10457</DD> 10458 10459<DT><b><a name="smtp_skip_quit_response">smtp_skip_quit_response</a> 10460(default: yes)</b></DT><DD> 10461 10462<p> 10463Do not wait for the response to the SMTP QUIT command. 10464</p> 10465 10466 10467</DD> 10468 10469<DT><b><a name="smtp_starttls_timeout">smtp_starttls_timeout</a> 10470(default: 300s)</b></DT><DD> 10471 10472<p> Time limit for Postfix SMTP client write and read operations 10473during TLS startup and shutdown handshake procedures. </p> 10474 10475<p> This feature is available in Postfix 2.2 and later. </p> 10476 10477 10478</DD> 10479 10480<DT><b><a name="smtp_tls_CAfile">smtp_tls_CAfile</a> 10481(default: empty)</b></DT><DD> 10482 10483<p> A file containing CA certificates of root CAs trusted to sign 10484either remote SMTP server certificates or intermediate CA certificates. 10485These are loaded into memory before the <a href="smtp.8.html">smtp(8)</a> client enters the 10486chroot jail. If the number of trusted roots is large, consider using 10487<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> instead, but note that the latter directory must be 10488present in the chroot jail if the <a href="smtp.8.html">smtp(8)</a> client is chrooted. This 10489file may also be used to augment the client certificate trust chain, 10490but it is best to include all the required certificates directly in 10491$<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. </p> 10492 10493<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from 10494appending the system-supplied default CAs and trusting third-party 10495certificates. </p> 10496 10497<p> Example: </p> 10498 10499<pre> 10500<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/CAcert.pem 10501</pre> 10502 10503<p> This feature is available in Postfix 2.2 and later. </p> 10504 10505 10506</DD> 10507 10508<DT><b><a name="smtp_tls_CApath">smtp_tls_CApath</a> 10509(default: empty)</b></DT><DD> 10510 10511<p> Directory with PEM format certificate authority certificates 10512that the Postfix SMTP client uses to verify a remote SMTP server 10513certificate. Don't forget to create the necessary "hash" links 10514with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". 10515</p> 10516 10517<p> To use this option in chroot mode, this directory (or a copy) 10518must be inside the chroot jail. </p> 10519 10520<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from 10521appending the system-supplied default CAs and trusting third-party 10522certificates. </p> 10523 10524<p> Example: </p> 10525 10526<pre> 10527<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> = /etc/postfix/certs 10528</pre> 10529 10530<p> This feature is available in Postfix 2.2 and later. </p> 10531 10532 10533</DD> 10534 10535<DT><b><a name="smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> 10536(default: no)</b></DT><DD> 10537 10538<p> Try to detect a mail hijacking attack based on a TLS protocol 10539vulnerability (CVE-2009-3555), where an attacker prepends malicious 10540HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. 10541The attack would succeed with non-Postfix SMTP servers that reply 10542to the malicious HELO, MAIL, RCPT, DATA commands after negotiating 10543the Postfix SMTP client TLS session. </p> 10544 10545<p> This feature is available in Postfix 2.7. </p> 10546 10547 10548</DD> 10549 10550<DT><b><a name="smtp_tls_cert_file">smtp_tls_cert_file</a> 10551(default: empty)</b></DT><DD> 10552 10553<p> File with the Postfix SMTP client RSA certificate in PEM format. 10554This file may also contain the Postfix SMTP client private RSA key, 10555and these may be the same as the Postfix SMTP server RSA certificate and key 10556file. </p> 10557 10558<p> Do not configure client certificates unless you <b>must</b> present 10559client TLS certificates to one or more servers. Client certificates are 10560not usually needed, and can cause problems in configurations that work 10561well without them. The recommended setting is to let the defaults stand: </p> 10562 10563<blockquote> 10564<pre> 10565<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> = 10566<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> = 10567<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> = 10568<a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> = 10569<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> = 10570<a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> = 10571</pre> 10572</blockquote> 10573 10574<p> The best way to use the default settings is to comment out the above 10575parameters in <a href="postconf.5.html">main.cf</a> if present. </p> 10576 10577<p> To enable remote SMTP servers to verify the Postfix SMTP client 10578certificate, the issuing CA certificates must be made available to the 10579server. You should include the required certificates in the client 10580certificate file, the client certificate first, then the issuing 10581CA(s) (bottom-up order). </p> 10582 10583<p> Example: the certificate for "client.example.com" was issued by 10584"intermediate CA" which itself has a certificate issued by "root CA". 10585Create the client.pem file with "cat client_cert.pem intermediate_CA.pem 10586root_CA.pem > client.pem". </p> 10587 10588<p> If you also want to verify remote SMTP server certificates issued by 10589these CAs, you can add the CA certificates to the <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>, in 10590which case it is not necessary to have them in the <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>, 10591<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> or <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>. </p> 10592 10593<p> A certificate supplied here must be usable as an SSL client certificate 10594and hence pass the "openssl verify -purpose sslclient ..." test. </p> 10595 10596<p> Example: </p> 10597 10598<pre> 10599<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> = /etc/postfix/client.pem 10600</pre> 10601 10602<p> This feature is available in Postfix 2.2 and later. </p> 10603 10604 10605</DD> 10606 10607<DT><b><a name="smtp_tls_cipherlist">smtp_tls_cipherlist</a> 10608(default: empty)</b></DT><DD> 10609 10610<p> Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS 10611cipher list. As this feature applies to all TLS security levels, it is easy 10612to create inter-operability problems by choosing a non-default cipher 10613list. Do not use a non-default TLS cipher list on hosts that deliver email 10614to the public Internet: you will be unable to send email to servers that 10615only support the ciphers you exclude. Using a restricted cipher list 10616may be more appropriate for an internal MTA, where one can exert some 10617control over the TLS software and settings of the peer servers. </p> 10618 10619<p> <b>Note:</b> do not use "" quotes around the parameter value. </p> 10620 10621<p> This feature is available in Postfix version 2.2. It is not used with 10622Postfix 2.3 and later; use <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> instead. </p> 10623 10624 10625</DD> 10626 10627<DT><b><a name="smtp_tls_ciphers">smtp_tls_ciphers</a> 10628(default: export)</b></DT><DD> 10629 10630<p> The minimum TLS cipher grade that the Postfix SMTP client 10631will use with opportunistic TLS encryption. Cipher types listed in 10632<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> are excluded from the base definition of 10633the selected cipher grade. The default value "export" ensures maximum 10634inter-operability. Because encryption is optional, stronger controls 10635are not appropriate, and this setting SHOULD NOT be changed unless the 10636change is essential. </p> 10637 10638<p> When TLS is mandatory the cipher grade is chosen via the 10639<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> configuration parameter, see there for syntax 10640details. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure 10641ciphers on a per-destination basis. </p> 10642 10643<p> Example: </p> 10644<pre> 10645<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = export 10646</pre> 10647 10648<p> This feature is available in Postfix 2.6 and later. With earlier Postfix 10649releases only the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter is implemented, 10650and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p> 10651 10652 10653</DD> 10654 10655<DT><b><a name="smtp_tls_dcert_file">smtp_tls_dcert_file</a> 10656(default: empty)</b></DT><DD> 10657 10658<p> File with the Postfix SMTP client DSA certificate in PEM format. 10659This file may also contain the Postfix SMTP client private DSA key. </p> 10660 10661<p> See the discussion under <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for more details. 10662</p> 10663 10664<p> Example: </p> 10665 10666<pre> 10667<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> = /etc/postfix/client-dsa.pem 10668</pre> 10669 10670<p> This feature is available in Postfix 2.2 and later. </p> 10671 10672 10673</DD> 10674 10675<DT><b><a name="smtp_tls_dkey_file">smtp_tls_dkey_file</a> 10676(default: $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b></DT><DD> 10677 10678<p> File with the Postfix SMTP client DSA private key in PEM format. 10679This file may be combined with the Postfix SMTP client DSA certificate 10680file specified with $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>. </p> 10681 10682<p> The private key must be accessible without a pass-phrase, i.e. it 10683must not be encrypted. File permissions should grant read-only 10684access to the system superuser account ("root"), and no access 10685to anyone else. </p> 10686 10687<p> This feature is available in Postfix 2.2 and later. </p> 10688 10689 10690</DD> 10691 10692<DT><b><a name="smtp_tls_eccert_file">smtp_tls_eccert_file</a> 10693(default: empty)</b></DT><DD> 10694 10695<p> File with the Postfix SMTP client ECDSA certificate in PEM format. 10696This file may also contain the Postfix SMTP client ECDSA private key. </p> 10697 10698<p> See the discussion under <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for more details. 10699</p> 10700 10701<p> Example: </p> 10702 10703<pre> 10704<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> = /etc/postfix/ecdsa-ccert.pem 10705</pre> 10706 10707<p> This feature is available in Postfix 2.6 and later, when Postfix is 10708compiled and linked with OpenSSL 1.0.0 or later. </p> 10709 10710 10711</DD> 10712 10713<DT><b><a name="smtp_tls_eckey_file">smtp_tls_eckey_file</a> 10714(default: $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b></DT><DD> 10715 10716<p> File with the Postfix SMTP client ECDSA private key in PEM format. 10717This file may be combined with the Postfix SMTP client ECDSA 10718certificate file specified with $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>. </p> 10719 10720<p> The private key must be accessible without a pass-phrase, i.e. it 10721must not be encrypted. File permissions should grant read-only 10722access to the system superuser account ("root"), and no access 10723to anyone else. </p> 10724 10725<p> This feature is available in Postfix 2.6 and later, when Postfix is 10726compiled and linked with OpenSSL 1.0.0 or later. </p> 10727 10728 10729</DD> 10730 10731<DT><b><a name="smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> 10732(default: yes)</b></DT><DD> 10733 10734<p> With mandatory TLS encryption, require that the remote SMTP 10735server hostname matches the information in the remote SMTP server 10736certificate. As of <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> the requirements for hostname checking 10737for MTA clients are not specified. </p> 10738 10739<p> This option can be set to "no" to disable strict peer name 10740checking. This setting has no effect on sessions that are controlled 10741via the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table. </p> 10742 10743<p> Disabling the hostname verification can make sense in closed 10744environment where special CAs are created. If not used carefully, 10745this option opens the danger of a "man-in-the-middle" attack (the 10746CommonName of this attacker will be logged). </p> 10747 10748<p> This feature is available in Postfix 2.2 and later. With 10749Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p> 10750 10751 10752</DD> 10753 10754<DT><b><a name="smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> 10755(default: empty)</b></DT><DD> 10756 10757<p> List of ciphers or cipher types to exclude from the Postfix 10758SMTP client cipher 10759list at all TLS security levels. This is not an OpenSSL cipherlist, it is 10760a simple list separated by whitespace and/or commas. The elements are a 10761single cipher, or one or more "+" separated cipher properties, in which 10762case only ciphers matching <b>all</b> the properties are excluded. </p> 10763 10764<p> Examples (some of these will cause problems): </p> 10765 10766<blockquote> 10767<pre> 10768<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL 10769<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = MD5, DES 10770<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = DES+MD5 10771<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = AES256-SHA, DES-CBC3-MD5 10772<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = kEDH+aRSA 10773</pre> 10774</blockquote> 10775 10776<p> The first setting, disables anonymous ciphers. The next setting 10777disables ciphers that use the MD5 digest algorithm or the (single) DES 10778encryption algorithm. The next setting disables ciphers that use MD5 and 10779DES together. The next setting disables the two ciphers "AES256-SHA" 10780and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH" 10781key exchange with RSA authentication. </p> 10782 10783<p> This feature is available in Postfix 2.3 and later. </p> 10784 10785 10786</DD> 10787 10788<DT><b><a name="smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> 10789(default: empty)</b></DT><DD> 10790 10791<p> List of acceptable remote SMTP server certificate fingerprints for 10792the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = 10793fingerprint). At this security level, certificate authorities are not 10794used, and certificate expiration times are ignored. Instead, server 10795certificates are verified directly via their certificate fingerprint 10796or public key fingerprint (Postfix 2.9 and later). The fingerprint 10797is a message digest of the server certificate (or public key). The 10798digest algorithm is selected via the <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> 10799parameter. </p> 10800 10801<p> When an <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a></b> table entry specifies the 10802"fingerprint" security level, any "match" attributes in that entry specify 10803the list of valid fingerprints for the corresponding destination. Multiple 10804fingerprints can be combined with a "|" delimiter in a single match 10805attribute, or multiple match attributes can be employed. </p> 10806 10807<p> Example: Certificate fingerprint verification with internal mailhub. 10808Two matching fingerprints are listed. The <a href="postconf.5.html#relayhost">relayhost</a> may be multiple 10809physical hosts behind a load-balancer, each with its own private/public 10810key and self-signed certificate. Alternatively, a single <a href="postconf.5.html#relayhost">relayhost</a> may 10811be in the process of switching from one set of private/public keys to 10812another, and both keys are trusted just prior to the transition. </p> 10813 10814<blockquote> 10815<pre> 10816<a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com] 10817<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint 10818<a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = md5 10819<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> = 10820 3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 10821 EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 10822</pre> 10823</blockquote> 10824 10825<p> Example: Certificate fingerprint verification with selected destinations. 10826As in the example above, we show two matching fingerprints: </p> 10827 10828<blockquote> 10829<pre> 10830/etc/postfix/<a href="postconf.5.html">main.cf</a>: 10831 <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = hash:/etc/postfix/tls_policy 10832 <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = md5 10833</pre> 10834</blockquote> 10835 10836<blockquote> 10837<pre> 10838/etc/postfix/tls_policy: 10839 example.com fingerprint 10840 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 10841 match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 10842</pre> 10843</blockquote> 10844 10845<p> This feature is available in Postfix 2.5 and later. </p> 10846 10847 10848</DD> 10849 10850<DT><b><a name="smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> 10851(default: md5)</b></DT><DD> 10852 10853<p> The message digest algorithm used to construct remote SMTP server 10854certificate fingerprints. At the "fingerprint" TLS security level 10855(<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = fingerprint), the server certificate is 10856verified by directly matching its certificate fingerprint or its public 10857key fingerprint (Postfix 2.9 and later). The fingerprint is the 10858message digest of the server certificate (or its public key) 10859using the selected 10860algorithm. With a digest algorithm resistant to "second pre-image" 10861attacks, it is not feasible to create a new public key and a matching 10862certificate (or public/private key-pair) that has the same fingerprint. </p> 10863 10864<p> The default algorithm is <b>md5</b>; this is consistent with 10865the backwards compatible setting of the digest used to verify client 10866certificates in the SMTP server. </p> 10867 10868<p> The best practice algorithm is now <b>sha1</b>. Recent advances in hash 10869function cryptanalysis have led to md5 being deprecated in favor of sha1. 10870However, as long as there are no known "second pre-image" attacks 10871against md5, its use in this context can still be considered safe. 10872</p> 10873 10874<p> While additional digest algorithms are often available with OpenSSL's 10875libcrypto, only those used by libssl in SSL cipher suites are available to 10876Postfix. For now this means just md5 or sha1. </p> 10877 10878<p> To find the fingerprint of a specific certificate file, with a 10879specific digest algorithm, run: 10880</p> 10881 10882<blockquote> 10883<pre> 10884$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem 10885</pre> 10886</blockquote> 10887 10888<p> The text to the right of "=" sign is the desired fingerprint. 10889For example: </p> 10890 10891<blockquote> 10892<pre> 10893$ openssl x509 -noout -fingerprint -sha1 -in cert.pem 10894SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A 10895</pre> 10896</blockquote> 10897 10898<p> Public key fingerprints are more difficult to extract, however, 10899the SHA-1 public key fingerprint is often present as the value of the 10900"Subject Key Identifier" extension in X.509v3 certificates. The Postfix 10901SMTP server and client log the peer certificate fingerprint and public 10902key fingerprint when TLS loglevel is 1 or higher. </p> 10903 10904<p> This feature is available in Postfix 2.5 and later. </p> 10905 10906 10907</DD> 10908 10909<DT><b><a name="smtp_tls_key_file">smtp_tls_key_file</a> 10910(default: $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b></DT><DD> 10911 10912<p> File with the Postfix SMTP client RSA private key in PEM format. 10913This file may be combined with the Postfix SMTP client RSA certificate 10914file specified with $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. </p> 10915 10916<p> The private key must be accessible without a pass-phrase, i.e. it 10917must not be encrypted. File permissions should grant read-only 10918access to the system superuser account ("root"), and no access 10919to anyone else. </p> 10920 10921<p> Example: </p> 10922 10923<pre> 10924<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> = $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> 10925</pre> 10926 10927<p> This feature is available in Postfix 2.2 and later. </p> 10928 10929 10930</DD> 10931 10932<DT><b><a name="smtp_tls_loglevel">smtp_tls_loglevel</a> 10933(default: 0)</b></DT><DD> 10934 10935<p> Enable additional Postfix SMTP client logging of TLS activity. 10936Each logging level also includes the information that is logged at 10937a lower logging level. </p> 10938 10939<dl compact> 10940 10941<dt> </dt> <dd> 0 Log only a summary message on TLS handshake completion 10942— no logging of remote SMTP server certificate trust-chain 10943verification errors if server certificate verification is not required. 10944With Postfix 2.8 and earlier, disable logging of TLS activity. </dd> 10945 10946<dt> </dt> <dd> 1 Also log remote SMTP server trust-chain verification 10947errors and peer certificate summary information. With Postfix 2.8 10948and earlier, log TLS handshake and certificate information. </dd> 10949 10950<dt> </dt> <dd> 2 Also log levels during TLS negotiation. </dd> 10951 10952<dt> </dt> <dd> 3 Also log hexadecimal and ASCII dump of TLS negotiation 10953process. </dd> 10954 10955<dt> </dt> <dd> 4 Also log hexadecimal and ASCII dump of complete 10956transmission after STARTTLS. </dd> 10957 10958</dl> 10959 10960<p> Do not use "<a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> = 2" or higher except in case of 10961problems. Use of loglevel 4 is strongly discouraged. </p> 10962 10963<p> This feature is available in Postfix 2.2 and later. </p> 10964 10965 10966</DD> 10967 10968<DT><b><a name="smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> 10969(default: medium)</b></DT><DD> 10970 10971<p> The minimum TLS cipher grade that the Postfix SMTP client will 10972use with 10973mandatory TLS encryption. The default value "medium" is suitable 10974for most destinations with which you may want to enforce TLS, and 10975is beyond the reach of today's cryptanalytic methods. See 10976<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure ciphers 10977on a per-destination basis. </p> 10978 10979<p> The following cipher grades are supported: </p> 10980 10981<dl> 10982<dt><b>export</b></dt> 10983<dd> Enable "EXPORT" grade or better OpenSSL 10984ciphers. This is the default for opportunistic encryption. It is 10985not recommended for mandatory encryption unless you must enforce TLS 10986with "crippled" peers. The underlying cipherlist is specified via the 10987<a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> configuration parameter, which you are strongly 10988encouraged to not change. </dd> 10989 10990<dt><b>low</b></dt> 10991<dd> Enable "LOW" grade or better OpenSSL ciphers. This 10992setting is only appropriate for internal mail servers. The underlying 10993cipherlist is specified via the <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> configuration 10994parameter, which you are strongly encouraged to not change. </dd> 10995 10996<dt><b>medium</b></dt> 10997<dd> Enable "MEDIUM" grade or better OpenSSL ciphers. 10998The underlying cipherlist is specified via the <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> 10999configuration parameter, which you are strongly encouraged to not change. 11000</dd> 11001 11002<dt><b>high</b></dt> 11003<dd> Enable only "HIGH" grade OpenSSL ciphers. This setting may 11004be appropriate when all mandatory TLS destinations (e.g. when all 11005mail is routed to a suitably capable <a href="postconf.5.html#relayhost">relayhost</a>) support at least one 11006"HIGH" grade cipher. The underlying cipherlist is specified via the 11007<a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> configuration parameter, which you are strongly 11008encouraged to not change. </dd> 11009 11010<dt><b>null</b></dt> 11011<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication 11012without encryption. This setting is only appropriate in the rare case 11013that all servers are prepared to use NULL ciphers (not normally enabled 11014in TLS servers). A plausible use-case is an LMTP server listening on a 11015UNIX-domain socket that is configured to support "NULL" ciphers. The 11016underlying cipherlist is specified via the <a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> 11017configuration parameter, which you are strongly encouraged to not 11018change. </dd> 11019 11020</dl> 11021 11022<p> The underlying cipherlists for grades other than "null" include 11023anonymous ciphers, but these are automatically filtered out if the 11024Postfix SMTP client is configured to verify server certificates. 11025You are very unlikely to need to take any steps to exclude anonymous 11026ciphers, they are excluded automatically as necessary. If you must 11027exclude anonymous ciphers at the "may" or "encrypt" security levels, 11028when the Postfix SMTP client does not need or use peer certificates, set 11029"<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL". To exclude anonymous ciphers only when 11030TLS is enforced, set "<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> = aNULL". </p> 11031 11032<p> This feature is available in Postfix 2.3 and later. </p> 11033 11034 11035</DD> 11036 11037<DT><b><a name="smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> 11038(default: empty)</b></DT><DD> 11039 11040<p> Additional list of ciphers or cipher types to exclude from the 11041Postfix SMTP client cipher list at mandatory TLS security levels. This list 11042works in addition to the exclusions listed with <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> 11043(see there for syntax details). </p> 11044 11045<p> Starting with Postfix 2.6, the mandatory cipher exclusions can be 11046specified on a per-destination basis via the TLS policy "exclude" 11047attribute. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for notes and examples. </p> 11048 11049<p> This feature is available in Postfix 2.3 and later. </p> 11050 11051 11052</DD> 11053 11054<DT><b><a name="smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> 11055(default: !SSLv2)</b></DT><DD> 11056 11057<p> List of SSL/TLS protocols that the Postfix SMTP client will use with 11058mandatory TLS encryption. In <a href="postconf.5.html">main.cf</a> the values are separated by 11059whitespace, commas or colons. In the policy table "protocols" attribute 11060(see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid separator is colon. An 11061empty value means allow all protocols. The valid protocol names, (see 11062<b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and "TLSv1". </p> 11063 11064<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" 11065and "TLSv1.2". If an older Postfix version is linked against OpenSSL 110661.0.1 or later, these, or any other new protocol versions, are 11067unconditionally enabled. </p> 11068 11069<p> With Postfix ≥ 2.5 the parameter syntax is expanded to support 11070protocol exclusions. One can now explicitly exclude SSLv2 by setting 11071"<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2". To exclude both SSLv2 and 11072SSLv3 set "<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3". Listing 11073the protocols to include, rather than protocols to exclude, is 11074supported, but not recommended. The exclusion form more closely 11075matches the behaviour when the OpenSSL library is newer than Postfix. 11076</p> 11077 11078<p> Since SSL version 2 has known protocol weaknesses and is now 11079deprecated, the default setting excludes "SSLv2". This means that by 11080default, SSL version 2 will not be used at the "encrypt" security level 11081and higher. </p> 11082 11083<p> See the documentation of the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> parameter and 11084<a href="TLS_README.html">TLS_README</a> for more information about security levels. </p> 11085 11086<p> Example: </p> 11087 11088<pre> 11089# Preferred form with Postfix ≥ 2.5: 11090<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3 11091# Alternative form. 11092<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = TLSv1 11093</pre> 11094 11095<p> This feature is available in Postfix 2.3 and later. </p> 11096 11097 11098</DD> 11099 11100<DT><b><a name="smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> 11101(default: no)</b></DT><DD> 11102 11103<p> Log the hostname of a remote SMTP server that offers STARTTLS, 11104when TLS is not already enabled for that server. </p> 11105 11106<p> The logfile record looks like: </p> 11107 11108<pre> 11109postfix/smtp[pid]: Host offered STARTTLS: [name.of.host] 11110</pre> 11111 11112<p> This feature is available in Postfix 2.2 and later. </p> 11113 11114 11115</DD> 11116 11117<DT><b><a name="smtp_tls_per_site">smtp_tls_per_site</a> 11118(default: empty)</b></DT><DD> 11119 11120<p> Optional lookup tables with the Postfix SMTP client TLS usage 11121policy by next-hop destination and by remote SMTP server hostname. 11122When both lookups succeed, the more specific per-site policy (NONE, 11123MUST, etc) overrides the less specific one (MAY), and the more secure 11124per-site policy (MUST, etc) overrides the less secure one (NONE). 11125With Postfix 2.3 and later <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> is strongly discouraged: 11126use <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> instead. </p> 11127 11128<p> Use of the bare hostname as the per-site table lookup key is 11129discouraged. Always use the full destination nexthop (enclosed in 11130[] with a possible ":port" suffix). A recipient domain or MX-enabled 11131transport next-hop with no port suffix may look like a bare hostname, 11132but is still a suitable <i>destination</i>. </p> 11133 11134<p> Specify a next-hop destination or server hostname on the left-hand 11135side; no wildcards are allowed. The next-hop destination is either 11136the recipient domain, or the destination specified with a <a href="transport.5.html">transport(5)</a> 11137table, the <a href="postconf.5.html#relayhost">relayhost</a> parameter, or the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter. 11138On the right hand side specify one of the following keywords: </p> 11139 11140<dl> 11141 11142<dt> NONE </dt> <dd> Don't use TLS at all. This overrides a less 11143specific <b>MAY</b> lookup result from the alternate host or next-hop 11144lookup key, and overrides the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, 11145and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> settings. </dd> 11146 11147<dt> MAY </dt> <dd> Try to use TLS if the server announces support, 11148otherwise use the unencrypted connection. This has less precedence 11149than a more specific result (including <b>NONE</b>) from the alternate 11150host or next-hop lookup key, and has less precedence than the more 11151specific global "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" or "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> 11152= yes". </dd> 11153 11154<dt> MUST_NOPEERMATCH </dt> <dd> Require TLS encryption, but do not 11155require that the remote SMTP server hostname matches the information 11156in the remote SMTP server certificate, or that the server certificate 11157was issued by a trusted CA. This overrides a less secure <b>NONE</b> 11158or a less specific <b>MAY</b> lookup result from the alternate host 11159or next-hop lookup key, and overrides the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, 11160<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> settings. </dd> 11161 11162<dt> MUST </dt> <dd> Require TLS encryption, require that the remote 11163SMTP server hostname matches the information in the remote SMTP 11164server certificate, and require that the remote SMTP server certificate 11165was issued by a trusted CA. This overrides a less secure <b>NONE</b> 11166and <b>MUST_NOPEERMATCH</b> or a less specific <b>MAY</b> lookup 11167result from the alternate host or next-hop lookup key, and overrides 11168the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> 11169settings. </dd> 11170 11171</dl> 11172 11173<p> The above keywords correspond to the "none", "may", "encrypt" and 11174"verify" security levels for the new <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> parameter 11175introduced in Postfix 2.3. Starting with Postfix 2.3, and independently 11176of how the policy is specified, the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and 11177<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameters apply when TLS encryption 11178is mandatory. Connections for which encryption is optional typically 11179enable all "export" grade and better ciphers (see <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> 11180and <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>). </p> 11181 11182<p> As long as no secure DNS lookup mechanism is available, false 11183hostnames in MX or CNAME responses can change the server hostname 11184that Postfix uses for TLS policy lookup and server certificate 11185verification. Even with a perfect match between the server hostname and 11186the server certificate, there is no guarantee that Postfix is connected 11187to the right server. See <a href="TLS_README.html">TLS_README</a> (Closing a DNS loophole with obsolete 11188per-site TLS policies) for a possible work-around. </p> 11189 11190<p> This feature is available in Postfix 2.2 and later. With 11191Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> instead. </p> 11192 11193 11194</DD> 11195 11196<DT><b><a name="smtp_tls_policy_maps">smtp_tls_policy_maps</a> 11197(default: empty)</b></DT><DD> 11198 11199<p> Optional lookup tables with the Postfix SMTP client TLS security 11200policy by next-hop destination; when a non-empty value is specified, 11201this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter. See 11202<a href="TLS_README.html">TLS_README</a> for a more detailed discussion of TLS security levels. 11203</p> 11204 11205<p> The TLS policy table is indexed by the full next-hop destination, 11206which is either the recipient domain, or the verbatim next-hop 11207specified in the transport table, $<a href="postconf.5.html#local_transport">local_transport</a>, $<a href="postconf.5.html#virtual_transport">virtual_transport</a>, 11208$<a href="postconf.5.html#relay_transport">relay_transport</a> or $<a href="postconf.5.html#default_transport">default_transport</a>. This includes any enclosing 11209square brackets and any non-default destination server port suffix. The 11210LMTP socket type prefix (inet: or unix:) is not included in the lookup 11211key. </p> 11212 11213<p> Only the next-hop domain, or $<a href="postconf.5.html#myhostname">myhostname</a> with LMTP over UNIX-domain 11214sockets, is used as the nexthop name for certificate verification. The 11215port and any enclosing square brackets are used in the table lookup key, 11216but are not used for server name verification. </p> 11217 11218<p> When the lookup key is a domain name without enclosing square brackets 11219or any <i>:port</i> suffix (typically the recipient domain), and the full 11220domain is not found in the table, just as with the <a href="transport.5.html">transport(5)</a> table, 11221the parent domain starting with a leading "." is matched recursively. This 11222allows one to specify a security policy for a recipient domain and all 11223its sub-domains. </p> 11224 11225<p> The lookup result is a security level, followed by an optional list 11226of whitespace and/or comma separated name=value attributes that override 11227related <a href="postconf.5.html">main.cf</a> settings. The TLS security levels in order of increasing 11228security are: </p> 11229 11230<dl> 11231 11232<dt><b>none</b></dt> 11233<dd>No TLS. No additional attributes are supported at this level. </dd> 11234 11235<dt><b>may</b></dt> 11236<dd>Opportunistic TLS. Since sending in the clear is acceptable, 11237demanding stronger than default TLS security merely reduces 11238inter-operability. The optional "ciphers", "exclude" and "protocols" 11239attributes (available for opportunistic TLS with Postfix ≥ 2.6) 11240override the "<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>", "<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>" and 11241"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>" configuration parameters. When opportunistic TLS 11242handshakes fail, Postfix retries the connection with TLS disabled. 11243This allows mail delivery to sites with non-interoperable TLS 11244implementations.</dd> 11245 11246<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. At this level 11247and higher, the optional "protocols" attribute overrides the <a href="postconf.5.html">main.cf</a> 11248<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter, the optional "ciphers" attribute 11249overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter, and the 11250optional "exclude" attribute (Postfix ≥ 2.6) overrides the <a href="postconf.5.html">main.cf</a> 11251<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> parameter. In the policy table, 11252multiple protocols or excluded ciphers must be separated by colons, 11253as attribute values may not contain whitespace or commas. </dd> 11254 11255<dt><b>fingerprint</b></dt> <dd>Certificate fingerprint 11256verification. Available with Postfix 2.5 and later. At this security 11257level, there are no trusted certificate authorities. The certificate 11258trust chain, expiration date, ... are not checked. Instead, 11259the optional <b>match</b> attribute, or else the <a href="postconf.5.html">main.cf</a> 11260<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a></b> parameter, lists the certificate 11261fingerprints or the public key fingerprint (Postfix 2.9 and later) 11262of the valid server certificate. The digest 11263algorithm used to calculate the fingerprint is selected by the 11264<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> parameter. Multiple fingerprints can 11265be combined with a "|" delimiter in a single match attribute, or multiple 11266match attributes can be employed. The ":" character is not used as a 11267delimiter as it occurs between each pair of fingerprint (hexadecimal) 11268digits. </dd> 11269 11270<dt><b>verify</b></dt> <dd>Mandatory TLS verification. At this security 11271level, DNS MX lookups are trusted to be secure enough, and the name 11272verified in the server certificate is usually obtained indirectly via 11273unauthenticated DNS MX lookups. The optional "match" attribute overrides 11274the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter. In the policy table, 11275multiple match patterns and strategies must be separated by colons. 11276In practice explicit control over matching is more common with the 11277"secure" policy, described below. </dd> 11278 11279<dt><b>secure</b></dt> <dd>Secure-channel TLS. At this security level, DNS 11280MX lookups, though potentially used to determine the candidate next-hop 11281gateway IP addresses, are <b>not</b> trusted to be secure enough for TLS 11282peername verification. Instead, the default name verified in the server 11283certificate is obtained directly from the next-hop, or is explicitly 11284specified via the optional <b>match</b> attribute which overrides the 11285<a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> parameter. In the policy table, 11286multiple match patterns and strategies must be separated by colons. 11287The match attribute is most useful when multiple domains are supported by 11288common server, the policy entries for additional domains specify matching 11289rules for the primary domain certificate. While transport table overrides 11290routing the secondary domains to the primary nexthop also allow secure 11291verification, they risk delivery to the wrong destination when domains 11292change hands or are re-assigned to new gateways. With the "match" 11293attribute approach, routing is not perturbed, and mail is deferred if 11294verification of a new MX host fails. </dd> 11295 11296</dl> 11297 11298<p> 11299Example: 11300</p> 11301 11302<pre> 11303/etc/postfix/<a href="postconf.5.html">main.cf</a>: 11304 <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = hash:/etc/postfix/tls_policy 11305 # Postfix 2.5 and later 11306 <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = md5 11307</pre> 11308 11309<pre> 11310/etc/postfix/tls_policy: 11311 example.edu none 11312 example.mil may 11313 example.gov encrypt protocols=TLSv1 11314 example.com verify ciphers=high 11315 example.net secure 11316 .example.net secure match=.example.net:example.net 11317 [mail.example.org]:587 secure match=nexthop 11318 # Postfix 2.5 and later 11319 [thumb.example.org] fingerprint 11320 match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 11321 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 11322</pre> 11323 11324<p> <b>Note:</b> The <b>hostname</b> strategy if listed in a non-default 11325setting of <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> or in the <b>match</b> attribute 11326in the policy table can render the <b>secure</b> level vulnerable to 11327DNS forgery. Do not use the <b>hostname</b> strategy for secure-channel 11328configurations in environments where DNS security is not assured. </p> 11329 11330<p> This feature is available in Postfix 2.3 and later. </p> 11331 11332 11333</DD> 11334 11335<DT><b><a name="smtp_tls_protocols">smtp_tls_protocols</a> 11336(default: !SSLv2)</b></DT><DD> 11337 11338<p> List of TLS protocols that the Postfix SMTP client will exclude or 11339include with opportunistic TLS encryption. Starting with Postfix 2.6, 11340the Postfix SMTP client will by default not use the obsolete SSLv2 11341protocol. </p> 11342 11343<p> In <a href="postconf.5.html">main.cf</a> the values are separated by whitespace, commas or 11344colons. In the policy table (see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid 11345separator is colon. An empty value means allow all protocols. The valid 11346protocol names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" 11347and "TLSv1". </p> 11348 11349<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" 11350and "TLSv1.2". If an older Postfix version is linked against OpenSSL 113511.0.1 or later, these, or any other new protocol versions, are 11352unconditionally enabled. </p> 11353 11354<p> To include a protocol list its name, to exclude it, prefix the name 11355with a "!" character. To exclude SSLv2 even for opportunistic TLS set 11356"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set 11357"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3". Explicitly listing the protocols to 11358include, rather than protocols to exclude, is supported, but not 11359recommended. The exclusion form more closely matches the behaviour 11360when the OpenSSL library is newer than Postfix. </p> 11361 11362<p> Example: </p> 11363<pre> 11364# TLSv1 only! 11365<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3 11366</pre> 11367 11368<p> This feature is available in Postfix 2.6 and later. </p> 11369 11370 11371</DD> 11372 11373<DT><b><a name="smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> 11374(default: 9)</b></DT><DD> 11375 11376<p> The verification depth for remote SMTP server certificates. A depth 11377of 1 is sufficient if the issuing CA is listed in a local CA file. </p> 11378 11379<p> The default verification depth is 9 (the OpenSSL default) for 11380compatibility with earlier Postfix behavior. Prior to Postfix 2.5, 11381the default value was 5, but the limit was not actually enforced. If 11382you have set this to a lower non-default value, certificates with longer 11383trust chains may now fail to verify. Certificate chains with 1 or 2 11384CAs are common, deeper chains are more rare and any number between 5 11385and 9 should suffice in practice. You can choose a lower number if, 11386for example, you trust certificates directly signed by an issuing CA 11387but not any CAs it delegates to. </p> 11388 11389<p> This feature is available in Postfix 2.2 and later. </p> 11390 11391 11392</DD> 11393 11394<DT><b><a name="smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> 11395(default: nexthop, dot-nexthop)</b></DT><DD> 11396 11397<p> How the Postfix SMTP client verifies the server certificate 11398peername for the 11399"secure" TLS security level. In a "secure" TLS policy table 11400($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) entry the optional "match" attribute 11401overrides this <a href="postconf.5.html">main.cf</a> setting. </p> 11402 11403<p> This parameter specifies one or more patterns or strategies separated 11404by commas, whitespace or colons. In the policy table the only valid 11405separator is the colon character. </p> 11406 11407<p> For a description of the pattern and strategy syntax see the 11408<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter. The "hostname" strategy should 11409be avoided in this context, as in the absence of a secure global DNS, using 11410the results of MX lookups in certificate verification is not immune to active 11411(man-in-the-middle) attacks on DNS. </p> 11412 11413<p> 11414Sample <a href="postconf.5.html">main.cf</a> setting: 11415</p> 11416 11417<blockquote> 11418<pre> 11419<a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> = nexthop 11420</pre> 11421</blockquote> 11422 11423<p> 11424Sample policy table override: 11425</p> 11426 11427<blockquote> 11428<pre> 11429example.net secure match=example.com:.example.com 11430.example.net secure match=example.com:.example.com 11431</pre> 11432</blockquote> 11433 11434<p> This feature is available in Postfix 2.3 and later. </p> 11435 11436 11437</DD> 11438 11439<DT><b><a name="smtp_tls_security_level">smtp_tls_security_level</a> 11440(default: empty)</b></DT><DD> 11441 11442<p> The default SMTP TLS security level for the Postfix SMTP client; 11443when a non-empty value is specified, this overrides the obsolete 11444parameters <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>. 11445</p> 11446 11447<p> Specify one of the following security levels: </p> 11448 11449<dl> 11450 11451<dt><b>none</b></dt> <dd> TLS will not be used unless enabled for specific 11452destinations via <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>. </dd> 11453 11454<dt><b>may</b></dt> 11455<dd> Opportunistic TLS. Use TLS if this is supported by the remote 11456SMTP server, otherwise use plaintext. Since 11457sending in the clear is acceptable, demanding stronger than default TLS 11458security merely reduces inter-operability. 11459The "<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>" and "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>" (Postfix ≥ 2.6) 11460configuration parameters provide control over the protocols and 11461cipher grade used with opportunistic TLS. With earlier releases the 11462opportunistic TLS cipher grade is always "export" and no protocols 11463are disabled. 11464When TLS handshakes fail, the connection is retried with TLS disabled. 11465This allows mail delivery to sites with non-interoperable TLS 11466implementations. </dd> 11467 11468<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. Since a minimum 11469level of security is intended, it is reasonable to be specific about 11470sufficiently secure protocol versions and ciphers. At this security level 11471and higher, the <a href="postconf.5.html">main.cf</a> parameters <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> and 11472<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> specify the TLS protocols and minimum 11473cipher grade which the administrator considers secure enough for 11474mandatory encrypted sessions. This security level is not an appropriate 11475default for systems delivering mail to the Internet. </dd> 11476 11477<dt><b>fingerprint</b></dt> <dd>Certificate fingerprint 11478verification. Available with Postfix 2.5 and later. At this security 11479level, there are no trusted certificate authorities. The certificate 11480trust chain, expiration date, ... are not checked. Instead, the 11481<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a></b> parameter lists the certificate 11482fingerprint or public key fingerprint (Postfix 2.9 and later) of 11483the valid server certificate. The digest 11484algorithm used to calculate the fingerprint is selected by the 11485<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> parameter. </dd> 11486 11487<dt><b>verify</b></dt> <dd>Mandatory TLS verification. At this security 11488level, DNS MX lookups are trusted to be secure enough, and the name 11489verified in the server certificate is usually obtained indirectly 11490via unauthenticated DNS MX lookups. The <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> 11491parameter controls how the server name is verified. In practice explicit 11492control over matching is more common at the "secure" level, described 11493below. This security level is not an appropriate default for systems 11494delivering mail to the Internet. </dd> 11495 11496<dt><b>secure</b></dt> <dd>Secure-channel TLS. At this security level, 11497DNS MX lookups, though potentially used to determine the candidate 11498next-hop gateway IP addresses, are <b>not</b> trusted to be secure enough 11499for TLS peername verification. Instead, the default name verified in 11500the server certificate is obtained from the next-hop domain as specified 11501in the <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> configuration parameter. The default 11502matching rule is that a server certificate matches when its name is equal 11503to or is a sub-domain of the nexthop domain. This security level is not 11504an appropriate default for systems delivering mail to the Internet. </dd> 11505 11506</dl> 11507 11508<p> 11509Examples: 11510</p> 11511 11512<pre> 11513# No TLS. Formerly: <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>=no and <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>=no. 11514<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = none 11515</pre> 11516 11517<pre> 11518# Opportunistic TLS. 11519<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may 11520# Postfix ≥ 2.6: 11521# Do not tweak opportunistic ciphers or protocol unless it is essential 11522# to do so (if a security vulnerability is found in the SSL library that 11523# can be mitigated by disabling a particular protocol or raising the 11524# cipher grade from "export" to "low" or "medium"). 11525<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = export 11526<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2 11527</pre> 11528 11529<pre> 11530# Mandatory (high-grade) TLS encryption. 11531<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt 11532<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high 11533</pre> 11534 11535<pre> 11536# Mandatory TLS verification of hostname or nexthop domain. 11537<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = verify 11538<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high 11539<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> = hostname, nexthop, dot-nexthop 11540</pre> 11541 11542<pre> 11543# Secure channel TLS with exact nexthop name match. 11544<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = secure 11545<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = TLSv1 11546<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high 11547<a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> = nexthop 11548</pre> 11549 11550<pre> 11551# Certificate fingerprint verification (Postfix ≥ 2.5). 11552# The CA-less "fingerprint" security level only scales to a limited 11553# number of destinations. As a global default rather than a per-site 11554# setting, this is practical when mail for all recipients is sent 11555# to a central mail hub. 11556<a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com] 11557<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint 11558<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3 11559<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high 11560<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> = 11561 3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 11562 EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 11563</pre> 11564 11565<p> This feature is available in Postfix 2.3 and later. </p> 11566 11567 11568</DD> 11569 11570<DT><b><a name="smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> 11571(default: empty)</b></DT><DD> 11572 11573<p> Name of the file containing the optional Postfix SMTP client 11574TLS session cache. Specify a database type that supports enumeration, 11575such as <b>btree</b> or <b>sdbm</b>; there is no need to support 11576concurrent access. The file is created if it does not exist. The <a href="smtp.8.html">smtp(8)</a> 11577daemon does not use this parameter directly, rather the cache is 11578implemented indirectly in the <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon. This means that 11579per-smtp-instance <a href="master.5.html">master.cf</a> overrides of this parameter are not effective. 11580Note, that each of the cache databases supported by <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon: 11581$<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, $<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> 11582(and with Postfix 2.3 and later $<a href="postconf.5.html#lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a>), needs to 11583be stored separately. It is not at this time possible to store multiple 11584caches in a single database. </p> 11585 11586<p> Note: <b>dbm</b> databases are not suitable. TLS 11587session objects are too large. </p> 11588 11589<p> As of version 2.5, Postfix no longer uses root privileges when 11590opening this file. The file should now be stored under the Postfix-owned 11591<a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to open the file 11592under a non-Postfix directory is redirected to the Postfix-owned 11593<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p> 11594 11595<p> Example: </p> 11596 11597<pre> 11598<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = btree:/var/db/postfix/smtp_scache 11599</pre> 11600 11601<p> This feature is available in Postfix 2.2 and later. </p> 11602 11603 11604</DD> 11605 11606<DT><b><a name="smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> 11607(default: 3600s)</b></DT><DD> 11608 11609<p> The expiration time of Postfix SMTP client TLS session cache 11610information. A cache cleanup is performed periodically 11611every $<a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> seconds. As with 11612$<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>, this parameter is implemented in the 11613<a href="tlsmgr.8.html">tlsmgr(8)</a> daemon and therefore per-smtp-instance <a href="master.5.html">master.cf</a> overrides 11614are not possible. </p> 11615 11616<p> This feature is available in Postfix 2.2 and later. </p> 11617 11618 11619</DD> 11620 11621<DT><b><a name="smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> 11622(default: hostname)</b></DT><DD> 11623 11624<p> How the Postfix SMTP client verifies the server certificate 11625peername for the 11626"verify" TLS security level. In a "verify" TLS policy table 11627($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) entry the optional "match" attribute 11628overrides this <a href="postconf.5.html">main.cf</a> setting. </p> 11629 11630<p> This parameter specifies one or more patterns or strategies separated 11631by commas, whitespace or colons. In the policy table the only valid 11632separator is the colon character. </p> 11633 11634<p> Patterns specify domain names, or domain name suffixes: </p> 11635 11636<dl> 11637 11638<dt><i>example.com</i></dt> <dd> Match the <i>example.com</i> domain, 11639i.e. one of the names the server certificate must be <i>example.com</i>, 11640upper and lower case distinctions are ignored. </dd> 11641 11642<dt><i>.example.com</i></dt> 11643<dd> Match subdomains of the <i>example.com</i> domain, i.e. match 11644a name in the server certificate that consists of a non-zero number of 11645labels followed by a <i>.example.com</i> suffix. Case distinctions are 11646ignored.</dd> 11647 11648</dl> 11649 11650<p> Strategies specify a transformation from the next-hop domain 11651to the expected name in the server certificate: </p> 11652 11653<dl> 11654 11655<dt>nexthop</dt> 11656<dd> Match against the next-hop domain, which is either the recipient 11657domain, or the transport next-hop configured for the domain stripped of 11658any optional socket type prefix, enclosing square brackets and trailing 11659port. When MX lookups are not suppressed, this is the original nexthop 11660domain prior to the MX lookup, not the result of the MX lookup. For 11661LMTP delivery via UNIX-domain sockets, the verified next-hop name is 11662$<a href="postconf.5.html#myhostname">myhostname</a>. This strategy is suitable for use with the "secure" 11663policy. Case is ignored.</dd> 11664 11665<dt>dot-nexthop</dt> 11666<dd> As above, but match server certificate names that are subdomains 11667of the next-hop domain. Case is ignored.</dd> 11668 11669<dt>hostname</dt> <dd> Match against the hostname of the server, often 11670obtained via an unauthenticated DNS MX lookup. For LMTP delivery via 11671UNIX-domain sockets, the verified name is $<a href="postconf.5.html#myhostname">myhostname</a>. This matches 11672the verification strategy of the "MUST" keyword in the obsolete 11673<a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table, and is suitable for use with the "verify" 11674security level. When the next-hop name is enclosed in square brackets 11675to suppress MX lookups, the "hostname" strategy is the same as the 11676"nexthop" strategy. Case is ignored.</dd> 11677 11678</dl> 11679 11680<p> 11681Sample <a href="postconf.5.html">main.cf</a> setting: 11682</p> 11683 11684<pre> 11685<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> = hostname, nexthop, dot-nexthop 11686</pre> 11687 11688<p> 11689Sample policy table override: 11690</p> 11691 11692<pre> 11693example.com verify match=hostname:nexthop 11694.example.com verify match=example.com:.example.com:hostname 11695</pre> 11696 11697<p> This feature is available in Postfix 2.3 and later. </p> 11698 11699 11700</DD> 11701 11702<DT><b><a name="smtp_use_tls">smtp_use_tls</a> 11703(default: no)</b></DT><DD> 11704 11705<p> Opportunistic mode: use TLS when a remote SMTP server announces 11706STARTTLS support, otherwise send the mail in the clear. Beware: 11707some SMTP servers offer STARTTLS even if it is not configured. With 11708Postfix < 2.3, if the TLS handshake fails, and no other server is 11709available, delivery is deferred and mail stays in the queue. If this 11710is a concern for you, use the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> feature instead. </p> 11711 11712<p> This feature is available in Postfix 2.2 and later. With 11713Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p> 11714 11715 11716</DD> 11717 11718<DT><b><a name="smtp_xforward_timeout">smtp_xforward_timeout</a> 11719(default: 300s)</b></DT><DD> 11720 11721<p> 11722The Postfix SMTP client time limit for sending the XFORWARD command, 11723and for receiving the remote SMTP server response. 11724</p> 11725 11726<p> 11727Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 11728The default time unit is s (seconds). 11729</p> 11730 11731<p> 11732This feature is available in Postfix 2.1 and later. 11733</p> 11734 11735 11736</DD> 11737 11738<DT><b><a name="smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> 11739(default: $<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b></DT><DD> 11740 11741<p> What remote SMTP clients are allowed to specify the XVERP command. 11742This command requests that mail be delivered one recipient at a 11743time with a per recipient return address. </p> 11744 11745<p> By default, no clients are allowed to specify XVERP. </p> 11746 11747<p> This parameter was renamed with Postfix version 2.1. The default value 11748is backwards compatible with Postfix version 2.0. </p> 11749 11750<p> Specify a list of network/netmask patterns, separated by commas 11751and/or whitespace. The mask specifies the number of bits in the 11752network part of a host address. You can also specify hostnames or 11753.domain names (the initial dot causes the domain to match any name 11754below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" 11755pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 11756is matched when a table entry matches a lookup string (the lookup 11757result is ignored). Continue long lines by starting the next line 11758with whitespace. Specify "!pattern" to exclude an address or network 11759block from the list. The form "!/file/name" is supported only in 11760Postfix version 2.4 and later. </p> 11761 11762<p> Note: IP version 6 address information must be specified inside 11763<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> value, and in 11764files specified with "/file/name". IP version 6 addresses contain 11765the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 11766pattern. </p> 11767 11768 11769</DD> 11770 11771<DT><b><a name="smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> 11772(default: empty)</b></DT><DD> 11773 11774<p> 11775What remote SMTP clients are allowed to use the XCLIENT feature. This 11776command overrides remote SMTP client information that is used for access 11777control. Typical use is for SMTP-based content filters, fetchmail-like 11778programs, or SMTP server access rule testing. See the <a href="XCLIENT_README.html">XCLIENT_README</a> 11779document for details. 11780</p> 11781 11782<p> 11783This feature is available in Postfix 2.1 and later. 11784</p> 11785 11786<p> 11787By default, no clients are allowed to specify XCLIENT. 11788</p> 11789 11790<p> 11791Specify a list of network/netmask patterns, separated by commas 11792and/or whitespace. The mask specifies the number of bits in the 11793network part of a host address. You can also specify hostnames or 11794.domain names (the initial dot causes the domain to match any name 11795below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" 11796pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 11797is matched when a table entry matches a lookup string (the lookup 11798result is ignored). Continue long lines by starting the next line 11799with whitespace. Specify "!pattern" to exclude an address or network 11800block from the list. The form "!/file/name" is supported only in 11801Postfix version 2.4 and later. </p> 11802 11803<p> Note: IP version 6 address information must be specified inside 11804<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> value, and in 11805files specified with "/file/name". IP version 6 addresses contain 11806the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 11807pattern. </p> 11808 11809 11810</DD> 11811 11812<DT><b><a name="smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> 11813(default: empty)</b></DT><DD> 11814 11815<p> 11816What remote SMTP clients are allowed to use the XFORWARD feature. This 11817command forwards information that is used to improve logging after 11818SMTP-based content filters. See the <a href="XFORWARD_README.html">XFORWARD_README</a> document for 11819details. 11820</p> 11821 11822<p> 11823This feature is available in Postfix 2.1 and later. 11824</p> 11825 11826<p> 11827By default, no clients are allowed to specify XFORWARD. 11828</p> 11829 11830<p> 11831Specify a list of network/netmask patterns, separated by commas 11832and/or whitespace. The mask specifies the number of bits in the 11833network part of a host address. You can also specify hostnames or 11834.domain names (the initial dot causes the domain to match any name 11835below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" 11836pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 11837is matched when a table entry matches a lookup string (the lookup 11838result is ignored). Continue long lines by starting the next line 11839with whitespace. Specify "!pattern" to exclude an address or network 11840block from the list. The form "!/file/name" is supported only in 11841Postfix version 2.4 and later. </p> 11842 11843<p> Note: IP version 6 address information must be specified inside 11844<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> value, and in 11845files specified with "/file/name". IP version 6 addresses contain 11846the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 11847pattern. </p> 11848 11849 11850</DD> 11851 11852<DT><b><a name="smtpd_banner">smtpd_banner</a> 11853(default: $<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b></DT><DD> 11854 11855<p> 11856The text that follows the 220 status code in the SMTP greeting 11857banner. Some people like to see the mail version advertised. By 11858default, Postfix shows no version. 11859</p> 11860 11861<p> 11862You MUST specify $<a href="postconf.5.html#myhostname">myhostname</a> at the start of the text. This is 11863required by the SMTP protocol. 11864</p> 11865 11866<p> 11867Example: 11868</p> 11869 11870<pre> 11871<a href="postconf.5.html#smtpd_banner">smtpd_banner</a> = $<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a> ($<a href="postconf.5.html#mail_version">mail_version</a>) 11872</pre> 11873 11874 11875</DD> 11876 11877<DT><b><a name="smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> 11878(default: 50)</b></DT><DD> 11879 11880<p> 11881How many simultaneous connections any client is allowed to 11882make to this service. By default, the limit is set to half 11883the default process limit value. 11884</p> 11885 11886<p> 11887To disable this feature, specify a limit of 0. 11888</p> 11889 11890<p> 11891WARNING: The purpose of this feature is to limit abuse. It must 11892not be used to regulate legitimate mail traffic. 11893</p> 11894 11895<p> 11896This feature is available in Postfix 2.2 and later. 11897</p> 11898 11899 11900</DD> 11901 11902<DT><b><a name="smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> 11903(default: 0)</b></DT><DD> 11904 11905<p> 11906The maximal number of connection attempts any client is allowed to 11907make to this service per time unit. The time unit is specified 11908with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter. 11909</p> 11910 11911<p> 11912By default, a client can make as many connections per time unit as 11913Postfix can accept. 11914</p> 11915 11916<p> 11917To disable this feature, specify a limit of 0. 11918</p> 11919 11920<p> 11921WARNING: The purpose of this feature is to limit abuse. It must 11922not be used to regulate legitimate mail traffic. 11923</p> 11924 11925<p> 11926This feature is available in Postfix 2.2 and later. 11927</p> 11928 11929<p> 11930Example: 11931</p> 11932 11933<pre> 11934<a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> = 1000 11935</pre> 11936 11937 11938</DD> 11939 11940<DT><b><a name="smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> 11941(default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)</b></DT><DD> 11942 11943<p> 11944Clients that are excluded from smtpd_client_*_count/rate_limit 11945restrictions. See the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter 11946description for the parameter value syntax. 11947</p> 11948 11949<p> 11950By default, clients in trusted networks are excluded. Specify a 11951list of network blocks, hostnames or .domain names (the initial 11952dot causes the domain to match any name below it). 11953</p> 11954 11955<p> Note: IP version 6 address information must be specified inside 11956<tt>[]</tt> in the <a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> value, and 11957in files specified with "/file/name". IP version 6 addresses 11958contain the ":" character, and would otherwise be confused with a 11959"<a href="DATABASE_README.html">type:table</a>" pattern. </p> 11960 11961<p> 11962This feature is available in Postfix 2.2 and later. 11963</p> 11964 11965 11966</DD> 11967 11968<DT><b><a name="smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> 11969(default: 0)</b></DT><DD> 11970 11971<p> 11972The maximal number of message delivery requests that any client is 11973allowed to make to this service per time unit, regardless of whether 11974or not Postfix actually accepts those messages. The time unit is 11975specified with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter. 11976</p> 11977 11978<p> 11979By default, a client can send as many message delivery requests 11980per time unit as Postfix can accept. 11981</p> 11982 11983<p> 11984To disable this feature, specify a limit of 0. 11985</p> 11986 11987<p> 11988WARNING: The purpose of this feature is to limit abuse. It must 11989not be used to regulate legitimate mail traffic. 11990</p> 11991 11992<p> 11993This feature is available in Postfix 2.2 and later. 11994</p> 11995 11996<p> 11997Example: 11998</p> 11999 12000<pre> 12001<a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> = 1000 12002</pre> 12003 12004 12005</DD> 12006 12007<DT><b><a name="smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> 12008(default: 0)</b></DT><DD> 12009 12010<p> 12011The maximal number of new (i.e., uncached) TLS sessions that a 12012remote SMTP client is allowed to negotiate with this service per 12013time unit. The time unit is specified with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> 12014configuration parameter. 12015</p> 12016 12017<p> 12018By default, a remote SMTP client can negotiate as many new TLS 12019sessions per time unit as Postfix can accept. 12020</p> 12021 12022<p> 12023To disable this feature, specify a limit of 0. Otherwise, specify 12024a limit that is at least the per-client concurrent session limit, 12025or else legitimate client sessions may be rejected. 12026</p> 12027 12028<p> 12029WARNING: The purpose of this feature is to limit abuse. It must 12030not be used to regulate legitimate mail traffic. 12031</p> 12032 12033<p> 12034This feature is available in Postfix 2.3 and later. 12035</p> 12036 12037<p> 12038Example: 12039</p> 12040 12041<pre> 12042<a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> = 100 12043</pre> 12044 12045 12046</DD> 12047 12048<DT><b><a name="smtpd_client_port_logging">smtpd_client_port_logging</a> 12049(default: no)</b></DT><DD> 12050 12051<p> Enable logging of the remote SMTP client port in addition to 12052the hostname and IP address. The logging format is "host[address]:port". 12053</p> 12054 12055<p> This feature is available in Postfix 2.5 and later. </p> 12056 12057 12058</DD> 12059 12060<DT><b><a name="smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> 12061(default: 0)</b></DT><DD> 12062 12063<p> 12064The maximal number of recipient addresses that any client is allowed 12065to send to this service per time unit, regardless of whether or not 12066Postfix actually accepts those recipients. The time unit is specified 12067with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter. 12068</p> 12069 12070<p> 12071By default, a client can send as many recipient addresses per time 12072unit as Postfix can accept. 12073</p> 12074 12075<p> 12076To disable this feature, specify a limit of 0. 12077</p> 12078 12079<p> 12080WARNING: The purpose of this feature is to limit abuse. It must 12081not be used to regulate legitimate mail traffic. 12082</p> 12083 12084<p> 12085This feature is available in Postfix 2.2 and later. 12086</p> 12087 12088<p> 12089Example: 12090</p> 12091 12092<pre> 12093<a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> = 1000 12094</pre> 12095 12096 12097</DD> 12098 12099<DT><b><a name="smtpd_client_restrictions">smtpd_client_restrictions</a> 12100(default: empty)</b></DT><DD> 12101 12102<p> 12103Optional Postfix SMTP server access restrictions in the context of 12104a remote SMTP client connection request. 12105See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 12106restriction lists" for a discussion of evaluation context and time. 12107</p> 12108 12109<p> 12110The default is to allow all connection requests. 12111</p> 12112 12113<p> 12114Specify a list of restrictions, separated by commas and/or whitespace. 12115Continue long lines by starting the next line with whitespace. 12116Restrictions are applied in the order as specified; the first 12117restriction that matches wins. 12118</p> 12119 12120<p> 12121The following restrictions are specific to client hostname or 12122client network address information. 12123</p> 12124 12125<dl> 12126 12127<dt><b><a name="check_ccert_access">check_ccert_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12128 12129<dd> Use the remote SMTP client certificate fingerprint or the public key 12130fingerprint (Postfix 2.9 and later) as lookup key for the specified 12131<a href="access.5.html">access(5)</a> database; with Postfix version 2.2, also require that the 12132remote SMTP client certificate is verified successfully. 12133The fingerprint digest algorithm is configurable via the 12134<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to 12135Postfix version 2.5). This feature is available with Postfix version 121362.2 and later. </dd> 12137 12138<dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12139 12140<dd>Search the specified access database for the client hostname, 12141parent domains, client IP address, or networks obtained by stripping 12142least significant octets. See the <a href="access.5.html">access(5)</a> manual page for details. </dd> 12143 12144<dt><b><a name="check_client_mx_access">check_client_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12145 12146<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for the 12147client hostname, and execute the corresponding action. Note: a result 12148of "OK" is not allowed for safety reasons. Instead, use DUNNO in order 12149to exclude specific hosts from blacklists. This feature is available 12150in Postfix 2.7 and later. </dd> 12151 12152<dt><b><a name="check_client_ns_access">check_client_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12153 12154<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers for 12155the client hostname, and execute the corresponding action. Note: a 12156result of "OK" is not allowed for safety reasons. Instead, use DUNNO 12157in order to exclude specific hosts from blacklists. This feature is 12158available in Postfix 2.7 and later. </dd> 12159 12160<dt><b><a name="check_reverse_client_hostname_access">check_reverse_client_hostname_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12161 12162<dd>Search the specified access database for the unverified reverse 12163client hostname, parent domains, client IP address, or networks 12164obtained by stripping least significant octets. See the <a href="access.5.html">access(5)</a> 12165manual page for details. Note: a result of "OK" is not allowed for 12166safety reasons. Instead, use DUNNO in order to exclude specific 12167hosts from blacklists. This feature is available in Postfix 2.6 12168and later.</dd> 12169 12170<dt><b><a name="check_reverse_client_hostname_mx_access">check_reverse_client_hostname_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12171 12172<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for the 12173unverified reverse client hostname, and execute the corresponding 12174action. Note: a result of "OK" is not allowed for safety reasons. 12175Instead, use DUNNO in order to exclude specific hosts from blacklists. 12176This feature is available in Postfix 2.7 and later. </dd> 12177 12178<dt><b><a name="check_reverse_client_hostname_ns_access">check_reverse_client_hostname_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12179 12180<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers for 12181the unverified reverse client hostname, and execute the corresponding 12182action. Note: a result of "OK" is not allowed for safety reasons. 12183Instead, use DUNNO in order to exclude specific hosts from blacklists. 12184This feature is available in Postfix 2.7 and later. </dd> 12185 12186<dt><b><a name="permit_inet_interfaces">permit_inet_interfaces</a></b></dt> 12187 12188<dd>Permit the request when the client IP address matches 12189$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. </dd> 12190 12191<dt><b><a name="permit_mynetworks">permit_mynetworks</a></b></dt> 12192 12193<dd>Permit the request when the client IP address matches any 12194network or network address listed in $<a href="postconf.5.html#mynetworks">mynetworks</a>. </dd> 12195 12196<dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt> 12197 12198<dd> Permit the request when the client is successfully 12199authenticated via the <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH) protocol. </dd> 12200 12201<dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt> 12202 12203<dd> Permit the request when the remote SMTP client certificate is 12204verified successfully. This option must be used only if a special 12205CA issues the certificates and only this CA is listed as trusted 12206CA. Otherwise, clients with a third-party certificate would also 12207be allowed to relay. Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" when the 12208trusted CA is specified with <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> or <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>, 12209to prevent Postfix from appending the system-supplied default CAs. 12210This feature is available with Postfix version 2.2.</dd> 12211 12212<dt><b><a name="permit_tls_clientcerts">permit_tls_clientcerts</a></b></dt> 12213 12214<dd>Permit the request when the remote SMTP client certificate 12215fingerprint or public key fingerprint (Postfix 2.9 and later) is 12216listed in $<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a>. 12217The fingerprint digest algorithm is configurable via the 12218<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to 12219Postfix version 2.5). This feature is available with Postfix version 122202.2. </dd> 12221 12222<dt><b><a name="reject_rbl_client">reject_rbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 12223 12224<dd>Reject the request when the reversed client network address is 12225listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> 12226(Postfix version 2.1 and later only). Each "<i>d</i>" is a number, 12227or a pattern inside "[]" that contains one or more ";"-separated 12228numbers or number..number ranges (Postfix version 2.8 and later). 12229If no "<i>=d.d.d.d</i>" is specified, reject the request when the 12230reversed client network address is listed with any A record under 12231<i>rbl_domain</i>. <br> 12232The <a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> parameter specifies the response code for 12233rejected requests (default: 554), the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter 12234specifies the default server reply, and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter 12235specifies tables with server replies indexed by <i>rbl_domain</i>. 12236This feature is available in Postfix 2.0 and later. </dd> 12237 12238<dt><b><a name="permit_dnswl_client">permit_dnswl_client <i>dnswl_domain=d.d.d.d</i></a></b></dt> 12239 12240<dd>Accept the request when the reversed client network address is 12241listed with the A record "<i>d.d.d.d</i>" under <i>dnswl_domain</i>. 12242Each "<i>d</i>" is a number, or a pattern inside "[]" that contains 12243one or more ";"-separated numbers or number..number ranges. 12244If no "<i>=d.d.d.d</i>" is specified, accept the request when the 12245reversed client network address is listed with any A record under 12246<i>dnswl_domain</i>. <br> For safety, <a href="postconf.5.html#permit_dnswl_client">permit_dnswl_client</a> is silently 12247ignored when it would override <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>. The 12248result is DEFER_IF_REJECT when whitelist lookup fails. This feature 12249is available in Postfix 2.8 and later. </dd> 12250 12251<dt><b><a name="reject_rhsbl_client">reject_rhsbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 12252 12253<dd>Reject the request when the client hostname is listed with the 12254A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version 122552.1 and later only). Each "<i>d</i>" is a number, or a pattern 12256inside "[]" that contains one or more ";"-separated numbers or 12257number..number ranges (Postfix version 2.8 and later). If no 12258"<i>=d.d.d.d</i>" is specified, reject the request when the client 12259hostname is listed with 12260any A record under <i>rbl_domain</i>. See the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> 12261description above for additional RBL related configuration parameters. 12262This feature is available in Postfix 2.0 and later; with Postfix 12263version 2.8 and later, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a> will usually 12264produce better results. </dd> 12265 12266<dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt> 12267 12268<dd>Accept the request when the client hostname is listed with the 12269A record "<i>d.d.d.d</i>" under <i>rhswl_domain</i>. Each "<i>d</i>" 12270is a number, or a pattern inside "[]" that contains one or more 12271";"-separated numbers or number..number ranges. If no 12272"<i>=d.d.d.d</i>" is specified, accept the request when the client 12273hostname is listed with any A record under <i>rhswl_domain</i>. 12274<br> Caution: client name whitelisting is fragile, since the client 12275name lookup can fail due to temporary outages. Client name 12276whitelisting should be used only to reduce false positives in e.g. 12277DNS-based blocklists, and not for making access rule exceptions. 12278<br> For safety, <a href="postconf.5.html#permit_rhswl_client">permit_rhswl_client</a> is silently ignored when it 12279would override <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>. The result is DEFER_IF_REJECT 12280when whitelist lookup fails. This feature is available in Postfix 122812.8 and later. </dd> 12282 12283<dt><b><a name="reject_rhsbl_reverse_client">reject_rhsbl_reverse_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 12284 12285<dd>Reject the request when the unverified reverse client hostname 12286is listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>. 12287Each "<i>d</i>" is a number, or a pattern inside "[]" that contains 12288one or more ";"-separated numbers or number..number ranges. 12289If no "<i>=d.d.d.d</i>" is specified, reject the request when the 12290unverified reverse client hostname is listed with any A record under 12291<i>rbl_domain</i>. See the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> description above for 12292additional RBL related configuration parameters. This feature is 12293available in Postfix 2.8 and later. </dd> 12294 12295<dt><b><a name="reject_unknown_client_hostname">reject_unknown_client_hostname</a></b> (with Postfix < 2.3: reject_unknown_client)</dt> 12296 12297<dd>Reject the request when 1) the client IP address->name mapping 12298fails, 2) the name->address mapping fails, or 3) the name->address 12299mapping does not match the client IP address. <br> This is a 12300stronger restriction than the <a href="postconf.5.html#reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a> 12301feature, which triggers only under condition 1) above. <br> The 12302<a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> parameter specifies the response code 12303for rejected requests (default: 450). The reply is always 450 in 12304case the address->name or name->address lookup failed due to 12305a temporary problem. </dd> 12306 12307<dt><b><a name="reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a></b></dt> 12308 12309<dd>Reject the request when the client IP address has no address->name 12310mapping. <br> This is a weaker restriction than the 12311<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> feature, which requires not only 12312that the address->name and name->address mappings exist, but 12313also that the two mappings reproduce the client IP address. <br> 12314The <a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> parameter specifies the response 12315code for rejected requests (default: 450). The reply is always 450 12316in case the address->name lookup failed due to a temporary 12317problem. <br> This feature is available in Postfix 2.3 and 12318later. </dd> 12319 12320</dl> 12321 12322<p> 12323In addition, you can use any of the following <a name="generic"> 12324generic</a> restrictions. These restrictions are applicable in 12325any SMTP command context. 12326</p> 12327 12328<dl> 12329 12330<dt><b><a name="check_policy_service">check_policy_service <i>servername</i></a></b></dt> 12331 12332<dd>Query the specified policy server. See the <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> 12333document for details. This feature is available in Postfix 2.1 12334and later. </dd> 12335 12336<dt><b><a name="defer">defer</a></b></dt> 12337 12338<dd>Defer the request. The client is told to try again later. This 12339restriction is useful at the end of a restriction list, to make 12340the default policy explicit. <br> The <a href="postconf.5.html#defer_code">defer_code</a> parameter specifies 12341the SMTP server reply code (default: 450).</dd> 12342 12343<dt><b><a name="defer_if_permit">defer_if_permit</a></b></dt> 12344 12345<dd>Defer the request if some later restriction would result in an 12346explicit or implicit PERMIT action. This is useful when a blacklisting 12347feature fails due to a temporary problem. This feature is available 12348in Postfix version 2.1 and later. </dd> 12349 12350<dt><b><a name="defer_if_reject">defer_if_reject</a></b></dt> 12351 12352<dd>Defer the request if some later restriction would result in a 12353REJECT action. This is useful when a whitelisting feature fails 12354due to a temporary problem. This feature is available in Postfix 12355version 2.1 and later. </dd> 12356 12357<dt><b><a name="permit">permit</a></b></dt> 12358 12359<dd>Permit the request. This restriction is useful at the end of 12360a restriction list, to make the default policy explicit.</dd> 12361 12362<dt><b><a name="reject_multi_recipient_bounce">reject_multi_recipient_bounce</a></b></dt> 12363 12364<dd>Reject the request when the envelope sender is the null address, 12365and the message has multiple envelope recipients. This usage has 12366rare but legitimate applications: under certain conditions, 12367multi-recipient mail that was posted with the DSN option NOTIFY=NEVER 12368may be forwarded with the null sender address. 12369<br> Note: this restriction can only work reliably 12370when used in <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> or 12371<a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a>, because the total number of 12372recipients is not known at an earlier stage of the SMTP conversation. 12373Use at the RCPT stage will only reject the second etc. recipient. 12374<br> 12375The <a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> parameter specifies the 12376response code for rejected requests (default: 550). This feature 12377is available in Postfix 2.1 and later. </dd> 12378 12379<dt><b><a name="reject_plaintext_session">reject_plaintext_session</a></b></dt> 12380 12381<dd>Reject the request when the connection is not encrypted. This 12382restriction should not be used before the client has had a chance 12383to negotiate encryption with the AUTH or STARTTLS commands. 12384<br> 12385The <a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> parameter specifies the response 12386code for rejected requests (default: 450). This feature is available 12387in Postfix 2.3 and later. </dd> 12388 12389<dt><b><a name="reject_unauth_pipelining">reject_unauth_pipelining</a></b></dt> 12390 12391<dd>Reject the request when the client sends SMTP commands ahead 12392of time where it is not allowed, or when the client sends SMTP 12393commands ahead of time without knowing that Postfix actually supports 12394ESMTP command pipelining. This stops mail from bulk mail software 12395that improperly uses ESMTP command pipelining in order to speed up 12396deliveries. 12397<br> With Postfix 2.6 and later, the SMTP server sets a per-session 12398flag whenever it detects illegal pipelining, including pipelined 12399EHLO or HELO commands. The <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> feature simply 12400tests whether the flag was set at any point in time during the 12401session. 12402<br> With older Postfix versions, <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> checks 12403the current status of the input read queue, and its usage is not 12404recommended in contexts other than <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a>. </dd> 12405 12406<dt><b><a name="reject">reject</a></b></dt> 12407 12408<dd>Reject the request. This restriction is useful at the end of 12409a restriction list, to make the default policy explicit. The 12410<a href="postconf.5.html#reject_code">reject_code</a> configuration parameter specifies the response code for 12411rejected requests (default: 554).</dd> 12412 12413<dt><b><a name="sleep">sleep <i>seconds</i></a></b></dt> 12414 12415<dd>Pause for the specified number of seconds and proceed with 12416the next restriction in the list, if any. This may stop zombie 12417mail when used as: 12418<pre> 12419/etc/postfix/<a href="postconf.5.html">main.cf</a>: 12420 <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = 12421 sleep 1, <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> 12422 <a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = no 12423</pre> 12424This feature is available in Postfix 2.3. </dd> 12425 12426<dt><b><a name="warn_if_reject">warn_if_reject</a></b></dt> 12427 12428<dd>Change the meaning of the next restriction, so that it logs 12429a warning instead of rejecting a request (look for logfile records 12430that contain "reject_warning"). This is useful for testing new 12431restrictions in a "live" environment without risking unnecessary 12432loss of mail. </dd> 12433 12434</dl> 12435 12436<p> 12437Other restrictions that are valid in this context: 12438</p> 12439 12440<ul> 12441 12442<li> SMTP command specific restrictions that are described under 12443the <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>, <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or 12444<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameters. When helo, sender or 12445recipient restrictions are listed under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, 12446they have effect only with "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that 12447$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> is evaluated at the time of the RCPT TO 12448command. 12449 12450</ul> 12451 12452<p> 12453Example: 12454</p> 12455 12456<pre> 12457<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> 12458</pre> 12459 12460 12461</DD> 12462 12463<DT><b><a name="smtpd_command_filter">smtpd_command_filter</a> 12464(default: empty)</b></DT><DD> 12465 12466<p> A mechanism to transform commands from remote SMTP clients. 12467This is a last-resort tool to work around client commands that break 12468inter-operability with the Postfix SMTP server. Other uses involve 12469fault injection to test Postfix's handling of invalid commands. 12470</p> 12471 12472<p> Specify the name of a "<a href="DATABASE_README.html">type:table</a>" lookup table. The search 12473string is the SMTP command as received from the remote SMTP client, 12474except that initial whitespace and the trailing <CR><LF> 12475are removed. The result value is executed by the Postfix SMTP 12476server. </p> 12477 12478<p> There is no need to use <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> for the following 12479cases: </p> 12480 12481<ul> 12482 12483<li> <p> Use "<a href="postconf.5.html#resolve_numeric_domain">resolve_numeric_domain</a> = yes" to accept 12484"<i>user@ipaddress</i>". </p> 12485 12486<li> <p> Postfix already accepts the correct form 12487"<i>user@[ipaddress]</i>". Use <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> or <a href="postconf.5.html#canonical_maps">canonical_maps</a> 12488to translate these into domain names if necessary. </p> 12489 12490<li> <p> Use "<a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> = no" to accept "RCPT TO:<<i>User 12491Name <user@example.com>></i>". Postfix will ignore the "<i>User 12492Name</i>" part and deliver to the <i><user@example.com></i> address. 12493</p> 12494 12495</ul> 12496 12497<p> Examples of problems that can be solved with the <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> 12498feature: </p> 12499 12500<pre> 12501/etc/postfix/<a href="postconf.5.html">main.cf</a>: 12502 <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/command_filter 12503</pre> 12504 12505<pre> 12506/etc/postfix/command_filter: 12507 # Work around clients that send malformed HELO commands. 12508 /^HELO\s*$/ HELO domain.invalid 12509</pre> 12510 12511<pre> 12512 # Work around clients that send empty lines. 12513 /^\s*$/ NOOP 12514</pre> 12515 12516<pre> 12517 # Work around clients that send RCPT TO:<'user@domain'>. 12518 # WARNING: do not lose the parameters that follow the address. 12519 /^RCPT\s+TO:\s*<'([^[:space:]]+)'>(.*)/ RCPT TO:<$1>$2 12520</pre> 12521 12522<pre> 12523 # Append XVERP to MAIL FROM commands to request VERP-style delivery. 12524 # See <a href="VERP_README.html">VERP_README</a> for more information on how to use Postfix VERP. 12525 /^(MAIL FROM:<listname@example\.com>.*)/ $1 XVERP 12526</pre> 12527 12528<pre> 12529 # Bounce-never mail sink. Use <a href="postconf.5.html#notify_classes">notify_classes</a>=bounce,resource,software 12530 # to send bounced mail to the postmaster (with message body removed). 12531 /^(RCPT\s+TO:.*?)\bNOTIFY=\S+\b(.*)/ $1 NOTIFY=NEVER $2 12532 /^(RCPT\s+TO:.*)/ $1 NOTIFY=NEVER 12533</pre> 12534 12535<p> This feature is available in Postfix 2.7. </p> 12536 12537 12538</DD> 12539 12540<DT><b><a name="smtpd_data_restrictions">smtpd_data_restrictions</a> 12541(default: empty)</b></DT><DD> 12542 12543<p> 12544Optional access restrictions that the Postfix SMTP server applies 12545in the context of the SMTP DATA command. 12546See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 12547restriction lists" for a discussion of evaluation context and time. 12548</p> 12549 12550<p> 12551This feature is available in Postfix 2.0 and later. 12552</p> 12553 12554<p> 12555Specify a list of restrictions, separated by commas and/or whitespace. 12556Continue long lines by starting the next line with whitespace. 12557Restrictions are applied in the order as specified; the first 12558restriction that matches wins. 12559</p> 12560 12561<p> 12562The following restrictions are valid in this context: 12563</p> 12564 12565<ul> 12566 12567<li><a href="#generic">Generic</a> restrictions that can be used 12568in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 12569 12570<li>SMTP command specific restrictions described under 12571<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>, 12572<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. 12573 12574<li>However, no recipient information is available in the case of 12575multi-recipient mail. Acting on only one recipient would be misleading, 12576because any decision will affect all recipients equally. Acting on 12577all recipients would require a possibly very large amount of memory, 12578and would also be misleading for the reasons mentioned before. 12579 12580</ul> 12581 12582<p> 12583Examples: 12584</p> 12585 12586<pre> 12587<a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> 12588<a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> 12589</pre> 12590 12591 12592</DD> 12593 12594<DT><b><a name="smtpd_delay_open_until_valid_rcpt">smtpd_delay_open_until_valid_rcpt</a> 12595(default: yes)</b></DT><DD> 12596 12597<p> Postpone the start of an SMTP mail transaction until a valid 12598RCPT TO command is received. Specify "no" to create a mail transaction 12599as soon as the Postfix SMTP server receives a valid MAIL FROM 12600command. </p> 12601 12602<p> With sites that reject lots of mail, the default setting reduces 12603the use of 12604disk, CPU and memory resources. The downside is that rejected 12605recipients are logged with NOQUEUE instead of a mail transaction 12606ID. This complicates the logfile analysis of multi-recipient mail. 12607</p> 12608 12609<p> This feature is available in Postfix 2.3 and later. </p> 12610 12611 12612</DD> 12613 12614<DT><b><a name="smtpd_delay_reject">smtpd_delay_reject</a> 12615(default: yes)</b></DT><DD> 12616 12617<p> 12618Wait until the RCPT TO command before evaluating 12619$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and 12620$<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until the ETRN command before 12621evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>. 12622</p> 12623 12624<p> 12625This feature is turned on by default because some clients apparently 12626mis-behave when the Postfix SMTP server rejects commands before 12627RCPT TO. 12628</p> 12629 12630<p> 12631The default setting has one major benefit: it allows Postfix to log 12632recipient address information when rejecting a client name/address 12633or sender address, so that it is possible to find out whose mail 12634is being rejected. 12635</p> 12636 12637 12638</DD> 12639 12640<DT><b><a name="smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> 12641(default: empty)</b></DT><DD> 12642 12643<p> Lookup tables, indexed by the remote SMTP client address, with 12644case insensitive lists of EHLO keywords (pipelining, starttls, auth, 12645etc.) that the Postfix SMTP server will not send in the EHLO response 12646to a 12647remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> for details. 12648The table is not searched by hostname for robustness reasons. </p> 12649 12650<p> This feature is available in Postfix 2.2 and later. </p> 12651 12652 12653</DD> 12654 12655<DT><b><a name="smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> 12656(default: empty)</b></DT><DD> 12657 12658<p> A case insensitive list of EHLO keywords (pipelining, starttls, 12659auth, etc.) that the Postfix SMTP server will not send in the EHLO 12660response 12661to a remote SMTP client. </p> 12662 12663<p> This feature is available in Postfix 2.2 and later. </p> 12664 12665<p> Notes: </p> 12666 12667<ul> 12668 12669<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 12670this action from being logged. </p> 12671 12672<li> <p> Use the <a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> feature 12673to discard EHLO keywords selectively. </p> 12674 12675</ul> 12676 12677 12678</DD> 12679 12680<DT><b><a name="smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> 12681(default: empty)</b></DT><DD> 12682 12683<p> Optional access restrictions that the Postfix SMTP server 12684applies in the context of the SMTP END-OF-DATA command. 12685See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 12686restriction lists" for a discussion of evaluation context and time. 12687</p> 12688 12689<p> This feature is available in Postfix 2.2 and later. </p> 12690 12691<p> See <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> for details and limitations. </p> 12692 12693 12694</DD> 12695 12696<DT><b><a name="smtpd_enforce_tls">smtpd_enforce_tls</a> 12697(default: no)</b></DT><DD> 12698 12699<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, 12700and require that clients use TLS encryption. According to <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> 12701this MUST NOT be applied in case of a publicly-referenced SMTP 12702server. This option is therefore off by default. </p> 12703 12704<p> Note 1: "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p> 12705 12706<p> Note 2: when invoked via "<b>sendmail -bs</b>", Postfix will never offer 12707STARTTLS due to insufficient privileges to access the server private 12708key. This is intended behavior. </p> 12709 12710<p> This feature is available in Postfix 2.2 and later. With 12711Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p> 12712 12713 12714</DD> 12715 12716<DT><b><a name="smtpd_error_sleep_time">smtpd_error_sleep_time</a> 12717(default: 1s)</b></DT><DD> 12718 12719<p>With Postfix version 2.1 and later: the SMTP server response delay after 12720a client has made more than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and 12721fewer than $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering mail. 12722</p> 12723 12724<p>With Postfix version 2.0 and earlier: the SMTP server delay before 12725sending a reject (4xx or 5xx) response, when the client has made 12726fewer than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors without delivering 12727mail. </p> 12728 12729 12730</DD> 12731 12732<DT><b><a name="smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> 12733(default: empty)</b></DT><DD> 12734 12735<p> 12736Optional SMTP server access restrictions in the context of a client 12737ETRN request. 12738See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 12739restriction lists" for a discussion of evaluation context and time. 12740</p> 12741 12742<p> 12743The Postfix ETRN implementation accepts only destinations that are 12744eligible for the Postfix "fast flush" service. See the <a href="ETRN_README.html">ETRN_README</a> 12745file for details. 12746</p> 12747 12748<p> 12749Specify a list of restrictions, separated by commas and/or whitespace. 12750Continue long lines by starting the next line with whitespace. 12751Restrictions are applied in the order as specified; the first 12752restriction that matches wins. 12753</p> 12754 12755<p> 12756The following restrictions are specific to the domain name information 12757received with the ETRN command. 12758</p> 12759 12760<dl> 12761 12762<dt><b><a name="check_etrn_access">check_etrn_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12763 12764<dd>Search the specified access database for the ETRN domain name 12765or its parent domains. See the <a href="access.5.html">access(5)</a> manual page for details. 12766</dd> 12767 12768</dl> 12769 12770<p> 12771Other restrictions that are valid in this context: 12772</p> 12773 12774<ul> 12775 12776<li><a href="#generic">Generic</a> restrictions that can be used 12777in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 12778 12779<li>SMTP command specific restrictions described under 12780<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>. 12781 12782</ul> 12783 12784<p> 12785Example: 12786</p> 12787 12788<pre> 12789<a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, reject 12790</pre> 12791 12792 12793</DD> 12794 12795<DT><b><a name="smtpd_expansion_filter">smtpd_expansion_filter</a> 12796(default: see "postconf -d" output)</b></DT><DD> 12797 12798<p> 12799What characters are allowed in $name expansions of RBL reply 12800templates. Characters not in the allowed set are replaced by "_". 12801Use C like escapes to specify special characters such as whitespace. 12802</p> 12803 12804<p> 12805This parameter is not subjected to $parameter expansion. 12806</p> 12807 12808<p> 12809This feature is available in Postfix 2.0 and later. 12810</p> 12811 12812 12813</DD> 12814 12815<DT><b><a name="smtpd_forbidden_commands">smtpd_forbidden_commands</a> 12816(default: CONNECT, GET, POST)</b></DT><DD> 12817 12818<p> 12819List of commands that cause the Postfix SMTP server to immediately 12820terminate the session with a 221 code. This can be used to disconnect 12821clients that obviously attempt to abuse the system. In addition to the 12822commands listed in this parameter, commands that follow the "Label:" 12823format of message headers will also cause a disconnect. 12824</p> 12825 12826<p> 12827This feature is available in Postfix 2.2 and later. 12828</p> 12829 12830 12831</DD> 12832 12833<DT><b><a name="smtpd_hard_error_limit">smtpd_hard_error_limit</a> 12834(default: normal: 20, overload: 1)</b></DT><DD> 12835 12836<p> 12837The maximal number of errors a remote SMTP client is allowed to 12838make without delivering mail. The Postfix SMTP server disconnects 12839when the limit is exceeded. Normally the default limit is 20, but 12840it changes under overload to just 1. With Postfix 2.5 and earlier, 12841the SMTP server always allows up to 20 errors by default. 12842 12843</p> 12844 12845 12846</DD> 12847 12848<DT><b><a name="smtpd_helo_required">smtpd_helo_required</a> 12849(default: no)</b></DT><DD> 12850 12851<p> 12852Require that a remote SMTP client introduces itself with the HELO 12853or EHLO command before sending the MAIL command or other commands 12854that require EHLO negotiation. 12855</p> 12856 12857<p> 12858Example: 12859</p> 12860 12861<pre> 12862<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes 12863</pre> 12864 12865 12866</DD> 12867 12868<DT><b><a name="smtpd_helo_restrictions">smtpd_helo_restrictions</a> 12869(default: empty)</b></DT><DD> 12870 12871<p> 12872Optional restrictions that the Postfix SMTP server applies in the 12873context of the SMTP HELO command. 12874See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 12875restriction lists" for a discussion of evaluation context and time. 12876</p> 12877 12878<p> 12879The default is to permit everything. 12880</p> 12881 12882<p> Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 12883restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 12884simply skip <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> by not sending HELO or EHLO). 12885</p> 12886 12887<p> 12888Specify a list of restrictions, separated by commas and/or whitespace. 12889Continue long lines by starting the next line with whitespace. 12890Restrictions are applied in the order as specified; the first 12891restriction that matches wins. 12892</p> 12893 12894<p> 12895The following restrictions are specific to the hostname information 12896received with the HELO or EHLO command. 12897</p> 12898 12899<dl> 12900 12901<dt><b><a name="check_helo_access">check_helo_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12902 12903<dd>Search the specified <a href="access.5.html">access(5)</a> database for the HELO or EHLO 12904hostname or parent domains, and execute the corresponding action. 12905Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 12906restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 12907simply skip <a href="postconf.5.html#check_helo_access">check_helo_access</a> by not sending HELO or EHLO). </dd> 12908 12909<dt><b><a name="check_helo_mx_access">check_helo_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12910 12911<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for 12912the HELO or EHLO hostname, and execute the corresponding action. 12913Note 1: a result of "OK" is not allowed for safety reasons. Instead, 12914use DUNNO in order to exclude specific hosts from blacklists. Note 129152: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 12916restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 12917simply skip <a href="postconf.5.html#check_helo_mx_access">check_helo_mx_access</a> by not sending HELO or EHLO). This 12918feature is available in Postfix 2.1 and later. 12919</dd> 12920 12921<dt><b><a name="check_helo_ns_access">check_helo_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12922 12923<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers 12924for the HELO or EHLO hostname, and execute the corresponding action. 12925Note 1: a result of "OK" is not allowed for safety reasons. Instead, 12926use DUNNO in order to exclude specific hosts from blacklists. Note 129272: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 12928restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 12929simply skip <a href="postconf.5.html#check_helo_ns_access">check_helo_ns_access</a> by not sending HELO or EHLO). This 12930feature is available in Postfix 2.1 and later. 12931</dd> 12932 12933<dt><b><a name="reject_invalid_helo_hostname">reject_invalid_helo_hostname</a></b> (with Postfix < 2.3: reject_invalid_hostname)</dt> 12934 12935<dd>Reject the request when the HELO or EHLO hostname syntax is 12936invalid. Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce 12937this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can simply 12938skip <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> by not sending HELO or EHLO). 12939<br> The <a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> specifies the response code 12940for rejected requests (default: 501).</dd> 12941 12942<dt><b><a name="reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a></b> (with Postfix < 2.3: reject_non_fqdn_hostname)</dt> 12943 12944<dd>Reject the request when the HELO or EHLO hostname is not in 12945fully-qualified domain form, as required by the RFC. Note: specify 12946"<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this restriction 12947(without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can simply skip 12948<a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a> by not sending HELO or EHLO). <br> 12949The <a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for 12950rejected requests (default: 504).</dd> 12951 12952<dt><b><a name="reject_rhsbl_helo">reject_rhsbl_helo <i>rbl_domain=d.d.d.d</i></a></b></dt> 12953 12954<dd>Reject the request when the HELO or EHLO hostname hostname is 12955listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> 12956(Postfix version 2.1 and later only). Each "<i>d</i>" is a number, 12957or a pattern inside "[]" that contains one or more ";"-separated 12958numbers or number..number ranges (Postfix version 2.8 and later). 12959If no "<i>=d.d.d.d</i>" is 12960specified, reject the request when the HELO or EHLO hostname is 12961listed with any A record under <i>rbl_domain</i>. See the 12962<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> description for additional RBL related configuration 12963parameters. Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully 12964enforce this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a 12965client can simply skip <a href="postconf.5.html#reject_rhsbl_helo">reject_rhsbl_helo</a> by not sending HELO or 12966EHLO). This feature is available in Postfix 2.0 12967and later. </dd> 12968 12969<dt><b><a name="reject_unknown_helo_hostname">reject_unknown_helo_hostname</a></b> (with Postfix < 2.3: reject_unknown_hostname)</dt> 12970 12971<dd>Reject the request when the HELO or EHLO hostname has no DNS A 12972or MX record. <br> The <a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> parameter 12973specifies the numerical response code for rejected requests (default: 12974450). <br> The <a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> parameter 12975specifies the action after a temporary DNS error (default: 12976<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully 12977enforce this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a 12978client can simply skip <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> by not sending 12979HELO or EHLO). </dd> 12980 12981</dl> 12982 12983<p> 12984Other restrictions that are valid in this context: 12985</p> 12986 12987<ul> 12988 12989<li> <a href="#generic">Generic</a> restrictions that can be used 12990in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 12991 12992<li> Client hostname or network address specific restrictions 12993described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 12994 12995<li> SMTP command specific restrictions described under 12996<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. When 12997sender or recipient restrictions are listed under <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>, 12998they have effect only with "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that 12999$<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> is evaluated at the time of the RCPT TO 13000command. 13001 13002</ul> 13003 13004<p> 13005Examples: 13006</p> 13007 13008<pre> 13009<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> 13010<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> 13011</pre> 13012 13013 13014</DD> 13015 13016<DT><b><a name="smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> 13017(default: 100)</b></DT><DD> 13018 13019<p> 13020The maximal number of lines in the Postfix SMTP server command history 13021before it is flushed upon receipt of EHLO, RSET, or end of DATA. 13022</p> 13023 13024 13025</DD> 13026 13027<DT><b><a name="smtpd_junk_command_limit">smtpd_junk_command_limit</a> 13028(default: normal: 100, overload: 1)</b></DT><DD> 13029 13030<p> 13031The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote 13032SMTP client can send before the Postfix SMTP server starts to 13033increment the error counter with each junk command. The junk 13034command count is reset after mail is delivered. See also the 13035<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> and <a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> configuration 13036parameters. Normally the default limit is 100, but it changes under 13037overload to just 1. With Postfix 2.5 and earlier, the SMTP server 13038always allows up to 100 junk commands by default. </p> 13039 13040 13041</DD> 13042 13043<DT><b><a name="smtpd_milters">smtpd_milters</a> 13044(default: empty)</b></DT><DD> 13045 13046<p> A list of Milter (mail filter) applications for new mail that 13047arrives via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server. Specify space or comma as 13048separator. See the <a href="MILTER_README.html">MILTER_README</a> document for details. </p> 13049 13050<p> This feature is available in Postfix 2.3 and later. </p> 13051 13052 13053</DD> 13054 13055<DT><b><a name="smtpd_noop_commands">smtpd_noop_commands</a> 13056(default: empty)</b></DT><DD> 13057 13058<p> 13059List of commands that the Postfix SMTP server replies to with "250 13060Ok", without doing any syntax checks and without changing state. 13061This list overrides any commands built into the Postfix SMTP server. 13062</p> 13063 13064 13065</DD> 13066 13067<DT><b><a name="smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> 13068(default: <>)</b></DT><DD> 13069 13070<p> 13071The lookup key to be used in SMTP <a href="access.5.html">access(5)</a> tables instead of the 13072null sender address. 13073</p> 13074 13075 13076</DD> 13077 13078<DT><b><a name="smtpd_peername_lookup">smtpd_peername_lookup</a> 13079(default: yes)</b></DT><DD> 13080 13081<p> Attempt to look up the remote SMTP client hostname, and verify that 13082the name matches the client IP address. A client name is set to 13083"unknown" when it cannot be looked up or verified, or when name 13084lookup is disabled. Turning off name lookup reduces delays due to 13085DNS lookup and increases the maximal inbound delivery rate. </p> 13086 13087<p> This feature is available in Postfix 2.3 and later. </p> 13088 13089 13090</DD> 13091 13092<DT><b><a name="smtpd_per_record_deadline">smtpd_per_record_deadline</a> 13093(default: normal: no, overload: yes)</b></DT><DD> 13094 13095<p> Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> time limit, from a 13096time limit per read or write system call, to a time limit to send 13097or receive a complete record (an SMTP command line, SMTP response 13098line, SMTP message content line, or TLS protocol message). This 13099limits the impact from hostile peers that trickle data one byte at 13100a time. </p> 13101 13102<p> Note: when per-record deadlines are enabled, a short timeout 13103may cause problems with TLS over very slow network connections. 13104The reasons are that a TLS protocol message can be up to 16 kbytes 13105long (with TLSv1), and that an entire TLS protocol message must be 13106sent or received within the per-record deadline. </p> 13107 13108<p> This feature is available in Postfix 2.9 and later. With older 13109Postfix releases, the behavior is as if this parameter is set to 13110"no". </p> 13111 13112 13113</DD> 13114 13115<DT><b><a name="smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> 13116(default: 300s)</b></DT><DD> 13117 13118<p> 13119The time after which an idle SMTPD policy service connection is 13120closed. 13121</p> 13122 13123<p> 13124This feature is available in Postfix 2.1 and later. 13125</p> 13126 13127 13128</DD> 13129 13130<DT><b><a name="smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> 13131(default: 1000s)</b></DT><DD> 13132 13133<p> 13134The time after which an active SMTPD policy service connection is 13135closed. 13136</p> 13137 13138<p> 13139This feature is available in Postfix 2.1 and later. 13140</p> 13141 13142 13143</DD> 13144 13145<DT><b><a name="smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> 13146(default: 100s)</b></DT><DD> 13147 13148<p> 13149The time limit for connecting to, writing to or receiving from a 13150delegated SMTPD policy server. 13151</p> 13152 13153<p> 13154This feature is available in Postfix 2.1 and later. 13155</p> 13156 13157 13158</DD> 13159 13160<DT><b><a name="smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> 13161(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 13162 13163<p> 13164How the Postfix SMTP server announces itself to the proxy filter. 13165By default, the Postfix hostname is used. 13166</p> 13167 13168<p> 13169This feature is available in Postfix 2.1 and later. 13170</p> 13171 13172 13173</DD> 13174 13175<DT><b><a name="smtpd_proxy_filter">smtpd_proxy_filter</a> 13176(default: empty)</b></DT><DD> 13177 13178<p> The hostname and TCP port of the mail filtering proxy server. 13179The proxy receives all mail from the Postfix SMTP server, and is 13180supposed to give the result to another Postfix SMTP server process. 13181</p> 13182 13183<p> Specify "host:port" or "inet:host:port" for a TCP endpoint, or 13184"unix:pathname" for a UNIX-domain endpoint. The host can be specified 13185as an IP address or as a symbolic name; no MX lookups are done. 13186When no "host" or "host:" are specified, the local machine is 13187assumed. Pathname interpretation is relative to the Postfix queue 13188directory. </p> 13189 13190<p> This feature is available in Postfix 2.1 and later. </p> 13191 13192<p> The "inet:" and "unix:" prefixes are available in Postfix 2.3 13193and later. </p> 13194 13195 13196</DD> 13197 13198<DT><b><a name="smtpd_proxy_options">smtpd_proxy_options</a> 13199(default: empty)</b></DT><DD> 13200 13201<p> 13202List of options that control how the Postfix SMTP server 13203communicates with a before-queue content filter. Specify zero or 13204more of the following, separated by comma or whitespace. </p> 13205 13206<dl> 13207 13208<dt><b>speed_adjust</b></dt> 13209 13210<dd> <p> Do not connect to a before-queue content filter until an entire 13211message has been received. This reduces the number of simultaneous 13212before-queue content filter processes. </p> 13213 13214<p> NOTE 1: A filter must not <i>selectively</i> reject recipients 13215of a multi-recipient message. Rejecting all recipients is OK, as 13216is accepting all recipients. </p> 13217 13218<p> NOTE 2: This feature increases the minimum amount of free queue 13219space by $<a href="postconf.5.html#message_size_limit">message_size_limit</a>. The extra space is needed to save the 13220message to a temporary file. </p> </dd> 13221 13222</dl> 13223 13224<p> 13225This feature is available in Postfix 2.7 and later. 13226</p> 13227 13228 13229</DD> 13230 13231<DT><b><a name="smtpd_proxy_timeout">smtpd_proxy_timeout</a> 13232(default: 100s)</b></DT><DD> 13233 13234<p> 13235The time limit for connecting to a proxy filter and for sending or 13236receiving information. When a connection fails the client gets a 13237generic error message while more detailed information is logged to 13238the maillog file. 13239</p> 13240 13241<p> 13242Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 13243The default time unit is s (seconds). 13244</p> 13245 13246<p> 13247This feature is available in Postfix 2.1 and later. 13248</p> 13249 13250 13251</DD> 13252 13253<DT><b><a name="smtpd_recipient_limit">smtpd_recipient_limit</a> 13254(default: 1000)</b></DT><DD> 13255 13256<p> 13257The maximal number of recipients that the Postfix SMTP server 13258accepts per message delivery request. 13259</p> 13260 13261 13262</DD> 13263 13264<DT><b><a name="smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> 13265(default: 1000)</b></DT><DD> 13266 13267<p> The number of recipients that a remote SMTP client can send in 13268excess of the limit specified with $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>, before 13269the Postfix SMTP server increments the per-session error count 13270for each excess recipient. </p> 13271 13272 13273</DD> 13274 13275<DT><b><a name="smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> 13276(default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>)</b></DT><DD> 13277 13278<p> 13279The access restrictions that the Postfix SMTP server applies in 13280the context of the RCPT TO command. 13281See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 13282restriction lists" for a discussion of evaluation context and time. 13283</p> 13284 13285<p> 13286By default, the Postfix SMTP server accepts: 13287</p> 13288 13289<ul> 13290 13291<li> Mail from clients whose IP address matches $<a href="postconf.5.html#mynetworks">mynetworks</a>, or: 13292 13293<li> Mail to remote destinations that match $<a href="postconf.5.html#relay_domains">relay_domains</a>, except 13294for addresses that contain sender-specified routing 13295(user@elsewhere@domain), or: 13296 13297<li> Mail to local destinations that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 13298or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or 13299$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. 13300 13301</ul> 13302 13303<p> 13304IMPORTANT: If you change this parameter setting, you must specify 13305at least one of the following restrictions. Otherwise Postfix will 13306refuse to receive mail: 13307</p> 13308 13309<blockquote> 13310<pre> 13311reject, defer, <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> 13312</pre> 13313</blockquote> 13314 13315<p> 13316Specify a list of restrictions, separated by commas and/or whitespace. 13317Continue long lines by starting the next line with whitespace. 13318Restrictions are applied in the order as specified; the first 13319restriction that matches wins. 13320</p> 13321 13322<p> 13323The following restrictions are specific to the recipient address 13324that is received with the RCPT TO command. 13325</p> 13326 13327<dl> 13328 13329<dt><b><a name="check_recipient_access">check_recipient_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13330 13331<dd>Search the specified <a href="access.5.html">access(5)</a> database for the resolved RCPT 13332TO address, domain, parent domains, or localpart@, and execute the 13333corresponding action. </dd> 13334 13335<dt><b><a name="check_recipient_mx_access">check_recipient_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13336 13337<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for 13338the RCPT TO domain, and execute the corresponding action. Note: 13339a result of "OK" is not allowed for safety reasons. Instead, use 13340DUNNO in order to exclude specific hosts from blacklists. This 13341feature is available in Postfix 2.1 and later. </dd> 13342 13343<dt><b><a name="check_recipient_ns_access">check_recipient_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13344 13345<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers 13346for the RCPT TO domain, and execute the corresponding action. 13347Note: a result of "OK" is not allowed for safety reasons. Instead, 13348use DUNNO in order to exclude specific hosts from blacklists. This 13349feature is available in Postfix 2.1 and later. </dd> 13350 13351<dt><b><a name="permit_auth_destination">permit_auth_destination</a></b></dt> 13352 13353<dd>Permit the request when one of the following is true: 13354 13355<ul> 13356 13357<li> Postfix is mail forwarder: the resolved RCPT TO domain matches 13358$<a href="postconf.5.html#relay_domains">relay_domains</a> or a subdomain thereof, and the address contains no 13359sender-specified routing (user@elsewhere@domain), 13360 13361<li> Postfix is the final destination: the resolved RCPT TO domain 13362matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, 13363$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and the address 13364contains no sender-specified routing (user@elsewhere@domain). 13365 13366</ul></dd> 13367 13368<dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt> 13369 13370<dd>Permit the request when the local mail system is backup MX for 13371the RCPT TO domain, or when the domain is an authorized destination 13372(see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> for definition). 13373 13374<ul> 13375 13376<li> Safety: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> does not accept addresses that have 13377sender-specified routing information (example: user@elsewhere@domain). 13378 13379<li> Safety: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> can be vulnerable to mis-use when 13380access is not restricted with <a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a>. 13381 13382<li> Safety: as of Postfix version 2.3, <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> no longer 13383accepts the address when the local mail system is primary MX for 13384the recipient domain. Exception: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> accepts the address 13385when it specifies an authorized destination (see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> 13386for definition). 13387 13388<li> Limitation: mail may be rejected in case of a temporary DNS 13389lookup problem with Postfix prior to version 2.0. 13390 13391</ul></dd> 13392 13393<dt><b><a name="reject_non_fqdn_recipient">reject_non_fqdn_recipient</a></b></dt> 13394 13395<dd>Reject the request when the RCPT TO address is not in 13396fully-qualified domain form, as required by the RFC. <br> The 13397<a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for 13398rejected requests (default: 504). </dd> 13399 13400<dt><b><a name="reject_rhsbl_recipient">reject_rhsbl_recipient <i>rbl_domain=d.d.d.d</i></a></b></dt> 13401 13402<dd>Reject the request when the RCPT TO domain is listed with the 13403A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version 134042.1 and later only). Each "<i>d</i>" is a number, or a pattern 13405inside "[]" that contains one or more ";"-separated numbers or 13406number..number ranges (Postfix version 2.8 and later). If no 13407"<i>=d.d.d.d</i>" is specified, reject 13408the request when the RCPT TO domain is listed with 13409any A record under <i>rbl_domain</i>. <br> The <a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> 13410parameter specifies the response code for rejected requests (default: 13411554); the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter specifies the default server 13412reply; and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter specifies tables with server 13413replies indexed by <i>rbl_domain</i>. This feature is available 13414in Postfix version 2.0 and later.</dd> 13415 13416<dt><b><a name="reject_unauth_destination">reject_unauth_destination</a></b></dt> 13417 13418<dd>Reject the request unless one of the following is true: 13419 13420<ul> 13421 13422<li> Postfix is mail forwarder: the resolved RCPT TO domain matches 13423$<a href="postconf.5.html#relay_domains">relay_domains</a> or a subdomain thereof, and contains no sender-specified 13424routing (user@elsewhere@domain), 13425 13426<li> Postfix is the final destination: the resolved RCPT TO domain 13427matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, 13428$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and contains 13429no sender-specified routing (user@elsewhere@domain). 13430 13431</ul> The <a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> parameter specifies the response 13432code for rejected requests (default: 554). </dd> 13433 13434<dt><b><a name="reject_unknown_recipient_domain">reject_unknown_recipient_domain</a></b></dt> 13435 13436<dd>Reject the request when Postfix is not final destination for 13437the recipient domain, and the RCPT TO domain has 1) no DNS A or MX 13438record or 2) a malformed MX record such as a record with 13439a zero-length MX hostname (Postfix version 2.3 and later). <br> The 13440<a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter specifies the numerical 13441response code for rejected requests (default: 450). The response 13442is always 450 in case of a temporary DNS error. <br> The 13443<a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> parameter specifies the action 13444after a temporary DNS error (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). </dd> 13445 13446<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b> (with Postfix version 2.0: check_recipient_maps)</dt> 13447 13448<dd> Reject the request when the RCPT TO address is not listed in 13449the list of valid recipients for its domain class. See the 13450<a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> parameter description for details. 13451This feature is available in Postfix 2.1 and later.</dd> 13452 13453<dt><b><a name="reject_unverified_recipient">reject_unverified_recipient</a></b></dt> 13454 13455<dd>Reject the request when mail to the RCPT TO address is known 13456to bounce, or when the recipient address destination is not reachable. 13457Address verification information is managed by the <a href="verify.8.html">verify(8)</a> server; 13458see the <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> file for details. <br> The 13459<a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> parameter specifies the numerical 13460response code when an address is known to bounce (default: 450, 13461change into 550 when you are confident that it is safe to do so). 13462<br>The <a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> parameter specifies the 13463numerical response code when an address probe failed due to a 13464temporary problem (default: 450). <br> The 13465<a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> parameter specifies the action 13466after addres probe failure due to a temporary problem (default: 13467<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). <br> This feature is available in Postfix 2.1 13468and later. </dd> 13469 13470</dl> 13471 13472<p> 13473Other restrictions that are valid in this context: 13474</p> 13475 13476<ul> 13477 13478<li><a href="#generic">Generic</a> restrictions that can be used 13479in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 13480 13481<li>SMTP command specific restrictions described under 13482<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and 13483<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>. 13484 13485</ul> 13486 13487<p> 13488Example: 13489</p> 13490 13491<pre> 13492<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> 13493</pre> 13494 13495 13496</DD> 13497 13498<DT><b><a name="smtpd_reject_footer">smtpd_reject_footer</a> 13499(default: empty)</b></DT><DD> 13500 13501<p> Optional information that is appended after each Postfix SMTP 13502server 135034XX or 5XX response. </p> 13504 13505<p> Example: </p> 13506 13507<pre> 13508/etc/postfix/<a href="postconf.5.html">main.cf</a>: 13509 <a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> = For assistance, call 800-555-0101. 13510 Please provide the following information in your problem report: 13511 time ($localtime), client ($client_address) and server 13512 ($server_name). 13513</pre> 13514 13515<p> Server response: </p> 13516 13517<pre> 13518 550-5.5.1 <user@example> Recipient address rejected: User unknown 13519 550 5.5.1 For assistance, call 800-555-0101. Please provide the 13520 following information in your problem report: time (Jan 4 15:42:00), 13521 client (192.168.1.248) and server (mail1.example.com). 13522</pre> 13523 13524<p> Note: the above text is meant to make it easier to find the 13525Postfix logfile records for a failed SMTP session. The text itself 13526is not logged to the Postfix SMTP server's maillog file. </p> 13527 13528<p> Be sure to keep the text as short as possible. Long text may 13529be truncated before it is logged to the remote SMTP client's maillog 13530file, or before it is returned to the sender in a delivery status 13531notification. </p> 13532 13533<p> This feature supports a limited number of $name attributes in 13534the footer text. These are replaced by their current value for the 13535SMTP session: </p> 13536 13537<dl> 13538 13539<dt> <b>client_address</b> </dt> <dd> The Client IP address that 13540is logged in the maillog file. </dd> 13541 13542<dt> <b>client_port</b> </dt> <dd> The client TCP port that is 13543logged in the maillog file. </dd> 13544 13545<dt> <b>localtime</b> </dt> <dd> The server local time (Mmm dd 13546hh:mm:ss) that is logged in the maillog file. </dd> 13547 13548<dt> <b>server_name</b> </dt> <dd> The server's <a href="postconf.5.html#myhostname">myhostname</a> value. 13549This attribute is made available for sites with multiple MTAs 13550(perhaps behind a load-balancer), where the server name can help 13551the server support team to quickly find the right log files. </dd> 13552 13553</dl> 13554 13555<p> Notes: </p> 13556 13557<ul> 13558 13559<li> <p> NOT SUPPORTED are other attributes such as sender, recipient, 13560or <a href="postconf.5.html">main.cf</a> parameters. </p> 13561 13562<li> <p> For safety reasons, text that does not match 13563$<a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> is censored. </p> 13564 13565</ul> 13566 13567<p> This feature supports the two-character sequence \n as a request 13568for a line break in the footer text. Postfix automatically inserts 13569after each line break the three-digit SMTP reply code (and optional 13570enhanced status code) from the original Postfix reject message. 13571</p> 13572 13573<p> This feature is available in Postfix 2.8 and later. </p> 13574 13575 13576</DD> 13577 13578<DT><b><a name="smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> 13579(default: yes)</b></DT><DD> 13580 13581<p> 13582Request that the Postfix SMTP server rejects mail for unknown 13583recipient addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> 13584access restriction is specified. This prevents the Postfix queue 13585from filling up with undeliverable MAILER-DAEMON messages. 13586</p> 13587 13588<p> An address is always considered "known" when it matches a 13589<a href="virtual.5.html">virtual(5)</a> alias or a <a href="canonical.5.html">canonical(5)</a> mapping. 13590 13591<ul> 13592 13593<li> The recipient domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 13594or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, but the recipient is not listed in 13595$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> is not null. 13596 13597<li> The recipient domain matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> but the 13598recipient is not listed in $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. 13599 13600<li> The recipient domain matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> but the 13601recipient is not listed in $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> 13602is not null. 13603 13604<li> The recipient domain matches $<a href="postconf.5.html#relay_domains">relay_domains</a> but the recipient 13605is not listed in $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>, and $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> 13606is not null. 13607 13608</ul> 13609 13610<p> 13611This feature is available in Postfix 2.1 and later. 13612</p> 13613 13614 13615</DD> 13616 13617<DT><b><a name="smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> 13618(default: no)</b></DT><DD> 13619 13620<p> Request that the Postfix SMTP server rejects mail from unknown 13621sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> 13622access restriction is specified. This can slow down an explosion 13623of forged mail from worms or viruses. </p> 13624 13625<p> An address is always considered "known" when it matches a 13626<a href="virtual.5.html">virtual(5)</a> alias or a <a href="canonical.5.html">canonical(5)</a> mapping. 13627 13628<ul> 13629 13630<li> The sender domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or 13631$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, but the sender is not listed in 13632$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> is not null. 13633 13634<li> The sender domain matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> but the sender 13635is not listed in $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. 13636 13637<li> The sender domain matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> but the 13638sender is not listed in $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> 13639is not null. 13640 13641<li> The sender domain matches $<a href="postconf.5.html#relay_domains">relay_domains</a> but the sender is 13642not listed in $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>, and $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> is 13643not null. 13644 13645</ul> 13646 13647<p> 13648This feature is available in Postfix 2.1 and later. 13649</p> 13650 13651 13652</DD> 13653 13654<DT><b><a name="smtpd_restriction_classes">smtpd_restriction_classes</a> 13655(default: empty)</b></DT><DD> 13656 13657<p> 13658User-defined aliases for groups of access restrictions. The aliases 13659can be specified in <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> etc., and on the 13660right-hand side of a Postfix <a href="access.5.html">access(5)</a> table. 13661</p> 13662 13663<p> 13664One major application is for implementing per-recipient UCE control. 13665See the <a href="RESTRICTION_CLASS_README.html">RESTRICTION_CLASS_README</a> document for other examples. 13666</p> 13667 13668 13669</DD> 13670 13671<DT><b><a name="smtpd_sasl_application_name">smtpd_sasl_application_name</a> 13672(default: smtpd)</b></DT><DD> 13673 13674<p> 13675The application name that the Postfix SMTP server uses for SASL 13676server initialization. This 13677controls the name of the SASL configuration file. The default value 13678is <b>smtpd</b>, corresponding to a SASL configuration file named 13679<b>smtpd.conf</b>. 13680</p> 13681 13682<p> 13683This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3 13684it was renamed to <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>. 13685</p> 13686 13687 13688</DD> 13689 13690<DT><b><a name="smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> 13691(default: no)</b></DT><DD> 13692 13693<p> 13694Enable SASL authentication in the Postfix SMTP server. By default, 13695the Postfix SMTP server does not use authentication. 13696</p> 13697 13698<p> 13699If a remote SMTP client is authenticated, the <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> 13700access restriction can be used to permit relay access, like this: 13701</p> 13702 13703<blockquote> 13704<pre> 13705<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = 13706 <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, ... 13707</pre> 13708</blockquote> 13709 13710<p> To reject all SMTP connections from unauthenticated clients, 13711specify "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes" (which is the default) and use: 13712</p> 13713 13714<blockquote> 13715<pre> 13716<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, reject 13717</pre> 13718</blockquote> 13719 13720<p> 13721See the <a href="SASL_README.html">SASL_README</a> file for SASL configuration and operation details. 13722</p> 13723 13724 13725</DD> 13726 13727<DT><b><a name="smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> 13728(default: no)</b></DT><DD> 13729 13730<p> Report the SASL authenticated user name in the <a href="smtpd.8.html">smtpd(8)</a> Received 13731message header. </p> 13732 13733<p> This feature is available in Postfix 2.3 and later. </p> 13734 13735 13736</DD> 13737 13738<DT><b><a name="smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> 13739(default: empty)</b></DT><DD> 13740 13741<p> 13742What remote SMTP clients the Postfix SMTP server will not offer 13743AUTH support to. 13744</p> 13745 13746<p> 13747Some clients (Netscape 4 at least) have a bug that causes them to 13748require a login and password whenever AUTH is offered, whether it's 13749necessary or not. To work around this, specify, for example, 13750$<a href="postconf.5.html#mynetworks">mynetworks</a> to prevent Postfix from offering AUTH to local clients. 13751</p> 13752 13753<p> 13754Specify a list of network/netmask patterns, separated by commas 13755and/or whitespace. The mask specifies the number of bits in the 13756network part of a host address. You can also "/file/name" or 13757"<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" pattern is replaced by its 13758contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a table entry 13759matches a lookup string (the lookup result is ignored). Continue 13760long lines by starting the next line with whitespace. Specify 13761"!pattern" to exclude an address or network block from the list. 13762The form "!/file/name" is supported only in Postfix version 2.4 and 13763later. </p> 13764 13765<p> Note: IP version 6 address information must be specified inside 13766<tt>[]</tt> in the <a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> value, and in 13767files specified with "/file/name". IP version 6 addresses contain 13768the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 13769pattern. </p> 13770 13771<p> 13772Example: 13773</p> 13774 13775<pre> 13776<a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> = $<a href="postconf.5.html#mynetworks">mynetworks</a> 13777</pre> 13778 13779<p> 13780This feature is available in Postfix 2.1 and later. 13781</p> 13782 13783 13784</DD> 13785 13786<DT><b><a name="smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> 13787(default: empty)</b></DT><DD> 13788 13789<p> 13790The name of the Postfix SMTP server's local SASL authentication 13791realm. 13792</p> 13793 13794<p> 13795By default, the local authentication realm name is the null string. 13796</p> 13797 13798<p> 13799Examples: 13800</p> 13801 13802<pre> 13803<a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> = $<a href="postconf.5.html#mydomain">mydomain</a> 13804<a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> = $<a href="postconf.5.html#myhostname">myhostname</a> 13805</pre> 13806 13807 13808</DD> 13809 13810<DT><b><a name="smtpd_sasl_path">smtpd_sasl_path</a> 13811(default: smtpd)</b></DT><DD> 13812 13813<p> Implementation-specific information that the Postfix SMTP server 13814passes through to 13815the SASL plug-in implementation that is selected with 13816<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. Typically this specifies the name of a 13817configuration file or rendezvous point. </p> 13818 13819<p> This feature is available in Postfix 2.3 and later. In earlier 13820releases it was called <b><a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a></b>. </p> 13821 13822 13823</DD> 13824 13825<DT><b><a name="smtpd_sasl_security_options">smtpd_sasl_security_options</a> 13826(default: noanonymous)</b></DT><DD> 13827 13828<p> Postfix SMTP server SASL security options; as of Postfix 2.3 13829the list of available 13830features depends on the SASL server implementation that is selected 13831with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. </p> 13832 13833<p> The following security features are defined for the <b>cyrus</b> 13834server SASL implementation: </p> 13835 13836<p> 13837Restrict what authentication mechanisms the Postfix SMTP server 13838will offer to the client. The list of available authentication 13839mechanisms is system dependent. 13840</p> 13841 13842<p> 13843Specify zero or more of the following: 13844</p> 13845 13846<dl> 13847 13848<dt><b>noplaintext</b></dt> 13849 13850<dd>Disallow methods that use plaintext passwords. </dd> 13851 13852<dt><b>noactive</b></dt> 13853 13854<dd>Disallow methods subject to active (non-dictionary) attack. </dd> 13855 13856<dt><b>nodictionary</b></dt> 13857 13858<dd>Disallow methods subject to passive (dictionary) attack. </dd> 13859 13860<dt><b>noanonymous</b></dt> 13861 13862<dd>Disallow methods that allow anonymous authentication. </dd> 13863 13864<dt><b>forward_secrecy</b></dt> 13865 13866<dd>Only allow methods that support forward secrecy (Dovecot only). 13867</dd> 13868 13869<dt><b>mutual_auth</b></dt> 13870 13871<dd>Only allow methods that provide mutual authentication (not available 13872with Cyrus SASL version 1). </dd> 13873 13874</dl> 13875 13876<p> 13877By default, the Postfix SMTP server accepts plaintext passwords but 13878not anonymous logins. 13879</p> 13880 13881<p> 13882Warning: it appears that clients try authentication methods in the 13883order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5) 13884which means that if you disable plaintext passwords, clients will 13885log in anonymously, even when they should be able to use CRAM-MD5. 13886So, if you disable plaintext logins, disable anonymous logins too. 13887Postfix treats anonymous login as no authentication. 13888</p> 13889 13890<p> 13891Example: 13892</p> 13893 13894<pre> 13895<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> = noanonymous, noplaintext 13896</pre> 13897 13898 13899</DD> 13900 13901<DT><b><a name="smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> 13902(default: $<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a>)</b></DT><DD> 13903 13904<p> The SASL authentication security options that the Postfix SMTP 13905server uses for TLS encrypted SMTP sessions. </p> 13906 13907<p> This feature is available in Postfix 2.2 and later. </p> 13908 13909 13910</DD> 13911 13912<DT><b><a name="smtpd_sasl_type">smtpd_sasl_type</a> 13913(default: cyrus)</b></DT><DD> 13914 13915<p> The SASL plug-in type that the Postfix SMTP server should use 13916for authentication. The available types are listed with the 13917"<b>postconf -a</b>" command. </p> 13918 13919<p> This feature is available in Postfix 2.3 and later. </p> 13920 13921 13922</DD> 13923 13924<DT><b><a name="smtpd_sender_login_maps">smtpd_sender_login_maps</a> 13925(default: empty)</b></DT><DD> 13926 13927<p> 13928Optional lookup table with the SASL login names that own sender 13929(MAIL FROM) addresses. 13930</p> 13931 13932<p> 13933Specify zero or more "<a href="DATABASE_README.html">type:table</a>" lookup tables. With lookups from 13934indexed files such as DB or DBM, or from networked tables such as 13935NIS, LDAP or SQL, the following search operations are done with a 13936sender address of <i>user@domain</i>: </p> 13937 13938<dl> 13939 13940<dt> 1) <i>user@domain</i> </dt> 13941 13942<dd>This table lookup is always done and has the highest precedence. </dd> 13943 13944<dt> 2) <i>user</i> </dt> 13945 13946<dd>This table lookup is done only when the <i>domain</i> part of the 13947sender address matches $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 13948or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. </dd> 13949 13950<dt> 3) <i>@domain</i> </dt> 13951 13952<dd>This table lookup is done last and has the lowest precedence. </dd> 13953 13954</dl> 13955 13956<p> 13957In all cases the result of table lookup must be either "not found" 13958or a list of SASL login names separated by comma and/or whitespace. 13959</p> 13960 13961 13962</DD> 13963 13964<DT><b><a name="smtpd_sender_restrictions">smtpd_sender_restrictions</a> 13965(default: empty)</b></DT><DD> 13966 13967<p> 13968Optional restrictions that the Postfix SMTP server applies in the 13969context of the MAIL FROM command. 13970See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 13971restriction lists" for a discussion of evaluation context and time. 13972</p> 13973 13974<p> 13975The default is to permit everything. 13976</p> 13977 13978<p> 13979Specify a list of restrictions, separated by commas and/or whitespace. 13980Continue long lines by starting the next line with whitespace. 13981Restrictions are applied in the order as specified; the first 13982restriction that matches wins. 13983</p> 13984 13985<p> 13986The following restrictions are specific to the sender address 13987received with the MAIL FROM command. 13988</p> 13989 13990<dl> 13991 13992<dt><b><a name="check_sender_access">check_sender_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13993 13994<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MAIL FROM 13995address, domain, parent domains, or localpart@, and execute the 13996corresponding action. </dd> 13997 13998<dt><b><a name="check_sender_mx_access">check_sender_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13999 14000<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for 14001the MAIL FROM address, and execute the corresponding action. Note: 14002a result of "OK" is not allowed for safety reasons. Instead, use 14003DUNNO in order to exclude specific hosts from blacklists. This 14004feature is available in Postfix 2.1 and later. </dd> 14005 14006<dt><b><a name="check_sender_ns_access">check_sender_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 14007 14008<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers 14009for the MAIL FROM address, and execute the corresponding action. 14010Note: a result of "OK" is not allowed for safety reasons. Instead, 14011use DUNNO in order to exclude specific hosts from blacklists. This 14012feature is available in Postfix 2.1 and later. </dd> 14013 14014<dt><b><a name="reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></b></dt> 14015 14016<dd>Enforces the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction for 14017authenticated clients only. This feature is available in 14018Postfix version 2.1 and later. </dd> 14019 14020<dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt> 14021 14022<dd>Reject the request when the MAIL FROM address is not in 14023fully-qualified domain form, as required by the RFC. <br> The 14024<a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for 14025rejected requests (default: 504). </dd> 14026 14027<dt><b><a name="reject_rhsbl_sender">reject_rhsbl_sender <i>rbl_domain=d.d.d.d</i></a></b></dt> 14028 14029<dd>Reject the request when the MAIL FROM domain is listed with 14030the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix 14031version 2.1 and later only). Each "<i>d</i>" is a number, or a 14032pattern inside "[]" that contains one or more ";"-separated numbers 14033or number..number ranges (Postfix version 2.8 and later). If no 14034"<i>=d.d.d.d</i>" is specified, 14035reject the request when the MAIL FROM domain is 14036listed with any A record under <i>rbl_domain</i>. <br> The 14037<a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> parameter specifies the response code for 14038rejected requests (default: 554); the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter 14039specifies the default server reply; and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter 14040specifies tables with server replies indexed by <i>rbl_domain</i>. 14041This feature is available in Postfix 2.0 and later.</dd> 14042 14043<dt><b><a name="reject_sender_login_mismatch">reject_sender_login_mismatch</a></b></dt> 14044 14045<dd>Reject the request when $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> specifies an 14046owner for the MAIL FROM address, but the client is not (SASL) logged 14047in as that MAIL FROM address owner; or when the client is (SASL) 14048logged in, but the client login name doesn't own the MAIL FROM 14049address according to $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>.</dd> 14050 14051<dt><b><a name="reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></b></dt> 14052 14053<dd>Enforces the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction for 14054unauthenticated clients only. This feature is available in 14055Postfix version 2.1 and later. </dd> 14056 14057<dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt> 14058 14059<dd>Reject the request when Postfix is not final destination for 14060the sender address, and the MAIL FROM domain has 1) no DNS A or MX 14061record, or 2) a malformed MX record such as a record with 14062a zero-length MX hostname (Postfix version 2.3 and later). <br> The 14063<a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter specifies the numerical 14064response code for rejected requests (default: 450). The response 14065is always 450 in case of a temporary DNS error. <br> The 14066<a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> parameter specifies the action 14067after a temporary DNS error (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). </dd> 14068 14069<dt><b><a name="reject_unlisted_sender">reject_unlisted_sender</a></b></dt> 14070 14071<dd>Reject the request when the MAIL FROM address is not listed in 14072the list of valid recipients for its domain class. See the 14073<a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> parameter description for details. 14074This feature is available in Postfix 2.1 and later.</dd> 14075 14076<dt><b><a name="reject_unverified_sender">reject_unverified_sender</a></b></dt> 14077 14078<dd>Reject the request when mail to the MAIL FROM address is known to 14079bounce, or when the sender address destination is not reachable. 14080Address verification information is managed by the <a href="verify.8.html">verify(8)</a> server; 14081see the <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> file for details. <br> The 14082<a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> parameter specifies the numerical 14083response code when an address is known to bounce (default: 450, 14084change into 550 when you are confident that it is safe to do so). 14085<br>The <a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> specifies the numerical response 14086code when an address address probe failed due to a temporary problem 14087(default: 450). <br> The <a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> parameter 14088specifies the action after address probe failure due to a temporary 14089problem (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). <br> This feature is available 14090in Postfix 2.1 and later. </dd> 14091 14092</dl> 14093 14094<p> 14095Other restrictions that are valid in this context: 14096</p> 14097 14098<ul> 14099 14100<li> <a href="#generic">Generic</a> restrictions that can be used 14101in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 14102 14103<li> SMTP command specific restrictions described under 14104<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>. 14105 14106<li> SMTP command specific restrictions described under 14107<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. When recipient restrictions are listed 14108under <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, they have effect only with 14109"<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> is 14110evaluated at the time of the RCPT TO command. 14111 14112</ul> 14113 14114<p> 14115Examples: 14116</p> 14117 14118<pre> 14119<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> = <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> 14120<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> = <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>, 14121 <a href="postconf.5.html#check_sender_access">check_sender_access</a> hash:/etc/postfix/access 14122</pre> 14123 14124 14125</DD> 14126 14127<DT><b><a name="smtpd_service_name">smtpd_service_name</a> 14128(default: smtpd)</b></DT><DD> 14129 14130<p> The internal service that <a href="postscreen.8.html">postscreen(8)</a> hands off allowed 14131connections to. In a future version there may be different 14132classes of SMTP service. </p> 14133 14134<p> This feature is available in Postfix 2.8. </p> 14135 14136 14137</DD> 14138 14139<DT><b><a name="smtpd_soft_error_limit">smtpd_soft_error_limit</a> 14140(default: 10)</b></DT><DD> 14141 14142<p> 14143The number of errors a remote SMTP client is allowed to make without 14144delivering mail before the Postfix SMTP server slows down all its 14145responses. 14146</p> 14147 14148<ul> 14149 14150<li><p>With Postfix version 2.1 and later, the Postfix SMTP server 14151delays all responses by $<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> seconds. </p> 14152 14153<li><p>With Postfix versions 2.0 and earlier, the Postfix SMTP 14154server delays all responses by (number of errors) seconds. </p> 14155 14156</ul> 14157 14158 14159</DD> 14160 14161<DT><b><a name="smtpd_starttls_timeout">smtpd_starttls_timeout</a> 14162(default: see "postconf -d" output)</b></DT><DD> 14163 14164<p> The time limit for Postfix SMTP server write and read operations 14165during TLS startup and shutdown handshake procedures. The current 14166default value is stress-dependent. Before Postfix version 2.8, it 14167was fixed at 300s. </p> 14168 14169<p> This feature is available in Postfix 2.2 and later. </p> 14170 14171 14172</DD> 14173 14174<DT><b><a name="smtpd_timeout">smtpd_timeout</a> 14175(default: normal: 300s, overload: 10s)</b></DT><DD> 14176 14177<p> 14178The time limit for sending a Postfix SMTP server response and for 14179receiving a remote SMTP client request. Normally the default limit 14180is 300s, but it changes under overload to just 10s. With Postfix 141812.5 and earlier, the SMTP server always uses a time limit of 300s 14182by default. 14183</p> 14184 14185<p> 14186Note: if you set SMTP time limits to very large values you may have 14187to update the global <a href="postconf.5.html#ipc_timeout">ipc_timeout</a> parameter. 14188</p> 14189 14190<p> 14191Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 14192The default time unit is s (seconds). 14193</p> 14194 14195 14196</DD> 14197 14198<DT><b><a name="smtpd_tls_CAfile">smtpd_tls_CAfile</a> 14199(default: empty)</b></DT><DD> 14200 14201<p> A file containing (PEM format) CA certificates of root CAs trusted 14202to sign either remote SMTP client certificates or intermediate CA 14203certificates. These are loaded into memory before the <a href="smtpd.8.html">smtpd(8)</a> server 14204enters the chroot jail. If the number of trusted roots is large, consider 14205using <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> instead, but note that the latter directory must 14206be present in the chroot jail if the <a href="smtpd.8.html">smtpd(8)</a> server is chrooted. This 14207file may also be used to augment the server certificate trust chain, 14208but it is best to include all the required certificates directly in the 14209server certificate file. </p> 14210 14211<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from 14212appending the system-supplied default CAs and trusting third-party 14213certificates. </p> 14214 14215<p> By default (see <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>), client certificates are not 14216requested, and <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> should remain empty. If you do make use 14217of client certificates, the distinguished names (DNs) of the certificate 14218authorities listed in <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> are sent to the remote SMTP client 14219in the client certificate request message. MUAs with multiple client 14220certificates may use the list of preferred certificate authorities 14221to select the correct client certificate. You may want to put your 14222"preferred" CA or CAs in this file, and install other trusted CAs in 14223$<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>. </p> 14224 14225<p> Example: </p> 14226 14227<pre> 14228<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/CAcert.pem 14229</pre> 14230 14231<p> This feature is available in Postfix 2.2 and later. </p> 14232 14233 14234</DD> 14235 14236<DT><b><a name="smtpd_tls_CApath">smtpd_tls_CApath</a> 14237(default: empty)</b></DT><DD> 14238 14239<p> A directory containing (PEM format) CA certificates of root CAs 14240trusted to sign either remote SMTP client certificates or intermediate CA 14241certificates. Do not forget to create the necessary "hash" links with, 14242for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use 14243<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> in chroot mode, this directory (or a copy) must be 14244inside the chroot jail. </p> 14245 14246<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from 14247appending the system-supplied default CAs and trusting third-party 14248certificates. </p> 14249 14250<p> By default (see <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>), client certificates are 14251not requested, and <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> should remain empty. In contrast 14252to <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, DNs of certificate authorities installed 14253in $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> are not included in the client certificate 14254request message. MUAs with multiple client certificates may use the 14255list of preferred certificate authorities to select the correct 14256client certificate. You may want to put your "preferred" CA or 14257CAs in $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, and install the remaining trusted CAs in 14258$<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>. </p> 14259 14260<p> Example: </p> 14261 14262<pre> 14263<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> = /etc/postfix/certs 14264</pre> 14265 14266<p> This feature is available in Postfix 2.2 and later. </p> 14267 14268 14269</DD> 14270 14271<DT><b><a name="smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> 14272(default: yes)</b></DT><DD> 14273 14274<p> Force the Postfix SMTP server to issue a TLS session id, even 14275when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> 14276is empty). This behavior is compatible with Postfix < 2.3. </p> 14277 14278<p> With Postfix 2.3 and later the Postfix SMTP server can disable 14279session id generation when TLS session caching is turned off. This 14280keeps remote SMTP clients from caching sessions that almost certainly cannot 14281be re-used. </p> 14282 14283<p> By default, the Postfix SMTP server always generates TLS session 14284ids. This works around a known defect in mail client applications 14285such as MS Outlook, and may also prevent interoperability issues 14286with other MTAs. </p> 14287 14288<p> Example: </p> 14289 14290<pre> 14291<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> = no 14292</pre> 14293 14294<p> This feature is available in Postfix 2.3 and later. </p> 14295 14296 14297</DD> 14298 14299<DT><b><a name="smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> 14300(default: no)</b></DT><DD> 14301 14302<p> Ask a remote SMTP client for a client certificate. This 14303information is needed for certificate based mail relaying with, 14304for example, the <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> feature. </p> 14305 14306<p> Some clients such as Netscape will either complain if no 14307certificate is available (for the list of CAs in $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>) 14308or will offer multiple client certificates to choose from. This 14309may be annoying, so this option is "off" by default. </p> 14310 14311<p> This feature is available in Postfix 2.2 and later. </p> 14312 14313 14314</DD> 14315 14316<DT><b><a name="smtpd_tls_auth_only">smtpd_tls_auth_only</a> 14317(default: no)</b></DT><DD> 14318 14319<p> When TLS encryption is optional in the Postfix SMTP server, do 14320not announce or accept SASL authentication over unencrypted 14321connections. </p> 14322 14323<p> This feature is available in Postfix 2.2 and later. </p> 14324 14325 14326</DD> 14327 14328<DT><b><a name="smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> 14329(default: 9)</b></DT><DD> 14330 14331<p> The verification depth for remote SMTP client certificates. A 14332depth of 1 is sufficient if the issuing CA is listed in a local CA 14333file. </p> 14334 14335<p> The default verification depth is 9 (the OpenSSL default) for 14336compatibility with earlier Postfix behavior. Prior to Postfix 2.5, 14337the default value was 5, but the limit was not actually enforced. If 14338you have set this to a lower non-default value, certificates with longer 14339trust chains may now fail to verify. Certificate chains with 1 or 2 14340CAs are common, deeper chains are more rare and any number between 5 14341and 9 should suffice in practice. You can choose a lower number if, 14342for example, you trust certificates directly signed by an issuing CA 14343but not any CAs it delegates to. </p> 14344 14345<p> This feature is available in Postfix 2.2 and later. </p> 14346 14347 14348</DD> 14349 14350<DT><b><a name="smtpd_tls_cert_file">smtpd_tls_cert_file</a> 14351(default: empty)</b></DT><DD> 14352 14353<p> File with the Postfix SMTP server RSA certificate in PEM format. 14354This file may also contain the Postfix SMTP server private RSA key. </p> 14355 14356<p> Public Internet MX hosts without certificates signed by a "reputable" 14357CA must generate, and be prepared to present to most clients, a 14358self-signed or private-CA signed certificate. The client will not be 14359able to authenticate the server, but unless it is running Postfix 2.3 or 14360similar software, it will still insist on a server certificate. </p> 14361 14362<p> For servers that are <b>not</b> public Internet MX hosts, Postfix 143632.3 supports configurations with no certificates. This entails the 14364use of just the anonymous TLS ciphers, which are not supported by 14365typical SMTP clients. Since such clients will not, as a rule, fall 14366back to plain text after a TLS handshake failure, the server will 14367be unable to receive email from TLS enabled clients. To avoid 14368accidental configurations with no certificates, Postfix 2.3 enables 14369certificate-less operation only when the administrator explicitly 14370sets "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix 14371configurations will not accidentally run with no certificates. </p> 14372 14373<p> Both RSA and DSA certificates are supported. When both types 14374are present, the cipher used determines which certificate will be 14375presented to the client. For Netscape and OpenSSL clients without 14376special cipher choices the RSA certificate is preferred. </p> 14377 14378<p> To enable a remote SMTP client to verify the Postfix SMTP server 14379certificate, the issuing CA certificates must be made available to the 14380client. You should include the required certificates in the server 14381certificate file, the server certificate first, then the issuing 14382CA(s) (bottom-up order). </p> 14383 14384<p> Example: the certificate for "server.example.com" was issued by 14385"intermediate CA" which itself has a certificate of "root CA". 14386Create the server.pem file with "cat server_cert.pem intermediate_CA.pem 14387root_CA.pem > server.pem". </p> 14388 14389<p> If you also want to verify client certificates issued by these 14390CAs, you can add the CA certificates to the <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, in which 14391case it is not necessary to have them in the <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> or 14392<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. </p> 14393 14394<p> A certificate supplied here must be usable as an SSL server certificate 14395and hence pass the "openssl verify -purpose sslserver ..." test. </p> 14396 14397<p> Example: </p> 14398 14399<pre> 14400<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/server.pem 14401</pre> 14402 14403<p> This feature is available in Postfix 2.2 and later. </p> 14404 14405 14406</DD> 14407 14408<DT><b><a name="smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> 14409(default: empty)</b></DT><DD> 14410 14411<p> Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS 14412cipher list. It is easy to create inter-operability problems by choosing 14413a non-default cipher list. Do not use a non-default TLS cipherlist for 14414MX hosts on the public Internet. Clients that begin the TLS handshake, 14415but are unable to agree on a common cipher, may not be able to send any 14416email to the SMTP server. Using a restricted cipher list may be more 14417appropriate for a dedicated MSA or an internal mailhub, where one can 14418exert some control over the TLS software and settings of the connecting 14419clients. </p> 14420 14421<p> <b>Note:</b> do not use "" quotes around the parameter value. </p> 14422 14423<p>This feature is available with Postfix version 2.2. It is not used with 14424Postfix 2.3 and later; use <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> instead. </p> 14425 14426 14427</DD> 14428 14429<DT><b><a name="smtpd_tls_ciphers">smtpd_tls_ciphers</a> 14430(default: export)</b></DT><DD> 14431 14432<p> The minimum TLS cipher grade that the Postfix SMTP server 14433will use with opportunistic TLS encryption. Cipher types listed in 14434<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are excluded from the base definition of 14435the selected cipher grade. The default value "export" ensures maximum 14436inter-operability. Because encryption is optional, stronger controls 14437are not appropriate, and this setting SHOULD NOT be changed unless the 14438change is essential. </p> 14439 14440<p> When TLS is mandatory the cipher grade is chosen via the 14441<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> configuration parameter, see there for syntax 14442details. </p> 14443 14444<p> Example: </p> 14445<pre> 14446<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> = export 14447</pre> 14448 14449<p> This feature is available in Postfix 2.6 and later. With earlier Postfix 14450releases only the <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> parameter is implemented, 14451and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p> 14452 14453 14454</DD> 14455 14456<DT><b><a name="smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> 14457(default: empty)</b></DT><DD> 14458 14459<p> File with the Postfix SMTP server DSA certificate in PEM format. 14460This file may also contain the Postfix SMTP server private DSA key. </p> 14461 14462<p> See the discussion under <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for more details. 14463</p> 14464 14465<p> Example: </p> 14466 14467<pre> 14468<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> = /etc/postfix/server-dsa.pem 14469</pre> 14470 14471<p> This feature is available in Postfix 2.2 and later. </p> 14472 14473 14474</DD> 14475 14476<DT><b><a name="smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> 14477(default: empty)</b></DT><DD> 14478 14479<p> File with DH parameters that the Postfix SMTP server should 14480use with EDH ciphers. </p> 14481 14482<p> Instead of using the exact same parameter sets as distributed 14483with other TLS packages, it is more secure to generate your own 14484set of parameters with something like the following command: </p> 14485 14486<blockquote> 14487<pre> 14488openssl gendh -out /etc/postfix/dh_1024.pem -2 1024 14489</pre> 14490</blockquote> 14491 14492<p> Your actual source for entropy may differ. Some systems have 14493/dev/random; on other system you may consider using the "Entropy 14494Gathering Daemon EGD", available at <a href="http://egd.sourceforge.net/">http://egd.sourceforge.net/</a> 14495</p> 14496 14497<p> Example: </p> 14498 14499<pre> 14500<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> = /etc/postfix/dh_1024.pem 14501</pre> 14502 14503<p>This feature is available with Postfix version 2.2.</p> 14504 14505 14506</DD> 14507 14508<DT><b><a name="smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> 14509(default: empty)</b></DT><DD> 14510 14511<p> File with DH parameters that the Postfix SMTP server should 14512use with EDH ciphers. </p> 14513 14514<p> See also the discussion under the <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> 14515configuration parameter. </p> 14516 14517<p> Example: </p> 14518 14519<pre> 14520<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> = /etc/postfix/dh_512.pem 14521</pre> 14522 14523<p>This feature is available with Postfix version 2.2.</p> 14524 14525 14526</DD> 14527 14528<DT><b><a name="smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> 14529(default: $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b></DT><DD> 14530 14531<p> File with the Postfix SMTP server DSA private key in PEM format. 14532This file may be combined with the Postfix SMTP server DSA certificate 14533file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. </p> 14534 14535<p> The private key must be accessible without a pass-phrase, i.e. it 14536must not be encrypted. File permissions should grant read-only 14537access to the system superuser account ("root"), and no access 14538to anyone else. </p> 14539 14540<p> This feature is available in Postfix 2.2 and later. </p> 14541 14542 14543</DD> 14544 14545<DT><b><a name="smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> 14546(default: empty)</b></DT><DD> 14547 14548<p> File with the Postfix SMTP server ECDSA certificate in PEM format. 14549This file may also contain the Postfix SMTP server private ECDSA key. </p> 14550 14551<p> See the discussion under <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for more details. </p> 14552 14553<p> Example: </p> 14554 14555<pre> 14556<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> = /etc/postfix/ecdsa-scert.pem 14557</pre> 14558 14559<p> This feature is available in Postfix 2.6 and later, when Postfix is 14560compiled and linked with OpenSSL 1.0.0 or later. </p> 14561 14562 14563</DD> 14564 14565<DT><b><a name="smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> 14566(default: $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b></DT><DD> 14567 14568<p> File with the Postfix SMTP server ECDSA private key in PEM format. 14569This file may be combined with the Postfix SMTP server ECDSA certificate 14570file specified with $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. </p> 14571 14572<p> The private key must be accessible without a pass-phrase, i.e. it 14573must not be encrypted. File permissions should grant read-only 14574access to the system superuser account ("root"), and no access 14575to anyone else. </p> 14576 14577<p> This feature is available in Postfix 2.6 and later, when Postfix is 14578compiled and linked with OpenSSL 1.0.0 or later. </p> 14579 14580 14581</DD> 14582 14583<DT><b><a name="smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> 14584(default: see "postconf -d" output)</b></DT><DD> 14585 14586<p> The Postfix SMTP server security grade for ephemeral elliptic-curve 14587Diffie-Hellman (EECDH) key exchange. </p> 14588 14589<p> The available choices are: </p> 14590 14591<dl> 14592 14593<dt><b>none</b></dt> <dd> Don't use EECDH. Ciphers based on EECDH key 14594exchange will be disabled. This is the default in Postfix versions 145952.6 and 2.7. </dd> 14596 14597<dt><b>strong</b></dt> <dd> Use EECDH with approximately 128 14598bits of security at a reasonable computational cost. This is the 14599current best-practice trade-off between security and computational 14600efficiency. This is the default in Postfix version 2.8 and later. 14601</dd> 14602 14603<dt><b>ultra</b></dt> <dd> Use EECDH with approximately 192 bits of 14604security at computational cost that is approximately twice as high 14605as 128 bit strength ECC. Barring significant progress in attacks on 14606elliptic curve crypto-systems, the "strong" curve is sufficient for most 14607users. </dd> 14608 14609</dl> 14610 14611<p> This feature is available in Postfix 2.6 and later, when it is 14612compiled and linked with OpenSSL 1.0.0 or later. </p> 14613 14614 14615</DD> 14616 14617<DT><b><a name="smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> 14618(default: empty)</b></DT><DD> 14619 14620<p> List of ciphers or cipher types to exclude from the SMTP server 14621cipher list at all TLS security levels. Excluding valid ciphers 14622can create interoperability problems. DO NOT exclude ciphers unless it 14623is essential to do so. This is not an OpenSSL cipherlist; it is a simple 14624list separated by whitespace and/or commas. The elements are a single 14625cipher, or one or more "+" separated cipher properties, in which case 14626only ciphers matching <b>all</b> the properties are excluded. </p> 14627 14628<p> Examples (some of these will cause problems): </p> 14629 14630<blockquote> 14631<pre> 14632<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL 14633<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = MD5, DES 14634<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = DES+MD5 14635<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = AES256-SHA, DES-CBC3-MD5 14636<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = kEDH+aRSA 14637</pre> 14638</blockquote> 14639 14640<p> The first setting disables anonymous ciphers. The next setting 14641disables ciphers that use the MD5 digest algorithm or the (single) DES 14642encryption algorithm. The next setting disables ciphers that use MD5 and 14643DES together. The next setting disables the two ciphers "AES256-SHA" 14644and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH" 14645key exchange with RSA authentication. </p> 14646 14647<p> This feature is available in Postfix 2.3 and later. </p> 14648 14649 14650</DD> 14651 14652<DT><b><a name="smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> 14653(default: md5)</b></DT><DD> 14654 14655<p> The message digest algorithm to construct remote SMTP 14656client-certificate 14657fingerprints or public key fingerprints (Postfix 2.9 and later) 14658for <b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a></b>. The 14659default algorithm is <b>md5</b>, for backwards compatibility with Postfix 14660releases prior to 2.5. </p> 14661 14662<p> Advances in hash 14663function cryptanalysis have led to md5 being deprecated in favor of sha1. 14664However, as long as there are no known "second pre-image" attacks 14665against md5, its use in this context can still be considered safe. 14666</p> 14667 14668<p> While additional digest algorithms are often available with OpenSSL's 14669libcrypto, only those used by libssl in SSL cipher suites are available to 14670Postfix. </p> 14671 14672<p> To find the fingerprint of a specific certificate file, with a 14673specific digest algorithm, run: </p> 14674 14675<blockquote> 14676<pre> 14677$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem 14678</pre> 14679</blockquote> 14680 14681<p> The text to the right of "=" sign is the desired fingerprint. 14682For example: </p> 14683 14684<blockquote> 14685<pre> 14686$ openssl x509 -noout -fingerprint -sha1 -in cert.pem 14687SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A 14688</pre> 14689</blockquote> 14690 14691<p> Public key fingerprints are more difficult to extract, however, 14692the SHA-1 public key fingerprint is often present as the value of the 14693"Subject Key Identifier" extension in X.509v3 certificates. The Postfix 14694SMTP server and client log the peer certificate fingerprint and public 14695key fingerprint when TLS loglevel is 1 or higher. </p> 14696 14697<p> Example: client-certificate access table, with sha1 fingerprints: </p> 14698 14699<blockquote> 14700<pre> 14701/etc/postfix/<a href="postconf.5.html">main.cf</a>: 14702 <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> = sha1 14703 <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = 14704 <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> hash:/etc/postfix/access, 14705 reject 14706</pre> 14707<pre> 14708/etc/postfix/access: 14709 # Action folded to next line... 14710 AF:88:7C:AD:51:95:6F:36:96:F6:01:FB:2E:48:CD:AB:49:25:A2:3B 14711 OK 14712 85:16:78:FD:73:6E:CE:70:E0:31:5F:0D:3C:C8:6D:C4:2C:24:59:E1 14713 <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> 14714</pre> 14715</blockquote> 14716 14717<p> This feature is available in Postfix 2.5 and later. </p> 14718 14719 14720</DD> 14721 14722<DT><b><a name="smtpd_tls_key_file">smtpd_tls_key_file</a> 14723(default: $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b></DT><DD> 14724 14725<p> File with the Postfix SMTP server RSA private key in PEM format. 14726This file may be combined with the Postfix SMTP server RSA certificate 14727file specified with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>. </p> 14728 14729<p> The private key must be accessible without a pass-phrase, i.e. it 14730must not be encrypted. File permissions should grant read-only 14731access to the system superuser account ("root"), and no access 14732to anyone else. </p> 14733 14734 14735</DD> 14736 14737<DT><b><a name="smtpd_tls_loglevel">smtpd_tls_loglevel</a> 14738(default: 0)</b></DT><DD> 14739 14740<p> Enable additional Postfix SMTP server logging of TLS activity. 14741Each logging level also includes the information that is logged at 14742a lower logging level. </p> 14743 14744<dl compact> 14745 14746<dt> </dt> <dd> 0 Log only a summary message on TLS handshake completion 14747— no logging of remote SMTP client certificate trust-chain verification 14748errors 14749if client certificate verification is not required. With Postfix 2.8 14750and earlier, disable logging of TLS activity. </dd> 14751 14752<dt> </dt> <dd> 1 Also log trust-chain verification errors and peer 14753certificate name and issuer. With Postfix 2.8 and earlier, log TLS 14754handshake and certificate information. </dd> 14755 14756<dt> </dt> <dd> 2 Also log levels during TLS negotiation. </dd> 14757 14758<dt> </dt> <dd> 3 Also log hexadecimal and ASCII dump of TLS negotiation 14759process. </dd> 14760 14761<dt> </dt> <dd> 4 Also log hexadecimal and ASCII dump of complete 14762transmission after STARTTLS. </dd> 14763 14764</dl> 14765 14766<p> Do not use "<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> = 2" or higher except in case 14767of problems. Use of loglevel 4 is strongly discouraged. </p> 14768 14769<p> This feature is available in Postfix 2.2 and later. </p> 14770 14771 14772</DD> 14773 14774<DT><b><a name="smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> 14775(default: medium)</b></DT><DD> 14776 14777<p> The minimum TLS cipher grade that the Postfix SMTP server will 14778use with mandatory TLS encryption. The default grade ("medium") is 14779sufficiently strong that any benefit from globally restricting TLS 14780sessions to a more stringent grade is likely negligible, especially 14781given the fact that many implementations still do not offer any stronger 14782("high" grade) ciphers, while those that do, will always use "high" 14783grade ciphers. So insisting on "high" grade ciphers is generally 14784counter-productive. Allowing "export" or "low" ciphers is typically 14785not a good idea, as systems limited to just these are limited to 14786obsolete browsers. No known SMTP clients fail to support at least 14787one "medium" or "high" grade cipher. </p> 14788 14789<p> The following cipher grades are supported: </p> 14790 14791<dl> 14792<dt><b>export</b></dt> 14793<dd> Enable "EXPORT" grade or stronger OpenSSL ciphers. 14794This is the most appropriate setting for public MX hosts, and is always 14795used with opportunistic TLS encryption. The underlying cipherlist 14796is specified via the <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> configuration parameter, 14797which you are strongly encouraged to not change. </dd> 14798 14799<dt><b>low</b></dt> 14800<dd> Enable "LOW" grade or stronger OpenSSL ciphers. The 14801underlying cipherlist is specified via the <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> 14802configuration parameter, which you are strongly encouraged to 14803not change. </dd> 14804 14805<dt><b>medium</b></dt> 14806<dd> Enable "MEDIUM" grade or stronger OpenSSL ciphers. These use 128-bit 14807or longer symmetric bulk-encryption keys. This is the default minimum 14808strength for mandatory TLS encryption. The underlying cipherlist is 14809specified via the <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> configuration parameter, which 14810you are strongly encouraged to not change. </dd> 14811 14812<dt><b>high</b></dt> 14813<dd> Enable only "HIGH" grade OpenSSL ciphers. The 14814underlying cipherlist is specified via the <a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> 14815configuration parameter, which you are strongly encouraged to 14816not change. </dd> 14817 14818<dt><b>null</b></dt> 14819<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication 14820without encryption. This setting is only appropriate in the rare 14821case that all clients are prepared to use NULL ciphers (not normally 14822enabled in TLS clients). The underlying cipherlist is specified via the 14823<a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> configuration parameter, which you are strongly 14824encouraged to not change. </dd> 14825 14826</dl> 14827 14828<p> Cipher types listed in 14829<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> or <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are 14830excluded from the base definition of the selected cipher grade. See 14831<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> for cipher controls that apply to opportunistic 14832TLS. </p> 14833 14834<p> The underlying cipherlists for grades other than "null" include 14835anonymous ciphers, but these are automatically filtered out if the 14836server is configured to ask for remote SMTP client certificates. You are very 14837unlikely to need to take any steps to exclude anonymous ciphers, they 14838are excluded automatically as required. If you must exclude anonymous 14839ciphers even when Postfix does not need or use peer certificates, set 14840"<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". To exclude anonymous ciphers only 14841when TLS is enforced, set "<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL". </p> 14842 14843<p> This feature is available in Postfix 2.3 and later. </p> 14844 14845 14846</DD> 14847 14848<DT><b><a name="smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> 14849(default: empty)</b></DT><DD> 14850 14851<p> Additional list of ciphers or cipher types to exclude from the 14852Postfix SMTP server cipher list at mandatory TLS security levels. 14853This list 14854works in addition to the exclusions listed with <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> 14855(see there for syntax details). </p> 14856 14857<p> This feature is available in Postfix 2.3 and later. </p> 14858 14859 14860</DD> 14861 14862<DT><b><a name="smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> 14863(default: !SSLv2)</b></DT><DD> 14864 14865<p> The SSL/TLS protocols accepted by the Postfix SMTP server with 14866mandatory TLS encryption. If the list is empty, the server supports all 14867available SSL/TLS protocol versions. A non-empty value is a list 14868of protocol 14869names separated by whitespace, commas or colons. The supported protocol 14870names are "SSLv2", "SSLv3" and "TLSv1", and are not case sensitive. </p> 14871 14872<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" 14873and "TLSv1.2". If an older Postfix version is linked against OpenSSL 148741.0.1 or later, these, or any other new protocol versions, are 14875unconditionally enabled. </p> 14876 14877<p> With Postfix ≥ 2.5 the parameter syntax is expanded to support 14878protocol exclusions. One can now explicitly exclude SSLv2 by setting 14879"<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2". To exclude both SSLv2 and 14880SSLv3 set "<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3". Listing 14881the protocols to include, rather than protocols to exclude, is 14882supported, but not recommended. The exclusion form more closely 14883matches the behaviour when the OpenSSL library is newer than Postfix. 14884</p> 14885 14886<p> Since SSL version 2 has known protocol weaknesses and is now 14887deprecated, the default setting excludes "SSLv2". This means that 14888by default, SSL version 2 will not be used at the "encrypt" security 14889level. </p> 14890 14891<p> Example: </p> 14892 14893<pre> 14894<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = TLSv1 14895# Alternative form with Postfix ≥ 2.5: 14896<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3 14897</pre> 14898 14899<p> This feature is available in Postfix 2.3 and later. </p> 14900 14901 14902</DD> 14903 14904<DT><b><a name="smtpd_tls_protocols">smtpd_tls_protocols</a> 14905(default: empty)</b></DT><DD> 14906 14907<p> List of TLS protocols that the Postfix SMTP server will exclude 14908or include with opportunistic TLS encryption. This parameter SHOULD be 14909left at its default empty value, allowing all protocols to be used with 14910opportunistic TLS. </p> 14911 14912<p> In <a href="postconf.5.html">main.cf</a> the values are separated by whitespace, commas or 14913colons. An empty value means allow all protocols. The valid protocol 14914names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and 14915"TLSv1". In <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> table entries, "protocols" attribute 14916values are separated by a colon. </p> 14917 14918<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" 14919and "TLSv1.2". If an older Postfix version is linked against OpenSSL 149201.0.1 or later, these, or any other new protocol versions, are 14921unconditionally enabled. </p> 14922 14923<p> To include a protocol list its name, to exclude it, prefix the name 14924with a "!" character. To exclude SSLv2 even for opportunistic TLS set 14925"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set 14926"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2, !SSLv3". Explicitly listing the protocols to 14927include, rather than protocols to exclude, is supported, but not 14928recommended. The exclusion form more closely matches the behaviour 14929when the OpenSSL library is newer than Postfix. </p> 14930 14931<p> Example: </p> 14932<pre> 14933<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2 14934</pre> 14935 14936<p> This feature is available in Postfix 2.6 and later. </p> 14937 14938 14939</DD> 14940 14941<DT><b><a name="smtpd_tls_received_header">smtpd_tls_received_header</a> 14942(default: no)</b></DT><DD> 14943 14944<p> Request that the Postfix SMTP server produces Received: message 14945headers that include information about the protocol and cipher used, 14946as well as the remote SMTP client CommonName and client certificate issuer 14947CommonName. This is disabled by default, as the information may 14948be modified in transit through other mail servers. Only information 14949that was recorded by the final destination can be trusted. </p> 14950 14951<p> This feature is available in Postfix 2.2 and later. </p> 14952 14953 14954</DD> 14955 14956<DT><b><a name="smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> 14957(default: no)</b></DT><DD> 14958 14959<p> With mandatory TLS encryption, require a trusted remote SMTP client 14960certificate in order to allow TLS connections to proceed. This 14961option implies "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes". </p> 14962 14963<p> When TLS encryption is optional, this setting is ignored with 14964a warning written to the mail log. </p> 14965 14966<p> This feature is available in Postfix 2.2 and later. </p> 14967 14968 14969</DD> 14970 14971<DT><b><a name="smtpd_tls_security_level">smtpd_tls_security_level</a> 14972(default: empty)</b></DT><DD> 14973 14974<p> The SMTP TLS security level for the Postfix SMTP server; when 14975a non-empty value is specified, this overrides the obsolete parameters 14976<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>. This parameter is ignored with 14977"<a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> = yes". </p> 14978 14979<p> Specify one of the following security levels: </p> 14980 14981<dl> 14982 14983<dt><b>none</b></dt> <dd> TLS will not be used. </dd> 14984 14985<dt><b>may</b></dt> <dd> Opportunistic TLS: announce STARTTLS support 14986to remote SMTP clients, but do not require that clients use TLS encryption. 14987</dd> 14988 14989<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce 14990STARTTLS support to remote SMTP clients, and require that clients use TLS 14991encryption. According to <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> this MUST NOT be applied in case 14992of a publicly-referenced SMTP server. Instead, this option should 14993be used only on dedicated servers. </dd> 14994 14995</dl> 14996 14997<p> Note 1: the "fingerprint", "verify" and "secure" levels are not 14998supported here. 14999The Postfix SMTP server logs a warning and uses "encrypt" instead. 15000To verify remote SMTP client certificates, see <a href="TLS_README.html">TLS_README</a> for a discussion 15001of the <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>, <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>, and <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> 15002features. </p> 15003 15004<p> Note 2: The parameter setting "<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = 15005encrypt" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes".</p> 15006 15007<p> Note 3: when invoked via "sendmail -bs", Postfix will never 15008offer STARTTLS due to insufficient privileges to access the server 15009private key. This is intended behavior.</p> 15010 15011<p> This feature is available in Postfix 2.3 and later. </p> 15012 15013 15014</DD> 15015 15016<DT><b><a name="smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> 15017(default: empty)</b></DT><DD> 15018 15019<p> Name of the file containing the optional Postfix SMTP server 15020TLS session cache. Specify a database type that supports enumeration, 15021such as <b>btree</b> or <b>sdbm</b>; there is no need to support 15022concurrent access. The file is created if it does not exist. The <a href="smtpd.8.html">smtpd(8)</a> 15023daemon does not use this parameter directly, rather the cache is 15024implemented indirectly in the <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon. This means that 15025per-smtpd-instance <a href="master.5.html">master.cf</a> overrides of this parameter are not 15026effective. Note, that each of the cache databases supported by <a href="tlsmgr.8.html">tlsmgr(8)</a> 15027daemon: $<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, $<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> 15028(and with Postfix 2.3 and later $<a href="postconf.5.html#lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a>), needs to be 15029stored separately. It is not at this time possible to store multiple 15030caches in a single database. </p> 15031 15032<p> Note: <b>dbm</b> databases are not suitable. TLS 15033session objects are too large. </p> 15034 15035<p> As of version 2.5, Postfix no longer uses root privileges when 15036opening this file. The file should now be stored under the Postfix-owned 15037<a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to open the file 15038under a non-Postfix directory is redirected to the Postfix-owned 15039<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p> 15040 15041<p> Example: </p> 15042 15043<pre> 15044<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> = btree:/var/db/postfix/smtpd_scache 15045</pre> 15046 15047<p> This feature is available in Postfix 2.2 and later. </p> 15048 15049 15050</DD> 15051 15052<DT><b><a name="smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> 15053(default: 3600s)</b></DT><DD> 15054 15055<p> The expiration time of Postfix SMTP server TLS session cache 15056information. A cache cleanup is performed periodically 15057every $<a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> seconds. As with 15058$<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, this parameter is implemented in the 15059<a href="tlsmgr.8.html">tlsmgr(8)</a> daemon and therefore per-smtpd-instance <a href="master.5.html">master.cf</a> overrides 15060are not possible. </p> 15061 15062<p> This feature is available in Postfix 2.2 and later. </p> 15063 15064 15065</DD> 15066 15067<DT><b><a name="smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> 15068(default: no)</b></DT><DD> 15069 15070<p> Run the Postfix SMTP server in the non-standard "wrapper" mode, 15071instead of using the STARTTLS command. </p> 15072 15073<p> If you want to support this service, enable a special port in 15074<a href="master.5.html">master.cf</a>, and specify "-o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>=yes" on the SMTP 15075server's command line. Port 465 (smtps) was once chosen for this 15076purpose. </p> 15077 15078<p> This feature is available in Postfix 2.2 and later. </p> 15079 15080 15081</DD> 15082 15083<DT><b><a name="smtpd_use_tls">smtpd_use_tls</a> 15084(default: no)</b></DT><DD> 15085 15086<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients, 15087but do not require that clients use TLS encryption. </p> 15088 15089<p> Note: when invoked via "<b>sendmail -bs</b>", Postfix will never offer 15090STARTTLS due to insufficient privileges to access the server private 15091key. This is intended behavior. </p> 15092 15093<p> This feature is available in Postfix 2.2 and later. With 15094Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p> 15095 15096 15097</DD> 15098 15099<DT><b><a name="soft_bounce">soft_bounce</a> 15100(default: no)</b></DT><DD> 15101 15102<p> 15103Safety net to keep mail queued that would otherwise be returned to 15104the sender. This parameter disables locally-generated bounces, 15105and prevents the Postfix SMTP server from rejecting mail permanently, 15106by changing 5xx reply codes into 4xx. However, <a href="postconf.5.html#soft_bounce">soft_bounce</a> is no 15107cure for address rewriting mistakes or mail routing mistakes. 15108</p> 15109 15110<p> 15111Example: 15112</p> 15113 15114<pre> 15115<a href="postconf.5.html#soft_bounce">soft_bounce</a> = yes 15116</pre> 15117 15118 15119</DD> 15120 15121<DT><b><a name="stale_lock_time">stale_lock_time</a> 15122(default: 500s)</b></DT><DD> 15123 15124<p> 15125The time after which a stale exclusive mailbox lockfile is removed. 15126This is used for delivery to file or mailbox. 15127</p> 15128 15129<p> 15130Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 15131The default time unit is s (seconds). 15132</p> 15133 15134 15135</DD> 15136 15137<DT><b><a name="stress">stress</a> 15138(default: empty)</b></DT><DD> 15139 15140<p> This feature is documented in the <a href="STRESS_README.html">STRESS_README</a> document. </p> 15141 15142<p> This feature is available in Postfix 2.5 and later. </p> 15143 15144 15145</DD> 15146 15147<DT><b><a name="strict_7bit_headers">strict_7bit_headers</a> 15148(default: no)</b></DT><DD> 15149 15150<p> 15151Reject mail with 8-bit text in message headers. This blocks mail 15152from poorly written applications. 15153</p> 15154 15155<p> 15156This feature should not be enabled on a general purpose mail server, 15157because it is likely to reject legitimate email. 15158</p> 15159 15160<p> 15161This feature is available in Postfix 2.0 and later. 15162</p> 15163 15164 15165</DD> 15166 15167<DT><b><a name="strict_8bitmime">strict_8bitmime</a> 15168(default: no)</b></DT><DD> 15169 15170<p> 15171Enable both <a href="postconf.5.html#strict_7bit_headers">strict_7bit_headers</a> and <a href="postconf.5.html#strict_8bitmime_body">strict_8bitmime_body</a>. 15172</p> 15173 15174<p> 15175This feature should not be enabled on a general purpose mail server, 15176because it is likely to reject legitimate email. 15177</p> 15178 15179<p> 15180This feature is available in Postfix 2.0 and later. 15181</p> 15182 15183 15184</DD> 15185 15186<DT><b><a name="strict_8bitmime_body">strict_8bitmime_body</a> 15187(default: no)</b></DT><DD> 15188 15189<p> 15190Reject 8-bit message body text without 8-bit MIME content encoding 15191information. This blocks mail from poorly written applications. 15192</p> 15193 15194<p> 15195Unfortunately, this also rejects majordomo approval requests when 15196the included request contains valid 8-bit MIME mail, and it rejects 15197bounces from mailers that do not MIME encapsulate 8-bit content 15198(for example, bounces from qmail or from old versions of Postfix). 15199</p> 15200 15201<p> 15202This feature should not be enabled on a general purpose mail server, 15203because it is likely to reject legitimate email. 15204</p> 15205 15206<p> 15207This feature is available in Postfix 2.0 and later. 15208</p> 15209 15210 15211</DD> 15212 15213<DT><b><a name="strict_mailbox_ownership">strict_mailbox_ownership</a> 15214(default: yes)</b></DT><DD> 15215 15216<p> Defer delivery when a mailbox file is not owned by its recipient. 15217The default setting is not backwards compatible. </p> 15218 15219<p> This feature is available in Postfix 2.5.3 and later. </p> 15220 15221 15222</DD> 15223 15224<DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a> 15225(default: no)</b></DT><DD> 15226 15227<p> 15228Reject mail with invalid Content-Transfer-Encoding: information 15229for the message/* or multipart/* MIME content types. This blocks 15230mail from poorly written software. 15231</p> 15232 15233<p> 15234This feature should not be enabled on a general purpose mail server, 15235because it will reject mail after a single violation. 15236</p> 15237 15238<p> 15239This feature is available in Postfix 2.0 and later. 15240</p> 15241 15242 15243</DD> 15244 15245<DT><b><a name="strict_rfc821_envelopes">strict_rfc821_envelopes</a> 15246(default: no)</b></DT><DD> 15247 15248<p> 15249Require that addresses received in SMTP MAIL FROM and RCPT TO 15250commands are enclosed with <>, and that those addresses do 15251not contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style comments or phrases. This stops mail 15252from poorly written software. 15253</p> 15254 15255<p> 15256By default, the Postfix SMTP server accepts <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> syntax in MAIL 15257FROM and RCPT TO addresses. 15258</p> 15259 15260 15261</DD> 15262 15263<DT><b><a name="sun_mailtool_compatibility">sun_mailtool_compatibility</a> 15264(default: no)</b></DT><DD> 15265 15266<p> 15267Obsolete SUN mailtool compatibility feature. Instead, use 15268"<a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> = dotlock". 15269</p> 15270 15271 15272</DD> 15273 15274<DT><b><a name="swap_bangpath">swap_bangpath</a> 15275(default: yes)</b></DT><DD> 15276 15277<p> 15278Enable the rewriting of "site!user" into "user@site". This is 15279necessary if your machine is connected to UUCP networks. It is 15280enabled by default. 15281</p> 15282 15283<p> Note: with Postfix version 2.2, message header address rewriting 15284happens only when one of the following conditions is true: </p> 15285 15286<ul> 15287 15288<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 15289 15290<li> The message is received from a network client that matches 15291$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 15292 15293<li> The message is received from the network, and the 15294<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 15295 15296</ul> 15297 15298<p> To get the behavior before Postfix version 2.2, specify 15299"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 15300 15301<p> 15302Example: 15303</p> 15304 15305<pre> 15306<a href="postconf.5.html#swap_bangpath">swap_bangpath</a> = no 15307</pre> 15308 15309 15310</DD> 15311 15312<DT><b><a name="syslog_facility">syslog_facility</a> 15313(default: mail)</b></DT><DD> 15314 15315<p> 15316The syslog facility of Postfix logging. Specify a facility as 15317defined in syslog.conf(5). The default facility is "mail". 15318</p> 15319 15320<p> 15321Warning: a non-default <a href="postconf.5.html#syslog_facility">syslog_facility</a> setting takes effect only 15322after a Postfix process has completed initialization. Errors during 15323process initialization will be logged with the default facility. 15324Examples are errors while parsing the command line arguments, and 15325errors while accessing the Postfix <a href="postconf.5.html">main.cf</a> configuration file. 15326</p> 15327 15328 15329</DD> 15330 15331<DT><b><a name="syslog_name">syslog_name</a> 15332(default: see "postconf -d" output)</b></DT><DD> 15333 15334<p> 15335The mail system name that is prepended to the process name in syslog 15336records, so that "smtpd" becomes, for example, "postfix/smtpd". 15337</p> 15338 15339<p> 15340Warning: a non-default <a href="postconf.5.html#syslog_name">syslog_name</a> setting takes effect only after 15341a Postfix process has completed initialization. Errors during 15342process initialization will be logged with the default name. Examples 15343are errors while parsing the command line arguments, and errors 15344while accessing the Postfix <a href="postconf.5.html">main.cf</a> configuration file. 15345</p> 15346 15347 15348</DD> 15349 15350<DT><b><a name="tcp_windowsize">tcp_windowsize</a> 15351(default: 0)</b></DT><DD> 15352 15353<p> An optional workaround for routers that break TCP window scaling. 15354Specify a value > 0 and < 65536 to enable this feature. With 15355Postfix TCP servers (<a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a>), this feature is implemented 15356by the Postfix <a href="master.8.html">master(8)</a> daemon. </p> 15357 15358<p> To change this parameter without stopping Postfix, you need to 15359first terminate all Postfix TCP servers: </p> 15360 15361<blockquote> 15362<pre> 15363# postconf -e <a href="postconf.5.html#master_service_disable">master_service_disable</a>=inet 15364# postfix reload 15365</pre> 15366</blockquote> 15367 15368<p> This immediately terminates all processes that accept network 15369connections. Next, you enable Postfix TCP servers with the updated 15370<a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> setting: </p> 15371 15372<blockquote> 15373<pre> 15374# postconf -e <a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a>=65535 <a href="postconf.5.html#master_service_disable">master_service_disable</a>= 15375# postfix reload 15376</pre> 15377</blockquote> 15378 15379<p> If you skip these steps with a running Postfix system, then the 15380<a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> change will work only for Postfix TCP clients (<a href="smtp.8.html">smtp(8)</a>, 15381<a href="lmtp.8.html">lmtp(8)</a>). </p> 15382 15383<p> This feature is available in Postfix 2.6 and later. </p> 15384 15385 15386</DD> 15387 15388<DT><b><a name="tls_append_default_CA">tls_append_default_CA</a> 15389(default: no)</b></DT><DD> 15390 15391<p> Append the system-supplied default certificate authority 15392certificates to the ones specified with *_tls_CApath or *_tls_CAfile. 15393The default is "no"; this prevents Postfix from trusting third-party 15394certificates and giving them relay permission with 15395<a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p> 15396 15397<p> This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8, 153982.7.2 and later versions. Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = yes" for 15399backwards compatibility, to avoid breaking certificate verification 15400with sites that don't use <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p> 15401 15402 15403</DD> 15404 15405<DT><b><a name="tls_daemon_random_bytes">tls_daemon_random_bytes</a> 15406(default: 32)</b></DT><DD> 15407 15408<p> The number of pseudo-random bytes that an <a href="smtp.8.html">smtp(8)</a> or <a href="smtpd.8.html">smtpd(8)</a> 15409process requests from the <a href="tlsmgr.8.html">tlsmgr(8)</a> server in order to seed its 15410internal pseudo random number generator (PRNG). The default of 32 15411bytes (equivalent to 256 bits) is sufficient to generate a 128bit 15412(or 168bit) session key. </p> 15413 15414<p> This feature is available in Postfix 2.2 and later. </p> 15415 15416 15417</DD> 15418 15419<DT><b><a name="tls_disable_workarounds">tls_disable_workarounds</a> 15420(default: see "postconf -d" output)</b></DT><DD> 15421 15422<p> List or bit-mask of OpenSSL bug work-arounds to disable. </p> 15423 15424<p> The OpenSSL toolkit includes a set of work-arounds for buggy SSL/TLS 15425implementations. Applications, such as Postfix, that want to maximize 15426interoperability ask the OpenSSL library to enable the full set of 15427recommended work-arounds. </p> 15428 15429<p> From time to time, it is discovered that a work-around creates a 15430security issue, and should no longer be used. If upgrading OpenSSL 15431to a fixed version is not an option or an upgrade is not available 15432in a timely manner, or in closed environments where no buggy clients 15433or servers exist, it may be appropriate to disable some or all of the 15434OpenSSL interoperability work-arounds. This parameter specifies which 15435bug work-arounds to disable. </p> 15436 15437<p> If the value of the parameter is a hexadecimal long integer starting 15438with "0x", the bug work-arounds corresponding to the bits specified in 15439its value are removed from the <b>SSL_OP_ALL</b> work-around bit-mask 15440(see openssl/ssl.h and SSL_CTX_set_options(3)). You can specify more 15441bits than are present in SSL_OP_ALL, excess bits are ignored. Specifying 154420xFFFFFFFF disables all bug-workarounds on a 32-bit system. This should 15443also be sufficient on 64-bit systems, until OpenSSL abandons support 15444for 32-bit systems and starts using the high 32 bits of a 64-bit 15445bug-workaround mask. </p> 15446 15447<p> Otherwise, the parameter is a white-space or comma separated list 15448of specific named bug work-arounds chosen from the list below. It 15449is possible that your OpenSSL version includes new bug work-arounds 15450added after your Postfix source code was last updated, in that case 15451you can only disable one of these via the hexadecimal syntax above. </p> 15452 15453<dl> 15454 15455<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 15456 15457<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 15458 15459<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 15460 15461<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased 15462as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by 15463default with OpenSSL versions that may predate the fix. Fixed in 15464OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd> 15465 15466<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See 15467SSL_CTX_set_options(3)</dd> 15468 15469<dt><b>MICROSOFT_BIG_SSLV3_BUFFER</b></dt> <dd>See 15470SSL_CTX_set_options(3)</dd> 15471 15472<dt><b>MSIE_SSLV2_RSA_PADDING</b></dt> <dd> also aliased as 15473<b>CVE-2005-2969</b>. Postfix 2.8 disables this work-around by 15474default with OpenSSL versions that may predate the fix. Fixed in 15475OpenSSL 0.9.7h and OpenSSL 0.9.8a.</dd> 15476 15477<dt><b>SSLEAY_080_CLIENT_DH_BUG</b></dt> <dd>See 15478SSL_CTX_set_options(3)</dd> 15479 15480<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 15481 15482<dt><b>TLS_BLOCK_PADDING_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 15483 15484<dt><b>TLS_ROLLBACK_BUG</b></dt> <dd>See SSL_CTX_set_options(3). 15485This is disabled in OpenSSL 0.9.7 and later. Nobody should still 15486be using 0.9.6! </dd> 15487 15488<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See 15489SSL_CTX_set_options(3)</dd> 15490 15491<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in 15492OpenSSL 1.0.0.</dd> 15493 15494</dl> 15495 15496<p> This feature is available in Postfix 2.8 and later. </p> 15497 15498 15499</DD> 15500 15501<DT><b><a name="tls_eecdh_strong_curve">tls_eecdh_strong_curve</a> 15502(default: prime256v1)</b></DT><DD> 15503 15504<p> The elliptic curve used by the Postfix SMTP server for sensibly 15505strong 15506ephemeral ECDH key exchange. This curve is used by the Postfix SMTP 15507server when "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = strong". The phrase "sensibly 15508strong" means approximately 128-bit security based on best known 15509attacks. The selected curve must be implemented by OpenSSL (as 15510reported by ecparam(1) with the "-list_curves" option) and be one 15511of the curves listed in Section 5.1.1 of <a href="http://tools.ietf.org/html/rfc4492">RFC 4492</a>. You should not 15512generally change this setting. </p> 15513 15514<p> This default curve is specified in NSA "Suite B" Cryptography 15515(see <a href="http://www.nsa.gov/ia/industry/crypto_suite_b.cfm">http://www.nsa.gov/ia/industry/crypto_suite_b.cfm</a>) for 15516information classified as SECRET. </p> 15517 15518<p> Note: elliptic curve names are poorly standardized; different 15519standards groups are assigning different names to the same underlying 15520curves. The curve with the X9.62 name "prime256v1" is also known 15521under the SECG name "secp256r1", but OpenSSL does not recognize the 15522latter name. </p> 15523 15524<p> This feature is available in Postfix 2.6 and later, when it is 15525compiled and linked with OpenSSL 1.0.0 or later. </p> 15526 15527 15528</DD> 15529 15530<DT><b><a name="tls_eecdh_ultra_curve">tls_eecdh_ultra_curve</a> 15531(default: secp384r1)</b></DT><DD> 15532 15533<p> The elliptic curve used by the Postfix SMTP server for maximally 15534strong 15535ephemeral ECDH key exchange. This curve is used by the Postfix SMTP 15536server when "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = ultra". The phrase "maximally 15537strong" means approximately 192-bit security based on best known attacks. 15538This additional strength comes at a significant computational cost, most 15539users should instead set "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = strong". The selected 15540curve must be implemented by OpenSSL (as reported by ecparam(1) with the 15541"-list_curves" option) and be one of the curves listed in Section 5.1.1 15542of <a href="http://tools.ietf.org/html/rfc4492">RFC 4492</a>. You should not generally change this setting. </p> 15543 15544<p> This default "ultra" curve is specified in NSA "Suite B" Cryptography 15545(see <a href="http://www.nsa.gov/ia/industry/crypto_suite_b.cfm">http://www.nsa.gov/ia/industry/crypto_suite_b.cfm</a>) for information 15546classified as TOP SECRET. </p> 15547 15548<p> This feature is available in Postfix 2.6 and later, when it is 15549compiled and linked with OpenSSL 1.0.0 or later. </p> 15550 15551 15552</DD> 15553 15554<DT><b><a name="tls_export_cipherlist">tls_export_cipherlist</a> 15555(default: ALL:+RC4:@STRENGTH)</b></DT><DD> 15556 15557<p> The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This 15558defines the meaning of the "export" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, 15559<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. This is 15560the cipherlist for the opportunistic ("may") TLS client security 15561level and is the default cipherlist for the SMTP server. You are 15562strongly encouraged to not change this setting. With OpenSSL 1.0.0 and 15563later the cipherlist may start with an "aNULL:" prefix, which restores 15564the 0.9.8-compatible ordering of the aNULL ciphers to the top of the 15565list when they are enabled. This prefix is not needed with previous 15566OpenSSL releases. </p> 15567 15568<p> This feature is available in Postfix 2.3 and later. </p> 15569 15570 15571</DD> 15572 15573<DT><b><a name="tls_high_cipherlist">tls_high_cipherlist</a> 15574(default: ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)</b></DT><DD> 15575 15576<p> The OpenSSL cipherlist for "HIGH" grade ciphers. This defines 15577the meaning of the "high" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, 15578<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are 15579strongly encouraged to not change this setting. With OpenSSL 1.0.0 and 15580later the cipherlist may start with an "aNULL:" prefix, which restores 15581the 0.9.8-compatible ordering of the aNULL ciphers to the top of the 15582list when they are enabled. This prefix is not needed with previous 15583OpenSSL releases. </p> 15584 15585<p> This feature is available in Postfix 2.3 and later. </p> 15586 15587 15588</DD> 15589 15590<DT><b><a name="tls_low_cipherlist">tls_low_cipherlist</a> 15591(default: ALL:!EXPORT:+RC4:@STRENGTH)</b></DT><DD> 15592 15593<p> The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines 15594the meaning of the "low" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, 15595<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are 15596strongly encouraged to not change this setting. With OpenSSL 1.0.0 and 15597later the cipherlist may start with an "aNULL:" prefix, which restores 15598the 0.9.8-compatible ordering of the aNULL ciphers to the top of the 15599list when they are enabled. This prefix is not needed with previous 15600OpenSSL releases. </p> 15601 15602<p> This feature is available in Postfix 2.3 and later. </p> 15603 15604 15605</DD> 15606 15607<DT><b><a name="tls_medium_cipherlist">tls_medium_cipherlist</a> 15608(default: ALL:!EXPORT:!LOW:+RC4:@STRENGTH)</b></DT><DD> 15609 15610<p> The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This 15611defines the meaning of the "medium" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, 15612<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. This is 15613the default cipherlist for mandatory TLS encryption in the TLS 15614client (with anonymous ciphers disabled when verifying server 15615certificates). You are strongly encouraged to not change this 15616setting. With OpenSSL 1.0.0 and later the cipherlist may start with an 15617"aNULL:" prefix, which restores the 0.9.8-compatible ordering of the 15618aNULL ciphers to the top of the list when they are enabled. This prefix 15619is not needed with previous OpenSSL releases. </p> 15620 15621<p> This feature is available in Postfix 2.3 and later. </p> 15622 15623 15624</DD> 15625 15626<DT><b><a name="tls_null_cipherlist">tls_null_cipherlist</a> 15627(default: eNULL:!aNULL)</b></DT><DD> 15628 15629<p> The OpenSSL cipherlist for "NULL" grade ciphers that provide 15630authentication without encryption. This defines the meaning of the "null" 15631setting in smtpd_mandatory_tls_ciphers, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and 15632<a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are strongly encouraged to not 15633change this setting. </p> 15634 15635<p> This feature is available in Postfix 2.3 and later. </p> 15636 15637 15638</DD> 15639 15640<DT><b><a name="tls_preempt_cipherlist">tls_preempt_cipherlist</a> 15641(default: no)</b></DT><DD> 15642 15643<p> With SSLv3 and later, use the Postfix SMTP server's cipher 15644preference order instead of the remote client's cipher preference 15645order. </p> 15646 15647<p> By default, the OpenSSL server selects the client's most preferred 15648cipher that the server supports. With SSLv3 and later, the server may 15649choose its own most preferred cipher that is supported (offered) by 15650the client. Setting "<a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> = yes" enables server cipher 15651preferences. </p> 15652 15653<p> While server cipher selection may in some cases lead to a more secure 15654or performant cipher choice, there is some risk of interoperability 15655issues. In the past, some SSL clients have listed lower priority ciphers 15656that they did not implement correctly. If the server chooses a cipher 15657that the client prefers less, it may select a cipher whose client 15658implementation is flawed. </p> 15659 15660<p> This feature is available in Postfix 2.8 and later, in combination 15661with OpenSSL 0.9.7 and later. </p> 15662 15663 15664</DD> 15665 15666<DT><b><a name="tls_random_bytes">tls_random_bytes</a> 15667(default: 32)</b></DT><DD> 15668 15669<p> The number of bytes that <a href="tlsmgr.8.html">tlsmgr(8)</a> reads from $<a href="postconf.5.html#tls_random_source">tls_random_source</a> 15670when (re)seeding the in-memory pseudo random number generator (PRNG) 15671pool. The default of 32 bytes (256 bits) is good enough for 128bit 15672symmetric keys. If using EGD or a device file, a maximum of 255 15673bytes is read. </p> 15674 15675<p> This feature is available in Postfix 2.2 and later. </p> 15676 15677 15678</DD> 15679 15680<DT><b><a name="tls_random_exchange_name">tls_random_exchange_name</a> 15681(default: see "postconf -d" output)</b></DT><DD> 15682 15683<p> Name of the pseudo random number generator (PRNG) state file 15684that is maintained by <a href="tlsmgr.8.html">tlsmgr(8)</a>. The file is created when it does 15685not exist, and its length is fixed at 1024 bytes. </p> 15686 15687<p> As of version 2.5, Postfix no longer uses root privileges when 15688opening this file, and the default file location was changed from 15689${<a href="postconf.5.html#config_directory">config_directory</a>}/prng_exch to ${<a href="postconf.5.html#data_directory">data_directory</a>}/prng_exch. As 15690a migration aid, an attempt to open the file under a non-Postfix 15691directory is redirected to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a 15692warning is logged. </p> 15693 15694<p> This feature is available in Postfix 2.2 and later. </p> 15695 15696 15697</DD> 15698 15699<DT><b><a name="tls_random_prng_update_period">tls_random_prng_update_period</a> 15700(default: 3600s)</b></DT><DD> 15701 15702<p> The time between attempts by <a href="tlsmgr.8.html">tlsmgr(8)</a> to save the state of 15703the pseudo random number generator (PRNG) to the file specified 15704with $<a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a>. </p> 15705 15706<p> This feature is available in Postfix 2.2 and later. </p> 15707 15708 15709</DD> 15710 15711<DT><b><a name="tls_random_reseed_period">tls_random_reseed_period</a> 15712(default: 3600s)</b></DT><DD> 15713 15714<p> The maximal time between attempts by <a href="tlsmgr.8.html">tlsmgr(8)</a> to re-seed the 15715in-memory pseudo random number generator (PRNG) pool from external 15716sources. The actual time between re-seeding attempts is calculated 15717using the PRNG, and is between 0 and the time specified. </p> 15718 15719<p> This feature is available in Postfix 2.2 and later. </p> 15720 15721 15722</DD> 15723 15724<DT><b><a name="tls_random_source">tls_random_source</a> 15725(default: see "postconf -d" output)</b></DT><DD> 15726 15727<p> The external entropy source for the in-memory <a href="tlsmgr.8.html">tlsmgr(8)</a> pseudo 15728random number generator (PRNG) pool. Be sure to specify a non-blocking 15729source. If this source is not a regular file, the entropy source 15730type must be prepended: egd:/path/to/egd_socket for a source with 15731EGD compatible socket interface, or dev:/path/to/device for a 15732device file. </p> 15733 15734<p> Note: on OpenBSD systems specify /dev/arandom when /dev/urandom 15735gives timeout errors. </p> 15736 15737<p> This feature is available in Postfix 2.2 and later. </p> 15738 15739 15740</DD> 15741 15742<DT><b><a name="tlsproxy_enforce_tls">tlsproxy_enforce_tls</a> 15743(default: $<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b></DT><DD> 15744 15745<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, and 15746require that clients use TLS encryption. See <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> for 15747further details. </p> 15748 15749<p> This feature is available in Postfix 2.8 and later. </p> 15750 15751 15752</DD> 15753 15754<DT><b><a name="tlsproxy_service_name">tlsproxy_service_name</a> 15755(default: tlsproxy)</b></DT><DD> 15756 15757<p> The name of the <a href="tlsproxy.8.html">tlsproxy(8)</a> service entry in <a href="master.5.html">master.cf</a>. This 15758service performs plaintext <=> TLS ciphertext conversion. <p> 15759 15760<p> This feature is available in Postfix 2.8 and later. </p> 15761 15762 15763</DD> 15764 15765<DT><b><a name="tlsproxy_tls_CAfile">tlsproxy_tls_CAfile</a> 15766(default: $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>)</b></DT><DD> 15767 15768<p> A file containing (PEM format) CA certificates of root CAs 15769trusted to sign either remote SMTP client certificates or intermediate 15770CA certificates. See <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> for further details. </p> 15771 15772<p> This feature is available in Postfix 2.8 and later. </p> 15773 15774 15775</DD> 15776 15777<DT><b><a name="tlsproxy_tls_CApath">tlsproxy_tls_CApath</a> 15778(default: $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>)</b></DT><DD> 15779 15780<p> A directory containing (PEM format) CA certificates of root CAs 15781trusted to sign either remote SMTP client certificates or intermediate 15782CA certificates. See <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> for further details. </p> 15783 15784<p> This feature is available in Postfix 2.8 and later. </p> 15785 15786 15787</DD> 15788 15789<DT><b><a name="tlsproxy_tls_always_issue_session_ids">tlsproxy_tls_always_issue_session_ids</a> 15790(default: $<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a>)</b></DT><DD> 15791 15792<p> Force the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server to issue a TLS session id, 15793even when TLS session caching is turned off. See 15794<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> for further details. </p> 15795 15796<p> This feature is available in Postfix 2.8 and later. </p> 15797 15798 15799</DD> 15800 15801<DT><b><a name="tlsproxy_tls_ask_ccert">tlsproxy_tls_ask_ccert</a> 15802(default: $<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>)</b></DT><DD> 15803 15804<p> Ask a remote SMTP client for a client certificate. See 15805<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> for further details. </p> 15806 15807<p> This feature is available in Postfix 2.8 and later. </p> 15808 15809 15810</DD> 15811 15812<DT><b><a name="tlsproxy_tls_ccert_verifydepth">tlsproxy_tls_ccert_verifydepth</a> 15813(default: $<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a>)</b></DT><DD> 15814 15815<p> The verification depth for remote SMTP client certificates. A 15816depth of 1 is sufficient if the issuing CA is listed in a local CA 15817file. See <a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> for further details. </p> 15818 15819<p> This feature is available in Postfix 2.8 and later. </p> 15820 15821 15822</DD> 15823 15824<DT><b><a name="tlsproxy_tls_cert_file">tlsproxy_tls_cert_file</a> 15825(default: $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b></DT><DD> 15826 15827<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server RSA certificate in PEM 15828format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 15829private RSA key. See <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for further details. </p> 15830 15831<p> This feature is available in Postfix 2.8 and later. </p> 15832 15833 15834</DD> 15835 15836<DT><b><a name="tlsproxy_tls_ciphers">tlsproxy_tls_ciphers</a> 15837(default: $<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>)</b></DT><DD> 15838 15839<p> The minimum TLS cipher grade that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 15840will use with opportunistic TLS encryption. See <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> 15841for further details. </p> 15842 15843<p> This feature is available in Postfix 2.8 and later. </p> 15844 15845 15846</DD> 15847 15848<DT><b><a name="tlsproxy_tls_dcert_file">tlsproxy_tls_dcert_file</a> 15849(default: $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b></DT><DD> 15850 15851<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server DSA certificate in PEM 15852format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 15853private DSA key. See <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> for further details. 15854</p> 15855 15856<p> This feature is available in Postfix 2.8 and later. </p> 15857 15858 15859</DD> 15860 15861<DT><b><a name="tlsproxy_tls_dh1024_param_file">tlsproxy_tls_dh1024_param_file</a> 15862(default: $<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>)</b></DT><DD> 15863 15864<p> File with DH parameters that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 15865should use with EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> for 15866further details. </p> 15867 15868<p> This feature is available in Postfix 2.8 and later. </p> 15869 15870 15871</DD> 15872 15873<DT><b><a name="tlsproxy_tls_dh512_param_file">tlsproxy_tls_dh512_param_file</a> 15874(default: $<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>)</b></DT><DD> 15875 15876<p> File with DH parameters that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 15877should use with EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> for 15878further details. </p> 15879 15880<p> This feature is available in Postfix 2.8 and later. </p> 15881 15882 15883</DD> 15884 15885<DT><b><a name="tlsproxy_tls_dkey_file">tlsproxy_tls_dkey_file</a> 15886(default: $<a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a>)</b></DT><DD> 15887 15888<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server DSA private key in PEM 15889format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> 15890server DSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. 15891See <a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> for further details. </p> 15892 15893<p> This feature is available in Postfix 2.8 and later. </p> 15894 15895 15896</DD> 15897 15898<DT><b><a name="tlsproxy_tls_eccert_file">tlsproxy_tls_eccert_file</a> 15899(default: $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b></DT><DD> 15900 15901<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server ECDSA certificate in 15902PEM format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> 15903server private ECDSA key. See <a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> for further 15904details. </p> 15905 15906<p> This feature is available in Postfix 2.8 and later. </p> 15907 15908 15909</DD> 15910 15911<DT><b><a name="tlsproxy_tls_eckey_file">tlsproxy_tls_eckey_file</a> 15912(default: $<a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a>)</b></DT><DD> 15913 15914<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server ECDSA private key in 15915PEM format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> 15916server ECDSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. 15917See <a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> for further details. </p> 15918 15919<p> This feature is available in Postfix 2.8 and later. </p> 15920 15921 15922</DD> 15923 15924<DT><b><a name="tlsproxy_tls_eecdh_grade">tlsproxy_tls_eecdh_grade</a> 15925(default: $<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a>)</b></DT><DD> 15926 15927<p> The Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server security grade for ephemeral 15928elliptic-curve Diffie-Hellman (EECDH) key exchange. See 15929<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> for further details. </p> 15930 15931<p> This feature is available in Postfix 2.8 and later. </p> 15932 15933 15934</DD> 15935 15936<DT><b><a name="tlsproxy_tls_exclude_ciphers">tlsproxy_tls_exclude_ciphers</a> 15937(default: $<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>)</b></DT><DD> 15938 15939<p> List of ciphers or cipher types to exclude from the <a href="tlsproxy.8.html">tlsproxy(8)</a> 15940server cipher list at all TLS security levels. See 15941<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> for further details. </p> 15942 15943<p> This feature is available in Postfix 2.8 and later. </p> 15944 15945 15946</DD> 15947 15948<DT><b><a name="tlsproxy_tls_fingerprint_digest">tlsproxy_tls_fingerprint_digest</a> 15949(default: $<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a>)</b></DT><DD> 15950 15951<p> The message digest algorithm to construct remote SMTP 15952client-certificate 15953fingerprints. See <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> for further details. 15954</p> 15955 15956<p> This feature is available in Postfix 2.8 and later. </p> 15957 15958 15959</DD> 15960 15961<DT><b><a name="tlsproxy_tls_key_file">tlsproxy_tls_key_file</a> 15962(default: $<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a>)</b></DT><DD> 15963 15964<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server RSA private key in PEM 15965format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> 15966server RSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>. 15967See <a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> for further details. </p> 15968 15969<p> This feature is available in Postfix 2.8 and later. </p> 15970 15971 15972</DD> 15973 15974<DT><b><a name="tlsproxy_tls_loglevel">tlsproxy_tls_loglevel</a> 15975(default: $<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a>)</b></DT><DD> 15976 15977<p> Enable additional Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server logging of TLS 15978activity. Each logging level also includes the information that 15979is logged at a lower logging level. See <a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> for 15980further details. </p> 15981 15982<p> This feature is available in Postfix 2.8 and later. </p> 15983 15984 15985</DD> 15986 15987<DT><b><a name="tlsproxy_tls_mandatory_ciphers">tlsproxy_tls_mandatory_ciphers</a> 15988(default: $<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>)</b></DT><DD> 15989 15990<p> The minimum TLS cipher grade that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 15991will use with mandatory TLS encryption. See <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> 15992for further details. </p> 15993 15994<p> This feature is available in Postfix 2.8 and later. </p> 15995 15996 15997</DD> 15998 15999<DT><b><a name="tlsproxy_tls_mandatory_exclude_ciphers">tlsproxy_tls_mandatory_exclude_ciphers</a> 16000(default: $<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a>)</b></DT><DD> 16001 16002<p> Additional list of ciphers or cipher types to exclude from the 16003<a href="tlsproxy.8.html">tlsproxy(8)</a> server cipher list at mandatory TLS security levels. 16004See <a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> for further details. </p> 16005 16006<p> This feature is available in Postfix 2.8 and later. </p> 16007 16008 16009</DD> 16010 16011<DT><b><a name="tlsproxy_tls_mandatory_protocols">tlsproxy_tls_mandatory_protocols</a> 16012(default: $<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>)</b></DT><DD> 16013 16014<p> The SSL/TLS protocols accepted by the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 16015with mandatory TLS encryption. If the list is empty, the server 16016supports all available SSL/TLS protocol versions. See 16017<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> for further details. </p> 16018 16019<p> This feature is available in Postfix 2.8 and later. </p> 16020 16021 16022</DD> 16023 16024<DT><b><a name="tlsproxy_tls_protocols">tlsproxy_tls_protocols</a> 16025(default: $<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>)</b></DT><DD> 16026 16027<p> List of TLS protocols that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server will 16028exclude or include with opportunistic TLS encryption. See 16029<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> for further details. </p> 16030 16031<p> This feature is available in Postfix 2.8 and later. </p> 16032 16033 16034</DD> 16035 16036<DT><b><a name="tlsproxy_tls_req_ccert">tlsproxy_tls_req_ccert</a> 16037(default: $<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>)</b></DT><DD> 16038 16039<p> With mandatory TLS encryption, require a trusted remote SMTP 16040client certificate in order to allow TLS connections to proceed. 16041See <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> for further details. </p> 16042 16043<p> This feature is available in Postfix 2.8 and later. </p> 16044 16045 16046</DD> 16047 16048<DT><b><a name="tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> 16049(default: $<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b></DT><DD> 16050 16051<p> The SMTP TLS security level for the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server; 16052when a non-empty value is specified, this overrides the obsolete 16053parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>. See 16054<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> for further details. </p> 16055 16056<p> This feature is available in Postfix 2.8 and later. </p> 16057 16058 16059</DD> 16060 16061<DT><b><a name="tlsproxy_tls_session_cache_timeout">tlsproxy_tls_session_cache_timeout</a> 16062(default: $<a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>)</b></DT><DD> 16063 16064<p> The expiration time of Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server TLS session 16065cache information. A cache cleanup is performed periodically every 16066$<a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> seconds. See 16067<a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> for further details. </p> 16068 16069<p> This feature is available in Postfix 2.8 and later. </p> 16070 16071 16072</DD> 16073 16074<DT><b><a name="tlsproxy_use_tls">tlsproxy_use_tls</a> 16075(default: $<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b></DT><DD> 16076 16077<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients, 16078but do not require that clients use TLS encryption. See <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> 16079for further details. </p> 16080 16081<p> This feature is available in Postfix 2.8 and later. </p> 16082 16083 16084</DD> 16085 16086<DT><b><a name="tlsproxy_watchdog_timeout">tlsproxy_watchdog_timeout</a> 16087(default: 10s)</b></DT><DD> 16088 16089<p> How much time a <a href="tlsproxy.8.html">tlsproxy(8)</a> process may take to process local 16090or remote I/O before it is terminated by a built-in watchdog timer. 16091This is a safety mechanism that prevents <a href="tlsproxy.8.html">tlsproxy(8)</a> from becoming 16092non-responsive due to a bug in Postfix itself or in system software. 16093To avoid false alarms and unnecessary cache corruption this limit 16094cannot be set under 10s. </p> 16095 16096<p> Specify a non-zero time value (an integral value plus an optional 16097one-letter suffix that specifies the time unit). Time units: s 16098(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 16099 16100<p> This feature is available in Postfix 2.8. </p> 16101 16102 16103</DD> 16104 16105<DT><b><a name="trace_service_name">trace_service_name</a> 16106(default: trace)</b></DT><DD> 16107 16108<p> 16109The name of the trace service. This service is implemented by the 16110<a href="bounce.8.html">bounce(8)</a> daemon and maintains a record 16111of mail deliveries and produces a mail delivery report when verbose 16112delivery is requested with "<b>sendmail -v</b>". 16113</p> 16114 16115<p> 16116This feature is available in Postfix 2.1 and later. 16117</p> 16118 16119 16120</DD> 16121 16122<DT><b><a name="transport_delivery_slot_cost">transport_delivery_slot_cost</a> 16123(default: $<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>)</b></DT><DD> 16124 16125<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> 16126parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 16127the message delivery transport. </p> 16128 16129<p> Note: <a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> parameters will not 16130show up in "postconf" command output before Postfix version 2.9. 16131This limitation applies to many parameters whose name is a combination 16132of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case: 16133"_delivery_slot_cost"). </p> 16134 16135 16136</DD> 16137 16138<DT><b><a name="transport_delivery_slot_discount">transport_delivery_slot_discount</a> 16139(default: $<a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a>)</b></DT><DD> 16140 16141<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a> 16142parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 16143the message delivery transport. </p> 16144 16145<p> Note: <a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> parameters will 16146not show up in "postconf" command output before Postfix version 161472.9. This limitation applies to many parameters whose name is a 16148combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 16149this case: "_delivery_slot_discount"). </p> 16150 16151 16152</DD> 16153 16154<DT><b><a name="transport_delivery_slot_loan">transport_delivery_slot_loan</a> 16155(default: $<a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>)</b></DT><DD> 16156 16157<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a> 16158parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 16159the message delivery transport. </p> 16160 16161<p> Note: <a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> parameters will not 16162show up in "postconf" command output before Postfix version 2.9. 16163This limitation applies to many parameters whose name is a combination 16164of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case: 16165"_delivery_slot_loan"). </p> 16166 16167 16168</DD> 16169 16170<DT><b><a name="transport_destination_concurrency_failed_cohort_limit">transport_destination_concurrency_failed_cohort_limit</a> 16171(default: $<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a>)</b></DT><DD> 16172 16173<p> A transport-specific override for the 16174<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> parameter value, 16175where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 16176transport. </p> 16177 16178<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> 16179parameters will not show up in "postconf" command output before 16180Postfix version 2.9. This limitation applies to many parameters 16181whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 16182built-in suffix (in this case: 16183"_destination_concurrency_failed_cohort_limit"). </p> 16184 16185<p> This feature is available in Postfix 2.5 and later. </p> 16186 16187 16188</DD> 16189 16190<DT><b><a name="transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> 16191(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 16192 16193<p> A transport-specific override for the 16194<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a> parameter value, where 16195<i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 16196transport. </p> 16197 16198<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> 16199parameters will not show up in "postconf" command output before 16200Postfix version 2.9. This limitation applies to many parameters 16201whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 16202built-in suffix (in this case: "_destination_concurrency_limit"). 16203</p> 16204 16205 16206</DD> 16207 16208<DT><b><a name="transport_destination_concurrency_negative_feedback">transport_destination_concurrency_negative_feedback</a> 16209(default: $<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a>)</b></DT><DD> 16210 16211<p> A transport-specific override for the 16212<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> parameter value, 16213where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 16214transport. </p> 16215 16216<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> 16217parameters will not show up in "postconf" command output before 16218Postfix version 2.9. This limitation applies to many parameters 16219whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 16220built-in suffix (in this case: 16221"_destination_concurrency_negative_feedback"). </p> 16222 16223<p> This feature is available in Postfix 2.5 and later. </p> 16224 16225 16226</DD> 16227 16228<DT><b><a name="transport_destination_concurrency_positive_feedback">transport_destination_concurrency_positive_feedback</a> 16229(default: $<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a>)</b></DT><DD> 16230 16231<p> A transport-specific override for the 16232<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> parameter value, 16233where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 16234transport. </p> 16235 16236<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a> 16237parameters will not show up in "postconf" command output before 16238Postfix version 2.9. This limitation applies to many parameters 16239whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 16240built-in suffix (in this case: 16241"_destination_concurrency_positive_feedback"). </p> 16242 16243<p> This feature is available in Postfix 2.5 and later. </p> 16244 16245 16246</DD> 16247 16248<DT><b><a name="transport_destination_rate_delay">transport_destination_rate_delay</a> 16249(default: $<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>)</b></DT><DD> 16250 16251<p> A transport-specific override for the <a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a> 16252parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 16253the message delivery transport. </p> 16254 16255<p> Note: some <a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> parameters 16256will not show up in "postconf" command output before Postfix version 162572.9. This limitation applies to many parameters whose name is a 16258combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 16259this case: "_destination_rate_delay"). </p> 16260 16261<p> This feature is available in Postfix 2.5 and later. </p> 16262 16263 16264</DD> 16265 16266<DT><b><a name="transport_destination_recipient_limit">transport_destination_recipient_limit</a> 16267(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 16268 16269<p> A transport-specific override for the 16270<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a> parameter value, where 16271<i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 16272transport. </p> 16273 16274<p> Note: some <a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> parameters 16275will not show up in "postconf" command output before Postfix version 162762.9. This limitation applies to many parameters whose name is a 16277combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 16278this case: "_destination_recipient_limit"). </p> 16279 16280 16281</DD> 16282 16283<DT><b><a name="transport_extra_recipient_limit">transport_extra_recipient_limit</a> 16284(default: $<a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a>)</b></DT><DD> 16285 16286<p> A transport-specific override for the <a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a> 16287parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 16288the message delivery transport. </p> 16289 16290<p> Note: <a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> parameters will 16291not show up in "postconf" command output before Postfix version 162922.9. This limitation applies to many parameters whose name is a 16293combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 16294this case: "_extra_recipient_limit"). </p> 16295 16296 16297</DD> 16298 16299<DT><b><a name="transport_initial_destination_concurrency">transport_initial_destination_concurrency</a> 16300(default: $<a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a>)</b></DT><DD> 16301 16302<p> A transport-specific override for the <a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a> 16303parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 16304the message delivery transport. </p> 16305 16306<p> Note: some <a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> 16307parameters will not show up in "postconf" command output before 16308Postfix version 2.9. This limitation applies to many parameters 16309whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 16310built-in suffix (in this case: "_initial_destination_concurrency"). 16311</p> 16312 16313<p> This feature is available in Postfix 2.5 and later. </p> 16314 16315 16316</DD> 16317 16318<DT><b><a name="transport_maps">transport_maps</a> 16319(default: empty)</b></DT><DD> 16320 16321<p> 16322Optional lookup tables with mappings from recipient address to 16323(message delivery transport, next-hop destination). See <a href="transport.5.html">transport(5)</a> 16324for details. 16325</p> 16326 16327<p> 16328Specify zero or more "<a href="DATABASE_README.html">type:table</a>" lookup tables. If you use this 16329feature with local files, run "<b>postmap /etc/postfix/transport</b>" 16330after making a change. </p> 16331 16332<p> For safety reasons, as of Postfix 2.3 this feature does not 16333allow $number substitutions in regular expression maps. </p> 16334 16335<p> 16336Examples: 16337</p> 16338 16339<pre> 16340<a href="postconf.5.html#transport_maps">transport_maps</a> = dbm:/etc/postfix/transport 16341<a href="postconf.5.html#transport_maps">transport_maps</a> = hash:/etc/postfix/transport 16342</pre> 16343 16344 16345</DD> 16346 16347<DT><b><a name="transport_minimum_delivery_slots">transport_minimum_delivery_slots</a> 16348(default: $<a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a>)</b></DT><DD> 16349 16350<p> A transport-specific override for the <a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a> 16351parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 16352the message delivery transport. </p> 16353 16354<p> Note: <a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> parameters will 16355not show up in "postconf" command output before Postfix version 163562.9. This limitation applies to many parameters whose name is a 16357combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 16358this case: "_minimum_delivery_slots"). </p> 16359 16360 16361</DD> 16362 16363<DT><b><a name="transport_recipient_limit">transport_recipient_limit</a> 16364(default: $<a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a>)</b></DT><DD> 16365 16366<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a> 16367parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 16368the message delivery transport. </p> 16369 16370<p> Note: some <a href="postconf.5.html#transport_recipient_limit"><i>transport</i>_recipient_limit</a> parameters will not 16371show up in "postconf" command output before Postfix version 2.9. 16372This limitation applies to many parameters whose name is a combination 16373of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case: 16374"_recipient_limit"). </p> 16375 16376 16377</DD> 16378 16379<DT><b><a name="transport_recipient_refill_delay">transport_recipient_refill_delay</a> 16380(default: $<a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>)</b></DT><DD> 16381 16382<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a> 16383parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 16384the message delivery transport. </p> 16385 16386<p> Note: <a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a> parameters will 16387not show up in "postconf" command output before Postfix version 163882.9. This limitation applies to many parameters whose name is a 16389combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 16390this case: "_recipient_refill_delay"). </p> 16391 16392<p> This feature is available in Postfix 2.4 and later. </p> 16393 16394 16395</DD> 16396 16397<DT><b><a name="transport_recipient_refill_limit">transport_recipient_refill_limit</a> 16398(default: $<a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a>)</b></DT><DD> 16399 16400<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a> 16401parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 16402the message delivery transport. </p> 16403 16404<p> Note: <a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a> parameters will 16405not show up in "postconf" command output before Postfix version 164062.9. This limitation applies to many parameters whose name is a 16407combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 16408this case: "_recipient_refill_limit"). </p> 16409 16410<p> This feature is available in Postfix 2.4 and later. </p> 16411 16412 16413</DD> 16414 16415<DT><b><a name="transport_retry_time">transport_retry_time</a> 16416(default: 60s)</b></DT><DD> 16417 16418<p> 16419The time between attempts by the Postfix queue manager to contact 16420a malfunctioning message delivery transport. 16421</p> 16422 16423<p> 16424Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 16425The default time unit is s (seconds). 16426</p> 16427 16428 16429</DD> 16430 16431<DT><b><a name="transport_time_limit">transport_time_limit</a> 16432(default: $<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b></DT><DD> 16433 16434<p> A transport-specific override for the <a href="postconf.5.html#command_time_limit">command_time_limit</a> parameter 16435value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message 16436delivery transport. </p> 16437 16438<p> Note: <a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> parameters will not show up 16439in "postconf" command output before Postfix version 2.9. This 16440limitation applies to many parameters whose name is a combination 16441of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case: 16442"_time_limit"). </p> 16443 16444 16445</DD> 16446 16447<DT><b><a name="trigger_timeout">trigger_timeout</a> 16448(default: 10s)</b></DT><DD> 16449 16450<p> 16451The time limit for sending a trigger to a Postfix daemon (for 16452example, the <a href="pickup.8.html">pickup(8)</a> or <a href="qmgr.8.html">qmgr(8)</a> daemon). This time limit prevents 16453programs from getting stuck when the mail system is under heavy 16454load. 16455</p> 16456 16457<p> 16458Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 16459The default time unit is s (seconds). 16460</p> 16461 16462 16463</DD> 16464 16465<DT><b><a name="undisclosed_recipients_header">undisclosed_recipients_header</a> 16466(default: see "postconf -d" output)</b></DT><DD> 16467 16468<p> 16469Message header that the Postfix <a href="cleanup.8.html">cleanup(8)</a> server inserts when a 16470message contains no To: or Cc: message header. With Postfix 2.8 16471and later, the default value is empty. With Postfix 2.4-2.7, 16472specify an empty value to disable this feature. </p> 16473 16474<p> Example: </p> 16475 16476<pre> 16477# Default value before Postfix 2.8. 16478# Note: the ":" and ";" are both required. 16479<a href="postconf.5.html#undisclosed_recipients_header">undisclosed_recipients_header</a> = To: undisclosed-recipients:; 16480</pre> 16481 16482 16483</DD> 16484 16485<DT><b><a name="unknown_address_reject_code">unknown_address_reject_code</a> 16486(default: 450)</b></DT><DD> 16487 16488<p> 16489The numerical Postfix SMTP server response code when a sender or 16490recipient address is rejected by the <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> 16491or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction. The response is 16492always 450 in case of a temporary DNS error. 16493</p> 16494 16495<p> 16496Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. 16497</p> 16498 16499 16500</DD> 16501 16502<DT><b><a name="unknown_address_tempfail_action">unknown_address_tempfail_action</a> 16503(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD> 16504 16505<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> 16506or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> fail due to a temporary error 16507condition. Specify "defer" to defer the remote SMTP client request 16508immediately. With the default "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix 16509SMTP server continues to look for opportunities to reject mail, and 16510defers the client request only if it would otherwise be accepted. 16511</p> 16512 16513<p> This feature is available in Postfix 2.6 and later. </p> 16514 16515 16516</DD> 16517 16518<DT><b><a name="unknown_client_reject_code">unknown_client_reject_code</a> 16519(default: 450)</b></DT><DD> 16520 16521<p> 16522The numerical Postfix SMTP server response code when a client 16523without valid address <=> name mapping is rejected by the 16524<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> restriction. The SMTP server always replies 16525with 450 when the mapping failed due to a temporary error condition. 16526</p> 16527 16528<p> 16529Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. 16530</p> 16531 16532 16533</DD> 16534 16535<DT><b><a name="unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> 16536(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD> 16537 16538<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> 16539fails due to an temporary error condition. Specify "defer" to defer 16540the remote SMTP client request immediately. With the default 16541"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look 16542for opportunities to reject mail, and defers the client request 16543only if it would otherwise be accepted. </p> 16544 16545<p> This feature is available in Postfix 2.6 and later. </p> 16546 16547 16548</DD> 16549 16550<DT><b><a name="unknown_hostname_reject_code">unknown_hostname_reject_code</a> 16551(default: 450)</b></DT><DD> 16552 16553<p> 16554The numerical Postfix SMTP server response code when the hostname 16555specified with the HELO or EHLO command is rejected by the 16556<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction. 16557</p> 16558 16559<p> 16560Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. 16561</p> 16562 16563 16564</DD> 16565 16566<DT><b><a name="unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> 16567(default: 550)</b></DT><DD> 16568 16569<p> 16570The numerical Postfix SMTP server response code when a recipient 16571address is local, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of 16572lookup tables that does not match the recipient. A recipient 16573address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, 16574$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> or $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. 16575</p> 16576 16577<p> 16578The default setting is 550 (reject mail) but it is safer to initially 16579use 450 (try again later) so you have time to find out if your 16580<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> settings are OK. 16581</p> 16582 16583<p> 16584Example: 16585</p> 16586 16587<pre> 16588<a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> = 450 16589</pre> 16590 16591<p> 16592This feature is available in Postfix 2.0 and later. 16593</p> 16594 16595 16596</DD> 16597 16598<DT><b><a name="unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> 16599(default: 550)</b></DT><DD> 16600 16601<p> 16602The numerical Postfix SMTP server reply code when a recipient 16603address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies 16604a list of lookup tables that does not match the recipient address. 16605</p> 16606 16607<p> 16608This feature is available in Postfix 2.0 and later. 16609</p> 16610 16611 16612</DD> 16613 16614<DT><b><a name="unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> 16615(default: 550)</b></DT><DD> 16616 16617<p> 16618The Postfix SMTP server reply code when a recipient address matches 16619$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> specifies a list 16620of lookup tables that does not match the recipient address. 16621</p> 16622 16623<p> 16624This feature is available in Postfix 2.0 and later. 16625</p> 16626 16627 16628</DD> 16629 16630<DT><b><a name="unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> 16631(default: 550)</b></DT><DD> 16632 16633<p> 16634The Postfix SMTP server reply code when a recipient address matches 16635$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> specifies a list 16636of lookup tables that does not match the recipient address. 16637</p> 16638 16639<p> 16640This feature is available in Postfix 2.0 and later. 16641</p> 16642 16643 16644</DD> 16645 16646<DT><b><a name="unverified_recipient_defer_code">unverified_recipient_defer_code</a> 16647(default: 450)</b></DT><DD> 16648 16649<p> 16650The numerical Postfix SMTP server response when a recipient address 16651probe fails due to a temporary error condition. 16652</p> 16653 16654<p> 16655Unlike elsewhere in Postfix, you can specify 250 in order to 16656accept the address anyway. 16657</p> 16658 16659<p> 16660Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. 16661</p> 16662 16663<p> 16664This feature is available in Postfix 2.6 and later. 16665</p> 16666 16667 16668</DD> 16669 16670<DT><b><a name="unverified_recipient_reject_code">unverified_recipient_reject_code</a> 16671(default: 450)</b></DT><DD> 16672 16673<p> 16674The numerical Postfix SMTP server response when a recipient address 16675is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restriction. 16676</p> 16677 16678<p> 16679Unlike elsewhere in Postfix, you can specify 250 in order to 16680accept the address anyway. 16681</p> 16682 16683<p> 16684Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. 16685</p> 16686 16687<p> 16688This feature is available in Postfix 2.1 and later. 16689</p> 16690 16691 16692</DD> 16693 16694<DT><b><a name="unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> 16695(default: empty)</b></DT><DD> 16696 16697<p> The Postfix SMTP server's reply when rejecting mail with 16698<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>. Do not include the numeric SMTP reply 16699code or the enhanced status code. By default, the response includes 16700actual address verification details. 16701 16702<p> Example: </p> 16703 16704<pre> 16705<a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> = Recipient address lookup failed 16706</pre> 16707 16708<p> This feature is available in Postfix 2.6 and later. </p> 16709 16710 16711</DD> 16712 16713<DT><b><a name="unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> 16714(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD> 16715 16716<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> 16717fails due to a temporary error condition. Specify "defer" to defer 16718the remote SMTP client request immediately. With the default 16719"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look 16720for opportunities to reject mail, and defers the client request 16721only if it would otherwise be accepted. </p> 16722 16723<p> This feature is available in Postfix 2.6 and later. </p> 16724 16725 16726</DD> 16727 16728<DT><b><a name="unverified_sender_defer_code">unverified_sender_defer_code</a> 16729(default: 450)</b></DT><DD> 16730 16731<p> 16732The numerical Postfix SMTP server response code when a sender address 16733probe fails due to a temporary error condition. 16734</p> 16735 16736<p> 16737Unlike elsewhere in Postfix, you can specify 250 in order to 16738accept the address anyway. 16739</p> 16740 16741<p> 16742Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. 16743</p> 16744 16745<p> 16746This feature is available in Postfix 2.6 and later. 16747</p> 16748 16749 16750</DD> 16751 16752<DT><b><a name="unverified_sender_reject_code">unverified_sender_reject_code</a> 16753(default: 450)</b></DT><DD> 16754 16755<p> 16756The numerical Postfix SMTP server response code when a recipient 16757address is rejected by the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction. 16758</p> 16759 16760<p> 16761Unlike elsewhere in Postfix, you can specify 250 in order to 16762accept the address anyway. 16763</p> 16764 16765<p> 16766Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. 16767</p> 16768 16769<p> 16770This feature is available in Postfix 2.1 and later. 16771</p> 16772 16773 16774</DD> 16775 16776<DT><b><a name="unverified_sender_reject_reason">unverified_sender_reject_reason</a> 16777(default: empty)</b></DT><DD> 16778 16779<p> The Postfix SMTP server's reply when rejecting mail with 16780<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>. Do not include the numeric SMTP reply 16781code or the enhanced status code. By default, the response includes 16782actual address verification details. 16783 16784<p> Example: </p> 16785 16786<pre> 16787<a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> = Sender address lookup failed 16788</pre> 16789 16790<p> This feature is available in Postfix 2.6 and later. </p> 16791 16792 16793</DD> 16794 16795<DT><b><a name="unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> 16796(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD> 16797 16798<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> 16799fails due to a temporary error condition. Specify "defer" to defer 16800the remote SMTP client request immediately. With the default 16801"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look 16802for opportunities to reject mail, and defers the client request 16803only if it would otherwise be accepted. </p> 16804 16805<p> This feature is available in Postfix 2.6 and later. </p> 16806 16807 16808</DD> 16809 16810<DT><b><a name="verp_delimiter_filter">verp_delimiter_filter</a> 16811(default: -=+)</b></DT><DD> 16812 16813<p> 16814The characters Postfix accepts as VERP delimiter characters on the 16815Postfix <a href="sendmail.1.html">sendmail(1)</a> command line and in SMTP commands. 16816</p> 16817 16818<p> 16819This feature is available in Postfix 1.1 and later. 16820</p> 16821 16822 16823</DD> 16824 16825<DT><b><a name="virtual_alias_domains">virtual_alias_domains</a> 16826(default: $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b></DT><DD> 16827 16828<p> Postfix is final destination for the specified list of virtual 16829alias domains, that is, domains for which all addresses are aliased 16830to addresses in other local or remote domains. The SMTP server 16831validates recipient addresses with $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> and rejects 16832non-existent recipients. See also the <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> class 16833in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file </p> 16834 16835<p> 16836This feature is available in Postfix 2.0 and later. The default 16837value is backwards compatible with Postfix version 1.1. 16838</p> 16839 16840<p> 16841The default value is $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> so that you can keep all 16842information about <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a> in one place. If you have 16843many users, it is better to separate information that changes more 16844frequently (virtual address -> local or remote address mapping) 16845from information that changes less frequently (the list of virtual 16846domain names). 16847</p> 16848 16849<p> Specify a list of host or domain names, "/file/name" or 16850"<a href="DATABASE_README.html">type:table</a>" patterns, separated by commas and/or whitespace. A 16851"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" 16852lookup table is matched when a table entry matches a lookup string 16853(the lookup result is ignored). Continue long lines by starting 16854the next line with whitespace. Specify "!pattern" to exclude a host 16855or domain name from the list. The form "!/file/name" is supported 16856only in Postfix version 2.4 and later. </p> 16857 16858<p> 16859See also the <a href="VIRTUAL_README.html">VIRTUAL_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents 16860for further information. 16861</p> 16862 16863<p> 16864Example: 16865</p> 16866 16867<pre> 16868<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> = virtual1.tld virtual2.tld 16869</pre> 16870 16871 16872</DD> 16873 16874<DT><b><a name="virtual_alias_expansion_limit">virtual_alias_expansion_limit</a> 16875(default: 1000)</b></DT><DD> 16876 16877<p> 16878The maximal number of addresses that virtual alias expansion produces 16879from each original recipient. 16880</p> 16881 16882<p> 16883This feature is available in Postfix 2.1 and later. 16884</p> 16885 16886 16887</DD> 16888 16889<DT><b><a name="virtual_alias_maps">virtual_alias_maps</a> 16890(default: $<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b></DT><DD> 16891 16892<p> 16893Optional lookup tables that alias specific mail addresses or domains 16894to other local or remote address. The table format and lookups 16895are documented in <a href="virtual.5.html">virtual(5)</a>. For an overview of Postfix address 16896manipulations see the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document. 16897</p> 16898 16899<p> 16900This feature is available in Postfix 2.0 and later. The default 16901value is backwards compatible with Postfix version 1.1. 16902</p> 16903 16904<p> 16905If you use this feature with indexed files, run "<b>postmap 16906/etc/postfix/virtual</b>" after changing the file. 16907</p> 16908 16909<p> 16910Examples: 16911</p> 16912 16913<pre> 16914<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = dbm:/etc/postfix/virtual 16915<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual 16916</pre> 16917 16918 16919</DD> 16920 16921<DT><b><a name="virtual_alias_recursion_limit">virtual_alias_recursion_limit</a> 16922(default: 1000)</b></DT><DD> 16923 16924<p> 16925The maximal nesting depth of virtual alias expansion. Currently 16926the recursion limit is applied only to the left branch of the 16927expansion graph, so the depth of the tree can in the worst case 16928reach the sum of the expansion and recursion limits. This may 16929change in the future. 16930</p> 16931 16932<p> 16933This feature is available in Postfix 2.1 and later. 16934</p> 16935 16936 16937</DD> 16938 16939<DT><b><a name="virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> 16940(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 16941 16942<p> The maximal number of parallel deliveries to the same destination 16943via the virtual message delivery transport. This limit is enforced 16944by the queue manager. The message delivery transport name is the 16945first field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 16946 16947 16948</DD> 16949 16950<DT><b><a name="virtual_destination_recipient_limit">virtual_destination_recipient_limit</a> 16951(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 16952 16953<p> The maximal number of recipients per message for the virtual 16954message delivery transport. This limit is enforced by the queue 16955manager. The message delivery transport name is the first field in 16956the entry in the <a href="master.5.html">master.cf</a> file. </p> 16957 16958<p> Setting this parameter to a value of 1 changes the meaning of 16959<a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> from concurrency per domain 16960into concurrency per recipient. </p> 16961 16962 16963</DD> 16964 16965<DT><b><a name="virtual_gid_maps">virtual_gid_maps</a> 16966(default: empty)</b></DT><DD> 16967 16968<p> 16969Lookup tables with the per-recipient group ID for <a href="virtual.8.html">virtual(8)</a> mailbox 16970delivery. 16971</p> 16972 16973<p> 16974In a lookup table, specify a left-hand side of "@domain.tld" to 16975match any user in the specified domain that does not have a specific 16976"user@domain.tld" entry. 16977</p> 16978 16979<p> 16980When a recipient address has an optional address extension 16981(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up 16982the full address first, and when the lookup fails, it looks up the 16983unextended address (user@domain.tld). 16984</p> 16985 16986<p> 16987Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows 16988regular expression substitution of $1 etc. in regular expression 16989lookup tables, because that would open a security hole. 16990</p> 16991 16992<p> 16993Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will 16994silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead 16995it will open the table directly. Before Postfix version 2.2, the 16996<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error. 16997</p> 16998 16999 17000</DD> 17001 17002<DT><b><a name="virtual_mailbox_base">virtual_mailbox_base</a> 17003(default: empty)</b></DT><DD> 17004 17005<p> 17006A prefix that the <a href="virtual.8.html">virtual(8)</a> delivery agent prepends to all pathname 17007results from $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> table lookups. This is a safety 17008measure to ensure that an out of control map doesn't litter the 17009file system with mailboxes. While <a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> could be 17010set to "/", this setting isn't recommended. 17011</p> 17012 17013<p> 17014Example: 17015</p> 17016 17017<pre> 17018<a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> = /var/mail 17019</pre> 17020 17021 17022</DD> 17023 17024<DT><b><a name="virtual_mailbox_domains">virtual_mailbox_domains</a> 17025(default: $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b></DT><DD> 17026 17027<p> Postfix is final destination for the specified list of domains; 17028mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail delivery transport. 17029By default this is the Postfix <a href="virtual.8.html">virtual(8)</a> delivery agent. The SMTP 17030server validates recipient addresses with $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> 17031and rejects mail for non-existent recipients. See also the virtual 17032mailbox domain class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p> 17033 17034<p> This parameter expects the same syntax as the <a href="postconf.5.html#mydestination">mydestination</a> 17035configuration parameter. </p> 17036 17037<p> 17038This feature is available in Postfix 2.0 and later. The default 17039value is backwards compatible with Postfix version 1.1. 17040</p> 17041 17042 17043</DD> 17044 17045<DT><b><a name="virtual_mailbox_limit">virtual_mailbox_limit</a> 17046(default: 51200000)</b></DT><DD> 17047 17048<p> 17049The maximal size in bytes of an individual <a href="virtual.8.html">virtual(8)</a> mailbox or 17050maildir file, or zero (no limit). </p> 17051 17052 17053</DD> 17054 17055<DT><b><a name="virtual_mailbox_lock">virtual_mailbox_lock</a> 17056(default: see "postconf -d" output)</b></DT><DD> 17057 17058<p> 17059How to lock a UNIX-style <a href="virtual.8.html">virtual(8)</a> mailbox before attempting 17060delivery. For a list of available file locking methods, use the 17061"<b>postconf -l</b>" command. 17062</p> 17063 17064<p> 17065This setting is ignored with <b>maildir</b> style delivery, because 17066such deliveries are safe without application-level locks. 17067</p> 17068 17069<p> 17070Note 1: the <b>dotlock</b> method requires that the recipient UID 17071or GID has write access to the parent directory of the recipient's 17072mailbox file. 17073</p> 17074 17075<p> 17076Note 2: the default setting of this parameter is system dependent. 17077</p> 17078 17079 17080</DD> 17081 17082<DT><b><a name="virtual_mailbox_maps">virtual_mailbox_maps</a> 17083(default: empty)</b></DT><DD> 17084 17085<p> 17086Optional lookup tables with all valid addresses in the domains that 17087match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. 17088</p> 17089 17090<p> 17091In a lookup table, specify a left-hand side of "@domain.tld" to 17092match any user in the specified domain that does not have a specific 17093"user@domain.tld" entry. 17094</p> 17095 17096<p> 17097The <a href="virtual.8.html">virtual(8)</a> delivery agent uses this table to look up the 17098per-recipient mailbox or maildir pathname. If the lookup result 17099ends in a slash ("/"), maildir-style delivery is carried out, 17100otherwise the path is assumed to specify a UNIX-style mailbox file. 17101Note that $<a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> is unconditionally prepended to 17102this path. 17103</p> 17104 17105<p> 17106When a recipient address has an optional address extension 17107(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up 17108the full address first, and when the lookup fails, it looks up the 17109unextended address (user@domain.tld). 17110</p> 17111 17112<p> 17113Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows 17114regular expression substitution of $1 etc. in regular expression 17115lookup tables, because that would open a security hole. 17116</p> 17117 17118<p> 17119Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will 17120silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead 17121it will open the table directly. Before Postfix version 2.2, the 17122<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error. 17123</p> 17124 17125 17126</DD> 17127 17128<DT><b><a name="virtual_maps">virtual_maps</a> 17129(default: empty)</b></DT><DD> 17130 17131<p> Optional lookup tables with a) names of domains for which all 17132addresses are aliased to addresses in other local or remote domains, 17133and b) addresses that are aliased to addresses in other local or 17134remote domains. Available before Postfix version 2.0. With Postfix 17135version 2.0 and later, this is replaced by separate controls: <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> 17136and <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. </p> 17137 17138 17139</DD> 17140 17141<DT><b><a name="virtual_minimum_uid">virtual_minimum_uid</a> 17142(default: 100)</b></DT><DD> 17143 17144<p> 17145The minimum user ID value that the <a href="virtual.8.html">virtual(8)</a> delivery agent accepts 17146as a result from $<a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> table lookup. Returned 17147values less than this will be rejected, and the message will be 17148deferred. 17149</p> 17150 17151 17152</DD> 17153 17154<DT><b><a name="virtual_transport">virtual_transport</a> 17155(default: virtual)</b></DT><DD> 17156 17157<p> 17158The default mail delivery transport and next-hop destination for 17159final delivery to domains listed with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. 17160This information can be overruled with the <a href="transport.5.html">transport(5)</a> table. 17161</p> 17162 17163<p> 17164Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 17165is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>. 17166The <i>:nexthop</i> destination is optional; its syntax is documented 17167in the manual page of the corresponding delivery agent. 17168</p> 17169 17170<p> 17171This feature is available in Postfix 2.0 and later. 17172</p> 17173 17174 17175</DD> 17176 17177<DT><b><a name="virtual_uid_maps">virtual_uid_maps</a> 17178(default: empty)</b></DT><DD> 17179 17180<p> 17181Lookup tables with the per-recipient user ID that the <a href="virtual.8.html">virtual(8)</a> 17182delivery agent uses while writing to the recipient's mailbox. 17183</p> 17184 17185<p> 17186In a lookup table, specify a left-hand side of "@domain.tld" 17187to match any user in the specified domain that does not have a 17188specific "user@domain.tld" entry. 17189</p> 17190 17191<p> 17192When a recipient address has an optional address extension 17193(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up 17194the full address first, and when the lookup fails, it looks up the 17195unextended address (user@domain.tld). 17196</p> 17197 17198<p> 17199Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows 17200regular expression substitution of $1 etc. in regular expression 17201lookup tables, because that would open a security hole. 17202</p> 17203 17204<p> 17205Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will 17206silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead 17207it will open the table directly. Before Postfix version 2.2, the 17208<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error. 17209</p> 17210 17211 17212</DD> 17213 17214</dl> 17215 17216</body> 17217 17218</html> 17219
