1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3 4<html> 5 6<head> 7 8<title>Postfix Configuration Parameters </title> 9 10<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 11 12</head> 13 14<body> 15 16<h1><img src="postfix-logo.jpg" width="203" height="98" alt="">Postfix Configuration Parameters </h1> 17 18<hr> 19 20<h2> Postfix main.cf file format </h2> 21 22<p> The Postfix main.cf configuration file specifies a very small 23subset of all the parameters that control the operation of the 24Postfix mail system. Parameters not explicitly specified are left 25at their default values. </p> 26 27<p> The general format of the main.cf file is as follows: </p> 28 29<ul> 30 31<li> <p> Each logical line is in the form "parameter = value". 32Whitespace around the "=" is ignored, as is whitespace at the end 33of a logical line. </p> 34 35<li> <p> Empty lines and whitespace-only lines are ignored, as are 36lines whose first non-whitespace character is a `#'. </p> 37 38<li> <p> A logical line starts with non-whitespace text. A line 39that starts with whitespace continues a logical line. </p> 40 41<li> <p> A parameter value may refer to other parameters. </p> 42 43<ul> 44 45<li> <p> The expressions "$name", "${name}" or "$(name)" are 46recursively replaced by the value of the named parameter. </p> 47 48<li> <p> The expression "${name?value}" expands to "value" when 49"$name" is non-empty. This form is supported with Postfix version 502.2 and later. </p> 51 52<li> <p> The expression "${name:value}" expands to "value" when 53"$name" is empty. This form is supported with Postfix version 2.2 54and later. </p> 55 56<li> <p> Specify "$$" to produce a single "$" character. </p> 57 58</ul> 59 60<li> <p> When the same parameter is defined multiple times, only 61the last instance is remembered. </p> 62 63<li> <p> Otherwise, the order of main.cf parameter definitions does 64not matter. </p> 65 66</ul> 67 68<p> The remainder of this document is a description of all Postfix 69configuration parameters. Default values are shown after the 70parameter name in parentheses, and can be looked up with the 71"<b>postconf -d</b>" command. </p> 72 73<p> Note: this is not an invitation to make changes to Postfix 74configuration parameters. Unnecessary changes are likely to impair 75the operation of the mail system. </p> 76 77<dl> 78<DT><b><a name="2bounce_notice_recipient">2bounce_notice_recipient</a> 79(default: postmaster)</b></DT><DD> 80 81<p> The recipient of undeliverable mail that cannot be returned to 82the sender. This feature is enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a> 83parameter. </p> 84 85 86</DD> 87 88<DT><b><a name="access_map_defer_code">access_map_defer_code</a> 89(default: 450)</b></DT><DD> 90 91<p> 92The numerical Postfix SMTP server response code for 93an <a href="access.5.html">access(5)</a> map "defer" action, including "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" 94or "<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>". Prior to Postfix 2.6, the response 95is hard-coded as "450". 96</p> 97 98<p> 99Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 100</p> 101 102<p> 103This feature is available in Postfix 2.6 and later. 104</p> 105 106 107</DD> 108 109<DT><b><a name="access_map_reject_code">access_map_reject_code</a> 110(default: 554)</b></DT><DD> 111 112<p> 113The numerical Postfix SMTP server response code for 114an <a href="access.5.html">access(5)</a> map "reject" action. 115</p> 116 117<p> 118Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 119</p> 120 121 122</DD> 123 124<DT><b><a name="address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a> 125(default: 12h)</b></DT><DD> 126 127<p> The amount of time between <a href="verify.8.html">verify(8)</a> address verification 128database cleanup runs. This feature requires that the database 129supports the "delete" and "sequence" operators. Specify a zero 130interval to disable database cleanup. </p> 131 132<p> After each database cleanup run, the <a href="verify.8.html">verify(8)</a> daemon logs the 133number of entries that were retained and dropped. A cleanup run is 134logged as "partial" when the daemon terminates early after "<b>postfix 135reload</b>", "<b>postfix stop</b>", or no requests for $<a href="postconf.5.html#max_idle">max_idle</a> 136seconds. </p> 137 138<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 139(weeks). </p> 140 141<p> This feature is available in Postfix 2.7. </p> 142 143 144</DD> 145 146<DT><b><a name="address_verify_default_transport">address_verify_default_transport</a> 147(default: $<a href="postconf.5.html#default_transport">default_transport</a>)</b></DT><DD> 148 149<p> 150Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting for address 151verification probes. 152</p> 153 154<p> 155This feature is available in Postfix 2.1 and later. 156</p> 157 158 159</DD> 160 161<DT><b><a name="address_verify_local_transport">address_verify_local_transport</a> 162(default: $<a href="postconf.5.html#local_transport">local_transport</a>)</b></DT><DD> 163 164<p> 165Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for address 166verification probes. 167</p> 168 169<p> 170This feature is available in Postfix 2.1 and later. 171</p> 172 173 174</DD> 175 176<DT><b><a name="address_verify_map">address_verify_map</a> 177(default: see "postconf -d" output)</b></DT><DD> 178 179<p> 180Lookup table for persistent address verification status 181storage. The table is maintained by the <a href="verify.8.html">verify(8)</a> service, and 182is opened before the process releases privileges. 183</p> 184 185<p> 186The lookup table is persistent by default (Postfix 2.7 and later). 187Specify an empty table name to keep the information in volatile 188memory which is lost after "<b>postfix reload</b>" or "<b>postfix 189stop</b>". This is the default with Postfix version 2.6 and earlier. 190</p> 191 192<p> 193Specify a location in a file system that will not fill up. If the 194database becomes corrupted, the world comes to an end. To recover 195delete (NOT: truncate) the file and do "<b>postfix reload</b>". 196</p> 197 198<p> Postfix daemon processes do not use root privileges when opening 199this file (Postfix 2.5 and later). The file must therefore be 200stored under a Postfix-owned directory such as the <a href="postconf.5.html#data_directory">data_directory</a>. 201As a migration aid, an attempt to open the file under a non-Postfix 202directory is redirected to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a 203warning is logged. </p> 204 205<p> 206Examples: 207</p> 208 209<pre> 210<a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="DATABASE_README.html#types">hash</a>:/var/db/postfix/verify 211<a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="DATABASE_README.html#types">btree</a>:/var/db/postfix/verify 212</pre> 213 214<p> 215This feature is available in Postfix 2.1 and later. 216</p> 217 218 219</DD> 220 221<DT><b><a name="address_verify_negative_cache">address_verify_negative_cache</a> 222(default: yes)</b></DT><DD> 223 224<p> 225Enable caching of failed address verification probe results. When 226this feature is enabled, the cache may pollute quickly with garbage. 227When this feature is disabled, Postfix will generate an address 228probe for every lookup. 229</p> 230 231<p> 232This feature is available in Postfix 2.1 and later. 233</p> 234 235 236</DD> 237 238<DT><b><a name="address_verify_negative_expire_time">address_verify_negative_expire_time</a> 239(default: 3d)</b></DT><DD> 240 241<p> 242The time after which a failed probe expires from the address 243verification cache. 244</p> 245 246<p> 247Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 248</p> 249 250<p> 251This feature is available in Postfix 2.1 and later. 252</p> 253 254 255</DD> 256 257<DT><b><a name="address_verify_negative_refresh_time">address_verify_negative_refresh_time</a> 258(default: 3h)</b></DT><DD> 259 260<p> 261The time after which a failed address verification probe needs to 262be refreshed. 263</p> 264 265<p> 266Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 267</p> 268 269<p> 270This feature is available in Postfix 2.1 and later. 271</p> 272 273 274</DD> 275 276<DT><b><a name="address_verify_poll_count">address_verify_poll_count</a> 277(default: normal: 3, overload: 1)</b></DT><DD> 278 279<p> 280How many times to query the <a href="verify.8.html">verify(8)</a> service for the completion 281of an address verification request in progress. 282</p> 283 284<p> By default, the Postfix SMTP server polls the <a href="verify.8.html">verify(8)</a> service 285up to three times under non-overload conditions, and only once when 286under overload. With Postfix version 2.5 and earlier, the SMTP 287server always polls the <a href="verify.8.html">verify(8)</a> service up to three times by 288default. </p> 289 290<p> 291Specify 1 to implement a crude form of greylisting, that is, always 292defer the first delivery request for a new address. 293</p> 294 295<p> 296Examples: 297</p> 298 299<pre> 300# Postfix ≤ 2.6 default 301<a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> = 3 302# Poor man's greylisting 303<a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> = 1 304</pre> 305 306<p> 307This feature is available in Postfix 2.1 and later. 308</p> 309 310 311</DD> 312 313<DT><b><a name="address_verify_poll_delay">address_verify_poll_delay</a> 314(default: 3s)</b></DT><DD> 315 316<p> 317The delay between queries for the completion of an address 318verification request in progress. 319</p> 320 321<p> 322The default polling delay is 3 seconds. 323</p> 324 325<p> 326Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 327</p> 328 329<p> 330This feature is available in Postfix 2.1 and later. 331</p> 332 333 334</DD> 335 336<DT><b><a name="address_verify_positive_expire_time">address_verify_positive_expire_time</a> 337(default: 31d)</b></DT><DD> 338 339<p> 340The time after which a successful probe expires from the address 341verification cache. 342</p> 343 344<p> 345Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 346</p> 347 348<p> 349This feature is available in Postfix 2.1 and later. 350</p> 351 352 353</DD> 354 355<DT><b><a name="address_verify_positive_refresh_time">address_verify_positive_refresh_time</a> 356(default: 7d)</b></DT><DD> 357 358<p> 359The time after which a successful address verification probe needs 360to be refreshed. The address verification status is not updated 361when the probe fails (optimistic caching). 362</p> 363 364<p> 365Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 366</p> 367 368<p> 369This feature is available in Postfix 2.1 and later. 370</p> 371 372 373</DD> 374 375<DT><b><a name="address_verify_relay_transport">address_verify_relay_transport</a> 376(default: $<a href="postconf.5.html#relay_transport">relay_transport</a>)</b></DT><DD> 377 378<p> 379Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for address 380verification probes. 381</p> 382 383<p> 384This feature is available in Postfix 2.1 and later. 385</p> 386 387 388</DD> 389 390<DT><b><a name="address_verify_relayhost">address_verify_relayhost</a> 391(default: $<a href="postconf.5.html#relayhost">relayhost</a>)</b></DT><DD> 392 393<p> 394Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verification 395probes. This information can be overruled with the <a href="transport.5.html">transport(5)</a> table. 396</p> 397 398<p> 399This feature is available in Postfix 2.1 and later. 400</p> 401 402 403</DD> 404 405<DT><b><a name="address_verify_sender">address_verify_sender</a> 406(default: $<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b></DT><DD> 407 408<p> The sender address to use in address verification probes; prior 409to Postfix 2.5 the default was "postmaster". To 410avoid problems with address probes that are sent in response to 411address probes, the Postfix SMTP server excludes the probe sender 412address from all SMTPD access blocks. </p> 413 414<p> 415Specify an empty value (<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> =) or <> if you want 416to use the null sender address. Beware, some sites reject mail from 417<>, even though RFCs require that such addresses be accepted. 418</p> 419 420<p> 421Examples: 422</p> 423 424<pre> 425<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> = <> 426<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> = postmaster@my.domain 427</pre> 428 429<p> 430This feature is available in Postfix 2.1 and later. 431</p> 432 433 434</DD> 435 436<DT><b><a name="address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a> 437(default: $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>)</b></DT><DD> 438 439<p> Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter 440setting for address verification probes. </p> 441 442<p> This feature is available in Postfix 2.7 and later. </p> 443 444 445</DD> 446 447<DT><b><a name="address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> 448(default: $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>)</b></DT><DD> 449 450<p> 451Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> parameter setting for address 452verification probes. 453</p> 454 455<p> 456This feature is available in Postfix 2.3 and later. 457</p> 458 459 460</DD> 461 462<DT><b><a name="address_verify_sender_ttl">address_verify_sender_ttl</a> 463(default: 0s)</b></DT><DD> 464 465<p> The time between changes in the time-dependent portion of address 466verification probe sender addresses. The time-dependent portion is 467appended to the localpart of the address specified with the 468<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> parameter. This feature is ignored when the 469probe sender addresses is the null sender, i.e. the <a href="postconf.5.html#address_verify_sender">address_verify_sender</a> 470value is empty or <>. </p> 471 472<p> Historically, the probe sender address was fixed. This has 473caused such addresses to end up on spammer mailing lists, and has 474resulted in wasted network and processing resources. </p> 475 476<p> To enable time-dependent probe sender addresses, specify a 477non-zero time value (an integral value plus an optional one-letter 478suffix that specifies the time unit). Specify a value of at least 479several hours, to avoid problems with senders that use greylisting. 480Avoid nice TTL values, to make the result less predictable. Time 481units are: s (seconds), m (minutes), h (hours), d (days), w (weeks). 482</p> 483 484<p> This feature is available in Postfix 2.9 and later. </p> 485 486 487</DD> 488 489<DT><b><a name="address_verify_service_name">address_verify_service_name</a> 490(default: verify)</b></DT><DD> 491 492<p> 493The name of the <a href="verify.8.html">verify(8)</a> address verification service. This service 494maintains the status of sender and/or recipient address verification 495probes, and generates probes on request by other Postfix processes. 496</p> 497 498 499</DD> 500 501<DT><b><a name="address_verify_transport_maps">address_verify_transport_maps</a> 502(default: $<a href="postconf.5.html#transport_maps">transport_maps</a>)</b></DT><DD> 503 504<p> 505Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for address verification 506probes. 507</p> 508 509<p> 510This feature is available in Postfix 2.1 and later. 511</p> 512 513 514</DD> 515 516<DT><b><a name="address_verify_virtual_transport">address_verify_virtual_transport</a> 517(default: $<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b></DT><DD> 518 519<p> 520Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting for address 521verification probes. 522</p> 523 524<p> 525This feature is available in Postfix 2.1 and later. 526</p> 527 528 529</DD> 530 531<DT><b><a name="alias_database">alias_database</a> 532(default: see "postconf -d" output)</b></DT><DD> 533 534<p> 535The alias databases for <a href="local.8.html">local(8)</a> delivery that are updated with 536"<b>newaliases</b>" or with "<b>sendmail -bi</b>". 537</p> 538 539<p> 540This is a separate configuration parameter because not all the 541tables specified with $<a href="postconf.5.html#alias_maps">alias_maps</a> have to be local files. 542</p> 543 544<p> 545Examples: 546</p> 547 548<pre> 549<a href="postconf.5.html#alias_database">alias_database</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases 550<a href="postconf.5.html#alias_database">alias_database</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/mail/aliases 551</pre> 552 553 554</DD> 555 556<DT><b><a name="alias_maps">alias_maps</a> 557(default: see "postconf -d" output)</b></DT><DD> 558 559<p> 560The alias databases that are used for <a href="local.8.html">local(8)</a> delivery. See 561<a href="aliases.5.html">aliases(5)</a> for syntax details. 562</p> 563 564<p> 565The default list is system dependent. On systems with NIS, the 566default is to search the local alias database, then the NIS alias 567database. 568</p> 569 570<p> 571If you change the alias database, run "<b>postalias /etc/aliases</b>" 572(or wherever your system stores the mail alias file), or simply 573run "<b>newaliases</b>" to build the necessary DBM or DB file. 574</p> 575 576<p> 577The <a href="local.8.html">local(8)</a> delivery agent disallows regular expression substitution 578of $1 etc. in <a href="postconf.5.html#alias_maps">alias_maps</a>, because that would open a security hole. 579</p> 580 581<p> 582The <a href="local.8.html">local(8)</a> delivery agent will silently ignore requests to use 583the <a href="proxymap.8.html">proxymap(8)</a> server within <a href="postconf.5.html#alias_maps">alias_maps</a>. Instead it will open the 584table directly. Before Postfix version 2.2, the <a href="local.8.html">local(8)</a> delivery 585agent will terminate with a fatal error. 586</p> 587 588<p> 589Examples: 590</p> 591 592<pre> 593<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases, nis:mail.aliases 594<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases 595</pre> 596 597 598</DD> 599 600<DT><b><a name="allow_mail_to_commands">allow_mail_to_commands</a> 601(default: alias, forward)</b></DT><DD> 602 603<p> 604Restrict <a href="local.8.html">local(8)</a> mail delivery to external commands. The default 605is to disallow delivery to "|command" in :include: files (see 606<a href="aliases.5.html">aliases(5)</a> for the text that defines this terminology). 607</p> 608 609<p> 610Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>, 611in order to allow commands in <a href="aliases.5.html">aliases(5)</a>, .forward files or in 612:include: files, respectively. 613</p> 614 615<p> 616Example: 617</p> 618 619<pre> 620<a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> = alias,forward,include 621</pre> 622 623 624</DD> 625 626<DT><b><a name="allow_mail_to_files">allow_mail_to_files</a> 627(default: alias, forward)</b></DT><DD> 628 629<p> 630Restrict <a href="local.8.html">local(8)</a> mail delivery to external files. The default is 631to disallow "/file/name" destinations in :include: files (see 632<a href="aliases.5.html">aliases(5)</a> for the text that defines this terminology). 633</p> 634 635<p> 636Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>, 637in order to allow "/file/name" destinations in <a href="aliases.5.html">aliases(5)</a>, .forward 638files and in :include: files, respectively. 639</p> 640 641<p> 642Example: 643</p> 644 645<pre> 646<a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a> = alias,forward,include 647</pre> 648 649 650</DD> 651 652<DT><b><a name="allow_min_user">allow_min_user</a> 653(default: no)</b></DT><DD> 654 655<p> 656Allow a sender or recipient address to have `-' as the first 657character. By 658default, this is not allowed, to avoid accidents with software that 659passes email addresses via the command line. Such software 660would not be able to distinguish a malicious address from a 661bona fide command-line option. Although this can be prevented by 662inserting a "--" option terminator into the command line, this is 663difficult to enforce consistently and globally. </p> 664 665<p> As of Postfix version 2.5, this feature is implemented by 666<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>. With earlier versions this feature was implemented 667by <a href="qmgr.8.html">qmgr(8)</a> and was limited to recipient addresses only. </p> 668 669 670</DD> 671 672<DT><b><a name="allow_percent_hack">allow_percent_hack</a> 673(default: yes)</b></DT><DD> 674 675<p> 676Enable the rewriting of the form "user%domain" to "user@domain". 677This is enabled by default. 678</p> 679 680<p> Note: as of Postfix version 2.2, message header address rewriting 681happens only when one of the following conditions is true: </p> 682 683<ul> 684 685<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 686 687<li> The message is received from a network client that matches 688$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 689 690<li> The message is received from the network, and the 691<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 692 693</ul> 694 695<p> To get the behavior before Postfix version 2.2, specify 696"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 697 698<p> 699Example: 700</p> 701 702<pre> 703<a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a> = no 704</pre> 705 706 707</DD> 708 709<DT><b><a name="allow_untrusted_routing">allow_untrusted_routing</a> 710(default: no)</b></DT><DD> 711 712<p> 713Forward mail with sender-specified routing (user[@%!]remote[@%!]site) 714from untrusted clients to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>. 715</p> 716 717<p> 718By default, this feature is turned off. This closes a nasty open 719relay loophole where a backup MX host can be tricked into forwarding 720junk mail to a primary MX host which then spams it out to the world. 721</p> 722 723<p> 724This parameter also controls if non-local addresses with sender-specified 725routing can match Postfix access tables. By default, such addresses 726cannot match Postfix access tables, because the address is ambiguous. 727</p> 728 729 730</DD> 731 732<DT><b><a name="alternate_config_directories">alternate_config_directories</a> 733(default: empty)</b></DT><DD> 734 735<p> 736A list of non-default Postfix configuration directories that may 737be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line, or 738via the MAIL_CONFIG environment parameter. 739</p> 740 741<p> 742This list must be specified in the default Postfix configuration 743directory, and is used by set-gid Postfix commands such as <a href="postqueue.1.html">postqueue(1)</a> 744and <a href="postdrop.1.html">postdrop(1)</a>. 745</p> 746 747 748</DD> 749 750<DT><b><a name="always_add_missing_headers">always_add_missing_headers</a> 751(default: no)</b></DT><DD> 752 753<p> Always add (Resent-) From:, To:, Date: or Message-ID: headers 754when not present. Postfix 2.6 and later add these headers only 755when clients match the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter 756setting. Earlier Postfix versions always add these headers; this 757may break DKIM signatures that cover non-existent headers. </p> 758 759 760</DD> 761 762<DT><b><a name="always_bcc">always_bcc</a> 763(default: empty)</b></DT><DD> 764 765<p> 766Optional address that receives a "blind carbon copy" of each message 767that is received by the Postfix mail system. 768</p> 769 770<p> 771Note: with Postfix 2.3 and later the BCC address is added as if it 772was specified with NOTIFY=NONE. The sender will not be notified 773when the BCC address is undeliverable, as long as all down-stream 774software implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>. 775</p> 776 777<p> 778Note: with Postfix 2.2 and earlier the sender will be notified 779when the BCC address is undeliverable. 780</p> 781 782<p> Note: automatic BCC recipients are produced only for new mail. 783To avoid mailer loops, automatic BCC recipients are not generated 784after Postfix forwards mail internally, or after Postfix generates 785mail itself. </p> 786 787 788</DD> 789 790<DT><b><a name="anvil_rate_time_unit">anvil_rate_time_unit</a> 791(default: 60s)</b></DT><DD> 792 793<p> 794The time unit over which client connection rates and other rates 795are calculated. 796</p> 797 798<p> 799This feature is implemented by the <a href="anvil.8.html">anvil(8)</a> service which is available 800in Postfix version 2.2 and later. 801</p> 802 803<p> 804The default interval is relatively short. Because of the high 805frequency of updates, the <a href="anvil.8.html">anvil(8)</a> server uses volatile memory 806only. Thus, information is lost whenever the process terminates. 807</p> 808 809<p> 810Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 811The default time unit is s (seconds). 812</p> 813 814 815</DD> 816 817<DT><b><a name="anvil_status_update_time">anvil_status_update_time</a> 818(default: 600s)</b></DT><DD> 819 820<p> 821How frequently the <a href="anvil.8.html">anvil(8)</a> connection and rate limiting server 822logs peak usage information. 823</p> 824 825<p> 826This feature is available in Postfix 2.2 and later. 827</p> 828 829<p> 830Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 831The default time unit is s (seconds). 832</p> 833 834 835</DD> 836 837<DT><b><a name="append_at_myorigin">append_at_myorigin</a> 838(default: yes)</b></DT><DD> 839 840<p> 841With locally submitted mail, append the string "@$<a href="postconf.5.html#myorigin">myorigin</a>" to mail 842addresses without domain information. With remotely submitted mail, 843append the string "@$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>" instead. 844</p> 845 846<p> 847Note 1: this feature is enabled by default and must not be turned off. 848Postfix does not support domain-less addresses. 849</p> 850 851<p> Note 2: with Postfix version 2.2, message header address rewriting 852happens only when one of the following conditions is true: </p> 853 854<ul> 855 856<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 857 858<li> The message is received from a network client that matches 859$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 860 861<li> The message is received from the network, and the 862<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 863 864</ul> 865 866<p> To get the behavior before Postfix version 2.2, specify 867"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 868 869 870</DD> 871 872<DT><b><a name="append_dot_mydomain">append_dot_mydomain</a> 873(default: yes)</b></DT><DD> 874 875<p> 876With locally submitted mail, append the string ".$<a href="postconf.5.html#mydomain">mydomain</a>" to 877addresses that have no ".domain" information. With remotely submitted 878mail, append the string ".$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>" 879instead. 880</p> 881 882<p> 883Note 1: this feature is enabled by default. If disabled, users will not be 884able to send mail to "user@partialdomainname" but will have to 885specify full domain names instead. 886</p> 887 888<p> Note 2: with Postfix version 2.2, message header address rewriting 889happens only when one of the following conditions is true: </p> 890 891<ul> 892 893<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 894 895<li> The message is received from a network client that matches 896$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 897 898<li> The message is received from the network, and the 899<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 900 901</ul> 902 903<p> To get the behavior before Postfix version 2.2, specify 904"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 905 906 907</DD> 908 909<DT><b><a name="application_event_drain_time">application_event_drain_time</a> 910(default: 100s)</b></DT><DD> 911 912<p> 913How long the <a href="postkick.1.html">postkick(1)</a> command waits for a request to enter the 914Postfix daemon process input buffer before giving up. 915</p> 916 917<p> 918Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 919The default time unit is s (seconds). 920</p> 921 922<p> 923This feature is available in Postfix 2.1 and later. 924</p> 925 926 927</DD> 928 929<DT><b><a name="authorized_flush_users">authorized_flush_users</a> 930(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD> 931 932<p> 933List of users who are authorized to flush the queue. 934</p> 935 936<p> 937By default, all users are allowed to flush the queue. Access is 938always granted if the invoking user is the super-user or the 939$<a href="postconf.5.html#mail_owner">mail_owner</a> user. Otherwise, the real UID of the process is looked 940up in the system password file, and access is granted only if the 941corresponding login name is on the access list. The username 942"unknown" is used for processes whose real UID is not found in the 943password file. </p> 944 945<p> 946Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns, 947separated by commas and/or whitespace. The list is matched left to 948right, and the search stops on the first match. A "/file/name" 949pattern is replaced 950by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name 951matches a lookup key (the lookup result is ignored). Continue long 952lines by starting the next line with whitespace. Specify "!pattern" 953to exclude a name from the list. The form "!/file/name" is supported 954only in Postfix version 2.4 and later. </p> 955 956<p> 957This feature is available in Postfix 2.2 and later. 958</p> 959 960 961</DD> 962 963<DT><b><a name="authorized_mailq_users">authorized_mailq_users</a> 964(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD> 965 966<p> 967List of users who are authorized to view the queue. 968</p> 969 970<p> 971By default, all users are allowed to view the queue. Access is 972always granted if the invoking user is the super-user or the 973$<a href="postconf.5.html#mail_owner">mail_owner</a> user. Otherwise, the real UID of the process is looked 974up in the system password file, and access is granted only if the 975corresponding login name is on the access list. The username 976"unknown" is used for processes whose real UID is not found in the 977password file. </p> 978 979<p> 980Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns, 981separated by commas and/or whitespace. The list is matched left to 982right, and the search stops on the first match. A "/file/name" 983pattern is replaced 984by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name 985matches a lookup key (the lookup result is ignored). Continue long 986lines by starting the next line with whitespace. Specify "!pattern" 987to exclude a user name from the list. The form "!/file/name" is 988supported only in Postfix version 2.4 and later. </p> 989 990<p> 991This feature is available in Postfix 2.2 and later. 992</p> 993 994 995</DD> 996 997<DT><b><a name="authorized_submit_users">authorized_submit_users</a> 998(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD> 999 1000<p> 1001List of users who are authorized to submit mail with the <a href="sendmail.1.html">sendmail(1)</a> 1002command (and with the privileged <a href="postdrop.1.html">postdrop(1)</a> helper command). 1003</p> 1004 1005<p> 1006By default, all users are allowed to submit mail. Otherwise, the 1007real UID of the process is looked up in the system password file, 1008and access is granted only if the corresponding login name is on 1009the access list. The username "unknown" is used for processes 1010whose real UID is not found in the password file. To deny mail 1011submission access to all users specify an empty list. </p> 1012 1013<p> 1014Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns, 1015separated by commas and/or whitespace. The list is matched left to right, 1016and the search stops on the first match. A "/file/name" pattern is 1017replaced by its contents; 1018a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name matches a lookup key 1019(the lookup result is ignored). Continue long lines by starting the 1020next line with whitespace. Specify "!pattern" to exclude a user 1021name from the list. The form "!/file/name" is supported only in 1022Postfix version 2.4 and later. </p> 1023 1024<p> 1025Example: 1026</p> 1027 1028<pre> 1029<a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> = !www, <a href="DATABASE_README.html#types">static</a>:all 1030</pre> 1031 1032<p> 1033This feature is available in Postfix 2.2 and later. 1034</p> 1035 1036 1037</DD> 1038 1039<DT><b><a name="authorized_verp_clients">authorized_verp_clients</a> 1040(default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)</b></DT><DD> 1041 1042<p> What remote SMTP clients are allowed to specify the XVERP command. 1043This command requests that mail be delivered one recipient at a 1044time with a per recipient return address. </p> 1045 1046<p> By default, only trusted clients are allowed to specify XVERP. 1047</p> 1048 1049<p> This parameter was introduced with Postfix version 1.1. Postfix 1050version 2.1 renamed this parameter to <a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> 1051and changed the default to none. </p> 1052 1053<p> Specify a list of network/netmask patterns, separated by commas 1054and/or whitespace. The mask specifies the number of bits in the 1055network part of a host address. You can also specify hostnames or 1056.domain names (the initial dot causes the domain to match any name 1057below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" 1058pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 1059is matched when a table entry matches a lookup string (the lookup 1060result is ignored). Continue long lines by starting the next line 1061with whitespace. Specify "!pattern" to exclude an address or network 1062block from the list. The form "!/file/name" is supported only in 1063Postfix version 2.4 and later. </p> 1064 1065<p> Note: IP version 6 address information must be specified inside 1066<tt>[]</tt> in the <a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> value, and in files 1067specified with "/file/name". IP version 6 addresses contain the 1068":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 1069pattern. </p> 1070 1071 1072</DD> 1073 1074<DT><b><a name="backwards_bounce_logfile_compatibility">backwards_bounce_logfile_compatibility</a> 1075(default: yes)</b></DT><DD> 1076 1077<p> 1078Produce additional <a href="bounce.8.html">bounce(8)</a> logfile records that can be read by 1079Postfix versions before 2.0. The current and more extensible "name = 1080value" format is needed in order to implement more sophisticated 1081functionality. 1082</p> 1083 1084<p> 1085This feature is available in Postfix 2.1 and later. 1086</p> 1087 1088 1089</DD> 1090 1091<DT><b><a name="berkeley_db_create_buffer_size">berkeley_db_create_buffer_size</a> 1092(default: 16777216)</b></DT><DD> 1093 1094<p> 1095The per-table I/O buffer size for programs that create Berkeley DB 1096hash or btree tables. Specify a byte count. 1097</p> 1098 1099<p> 1100This feature is available in Postfix 2.0 and later. 1101</p> 1102 1103 1104</DD> 1105 1106<DT><b><a name="berkeley_db_read_buffer_size">berkeley_db_read_buffer_size</a> 1107(default: 131072)</b></DT><DD> 1108 1109<p> 1110The per-table I/O buffer size for programs that read Berkeley DB 1111hash or btree tables. Specify a byte count. 1112</p> 1113 1114<p> 1115This feature is available in Postfix 2.0 and later. 1116</p> 1117 1118 1119</DD> 1120 1121<DT><b><a name="best_mx_transport">best_mx_transport</a> 1122(default: empty)</b></DT><DD> 1123 1124<p> 1125Where the Postfix SMTP client should deliver mail when it detects 1126a "mail loops back to myself" error condition. This happens when 1127the local MTA is the best SMTP mail exchanger for a destination 1128not listed in $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, 1129$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. By default, 1130the Postfix SMTP client returns such mail as undeliverable. 1131</p> 1132 1133<p> 1134Specify, for example, "<a href="postconf.5.html#best_mx_transport">best_mx_transport</a> = local" to pass the mail 1135from the Postfix SMTP client to the <a href="local.8.html">local(8)</a> delivery agent. You 1136can specify 1137any message delivery "transport" or "transport:nexthop" that is 1138defined in the <a href="master.5.html">master.cf</a> file. See the <a href="transport.5.html">transport(5)</a> manual page 1139for the syntax and meaning of "transport" or "transport:nexthop". 1140</p> 1141 1142<p> 1143However, this feature is expensive because it ties up a Postfix 1144SMTP client process while the <a href="local.8.html">local(8)</a> delivery agent is doing its 1145work. It is more efficient (for Postfix) to list all <a href="VIRTUAL_README.html#canonical">hosted domains</a> 1146in a table or database. 1147</p> 1148 1149 1150</DD> 1151 1152<DT><b><a name="biff">biff</a> 1153(default: yes)</b></DT><DD> 1154 1155<p> 1156Whether or not to use the local <a href="postconf.5.html#biff">biff</a> service. This service sends 1157"new mail" notifications to users who have requested new mail 1158notification with the UNIX command "<a href="postconf.5.html#biff">biff</a> y". 1159</p> 1160 1161<p> 1162For compatibility reasons this feature is on by default. On systems 1163with lots of interactive users, the <a href="postconf.5.html#biff">biff</a> service can be a performance 1164drain. Specify "<a href="postconf.5.html#biff">biff</a> = no" in <a href="postconf.5.html">main.cf</a> to disable. 1165</p> 1166 1167 1168</DD> 1169 1170<DT><b><a name="body_checks">body_checks</a> 1171(default: empty)</b></DT><DD> 1172 1173<p> Optional lookup tables for content inspection as specified in 1174the <a href="header_checks.5.html">body_checks(5)</a> manual page. </p> 1175 1176<p> Note: with Postfix versions before 2.0, these rules inspect 1177all content after the primary message headers. </p> 1178 1179 1180</DD> 1181 1182<DT><b><a name="body_checks_size_limit">body_checks_size_limit</a> 1183(default: 51200)</b></DT><DD> 1184 1185<p> 1186How much text in a message body segment (or attachment, if you 1187prefer to use that term) is subjected to <a href="postconf.5.html#body_checks">body_checks</a> inspection. 1188The amount of text is limited to avoid scanning huge attachments. 1189</p> 1190 1191<p> 1192This feature is available in Postfix 2.0 and later. 1193</p> 1194 1195 1196</DD> 1197 1198<DT><b><a name="bounce_notice_recipient">bounce_notice_recipient</a> 1199(default: postmaster)</b></DT><DD> 1200 1201<p> 1202The recipient of postmaster notifications with the message headers 1203of mail that Postfix did not deliver and of SMTP conversation 1204transcripts of mail that Postfix did not receive. This feature is 1205enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a> parameter. </p> 1206 1207 1208</DD> 1209 1210<DT><b><a name="bounce_queue_lifetime">bounce_queue_lifetime</a> 1211(default: 5d)</b></DT><DD> 1212 1213<p> 1214Consider a bounce message as undeliverable, when delivery fails 1215with a temporary error, and the time in the queue has reached the 1216<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> limit. By default, this limit is the same 1217as for regular mail. 1218</p> 1219 1220<p> 1221Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 1222The default time unit is d (days). 1223</p> 1224 1225<p> 1226Specify 0 when mail delivery should be tried only once. 1227</p> 1228 1229<p> 1230This feature is available in Postfix 2.1 and later. 1231</p> 1232 1233 1234</DD> 1235 1236<DT><b><a name="bounce_service_name">bounce_service_name</a> 1237(default: bounce)</b></DT><DD> 1238 1239<p> 1240The name of the <a href="bounce.8.html">bounce(8)</a> service. This service maintains a record 1241of failed delivery attempts and generates non-delivery notifications. 1242</p> 1243 1244<p> 1245This feature is available in Postfix 2.0 and later. 1246</p> 1247 1248 1249</DD> 1250 1251<DT><b><a name="bounce_size_limit">bounce_size_limit</a> 1252(default: 50000)</b></DT><DD> 1253 1254<p> The maximal amount of original message text that is sent in a 1255non-delivery notification. Specify a byte count. A message is 1256returned as either message/rfc822 (the complete original) or as 1257text/rfc822-headers (the headers only). With Postfix version 2.4 1258and earlier, a message is always returned as message/rfc822 and is 1259truncated when it exceeds the size limit. 1260</p> 1261 1262<p> Notes: </p> 1263 1264<ul> 1265 1266<li> <p> If you increase this limit, then you should increase the 1267<a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> value proportionally. </p> 1268 1269<li> <p> Be careful when making changes. Excessively large values 1270will result in the loss of non-delivery notifications, when a bounce 1271message size exceeds a local or remote MTA's message size limit. 1272</p> 1273 1274</ul> 1275 1276 1277</DD> 1278 1279<DT><b><a name="bounce_template_file">bounce_template_file</a> 1280(default: empty)</b></DT><DD> 1281 1282<p> Pathname of a configuration file with bounce message templates. 1283These override the built-in templates of delivery status notification 1284(DSN) messages for undeliverable mail, for delayed mail, successful 1285delivery, or delivery verification. The <a href="bounce.5.html">bounce(5)</a> manual page 1286describes how to edit and test template files. </p> 1287 1288<p> Template message body text may contain $name references to 1289Postfix configuration parameters. The result of $name expansion can 1290be previewed with "<b>postconf -b <i>file_name</i></b>" before the file 1291is placed into the Postfix configuration directory. </p> 1292 1293<p> This feature is available in Postfix 2.3 and later. </p> 1294 1295 1296</DD> 1297 1298<DT><b><a name="broken_sasl_auth_clients">broken_sasl_auth_clients</a> 1299(default: no)</b></DT><DD> 1300 1301<p> 1302Enable inter-operability with remote SMTP clients that implement an obsolete 1303version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>). Examples of such clients 1304are MicroSoft Outlook Express version 4 and MicroSoft Exchange 1305version 5.0. 1306</p> 1307 1308<p> 1309Specify "<a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> = yes" to have Postfix advertise 1310AUTH support in a non-standard way. 1311</p> 1312 1313 1314</DD> 1315 1316<DT><b><a name="canonical_classes">canonical_classes</a> 1317(default: envelope_sender, envelope_recipient, header_sender, header_recipient)</b></DT><DD> 1318 1319<p> What addresses are subject to <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping. 1320By default, <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping is applied to envelope 1321sender and recipient addresses, and to header sender and header 1322recipient addresses. </p> 1323 1324<p> Specify one or more of: envelope_sender, envelope_recipient, 1325header_sender, header_recipient </p> 1326 1327<p> This feature is available in Postfix 2.2 and later. </p> 1328 1329 1330</DD> 1331 1332<DT><b><a name="canonical_maps">canonical_maps</a> 1333(default: empty)</b></DT><DD> 1334 1335<p> 1336Optional address mapping lookup tables for message headers and 1337envelopes. The mapping is applied to both sender and recipient 1338addresses, in both envelopes and in headers, as controlled 1339with the <a href="postconf.5.html#canonical_classes">canonical_classes</a> parameter. This is typically used 1340to clean up dirty addresses from legacy mail systems, or to replace 1341login names by Firstname.Lastname. The table format and lookups 1342are documented in <a href="canonical.5.html">canonical(5)</a>. For an overview of Postfix address 1343manipulations see the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document. 1344</p> 1345 1346<p> 1347If you use this feature, run "<b>postmap /etc/postfix/canonical</b>" to 1348build the necessary DBM or DB file after every change. The changes 1349will become visible after a minute or so. Use "<b>postfix reload</b>" 1350to eliminate the delay. 1351</p> 1352 1353<p> Note: with Postfix version 2.2, message header address mapping 1354happens only when message header address rewriting is enabled: </p> 1355 1356<ul> 1357 1358<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 1359 1360<li> The message is received from a network client that matches 1361$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 1362 1363<li> The message is received from the network, and the 1364<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 1365 1366</ul> 1367 1368<p> To get the behavior before Postfix version 2.2, specify 1369"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 1370 1371<p> 1372Examples: 1373</p> 1374 1375<pre> 1376<a href="postconf.5.html#canonical_maps">canonical_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/canonical 1377<a href="postconf.5.html#canonical_maps">canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/canonical 1378</pre> 1379 1380 1381</DD> 1382 1383<DT><b><a name="cleanup_service_name">cleanup_service_name</a> 1384(default: cleanup)</b></DT><DD> 1385 1386<p> 1387The name of the <a href="cleanup.8.html">cleanup(8)</a> service. This service rewrites addresses 1388into the standard form, and performs <a href="canonical.5.html">canonical(5)</a> address mapping 1389and <a href="virtual.5.html">virtual(5)</a> aliasing. 1390</p> 1391 1392<p> 1393This feature is available in Postfix 2.0 and later. 1394</p> 1395 1396 1397</DD> 1398 1399<DT><b><a name="command_directory">command_directory</a> 1400(default: see "postconf -d" output)</b></DT><DD> 1401 1402<p> 1403The location of all postfix administrative commands. 1404</p> 1405 1406 1407</DD> 1408 1409<DT><b><a name="command_execution_directory">command_execution_directory</a> 1410(default: empty)</b></DT><DD> 1411 1412<p> The <a href="local.8.html">local(8)</a> delivery agent working directory for delivery to 1413external command. Failure to change directory causes the delivery 1414to be deferred. </p> 1415 1416<p> The following $name expansions are done on <a href="postconf.5.html#command_execution_directory">command_execution_directory</a> 1417before the directory is changed. Expansion happens in the context 1418of the delivery request. The result of $name expansion is filtered 1419with the character set that is specified with the 1420<a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> parameter. </p> 1421 1422<dl> 1423 1424<dt><b>$user</b></dt> 1425 1426<dd>The recipient's username. </dd> 1427 1428<dt><b>$shell</b></dt> 1429 1430<dd>The recipient's login shell pathname. </dd> 1431 1432<dt><b>$home</b></dt> 1433 1434<dd>The recipient's home directory. </dd> 1435 1436<dt><b>$recipient</b></dt> 1437 1438<dd>The full recipient address. </dd> 1439 1440<dt><b>$extension</b></dt> 1441 1442<dd>The optional recipient address extension. </dd> 1443 1444<dt><b>$domain</b></dt> 1445 1446<dd>The recipient domain. </dd> 1447 1448<dt><b>$local</b></dt> 1449 1450<dd>The entire recipient localpart. </dd> 1451 1452<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt> 1453 1454<dd>The address extension delimiter that was found in the recipient 1455address (Postfix 2.11 and later), or the system-wide recipient 1456address extension delimiter (Postfix 2.10 and earlier). </dd> 1457 1458<dt><b>${name?value}</b></dt> 1459 1460<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd> 1461 1462<dt><b>${name:value}</b></dt> 1463 1464<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd> 1465 1466</dl> 1467 1468<p> 1469Instead of $name you can also specify ${name} or $(name). 1470</p> 1471 1472<p> This feature is available in Postfix 2.2 and later. </p> 1473 1474 1475</DD> 1476 1477<DT><b><a name="command_expansion_filter">command_expansion_filter</a> 1478(default: see "postconf -d" output)</b></DT><DD> 1479 1480<p> 1481Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows in 1482$name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_command</a> and $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>. 1483Characters outside the 1484allowed set are replaced by underscores. 1485</p> 1486 1487 1488</DD> 1489 1490<DT><b><a name="command_time_limit">command_time_limit</a> 1491(default: 1000s)</b></DT><DD> 1492 1493<p> 1494Time limit for delivery to external commands. This limit is used 1495by the <a href="local.8.html">local(8)</a> delivery agent, and is the default time limit for 1496delivery by the <a href="pipe.8.html">pipe(8)</a> delivery agent. 1497</p> 1498 1499<p> 1500Note: if you set this time limit to a large value you must update the 1501global <a href="postconf.5.html#ipc_timeout">ipc_timeout</a> parameter as well. 1502</p> 1503 1504 1505</DD> 1506 1507<DT><b><a name="config_directory">config_directory</a> 1508(default: see "postconf -d" output)</b></DT><DD> 1509 1510<p> The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> 1511configuration files. This can be overruled via the following 1512mechanisms: </p> 1513 1514<ul> 1515 1516<li> <p> The MAIL_CONFIG environment variable (daemon processes 1517and commands). </p> 1518 1519<li> <p> The "-c" command-line option (commands only). </p> 1520 1521</ul> 1522 1523<p> With Postfix command that run with set-gid privileges, a 1524<a href="postconf.5.html#config_directory">config_directory</a> override requires either root privileges, or it 1525requires that the directory is listed with the <a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> 1526parameter in the default <a href="postconf.5.html">main.cf</a> file. </p> 1527 1528 1529</DD> 1530 1531<DT><b><a name="connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> 1532(default: 5s)</b></DT><DD> 1533 1534<p> Time limit for connection cache connect, send or receive 1535operations. The time limit is enforced in the client. </p> 1536 1537<p> This feature is available in Postfix 2.3 and later. </p> 1538 1539 1540</DD> 1541 1542<DT><b><a name="connection_cache_service_name">connection_cache_service_name</a> 1543(default: scache)</b></DT><DD> 1544 1545<p> The name of the <a href="scache.8.html">scache(8)</a> connection cache service. This service 1546maintains a limited pool of cached sessions. </p> 1547 1548<p> This feature is available in Postfix 2.2 and later. </p> 1549 1550 1551</DD> 1552 1553<DT><b><a name="connection_cache_status_update_time">connection_cache_status_update_time</a> 1554(default: 600s)</b></DT><DD> 1555 1556<p> How frequently the <a href="scache.8.html">scache(8)</a> server logs usage statistics with 1557connection cache hit and miss rates for logical destinations and for 1558physical endpoints. </p> 1559 1560 1561</DD> 1562 1563<DT><b><a name="connection_cache_ttl_limit">connection_cache_ttl_limit</a> 1564(default: 2s)</b></DT><DD> 1565 1566<p> The maximal time-to-live value that the <a href="scache.8.html">scache(8)</a> connection 1567cache server 1568allows. Requests that specify a larger TTL will be stored with the 1569maximum allowed TTL. The purpose of this additional control is to 1570protect the infrastructure against careless people. The cache TTL 1571is already bounded by $<a href="postconf.5.html#max_idle">max_idle</a>. </p> 1572 1573 1574</DD> 1575 1576<DT><b><a name="content_filter">content_filter</a> 1577(default: empty)</b></DT><DD> 1578 1579<p> After the message is queued, send the entire message to the 1580specified <i>transport:destination</i>. The <i>transport</i> name 1581specifies the first field of a mail delivery agent definition in 1582<a href="master.5.html">master.cf</a>; the syntax of the next-hop <i>destination</i> is described 1583in the manual page of the corresponding delivery agent. More 1584information about external content filters is in the Postfix 1585<a href="FILTER_README.html">FILTER_README</a> file. </p> 1586 1587<p> Notes: </p> 1588 1589<ul> 1590 1591<li> <p> This setting has lower precedence than a FILTER action 1592that is specified in an <a href="access.5.html">access(5)</a>, <a href="header_checks.5.html">header_checks(5)</a> or <a href="header_checks.5.html">body_checks(5)</a> 1593table. </p> 1594 1595<li> <p> The meaning of an empty next-hop filter <i>destination</i> 1596is version dependent. Postfix 2.7 and later will use the recipient 1597domain; earlier versions will use $<a href="postconf.5.html#myhostname">myhostname</a>. Specify 1598"<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility with Postfix 15992.6 or earlier, or specify a <a href="postconf.5.html#content_filter">content_filter</a> value with an explicit 1600next-hop <i>destination</i>. </p> 1601 1602</ul> 1603 1604 1605</DD> 1606 1607<DT><b><a name="cyrus_sasl_config_path">cyrus_sasl_config_path</a> 1608(default: empty)</b></DT><DD> 1609 1610<p> Search path for Cyrus SASL application configuration files, 1611currently used only to locate the $<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file. 1612Specify zero or more directories separated by a colon character, 1613or an empty value to use Cyrus SASL's built-in search path. </p> 1614 1615<p> This feature is available in Postfix 2.5 and later when compiled 1616with Cyrus SASL 2.1.22 or later. </p> 1617 1618 1619</DD> 1620 1621<DT><b><a name="daemon_directory">daemon_directory</a> 1622(default: see "postconf -d" output)</b></DT><DD> 1623 1624<p> 1625The directory with Postfix support programs and daemon programs. 1626These should not be invoked directly by humans. The directory must 1627be owned by root. 1628</p> 1629 1630 1631</DD> 1632 1633<DT><b><a name="daemon_table_open_error_is_fatal">daemon_table_open_error_is_fatal</a> 1634(default: no)</b></DT><DD> 1635 1636<p> How a Postfix daemon process handles errors while opening lookup 1637tables: gradual degradation or immediate termination. </p> 1638 1639<dl> 1640 1641<dt> <b> no </b> (default) </dt> <dd> <p> Gradual degradation: a 1642daemon process logs a message of type "error" and continues execution 1643with reduced functionality. Features that do not depend on the 1644unavailable table will work normally, while features that depend 1645on the table will result in a type "warning" message. <br> When 1646the <a href="postconf.5.html#notify_classes">notify_classes</a> parameter value contains the "data" class, the 1647Postfix SMTP server and client will report transcripts of sessions 1648with an error because a table is unavailable. </p> </dd> 1649 1650<dt> <b> yes </b> (historical behavior) </dt> <dd> <p> Immediate 1651termination: a daemon process logs a type "fatal" message and 1652terminates immediately. This option reduces the number of possible 1653code paths through Postfix, and may therefore be slightly more 1654secure than the default. </p> </dd> 1655 1656</dl> 1657 1658<p> For the sake of sanity, the number of type "error" messages is 1659limited to 13 over the lifetime of a daemon process. </p> 1660 1661<p> This feature is available in Postfix 2.9 and later. </p> 1662 1663 1664</DD> 1665 1666<DT><b><a name="daemon_timeout">daemon_timeout</a> 1667(default: 18000s)</b></DT><DD> 1668 1669<p> How much time a Postfix daemon process may take to handle a 1670request before it is terminated by a built-in watchdog timer. </p> 1671 1672<p> 1673Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 1674The default time unit is s (seconds). 1675</p> 1676 1677 1678</DD> 1679 1680<DT><b><a name="data_directory">data_directory</a> 1681(default: see "postconf -d" output)</b></DT><DD> 1682 1683<p> The directory with Postfix-writable data files (for example: 1684caches, pseudo-random numbers). This directory must be owned by 1685the <a href="postconf.5.html#mail_owner">mail_owner</a> account, and must not be shared with non-Postfix 1686software. </p> 1687 1688<p> This feature is available in Postfix 2.5 and later. </p> 1689 1690 1691</DD> 1692 1693<DT><b><a name="debug_peer_level">debug_peer_level</a> 1694(default: 2)</b></DT><DD> 1695 1696<p> The increment in verbose logging level when a remote client or 1697server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. </p> 1698 1699 1700</DD> 1701 1702<DT><b><a name="debug_peer_list">debug_peer_list</a> 1703(default: empty)</b></DT><DD> 1704 1705<p> Optional list of remote client or server hostname or network 1706address patterns that cause the verbose logging level to increase 1707by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>. </p> 1708 1709<p> Specify domain names, network/netmask patterns, "/file/name" 1710patterns or "<a href="DATABASE_README.html">type:table</a>" lookup tables. The right-hand side result 1711from "<a href="DATABASE_README.html">type:table</a>" lookups is ignored. </p> 1712 1713<p> Pattern matching of domain names is controlled by the 1714<a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> parameter. </p> 1715 1716<p> 1717Examples: 1718</p> 1719 1720<pre> 1721<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = 127.0.0.1 1722<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = example.com 1723</pre> 1724 1725 1726</DD> 1727 1728<DT><b><a name="debugger_command">debugger_command</a> 1729(default: empty)</b></DT><DD> 1730 1731<p> 1732The external command to execute when a Postfix daemon program is 1733invoked with the -D option. 1734</p> 1735 1736<p> 1737Use "command .. & sleep 5" so that the debugger can attach before 1738the process marches on. If you use an X-based debugger, be sure to 1739set up your XAUTHORITY environment variable before starting Postfix. 1740</p> 1741 1742<p> 1743Note: the command is subject to $name expansion, before it is 1744passed to the default command interpreter. Specify "$$" to 1745produce a single "$" character. 1746</p> 1747 1748<p> 1749Example: 1750</p> 1751 1752<pre> 1753<a href="postconf.5.html#debugger_command">debugger_command</a> = 1754 PATH=/usr/bin:/usr/X11R6/bin 1755 ddd $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/$<a href="postconf.5.html#process_name">process_name</a> $<a href="postconf.5.html#process_id">process_id</a> & sleep 5 1756</pre> 1757 1758 1759</DD> 1760 1761<DT><b><a name="default_database_type">default_database_type</a> 1762(default: see "postconf -d" output)</b></DT><DD> 1763 1764<p> 1765The default database type for use in <a href="newaliases.1.html">newaliases(1)</a>, <a href="postalias.1.html">postalias(1)</a> 1766and <a href="postmap.1.html">postmap(1)</a> commands. On many UNIX systems the default type is 1767either <b>dbm</b> or <b>hash</b>. The default setting is frozen 1768when the Postfix system is built. 1769</p> 1770 1771<p> 1772Examples: 1773</p> 1774 1775<pre> 1776<a href="postconf.5.html#default_database_type">default_database_type</a> = hash 1777<a href="postconf.5.html#default_database_type">default_database_type</a> = dbm 1778</pre> 1779 1780 1781</DD> 1782 1783<DT><b><a name="default_delivery_slot_cost">default_delivery_slot_cost</a> 1784(default: 5)</b></DT><DD> 1785 1786<p> 1787How often the Postfix queue manager's scheduler is allowed to 1788preempt delivery of one message with another. 1789</p> 1790 1791<p> 1792Each transport maintains a so-called "available delivery slot counter" 1793for each message. One message can be preempted by another one when 1794the other message can be delivered using no more delivery slots 1795(i.e., invocations of delivery agents) than the current message 1796counter has accumulated (or will eventually accumulate - see about 1797slot loans below). This parameter controls how often is the counter 1798incremented - it happens after each <a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> 1799recipients have been delivered. 1800</p> 1801 1802<p> 1803The cost of 0 is used to disable the preempting scheduling completely. 1804The minimum value the scheduling algorithm can use is 2 - use it 1805if you want to maximize the message throughput rate. Although there 1806is no maximum, it doesn't make much sense to use values above say 180750. 1808</p> 1809 1810<p> 1811The only reason why the value of 2 is not the default is the way 1812this parameter affects the delivery of mailing-list mail. In the 1813worst case, their delivery can take somewhere between (cost+1/cost) 1814and (cost/cost-1) times more than if the preemptive scheduler was 1815disabled. The default value of 5 turns out to provide reasonable 1816message response times while making sure the mailing-list deliveries 1817are not extended by more than 20-25 percent even in the worst case. 1818</p> 1819 1820<p> Use <a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> to specify a 1821transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 1822name of the message delivery transport. 1823</p> 1824 1825<p> 1826Examples: 1827</p> 1828 1829<pre> 1830<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> = 0 1831<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> = 2 1832</pre> 1833 1834 1835</DD> 1836 1837<DT><b><a name="default_delivery_slot_discount">default_delivery_slot_discount</a> 1838(default: 50)</b></DT><DD> 1839 1840<p> 1841The default value for transport-specific _delivery_slot_discount 1842settings. 1843</p> 1844 1845<p> 1846This parameter speeds up the moment when a message preemption can 1847happen. Instead of waiting until the full amount of delivery slots 1848required is available, the preemption can happen when 1849transport_delivery_slot_discount percent of the required amount 1850plus transport_delivery_slot_loan still remains to be accumulated. 1851Note that the full amount will still have to be accumulated before 1852another preemption can take place later. 1853</p> 1854 1855<p> Use <a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> to specify a 1856transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 1857name of the message delivery transport. 1858</p> 1859 1860 1861</DD> 1862 1863<DT><b><a name="default_delivery_slot_loan">default_delivery_slot_loan</a> 1864(default: 3)</b></DT><DD> 1865 1866<p> 1867The default value for transport-specific _delivery_slot_loan 1868settings. 1869</p> 1870 1871<p> 1872This parameter speeds up the moment when a message preemption can 1873happen. Instead of waiting until the full amount of delivery slots 1874required is available, the preemption can happen when 1875transport_delivery_slot_discount percent of the required amount 1876plus transport_delivery_slot_loan still remains to be accumulated. 1877Note that the full amount will still have to be accumulated before 1878another preemption can take place later. 1879</p> 1880 1881<p> Use <a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> to specify a 1882transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 1883name of the message delivery transport. 1884</p> 1885 1886 1887</DD> 1888 1889<DT><b><a name="default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> 1890(default: 1)</b></DT><DD> 1891 1892<p> How many pseudo-cohorts must suffer connection or handshake 1893failure before a specific destination is considered unavailable 1894(and further delivery is suspended). Specify zero to disable this 1895feature. A destination's pseudo-cohort failure count is reset each 1896time a delivery completes without connection or handshake failure 1897for that specific destination. </p> 1898 1899<p> A pseudo-cohort is the number of deliveries equal to a destination's 1900delivery concurrency. </p> 1901 1902<p> Use <a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> to specify 1903a transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 1904name of the message delivery transport. </p> 1905 1906<p> This feature is available in Postfix 2.5. The default setting 1907is compatible with earlier Postfix versions. </p> 1908 1909 1910</DD> 1911 1912<DT><b><a name="default_destination_concurrency_limit">default_destination_concurrency_limit</a> 1913(default: 20)</b></DT><DD> 1914 1915<p> 1916The default maximal number of parallel deliveries to the same 1917destination. This is the default limit for delivery via the <a href="lmtp.8.html">lmtp(8)</a>, 1918<a href="pipe.8.html">pipe(8)</a>, <a href="smtp.8.html">smtp(8)</a> and <a href="virtual.8.html">virtual(8)</a> delivery agents. 1919With per-destination recipient limit > 1, a destination is a domain, 1920otherwise it is a recipient. 1921</p> 1922 1923<p> Use <a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> to specify a 1924transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 1925name of the message delivery transport. 1926</p> 1927 1928 1929</DD> 1930 1931<DT><b><a name="default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> 1932(default: 1)</b></DT><DD> 1933 1934<p> The per-destination amount of delivery concurrency negative 1935feedback, after a delivery completes with a connection or handshake 1936failure. Feedback values are in the range 0..1 inclusive. With 1937negative feedback, concurrency is decremented at the beginning of 1938a sequence of length 1/feedback. This is unlike positive feedback, 1939where concurrency is incremented at the end of a sequence of length 19401/feedback. </p> 1941 1942<p> As of Postfix version 2.5, negative feedback cannot reduce 1943delivery concurrency to zero. Instead, a destination is marked 1944dead (further delivery suspended) after the failed pseudo-cohort 1945count reaches $<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> 1946(or $<a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a>). 1947To make the scheduler completely immune to connection or handshake 1948failures, specify a zero feedback value and a zero failed pseudo-cohort 1949limit. </p> 1950 1951<p> Specify one of the following forms: </p> 1952 1953<dl> 1954 1955<dt> <b><i>number</i> </b> </dt> 1956 1957<dt> <b><i>number</i> / <i>number</i> </b> </dt> 1958 1959<dd> Constant feedback. The value must be in the range 0..1 inclusive. 1960The default setting of "1" is compatible with Postfix versions 1961before 2.5, where a destination's delivery concurrency is throttled 1962down to zero (and further delivery suspended) after a single failed 1963pseudo-cohort. </dd> 1964 1965<dt> <b><i>number</i> / concurrency </b> </dt> 1966 1967<dd> Variable feedback of "<i>number</i> / (delivery concurrency)". 1968The <i>number</i> must be in the range 0..1 inclusive. With 1969<i>number</i> equal to "1", a destination's delivery concurrency 1970is decremented by 1 after each failed pseudo-cohort. </dd> 1971 1972</dl> 1973 1974<p> A pseudo-cohort is the number of deliveries equal to a destination's 1975delivery concurrency. </p> 1976 1977<p> Use <a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> 1978to specify a transport-specific override, where <i>transport</i> 1979is the <a href="master.5.html">master.cf</a> 1980name of the message delivery transport. </p> 1981 1982<p> This feature is available in Postfix 2.5. The default setting 1983is compatible with earlier Postfix versions. </p> 1984 1985 1986</DD> 1987 1988<DT><b><a name="default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> 1989(default: 1)</b></DT><DD> 1990 1991<p> The per-destination amount of delivery concurrency positive 1992feedback, after a delivery completes without connection or handshake 1993failure. Feedback values are in the range 0..1 inclusive. The 1994concurrency increases until it reaches the per-destination maximal 1995concurrency limit. With positive feedback, concurrency is incremented 1996at the end of a sequence with length 1/feedback. This is unlike 1997negative feedback, where concurrency is decremented at the start 1998of a sequence of length 1/feedback. </p> 1999 2000<p> Specify one of the following forms: </p> 2001 2002<dl> 2003 2004<dt> <b><i>number</i> </b> </dt> 2005 2006<dt> <b><i>number</i> / <i>number</i> </b> </dt> 2007 2008<dd> Constant feedback. The value must be in the range 0..1 2009inclusive. The default setting of "1" is compatible with Postfix 2010versions before 2.5, where a destination's delivery concurrency 2011doubles after each successful pseudo-cohort. </dd> 2012 2013<dt> <b><i>number</i> / concurrency </b> </dt> 2014 2015<dd> Variable feedback of "<i>number</i> / (delivery concurrency)". 2016The <i>number</i> must be in the range 0..1 inclusive. With 2017<i>number</i> equal to "1", a destination's delivery concurrency 2018is incremented by 1 after each successful pseudo-cohort. </dd> 2019 2020</dl> 2021 2022<p> A pseudo-cohort is the number of deliveries equal to a destination's 2023delivery concurrency. </p> 2024 2025<p> Use <a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a> 2026to specify a transport-specific override, where <i>transport</i> 2027is the <a href="master.5.html">master.cf</a> name of the message delivery transport. </p> 2028 2029<p> This feature is available in Postfix 2.5 and later. </p> 2030 2031 2032</DD> 2033 2034<DT><b><a name="default_destination_rate_delay">default_destination_rate_delay</a> 2035(default: 0s)</b></DT><DD> 2036 2037<p> The default amount of delay that is inserted between individual 2038deliveries to the same destination; the resulting behavior depends 2039on the value of the corresponding per-destination recipient limit. 2040</p> 2041 2042<ul> 2043 2044<li> <p> With a corresponding per-destination recipient limit > 20451, the rate delay specifies the time between deliveries to the 2046<i>same domain</i>. Different domains are delivered in parallel, 2047subject to the process limits specified in <a href="master.5.html">master.cf</a>. </p> 2048 2049<li> <p> With a corresponding per-destination recipient limit equal 2050to 1, the rate delay specifies the time between deliveries to the 2051<i>same recipient</i>. Different recipients are delivered in 2052parallel, subject to the process limits specified in <a href="master.5.html">master.cf</a>. 2053</p> 2054 2055</ul> 2056 2057<p> To enable the delay, specify a non-zero time value (an integral 2058value plus an optional one-letter suffix that specifies the time 2059unit). </p> 2060 2061<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 2062(weeks). The default time unit is s (seconds). </p> 2063 2064<p> NOTE: the delay is enforced by the queue manager. The delay 2065timer state does not survive "<b>postfix reload</b>" or "<b>postfix 2066stop</b>". 2067</p> 2068 2069<p> Use <a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> to specify a 2070transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2071name of the message delivery transport. 2072</p> 2073 2074<p> NOTE: with a non-zero _destination_rate_delay, specify a 2075<a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> of 10 2076or more to prevent Postfix from deferring all mail for the same 2077destination after only one connection or handshake error. </p> 2078 2079<p> This feature is available in Postfix 2.5 and later. </p> 2080 2081 2082</DD> 2083 2084<DT><b><a name="default_destination_recipient_limit">default_destination_recipient_limit</a> 2085(default: 50)</b></DT><DD> 2086 2087<p> 2088The default maximal number of recipients per message delivery. 2089This is the default limit for delivery via the <a href="lmtp.8.html">lmtp(8)</a>, <a href="pipe.8.html">pipe(8)</a>, 2090<a href="smtp.8.html">smtp(8)</a> and <a href="virtual.8.html">virtual(8)</a> delivery agents. 2091</p> 2092 2093<p> Setting this parameter to a value of 1 affects email deliveries 2094as follows:</p> 2095 2096<ul> 2097 2098<li> <p> It changes the meaning of the corresponding per-destination 2099concurrency limit, from concurrency of deliveries to the <i>same 2100domain</i> into concurrency of deliveries to the <i>same recipient</i>. 2101Different recipients are delivered in parallel, subject to the 2102process limits specified in <a href="master.5.html">master.cf</a>. </p> 2103 2104<li> <p> It changes the meaning of the corresponding per-destination 2105rate delay, from the delay between deliveries to the <i>same 2106domain</i> into the delay between deliveries to the <i>same 2107recipient</i>. Again, different recipients are delivered in parallel, 2108subject to the process limits specified in <a href="master.5.html">master.cf</a>. </p> 2109 2110<li> <p> It changes the meaning of other corresponding per-destination 2111settings in a similar manner, from settings for delivery to the 2112<i>same domain</i> into settings for delivery to the <i>same 2113recipient</i>. 2114 2115</ul> 2116 2117<p> Use <a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> to specify a 2118transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2119name of the message delivery transport. 2120</p> 2121 2122 2123</DD> 2124 2125<DT><b><a name="default_extra_recipient_limit">default_extra_recipient_limit</a> 2126(default: 1000)</b></DT><DD> 2127 2128<p> 2129The default value for the extra per-transport limit imposed on the 2130number of in-memory recipients. This extra recipient space is 2131reserved for the cases when the Postfix queue manager's scheduler 2132preempts one message with another and suddenly needs some extra 2133recipients slots for the chosen message in order to avoid performance 2134degradation. 2135</p> 2136 2137<p> Use <a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> to specify a 2138transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2139name of the message delivery transport. 2140</p> 2141 2142 2143</DD> 2144 2145<DT><b><a name="default_filter_nexthop">default_filter_nexthop</a> 2146(default: empty)</b></DT><DD> 2147 2148<p> When a <a href="postconf.5.html#content_filter">content_filter</a> or FILTER request specifies no explicit 2149next-hop destination, use $<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> instead; when 2150that value is empty, use the domain in the recipient address. 2151Specify "<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility 2152with Postfix version 2.6 and earlier, or specify an explicit next-hop 2153destination with each <a href="postconf.5.html#content_filter">content_filter</a> value or FILTER action. </p> 2154 2155<p> This feature is available in Postfix 2.7 and later. </p> 2156 2157 2158</DD> 2159 2160<DT><b><a name="default_minimum_delivery_slots">default_minimum_delivery_slots</a> 2161(default: 3)</b></DT><DD> 2162 2163<p> 2164How many recipients a message must have in order to invoke the 2165Postfix queue manager's scheduling algorithm at all. Messages 2166which would never accumulate at least this many delivery slots 2167(subject to slot cost parameter as well) are never preempted. 2168</p> 2169 2170<p> Use <a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> to specify a 2171transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2172name of the message delivery transport. 2173</p> 2174 2175 2176</DD> 2177 2178<DT><b><a name="default_privs">default_privs</a> 2179(default: nobody)</b></DT><DD> 2180 2181<p> 2182The default rights used by the <a href="local.8.html">local(8)</a> delivery agent for delivery 2183to external file or command. These rights are used when delivery 2184is requested from an <a href="aliases.5.html">aliases(5)</a> file that is owned by <b>root</b>, or 2185when delivery is done on behalf of <b>root</b>. <b>DO NOT SPECIFY A 2186PRIVILEGED USER OR THE POSTFIX OWNER</b>. 2187</p> 2188 2189 2190</DD> 2191 2192<DT><b><a name="default_process_limit">default_process_limit</a> 2193(default: 100)</b></DT><DD> 2194 2195<p> 2196The default maximal number of Postfix child processes that provide 2197a given service. This limit can be overruled for specific services 2198in the <a href="master.5.html">master.cf</a> file. 2199</p> 2200 2201 2202</DD> 2203 2204<DT><b><a name="default_rbl_reply">default_rbl_reply</a> 2205(default: see "postconf -d" output)</b></DT><DD> 2206 2207<p> 2208The default Postfix SMTP server response template for a request that is 2209rejected by an RBL-based restriction. This template can be overruled 2210by specific entries in the optional <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> lookup table. 2211</p> 2212 2213<p> 2214This feature is available in Postfix 2.0 and later. 2215</p> 2216 2217<p> 2218The template is subject to exactly one level of $name substitution: 2219</p> 2220 2221<dl> 2222 2223<dt><b>$client</b></dt> 2224 2225<dd>The client hostname and IP address, formatted as name[address]. </dd> 2226 2227<dt><b>$client_address</b></dt> 2228 2229<dd>The client IP address. </dd> 2230 2231<dt><b>$client_name</b></dt> 2232 2233<dd>The client hostname or "unknown". See <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> 2234for more details. </dd> 2235 2236<dt><b>$reverse_client_name</b></dt> 2237 2238<dd>The client hostname from address->name lookup, or "unknown". 2239See <a href="postconf.5.html#reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a> for more details. </dd> 2240 2241<dt><b>$helo_name</b></dt> 2242 2243<dd>The hostname given in HELO or EHLO command or empty string. </dd> 2244 2245<dt><b>$rbl_class</b></dt> 2246 2247<dd>The blacklisted entity type: Client host, Helo command, Sender 2248address, or Recipient address. </dd> 2249 2250<dt><b>$rbl_code</b></dt> 2251 2252<dd>The numerical SMTP response code, as specified with the 2253<a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> configuration parameter. Note: The numerical 2254SMTP response code is required, and must appear at the start of the 2255reply. With Postfix version 2.3 and later this information may be followed 2256by an <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> enhanced status code. </dd> 2257 2258<dt><b>$rbl_domain</b></dt> 2259 2260<dd>The RBL domain where $rbl_what is blacklisted. </dd> 2261 2262<dt><b>$rbl_reason</b></dt> 2263 2264<dd>The reason why $rbl_what is blacklisted, or an empty string. </dd> 2265 2266<dt><b>$rbl_what</b></dt> 2267 2268<dd>The entity that is blacklisted (an IP address, a hostname, a domain 2269name, or an email address whose domain was blacklisted). </dd> 2270 2271<dt><b>$recipient</b></dt> 2272 2273<dd>The recipient address or <> in case of the null address. </dd> 2274 2275<dt><b>$recipient_domain</b></dt> 2276 2277<dd>The recipient domain or empty string. </dd> 2278 2279<dt><b>$recipient_name</b></dt> 2280 2281<dd>The recipient address localpart or <> in case of null address. </dd> 2282 2283<dt><b>$sender</b></dt> 2284 2285<dd>The sender address or <> in case of the null address. </dd> 2286 2287<dt><b>$sender_domain</b></dt> 2288 2289<dd>The sender domain or empty string. </dd> 2290 2291<dt><b>$sender_name</b></dt> 2292 2293<dd>The sender address localpart or <> in case of the null address. </dd> 2294 2295<dt><b>${name?text}</b></dt> 2296 2297<dd>Expands to `text' if $name is not empty. </dd> 2298 2299<dt><b>${name:text}</b></dt> 2300 2301<dd>Expands to `text' if $name is empty. </dd> 2302 2303</dl> 2304 2305<p> 2306Instead of $name you can also specify ${name} or $(name). 2307</p> 2308 2309<p> Note: when an enhanced status code is specified in an RBL reply 2310template, it is subject to modification. The following transformations 2311are needed when the same RBL reply template is used for client, 2312helo, sender, or recipient access restrictions. </p> 2313 2314<ul> 2315 2316<li> <p> When rejecting a sender address, the Postfix SMTP server 2317will transform a recipient DSN status (e.g., 4.1.1-4.1.6) into the 2318corresponding sender DSN status, and vice versa. </p> 2319 2320<li> <p> When rejecting non-address information (such as the HELO 2321command argument or the client hostname/address), the Postfix SMTP 2322server will transform a sender or recipient DSN status into a generic 2323non-address DSN status (e.g., 4.0.0). </p> 2324 2325</ul> 2326 2327 2328</DD> 2329 2330<DT><b><a name="default_recipient_limit">default_recipient_limit</a> 2331(default: 20000)</b></DT><DD> 2332 2333<p> 2334The default per-transport upper limit on the number of in-memory 2335recipients. These limits take priority over the global 2336<a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> after the message has been assigned 2337to the respective transports. See also <a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a> 2338and <a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a>. 2339</p> 2340 2341<p> Use <a href="postconf.5.html#transport_recipient_limit"><i>transport</i>_recipient_limit</a> to specify a 2342transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2343name of the message delivery transport. 2344</p> 2345 2346 2347</DD> 2348 2349<DT><b><a name="default_recipient_refill_delay">default_recipient_refill_delay</a> 2350(default: 5s)</b></DT><DD> 2351 2352<p> 2353The default per-transport maximum delay between recipients refills. 2354When not all message recipients fit into the memory at once, keep loading 2355more of them at least once every this many seconds. This is used to 2356make sure the recipients are refilled in timely manner even when 2357$<a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a> is too high for too slow deliveries. 2358</p> 2359 2360<p> Use <a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a> to specify a 2361transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2362name of the message delivery transport. 2363</p> 2364 2365<p> This feature is available in Postfix 2.4 and later. </p> 2366 2367 2368</DD> 2369 2370<DT><b><a name="default_recipient_refill_limit">default_recipient_refill_limit</a> 2371(default: 100)</b></DT><DD> 2372 2373<p> 2374The default per-transport limit on the number of recipients refilled at 2375once. When not all message recipients fit into the memory at once, keep 2376loading more of them in batches of at least this many at a time. See also 2377$<a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>, which may result in recipient batches 2378lower than this when this limit is too high for too slow deliveries. 2379</p> 2380 2381<p> Use <a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a> to specify a 2382transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 2383name of the message delivery transport. 2384</p> 2385 2386<p> This feature is available in Postfix 2.4 and later. </p> 2387 2388 2389</DD> 2390 2391<DT><b><a name="default_transport">default_transport</a> 2392(default: smtp)</b></DT><DD> 2393 2394<p> 2395The default mail delivery transport and next-hop destination for 2396destinations that do not match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, 2397$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, 2398or $<a href="postconf.5.html#relay_domains">relay_domains</a>. This information can be overruled with the 2399<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter and with the 2400<a href="transport.5.html">transport(5)</a> table. </p> 2401 2402<p> 2403In order of decreasing precedence, the nexthop destination is taken 2404from $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, $<a href="postconf.5.html#default_transport">default_transport</a>, 2405$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>, or from the recipient 2406domain. 2407</p> 2408 2409<p> 2410Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 2411is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>. 2412The <i>:nexthop</i> destination is optional; its syntax is documented 2413in the manual page of the corresponding delivery agent. 2414</p> 2415 2416<p> 2417Example: 2418</p> 2419 2420<pre> 2421<a href="postconf.5.html#default_transport">default_transport</a> = uucp:relayhostname 2422</pre> 2423 2424 2425</DD> 2426 2427<DT><b><a name="default_verp_delimiters">default_verp_delimiters</a> 2428(default: +=)</b></DT><DD> 2429 2430<p> The two default VERP delimiter characters. These are used when 2431no explicit delimiters are specified with the SMTP XVERP command 2432or with the "<b>sendmail -V</b>" command-line option. Specify 2433characters that are allowed by the <a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> setting. 2434</p> 2435 2436<p> 2437This feature is available in Postfix 1.1 and later. 2438</p> 2439 2440 2441</DD> 2442 2443<DT><b><a name="defer_code">defer_code</a> 2444(default: 450)</b></DT><DD> 2445 2446<p> 2447The numerical Postfix SMTP server response code when a remote SMTP 2448client request is rejected by the "defer" restriction. 2449</p> 2450 2451<p> 2452Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 2453</p> 2454 2455 2456</DD> 2457 2458<DT><b><a name="defer_service_name">defer_service_name</a> 2459(default: defer)</b></DT><DD> 2460 2461<p> 2462The name of the defer service. This service is implemented by the 2463<a href="bounce.8.html">bounce(8)</a> daemon and maintains a record 2464of failed delivery attempts and generates non-delivery notifications. 2465</p> 2466 2467<p> 2468This feature is available in Postfix 2.0 and later. 2469</p> 2470 2471 2472</DD> 2473 2474<DT><b><a name="defer_transports">defer_transports</a> 2475(default: empty)</b></DT><DD> 2476 2477<p> 2478The names of message delivery transports that should not deliver mail 2479unless someone issues "<b>sendmail -q</b>" or equivalent. Specify zero 2480or more names of mail delivery transports names that appear in the 2481first field of <a href="master.5.html">master.cf</a>. 2482</p> 2483 2484<p> 2485Example: 2486</p> 2487 2488<pre> 2489<a href="postconf.5.html#defer_transports">defer_transports</a> = smtp 2490</pre> 2491 2492 2493</DD> 2494 2495<DT><b><a name="delay_logging_resolution_limit">delay_logging_resolution_limit</a> 2496(default: 2)</b></DT><DD> 2497 2498<p> The maximal number of digits after the decimal point when logging 2499sub-second delay values. Specify a number in the range 0..6. </p> 2500 2501<p> Large delay values are rounded off to an integral number seconds; 2502delay values below the <a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> are logged 2503as "0", and small delay values are logged with at most two-digit 2504precision. </p> 2505 2506<p> The format of the "delays=a/b/c/d" logging is as follows: </p> 2507 2508<ul> 2509 2510<li> a = time from message arrival to last <a href="QSHAPE_README.html#active_queue">active queue</a> entry 2511 2512<li> b = time from last <a href="QSHAPE_README.html#active_queue">active queue</a> entry to connection setup 2513 2514<li> c = time in connection setup, including DNS, EHLO and STARTTLS 2515 2516<li> d = time in message transmission 2517 2518</ul> 2519 2520<p> This feature is available in Postfix 2.3 and later. </p> 2521 2522 2523</DD> 2524 2525<DT><b><a name="delay_notice_recipient">delay_notice_recipient</a> 2526(default: postmaster)</b></DT><DD> 2527 2528<p> 2529The recipient of postmaster notifications with the message headers 2530of mail that cannot be delivered within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a> time 2531units. </p> 2532 2533<p> 2534See also: <a href="postconf.5.html#delay_warning_time">delay_warning_time</a>, <a href="postconf.5.html#notify_classes">notify_classes</a>. 2535</p> 2536 2537 2538</DD> 2539 2540<DT><b><a name="delay_warning_time">delay_warning_time</a> 2541(default: 0h)</b></DT><DD> 2542 2543<p> 2544The time after which the sender receives a copy of the message 2545headers of mail that is still queued. 2546</p> 2547 2548<p> 2549To enable this feature, specify a non-zero time value (an integral 2550value plus an optional one-letter suffix that specifies the time 2551unit). 2552</p> 2553 2554<p> 2555Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2556The default time unit is h (hours). 2557</p> 2558 2559<p> 2560See also: <a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a>, <a href="postconf.5.html#notify_classes">notify_classes</a>. 2561</p> 2562 2563 2564</DD> 2565 2566<DT><b><a name="deliver_lock_attempts">deliver_lock_attempts</a> 2567(default: 20)</b></DT><DD> 2568 2569<p> 2570The maximal number of attempts to acquire an exclusive lock on a 2571mailbox file or <a href="bounce.8.html">bounce(8)</a> logfile. 2572</p> 2573 2574 2575</DD> 2576 2577<DT><b><a name="deliver_lock_delay">deliver_lock_delay</a> 2578(default: 1s)</b></DT><DD> 2579 2580<p> 2581The time between attempts to acquire an exclusive lock on a mailbox 2582file or <a href="bounce.8.html">bounce(8)</a> logfile. 2583</p> 2584 2585<p> 2586Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 2587The default time unit is s (seconds). 2588</p> 2589 2590 2591</DD> 2592 2593<DT><b><a name="destination_concurrency_feedback_debug">destination_concurrency_feedback_debug</a> 2594(default: no)</b></DT><DD> 2595 2596<p> Make the queue manager's feedback algorithm verbose for performance 2597analysis purposes. </p> 2598 2599<p> This feature is available in Postfix 2.5 and later. </p> 2600 2601 2602</DD> 2603 2604<DT><b><a name="detect_8bit_encoding_header">detect_8bit_encoding_header</a> 2605(default: yes)</b></DT><DD> 2606 2607<p> Automatically detect 8BITMIME body content by looking at 2608Content-Transfer-Encoding: message headers; historically, this 2609behavior was hard-coded to be "always on". </p> 2610 2611<p> This feature is available in Postfix 2.5 and later. </p> 2612 2613 2614</DD> 2615 2616<DT><b><a name="disable_dns_lookups">disable_dns_lookups</a> 2617(default: no)</b></DT><DD> 2618 2619<p> 2620Disable DNS lookups in the Postfix SMTP and LMTP clients. When 2621disabled, hosts are looked up with the getaddrinfo() system 2622library routine which normally also looks in /etc/hosts. As of 2623Postfix 2.11, this parameter is deprecated; use <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> 2624instead. 2625</p> 2626 2627<p> 2628DNS lookups are enabled by default. 2629</p> 2630 2631 2632</DD> 2633 2634<DT><b><a name="disable_mime_input_processing">disable_mime_input_processing</a> 2635(default: no)</b></DT><DD> 2636 2637<p> 2638Turn off MIME processing while receiving mail. This means that no 2639special treatment is given to Content-Type: message headers, and 2640that all text after the initial message headers is considered to 2641be part of the message body. 2642</p> 2643 2644<p> 2645This feature is available in Postfix 2.0 and later. 2646</p> 2647 2648<p> 2649Mime input processing is enabled by default, and is needed in order 2650to recognize MIME headers in message content. 2651</p> 2652 2653 2654</DD> 2655 2656<DT><b><a name="disable_mime_output_conversion">disable_mime_output_conversion</a> 2657(default: no)</b></DT><DD> 2658 2659<p> 2660Disable the conversion of 8BITMIME format to 7BIT format. Mime 2661output conversion is needed when the destination does not advertise 26628BITMIME support. 2663</p> 2664 2665<p> 2666This feature is available in Postfix 2.0 and later. 2667</p> 2668 2669 2670</DD> 2671 2672<DT><b><a name="disable_verp_bounces">disable_verp_bounces</a> 2673(default: no)</b></DT><DD> 2674 2675<p> 2676Disable sending one bounce report per recipient. 2677</p> 2678 2679<p> 2680The default, one per recipient, is what ezmlm needs. 2681</p> 2682 2683<p> 2684This feature is available in Postfix 1.1 and later. 2685</p> 2686 2687 2688</DD> 2689 2690<DT><b><a name="disable_vrfy_command">disable_vrfy_command</a> 2691(default: no)</b></DT><DD> 2692 2693<p> 2694Disable the SMTP VRFY command. This stops some techniques used to 2695harvest email addresses. 2696</p> 2697 2698<p> 2699Example: 2700</p> 2701 2702<pre> 2703<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> = no 2704</pre> 2705 2706 2707</DD> 2708 2709<DT><b><a name="dnsblog_reply_delay">dnsblog_reply_delay</a> 2710(default: 0s)</b></DT><DD> 2711 2712<p> A debugging aid to artificially delay DNS responses. </p> 2713 2714<p> This feature is available in Postfix 2.8. </p> 2715 2716 2717</DD> 2718 2719<DT><b><a name="dnsblog_service_name">dnsblog_service_name</a> 2720(default: dnsblog)</b></DT><DD> 2721 2722<p> The name of the <a href="dnsblog.8.html">dnsblog(8)</a> service entry in <a href="master.5.html">master.cf</a>. This 2723service performs DNS white/blacklist lookups. </p> 2724 2725<p> This feature is available in Postfix 2.8 and later. </p> 2726 2727 2728</DD> 2729 2730<DT><b><a name="dont_remove">dont_remove</a> 2731(default: 0)</b></DT><DD> 2732 2733<p> 2734Don't remove queue files and save them to the "saved" mail queue. 2735This is a debugging aid. To inspect the envelope information and 2736content of a Postfix queue file, use the <a href="postcat.1.html">postcat(1)</a> command. 2737</p> 2738 2739 2740</DD> 2741 2742<DT><b><a name="double_bounce_sender">double_bounce_sender</a> 2743(default: double-bounce)</b></DT><DD> 2744 2745<p> The sender address of postmaster notifications that are generated 2746by the mail system. All mail to this address is silently discarded, 2747in order to terminate mail bounce loops. </p> 2748 2749 2750</DD> 2751 2752<DT><b><a name="duplicate_filter_limit">duplicate_filter_limit</a> 2753(default: 1000)</b></DT><DD> 2754 2755<p> The maximal number of addresses remembered by the address 2756duplicate filter for <a href="aliases.5.html">aliases(5)</a> or <a href="virtual.5.html">virtual(5)</a> alias expansion, or 2757for <a href="showq.8.html">showq(8)</a> queue displays. </p> 2758 2759 2760</DD> 2761 2762<DT><b><a name="empty_address_default_transport_maps_lookup_key">empty_address_default_transport_maps_lookup_key</a> 2763(default: <>)</b></DT><DD> 2764 2765<p> The <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> search string that 2766will be used instead of the null sender address. </p> 2767 2768<p> This feature is available in Postfix 2.7 and later. </p> 2769 2770 2771</DD> 2772 2773<DT><b><a name="empty_address_recipient">empty_address_recipient</a> 2774(default: MAILER-DAEMON)</b></DT><DD> 2775 2776<p> 2777The recipient of mail addressed to the null address. Postfix does 2778not accept such addresses in SMTP commands, but they may still be 2779created locally as the result of configuration or software error. 2780</p> 2781 2782 2783</DD> 2784 2785<DT><b><a name="empty_address_relayhost_maps_lookup_key">empty_address_relayhost_maps_lookup_key</a> 2786(default: <>)</b></DT><DD> 2787 2788<p> The <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> search string that will be 2789used instead of the null sender address. </p> 2790 2791<p> This feature is available in Postfix 2.5 and later. With 2792earlier versions, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> lookups were 2793skipped for the null sender address. </p> 2794 2795 2796</DD> 2797 2798<DT><b><a name="enable_errors_to">enable_errors_to</a> 2799(default: no)</b></DT><DD> 2800 2801<p> Report mail delivery errors to the address specified with the 2802non-standard Errors-To: message header, instead of the envelope 2803sender address (this feature is removed with Postfix version 2.2, is 2804turned off by default with Postfix version 2.1, and is always turned on 2805with older Postfix versions). </p> 2806 2807 2808</DD> 2809 2810<DT><b><a name="enable_long_queue_ids">enable_long_queue_ids</a> 2811(default: no)</b></DT><DD> 2812 2813<p> Enable long, non-repeating, queue IDs (queue file names). The 2814benefit of non-repeating names is simpler logfile analysis and 2815easier queue migration (there is no need to run "postsuper" to 2816change queue file names that don't match their message file inode 2817number). </p> 2818 2819<p> Note: see below for how to convert long queue file names to 2820Postfix ≤ 2.8. </p> 2821 2822<p> Changing the parameter value to "yes" has the following effects: 2823</p> 2824 2825<ul> 2826 2827<li> <p> Existing queue file names are not affected. </p> 2828 2829<li> <p> New queue files are created with names such as 3Pt2mN2VXxznjll. 2830These are encoded in a 52-character alphabet that contains digits 2831(0-9), upper-case letters (B-Z) and lower-case letters (b-z). For 2832safety reasons the vowels (AEIOUaeiou) are excluded from the alphabet. 2833The name format is: 6 or more characters for the time in seconds, 28344 characters for the time in microseconds, the 'z'; the remainder 2835is the file inode number encoded in the first 51 characters of the 283652-character alphabet. </p> 2837 2838<li> <p> New messages have a Message-ID header with 2839<i>queueID</i>@<i><a href="postconf.5.html#myhostname">myhostname</a></i>. </p> 2840 2841<li> <p> The mailq (postqueue -p) output has a wider Queue ID column. 2842The number of whitespace-separated fields is not changed. <p> 2843 2844<li> <p> The <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> algorithm uses the first characters 2845of the queue file creation time in microseconds, after conversion 2846into hexadecimal representation. This produces the same queue hashing 2847behavior as if the queue file name was created with "<a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> 2848= no". </p> 2849 2850</ul> 2851 2852<p> Changing the parameter value to "no" has the following effects: 2853</p> 2854 2855<ul> 2856 2857<li> <p> Existing long queue file names are renamed to the short 2858form (while running "postfix reload" or "postsuper"). </p> 2859 2860<li> <p> New queue files are created with names such as C3CD21F3E90 2861from a hexadecimal alphabet that contains digits (0-9) and upper-case 2862letters (A-F). The name format is: 5 characters for the time in 2863microseconds; the remainder is the file inode number. </p> 2864 2865<li> <p> New messages have a Message-ID header with 2866<i>YYYYMMDDHHMMSS.queueid</i>@<i><a href="postconf.5.html#myhostname">myhostname</a></i>, where 2867<i>YYYYMMDDHHMMSS</i> are the year, month, day, hour, minute and 2868second. 2869 2870<li> <p> The mailq (postqueue -p) output has the same format as 2871with Postfix ≤ 2.8. <p> 2872 2873<li> <p> The <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> algorithm uses the first characters 2874of the queue file name, with the hexadecimal representation of the 2875file creation time in microseconds. </p> 2876 2877</ul> 2878 2879<p> Before migration to Postfix ≤ 2.8, the following commands 2880are required to convert long queue file names into short names: </p> 2881 2882<pre> 2883# postfix stop 2884# postconf <a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a>=no 2885# postsuper 2886</pre> 2887 2888<p> Repeat the postsuper command until it reports no more queue file 2889name changes. </p> 2890 2891<p> This feature is available in Postfix 2.9 and later. </p> 2892 2893 2894</DD> 2895 2896<DT><b><a name="enable_original_recipient">enable_original_recipient</a> 2897(default: yes)</b></DT><DD> 2898 2899<p> Enable support for the X-Original-To message header. This header 2900is needed for multi-recipient mailboxes. </p> 2901 2902<p> When this parameter is set to yes, the <a href="cleanup.8.html">cleanup(8)</a> daemon performs 2903duplicate elimination on distinct pairs of (original recipient, 2904rewritten recipient), and generates non-empty original recipient 2905queue file records. </p> 2906 2907<p> When this parameter is set to no, the <a href="cleanup.8.html">cleanup(8)</a> daemon performs 2908duplicate elimination on the rewritten recipient address only, and 2909generates empty original recipient queue file records. </p> 2910 2911<p> This feature is available in Postfix 2.1 and later. With Postfix 2912version 2.0, support for the X-Original-To message header is always turned 2913on. Postfix versions before 2.0 have no support for the X-Original-To 2914message header. </p> 2915 2916 2917</DD> 2918 2919<DT><b><a name="error_notice_recipient">error_notice_recipient</a> 2920(default: postmaster)</b></DT><DD> 2921 2922<p> The recipient of postmaster notifications about mail delivery 2923problems that are caused by policy, resource, software or protocol 2924errors. These notifications are enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a> 2925parameter. </p> 2926 2927 2928</DD> 2929 2930<DT><b><a name="error_service_name">error_service_name</a> 2931(default: error)</b></DT><DD> 2932 2933<p> 2934The name of the <a href="error.8.html">error(8)</a> pseudo delivery agent. This service always 2935returns mail as undeliverable. 2936</p> 2937 2938<p> 2939This feature is available in Postfix 2.0 and later. 2940</p> 2941 2942 2943</DD> 2944 2945<DT><b><a name="execution_directory_expansion_filter">execution_directory_expansion_filter</a> 2946(default: see "postconf -d" output)</b></DT><DD> 2947 2948<p> Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows 2949in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>. Characters 2950outside the allowed set are replaced by underscores. </p> 2951 2952<p> This feature is available in Postfix 2.2 and later. </p> 2953 2954 2955</DD> 2956 2957<DT><b><a name="expand_owner_alias">expand_owner_alias</a> 2958(default: no)</b></DT><DD> 2959 2960<p> 2961When delivering to an alias "aliasname" that has an "owner-aliasname" 2962companion alias, set the envelope sender address to the expansion 2963of the "owner-aliasname" alias. Normally, Postfix sets the envelope 2964sender address to the name of the "owner-aliasname" alias. 2965</p> 2966 2967 2968</DD> 2969 2970<DT><b><a name="export_environment">export_environment</a> 2971(default: see "postconf -d" output)</b></DT><DD> 2972 2973<p> 2974The list of environment variables that a Postfix process will export 2975to non-Postfix processes. The TZ variable is needed for sane 2976time keeping on System-V-ish systems. 2977</p> 2978 2979<p> 2980Specify a list of names and/or name=value pairs, separated by 2981whitespace or comma. The name=value form is supported with 2982Postfix version 2.1 and later. 2983</p> 2984 2985<p> 2986Example: 2987</p> 2988 2989<pre> 2990<a href="postconf.5.html#export_environment">export_environment</a> = TZ PATH=/bin:/usr/bin 2991</pre> 2992 2993 2994</DD> 2995 2996<DT><b><a name="extract_recipient_limit">extract_recipient_limit</a> 2997(default: 10240)</b></DT><DD> 2998 2999<p> 3000The maximal number of recipient addresses that Postfix will extract 3001from message headers when mail is submitted with "<b>sendmail -t</b>". 3002</p> 3003 3004<p> 3005This feature was removed in Postfix version 2.1. 3006</p> 3007 3008 3009</DD> 3010 3011<DT><b><a name="fallback_relay">fallback_relay</a> 3012(default: empty)</b></DT><DD> 3013 3014<p> 3015Optional list of relay hosts for SMTP destinations that can't be 3016found or that are unreachable. With Postfix 2.3 this parameter 3017is renamed to <a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a>. </p> 3018 3019<p> 3020By default, mail is returned to the sender when a destination is 3021not found, and delivery is deferred when a destination is unreachable. 3022</p> 3023 3024<p> The fallback relays must be SMTP destinations. Specify a domain, 3025host, host:port, [host]:port, [address] or [address]:port; the form 3026[host] turns off MX lookups. If you specify multiple SMTP 3027destinations, Postfix will try them in the specified order. </p> 3028 3029<p> Note: before Postfix 2.2, do not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature 3030when relaying mail 3031for a backup or primary MX domain. Mail would loop between the 3032Postfix MX host and the <a href="postconf.5.html#fallback_relay">fallback_relay</a> host when the final destination 3033is unavailable. </p> 3034 3035<ul> 3036 3037<li> In <a href="postconf.5.html">main.cf</a> specify "<a href="postconf.5.html#relay_transport">relay_transport</a> = relay", 3038 3039<li> In <a href="master.5.html">master.cf</a> specify "-o <a href="postconf.5.html#fallback_relay">fallback_relay</a> =" (i.e., empty) at 3040the end of the <tt>relay</tt> entry. 3041 3042<li> In transport maps, specify "relay:<i>nexthop...</i>" 3043as the right-hand side for backup or primary MX domain entries. 3044 3045</ul> 3046 3047<p> Postfix version 2.2 and later will not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature 3048for destinations that it is MX host for. 3049</p> 3050 3051 3052</DD> 3053 3054<DT><b><a name="fallback_transport">fallback_transport</a> 3055(default: empty)</b></DT><DD> 3056 3057<p> 3058Optional message delivery transport that the <a href="local.8.html">local(8)</a> delivery 3059agent should use for names that are not found in the <a href="aliases.5.html">aliases(5)</a> 3060or UNIX password database. 3061</p> 3062 3063<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 3064is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 3065<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 3066<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 3067 3068 3069</DD> 3070 3071<DT><b><a name="fallback_transport_maps">fallback_transport_maps</a> 3072(default: empty)</b></DT><DD> 3073 3074<p> Optional lookup tables with per-recipient message delivery 3075transports for recipients that the <a href="local.8.html">local(8)</a> delivery agent could 3076not find in the <a href="aliases.5.html">aliases(5)</a> or UNIX password database. </p> 3077 3078<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 3079is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 3080<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 3081<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 3082 3083<p> For safety reasons, this feature does not allow $number 3084substitutions in regular expression maps. </p> 3085 3086<p> This feature is available in Postfix 2.3 and later. </p> 3087 3088 3089</DD> 3090 3091<DT><b><a name="fast_flush_domains">fast_flush_domains</a> 3092(default: $<a href="postconf.5.html#relay_domains">relay_domains</a>)</b></DT><DD> 3093 3094<p> 3095Optional list of destinations that are eligible for per-destination 3096logfiles with mail that is queued to those destinations. 3097</p> 3098 3099<p> 3100By default, Postfix maintains "fast flush" logfiles only for 3101destinations that the Postfix SMTP server is willing to relay to 3102(i.e. the default is: "<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> = $<a href="postconf.5.html#relay_domains">relay_domains</a>"; see 3103the <a href="postconf.5.html#relay_domains">relay_domains</a> parameter in the <a href="postconf.5.html">postconf(5)</a> manual). 3104</p> 3105 3106<p> Specify a list of hosts or domains, "/file/name" patterns or 3107"<a href="DATABASE_README.html">type:table</a>" lookup tables, separated by commas and/or whitespace. 3108Continue long lines by starting the next line with whitespace. A 3109"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" 3110lookup table is matched when the domain or its parent domain appears 3111as lookup key. </p> 3112 3113<p> 3114Specify "<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> =" (i.e., empty) to disable the feature 3115altogether. 3116</p> 3117 3118 3119</DD> 3120 3121<DT><b><a name="fast_flush_purge_time">fast_flush_purge_time</a> 3122(default: 7d)</b></DT><DD> 3123 3124<p> 3125The time after which an empty per-destination "fast flush" logfile 3126is deleted. 3127</p> 3128 3129<p> 3130You can specify the time as a number, or as a number followed by 3131a letter that indicates the time unit: s=seconds, m=minutes, h=hours, 3132d=days, w=weeks. The default time unit is days. 3133</p> 3134 3135 3136</DD> 3137 3138<DT><b><a name="fast_flush_refresh_time">fast_flush_refresh_time</a> 3139(default: 12h)</b></DT><DD> 3140 3141<p> 3142The time after which a non-empty but unread per-destination "fast 3143flush" logfile needs to be refreshed. The contents of a logfile 3144are refreshed by requesting delivery of all messages listed in the 3145logfile. 3146</p> 3147 3148<p> 3149You can specify the time as a number, or as a number followed by 3150a letter that indicates the time unit: s=seconds, m=minutes, h=hours, 3151d=days, w=weeks. The default time unit is hours. 3152</p> 3153 3154 3155</DD> 3156 3157<DT><b><a name="fault_injection_code">fault_injection_code</a> 3158(default: 0)</b></DT><DD> 3159 3160<p> 3161Force specific internal tests to fail, to test the handling of 3162errors that are difficult to reproduce otherwise. 3163</p> 3164 3165 3166</DD> 3167 3168<DT><b><a name="flush_service_name">flush_service_name</a> 3169(default: flush)</b></DT><DD> 3170 3171<p> 3172The name of the <a href="flush.8.html">flush(8)</a> service. This service maintains per-destination 3173logfiles with the queue file names of mail that is queued for those 3174destinations. 3175</p> 3176 3177<p> 3178This feature is available in Postfix 2.0 and later. 3179</p> 3180 3181 3182</DD> 3183 3184<DT><b><a name="fork_attempts">fork_attempts</a> 3185(default: 5)</b></DT><DD> 3186 3187<p> The maximal number of attempts to fork() a child process. </p> 3188 3189 3190</DD> 3191 3192<DT><b><a name="fork_delay">fork_delay</a> 3193(default: 1s)</b></DT><DD> 3194 3195<p> The delay between attempts to fork() a child process. </p> 3196 3197<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 3198(weeks). The default time unit is s (seconds). </p> 3199 3200 3201</DD> 3202 3203<DT><b><a name="forward_expansion_filter">forward_expansion_filter</a> 3204(default: see "postconf -d" output)</b></DT><DD> 3205 3206<p> 3207Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows in 3208$name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>. Characters outside the 3209allowed set are replaced by underscores. 3210</p> 3211 3212 3213</DD> 3214 3215<DT><b><a name="forward_path">forward_path</a> 3216(default: see "postconf -d" output)</b></DT><DD> 3217 3218<p> The <a href="local.8.html">local(8)</a> delivery agent search list for finding a .forward 3219file with user-specified delivery methods. The first file that is 3220found is used. </p> 3221 3222<p> The following $name expansions are done on <a href="postconf.5.html#forward_path">forward_path</a> before 3223the search actually happens. The result of $name expansion is 3224filtered with the character set that is specified with the 3225<a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> parameter. </p> 3226 3227<dl> 3228 3229<dt><b>$user</b></dt> 3230 3231<dd>The recipient's username. </dd> 3232 3233<dt><b>$shell</b></dt> 3234 3235<dd>The recipient's login shell pathname. </dd> 3236 3237<dt><b>$home</b></dt> 3238 3239<dd>The recipient's home directory. </dd> 3240 3241<dt><b>$recipient</b></dt> 3242 3243<dd>The full recipient address. </dd> 3244 3245<dt><b>$extension</b></dt> 3246 3247<dd>The optional recipient address extension. </dd> 3248 3249<dt><b>$domain</b></dt> 3250 3251<dd>The recipient domain. </dd> 3252 3253<dt><b>$local</b></dt> 3254 3255<dd>The entire recipient localpart. </dd> 3256 3257<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt> 3258 3259<dd>The address extension delimiter that was found in the recipient 3260address (Postfix 2.11 and later), or the system-wide recipient 3261address extension delimiter (Postfix 2.10 and earlier). </dd> 3262 3263<dt><b>${name?value}</b></dt> 3264 3265<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd> 3266 3267<dt><b>${name:value}</b></dt> 3268 3269<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd> 3270 3271</dl> 3272 3273<p> 3274Instead of $name you can also specify ${name} or $(name). 3275</p> 3276 3277<p> 3278Examples: 3279</p> 3280 3281<pre> 3282<a href="postconf.5.html#forward_path">forward_path</a> = /var/forward/$user 3283<a href="postconf.5.html#forward_path">forward_path</a> = 3284 /var/forward/$user/.forward$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>$extension, 3285 /var/forward/$user/.forward 3286</pre> 3287 3288 3289</DD> 3290 3291<DT><b><a name="frozen_delivered_to">frozen_delivered_to</a> 3292(default: yes)</b></DT><DD> 3293 3294<p> Update the <a href="local.8.html">local(8)</a> delivery agent's idea of the Delivered-To: 3295address (see <a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a>) only once, at the start of 3296a delivery attempt; do not update the Delivered-To: address while 3297expanding aliases or .forward files. </p> 3298 3299<p> This feature is available in Postfix 2.3 and later. With older 3300Postfix releases, the behavior is as if this parameter is set to 3301"no". The old setting can be expensive with deeply nested aliases 3302or .forward files. When an alias or .forward file changes the 3303Delivered-To: address, it ties up one queue file and one cleanup 3304process instance while mail is being forwarded. </p> 3305 3306 3307</DD> 3308 3309<DT><b><a name="hash_queue_depth">hash_queue_depth</a> 3310(default: 1)</b></DT><DD> 3311 3312<p> 3313The number of subdirectory levels for queue directories listed with 3314the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> parameter. Queue hashing is implemented by 3315creating one or more levels of directories with one-character names. 3316Originally, these directory names were equal to the first characters 3317of the queue file name, with the hexadecimal representation of the 3318file creation time in microseconds. </p> 3319 3320<p> With long queue file names, queue hashing produces the same 3321results as with short names. The file creation time in microseconds 3322is converted into hexadecimal form before the result is used for 3323queue hashing. The base 16 encoding gives finer control over the 3324number of subdirectories than is possible with the base 52 encoding 3325of long queue file names. </p> 3326 3327<p> 3328After changing the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> or <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> parameter, 3329execute the command "<b>postfix reload</b>". 3330</p> 3331 3332 3333</DD> 3334 3335<DT><b><a name="hash_queue_names">hash_queue_names</a> 3336(default: deferred, defer)</b></DT><DD> 3337 3338<p> 3339The names of queue directories that are split across multiple 3340subdirectory levels. 3341</p> 3342 3343<p> Before Postfix version 2.2, the default list of hashed queues 3344was significantly larger. Claims about improvements in file system 3345technology suggest that hashing of the <a href="QSHAPE_README.html#incoming_queue">incoming</a> and <a href="QSHAPE_README.html#active_queue">active queues</a> 3346is no longer needed. Fewer hashed directories speed up the time 3347needed to restart Postfix. </p> 3348 3349<p> 3350After changing the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> or <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> parameter, 3351execute the command "<b>postfix reload</b>". 3352</p> 3353 3354 3355</DD> 3356 3357<DT><b><a name="header_address_token_limit">header_address_token_limit</a> 3358(default: 10240)</b></DT><DD> 3359 3360<p> 3361The maximal number of address tokens are allowed in an address 3362message header. Information that exceeds the limit is discarded. 3363The limit is enforced by the <a href="cleanup.8.html">cleanup(8)</a> server. 3364</p> 3365 3366 3367</DD> 3368 3369<DT><b><a name="header_checks">header_checks</a> 3370(default: empty)</b></DT><DD> 3371 3372<p> 3373Optional lookup tables for content inspection of primary non-MIME 3374message headers, as specified in the <a href="header_checks.5.html">header_checks(5)</a> manual page. 3375</p> 3376 3377 3378</DD> 3379 3380<DT><b><a name="header_size_limit">header_size_limit</a> 3381(default: 102400)</b></DT><DD> 3382 3383<p> 3384The maximal amount of memory in bytes for storing a message header. 3385If a header is larger, the excess is discarded. The limit is 3386enforced by the <a href="cleanup.8.html">cleanup(8)</a> server. 3387</p> 3388 3389 3390</DD> 3391 3392<DT><b><a name="helpful_warnings">helpful_warnings</a> 3393(default: yes)</b></DT><DD> 3394 3395<p> 3396Log warnings about problematic configuration settings, and provide 3397helpful suggestions. 3398</p> 3399 3400<p> 3401This feature is available in Postfix 2.0 and later. 3402</p> 3403 3404 3405</DD> 3406 3407<DT><b><a name="home_mailbox">home_mailbox</a> 3408(default: empty)</b></DT><DD> 3409 3410<p> 3411Optional pathname of a mailbox file relative to a <a href="local.8.html">local(8)</a> user's 3412home directory. 3413</p> 3414 3415<p> 3416Specify a pathname ending in "/" for qmail-style delivery. 3417</p> 3418 3419<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 3420is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 3421<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 3422<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 3423 3424<p> 3425Examples: 3426</p> 3427 3428<pre> 3429<a href="postconf.5.html#home_mailbox">home_mailbox</a> = Mailbox 3430<a href="postconf.5.html#home_mailbox">home_mailbox</a> = Maildir/ 3431</pre> 3432 3433 3434</DD> 3435 3436<DT><b><a name="hopcount_limit">hopcount_limit</a> 3437(default: 50)</b></DT><DD> 3438 3439<p> 3440The maximal number of Received: message headers that is allowed 3441in the primary message headers. A message that exceeds the limit 3442is bounced, in order to stop a mailer loop. 3443</p> 3444 3445 3446</DD> 3447 3448<DT><b><a name="html_directory">html_directory</a> 3449(default: see "postconf -d" output)</b></DT><DD> 3450 3451<p> 3452The location of Postfix HTML files that describe how to build, 3453configure or operate a specific Postfix subsystem or feature. 3454</p> 3455 3456 3457</DD> 3458 3459<DT><b><a name="ignore_mx_lookup_error">ignore_mx_lookup_error</a> 3460(default: no)</b></DT><DD> 3461 3462<p> Ignore DNS MX lookups that produce no response. By default, 3463the Postfix SMTP client defers delivery and tries again after some 3464delay. This behavior is required by the SMTP standard. </p> 3465 3466<p> 3467Specify "<a href="postconf.5.html#ignore_mx_lookup_error">ignore_mx_lookup_error</a> = yes" to force a DNS A record 3468lookup instead. This violates the SMTP standard and can result in 3469mis-delivery of mail. 3470</p> 3471 3472 3473</DD> 3474 3475<DT><b><a name="import_environment">import_environment</a> 3476(default: see "postconf -d" output)</b></DT><DD> 3477 3478<p> 3479The list of environment parameters that a Postfix process will 3480import from a non-Postfix parent process. Examples of relevant 3481parameters: 3482</p> 3483 3484<dl> 3485 3486<dt><b>TZ</b></dt> 3487 3488<dd>Needed for sane time keeping on most System-V-ish systems. </dd> 3489 3490<dt><b>DISPLAY</b></dt> 3491 3492<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd> 3493 3494<dt><b>XAUTHORITY</b></dt> 3495 3496<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd> 3497 3498<dt><b>MAIL_CONFIG</b></dt> 3499 3500<dd>Needed to make "<b>postfix -c</b>" work. </dd> 3501 3502</dl> 3503 3504<p> Specify a list of names and/or name=value pairs, separated by 3505whitespace or comma. The name=value form is supported with 3506Postfix version 2.1 and later. </p> 3507 3508 3509</DD> 3510 3511<DT><b><a name="in_flow_delay">in_flow_delay</a> 3512(default: 1s)</b></DT><DD> 3513 3514<p> Time to pause before accepting a new message, when the message 3515arrival rate exceeds the message delivery rate. This feature is 3516turned on by default (it's disabled on SCO UNIX due to an SCO bug). 3517</p> 3518 3519<p> 3520With the default 100 Postfix SMTP server process limit, "<a href="postconf.5.html#in_flow_delay">in_flow_delay</a> 3521= 1s" limits the mail inflow to 100 messages per second above the 3522number of messages delivered per second. 3523</p> 3524 3525<p> 3526Specify 0 to disable the feature. Valid delays are 0..10. 3527</p> 3528 3529 3530</DD> 3531 3532<DT><b><a name="inet_interfaces">inet_interfaces</a> 3533(default: all)</b></DT><DD> 3534 3535<p> The network interface addresses that this mail system receives 3536mail on. Specify "all" to receive mail on all network 3537interfaces (default), and "loopback-only" to receive mail 3538on loopback network interfaces only (Postfix version 2.2 and later). The 3539parameter also controls delivery of mail to <tt>user@[ip.address]</tt>. 3540</p> 3541 3542<p> 3543Note 1: you need to stop and start Postfix when this parameter changes. 3544</p> 3545 3546<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 3547but this form is not required here. </p> 3548 3549<p> When <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies just one IPv4 and/or IPv6 address 3550that is not a loopback address, the Postfix SMTP client will use 3551this address as the IP source address for outbound mail. Support 3552for IPv6 is available in Postfix version 2.2 and later. </p> 3553 3554<p> 3555On a multi-homed firewall with separate Postfix instances listening on the 3556"inside" and "outside" interfaces, this can prevent each instance from 3557being able to reach remote SMTP servers on the "other side" of the 3558firewall. Setting 3559<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> to 0.0.0.0 avoids the potential problem for 3560IPv4, and setting <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> to :: solves the problem 3561for IPv6. </p> 3562 3563<p> 3564A better solution for multi-homed firewalls is to leave <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 3565at the default value and instead use explicit IP addresses in 3566the <a href="master.5.html">master.cf</a> SMTP server definitions. This preserves the Postfix 3567SMTP client's 3568loop detection, by ensuring that each side of the firewall knows that the 3569other IP address is still the same host. Setting $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> to a 3570single IPv4 and/or IPV6 address is primarily useful with virtual 3571hosting of domains on 3572secondary IP addresses, when each IP address serves a different domain 3573(and has a different $<a href="postconf.5.html#myhostname">myhostname</a> setting). </p> 3574 3575<p> 3576See also the <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> parameter, for network addresses that 3577are forwarded to Postfix by way of a proxy or address translator. 3578</p> 3579 3580<p> 3581Examples: 3582</p> 3583 3584<pre> 3585<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = all (DEFAULT) 3586<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only (Postfix version 2.2 and later) 3587<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1 3588<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1, [::1] (Postfix version 2.2 and later) 3589<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 192.168.1.2, 127.0.0.1 3590</pre> 3591 3592 3593</DD> 3594 3595<DT><b><a name="inet_protocols">inet_protocols</a> 3596(default: all)</b></DT><DD> 3597 3598<p> The Internet protocols Postfix will attempt to use when making 3599or accepting connections. Specify one or more of "ipv4" 3600or "ipv6", separated by whitespace or commas. The form 3601"all" is equivalent to "ipv4, ipv6" or "ipv4", depending 3602on whether the operating system implements IPv6. </p> 3603 3604<p> With Postfix 2.8 and earlier the default is "ipv4". For backwards 3605compatibility with these releases, the Postfix 2.9 and later upgrade 3606procedure appends an explicit "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4" setting to 3607<a href="postconf.5.html">main.cf</a> when no explicit setting is present. This compatibility 3608workaround will be phased out as IPv6 deployment becomes more common. 3609</p> 3610 3611<p> This feature is available in Postfix 2.2 and later. </p> 3612 3613<p> Note: you MUST stop and start Postfix after changing this 3614parameter. </p> 3615 3616<p> On systems that pre-date IPV6_V6ONLY support (<a href="http://tools.ietf.org/html/rfc3493">RFC 3493</a>), an 3617IPv6 server will also accept IPv4 connections, even when IPv4 is 3618turned off with the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter. On systems with 3619IPV6_V6ONLY support, Postfix will use separate server sockets for 3620IPv6 and IPv4, and each will accept only connections for the 3621corresponding protocol. </p> 3622 3623<p> When IPv4 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter, 3624Postfix will look up DNS type A records, and will convert 3625IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original 3626IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date 3627IPV6_V6ONLY support (<a href="http://tools.ietf.org/html/rfc3493">RFC 3493</a>). </p> 3628 3629<p> When IPv6 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter, 3630Postfix will do DNS type AAAA record lookups. </p> 3631 3632<p> When both IPv4 and IPv6 support are enabled, the Postfix SMTP 3633client will choose the protocol as specified with the 3634<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> parameter. Postfix versions before 2.8 3635attempt to connect via IPv6 before attempting to use IPv4. </p> 3636 3637<p> 3638Examples: 3639</p> 3640 3641<pre> 3642<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4 3643<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all (DEFAULT) 3644<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6 3645<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6 3646</pre> 3647 3648 3649</DD> 3650 3651<DT><b><a name="initial_destination_concurrency">initial_destination_concurrency</a> 3652(default: 5)</b></DT><DD> 3653 3654<p> 3655The initial per-destination concurrency level for parallel delivery 3656to the same destination. 3657With per-destination recipient limit > 1, a destination is a domain, 3658otherwise it is a recipient. 3659</p> 3660 3661<p> Use <a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> to specify 3662a transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 3663name of the message delivery transport (Postfix 2.5 and later). </p> 3664 3665<p> 3666Warning: with concurrency of 1, one bad message can be enough to 3667block all mail to a site. 3668</p> 3669 3670 3671</DD> 3672 3673<DT><b><a name="internal_mail_filter_classes">internal_mail_filter_classes</a> 3674(default: empty)</b></DT><DD> 3675 3676<p> What categories of Postfix-generated mail are subject to 3677before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> 3678and <a href="postconf.5.html#body_checks">body_checks</a>. Specify zero or more of the following, separated 3679by whitespace or comma. </p> 3680 3681<dl> 3682 3683<dt><b>bounce</b></dt> <dd> Inspect the content of delivery 3684status notifications. </dd> 3685 3686<dt><b>notify</b></dt> <dd> Inspect the content of postmaster 3687notifications by the <a href="smtp.8.html">smtp(8)</a> and <a href="smtpd.8.html">smtpd(8)</a> processes. </dd> 3688 3689</dl> 3690 3691<p> NOTE: It's generally not safe to enable content inspection of 3692Postfix-generated email messages. The user is warned. </p> 3693 3694<p> This feature is available in Postfix 2.3 and later. </p> 3695 3696 3697</DD> 3698 3699<DT><b><a name="invalid_hostname_reject_code">invalid_hostname_reject_code</a> 3700(default: 501)</b></DT><DD> 3701 3702<p> 3703The numerical Postfix SMTP server response code when the client 3704HELO or EHLO command parameter is rejected by the <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> 3705restriction. 3706</p> 3707 3708<p> 3709Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 3710</p> 3711 3712 3713</DD> 3714 3715<DT><b><a name="ipc_idle">ipc_idle</a> 3716(default: version dependent)</b></DT><DD> 3717 3718<p> 3719The time after which a client closes an idle internal communication 3720channel. The purpose is to allow Postfix daemon processes to 3721terminate voluntarily after they become idle. This is used, for 3722example, by the Postfix address resolving and rewriting clients. 3723</p> 3724 3725<p> With Postfix 2.4 the default value was reduced from 100s to 5s. </p> 3726 3727<p> 3728Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3729The default time unit is s (seconds). 3730</p> 3731 3732 3733</DD> 3734 3735<DT><b><a name="ipc_timeout">ipc_timeout</a> 3736(default: 3600s)</b></DT><DD> 3737 3738<p> 3739The time limit for sending or receiving information over an internal 3740communication channel. The purpose is to break out of deadlock 3741situations. If the time limit is exceeded the software aborts with a 3742fatal error. 3743</p> 3744 3745<p> 3746Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3747The default time unit is s (seconds). 3748</p> 3749 3750 3751</DD> 3752 3753<DT><b><a name="ipc_ttl">ipc_ttl</a> 3754(default: 1000s)</b></DT><DD> 3755 3756<p> 3757The time after which a client closes an active internal communication 3758channel. The purpose is to allow Postfix daemon processes to 3759terminate voluntarily 3760after reaching their client limit. This is used, for example, by 3761the Postfix address resolving and rewriting clients. 3762</p> 3763 3764<p> 3765Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3766The default time unit is s (seconds). 3767</p> 3768 3769<p> 3770This feature is available in Postfix 2.1 and later. 3771</p> 3772 3773 3774</DD> 3775 3776<DT><b><a name="line_length_limit">line_length_limit</a> 3777(default: 2048)</b></DT><DD> 3778 3779<p> Upon input, long lines are chopped up into pieces of at most 3780this length; upon delivery, long lines are reconstructed. </p> 3781 3782 3783</DD> 3784 3785<DT><b><a name="lmdb_map_size">lmdb_map_size</a> 3786(default: 16777216)</b></DT><DD> 3787 3788<p> 3789The initial OpenLDAP LMDB database size limit in bytes. Each time 3790a database becomes full, its size limit is doubled. 3791</p> 3792 3793<p> 3794This feature is available in Postfix 2.11 and later. 3795</p> 3796 3797 3798</DD> 3799 3800<DT><b><a name="lmtp_address_preference">lmtp_address_preference</a> 3801(default: ipv6)</b></DT><DD> 3802 3803<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> 3804configuration parameter. See there for details. </p> 3805 3806<p> This feature is available in Postfix 2.8 and later. </p> 3807 3808 3809</DD> 3810 3811<DT><b><a name="lmtp_assume_final">lmtp_assume_final</a> 3812(default: no)</b></DT><DD> 3813 3814<p> When a remote LMTP server announces no DSN support, assume that 3815the 3816server performs final delivery, and send "delivered" delivery status 3817notifications instead of "relayed". The default setting is backwards 3818compatible to avoid the infinitesimal possibility of breaking 3819existing LMTP-based content filters. </p> 3820 3821 3822</DD> 3823 3824<DT><b><a name="lmtp_bind_address">lmtp_bind_address</a> 3825(default: empty)</b></DT><DD> 3826 3827<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> configuration 3828parameter. See there for details. </p> 3829 3830<p> This feature is available in Postfix 2.3 and later. </p> 3831 3832 3833</DD> 3834 3835<DT><b><a name="lmtp_bind_address6">lmtp_bind_address6</a> 3836(default: empty)</b></DT><DD> 3837 3838<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> configuration 3839parameter. See there for details. </p> 3840 3841<p> This feature is available in Postfix 2.3 and later. </p> 3842 3843 3844</DD> 3845 3846<DT><b><a name="lmtp_body_checks">lmtp_body_checks</a> 3847(default: empty)</b></DT><DD> 3848 3849<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> configuration 3850parameter. See there for details. </p> 3851 3852<p> This feature is available in Postfix 2.5 and later. </p> 3853 3854 3855</DD> 3856 3857<DT><b><a name="lmtp_cache_connection">lmtp_cache_connection</a> 3858(default: yes)</b></DT><DD> 3859 3860<p> 3861Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a> 3862seconds. When the LMTP client receives a request for the same 3863connection the connection is reused. 3864</p> 3865 3866<p> This parameter is available in Postfix version 2.2 and earlier. 3867With Postfix version 2.3 and later, see <a href="postconf.5.html#lmtp_connection_cache_on_demand">lmtp_connection_cache_on_demand</a>, 3868<a href="postconf.5.html#lmtp_connection_cache_destinations">lmtp_connection_cache_destinations</a>, or <a href="postconf.5.html#lmtp_connection_reuse_time_limit">lmtp_connection_reuse_time_limit</a>. 3869</p> 3870 3871<p> 3872The effectiveness of cached connections will be determined by the 3873number of remote LMTP servers in use, and the concurrency limit specified 3874for the Postfix LMTP client. Cached connections are closed under any of 3875the following conditions: 3876</p> 3877 3878<ul> 3879 3880<li> The Postfix LMTP client idle time limit is reached. This limit is 3881specified with the Postfix <a href="postconf.5.html#max_idle">max_idle</a> configuration parameter. 3882 3883<li> A delivery request specifies a different destination than the 3884one currently cached. 3885 3886<li> The per-process limit on the number of delivery requests is 3887reached. This limit is specified with the Postfix <a href="postconf.5.html#max_use">max_use</a> 3888configuration parameter. 3889 3890<li> Upon the onset of another delivery request, the remote LMTP server 3891associated with the current session does not respond to the RSET 3892command. 3893 3894</ul> 3895 3896<p> 3897Most of these limitations have been with the Postfix 3898a connection cache that is shared among multiple LMTP client 3899programs. 3900</p> 3901 3902 3903</DD> 3904 3905<DT><b><a name="lmtp_cname_overrides_servername">lmtp_cname_overrides_servername</a> 3906(default: yes)</b></DT><DD> 3907 3908<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> 3909configuration parameter. See there for details. </p> 3910 3911<p> This feature is available in Postfix 2.3 and later. </p> 3912 3913 3914</DD> 3915 3916<DT><b><a name="lmtp_connect_timeout">lmtp_connect_timeout</a> 3917(default: 0s)</b></DT><DD> 3918 3919<p> The Postfix LMTP client time limit for completing a TCP connection, or 3920zero (use the operating system built-in time limit). When no 3921connection can be made within the deadline, the LMTP client tries 3922the next address on the mail exchanger list. </p> 3923 3924<p> 3925Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 3926The default time unit is s (seconds). 3927</p> 3928 3929<p> 3930Example: 3931</p> 3932 3933<pre> 3934<a href="postconf.5.html#lmtp_connect_timeout">lmtp_connect_timeout</a> = 30s 3935</pre> 3936 3937 3938</DD> 3939 3940<DT><b><a name="lmtp_connection_cache_destinations">lmtp_connection_cache_destinations</a> 3941(default: empty)</b></DT><DD> 3942 3943<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> 3944configuration parameter. See there for details. </p> 3945 3946<p> This feature is available in Postfix 2.3 and later. </p> 3947 3948 3949</DD> 3950 3951<DT><b><a name="lmtp_connection_cache_on_demand">lmtp_connection_cache_on_demand</a> 3952(default: yes)</b></DT><DD> 3953 3954<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> 3955configuration parameter. See there for details. </p> 3956 3957<p> This feature is available in Postfix 2.3 and later. </p> 3958 3959 3960</DD> 3961 3962<DT><b><a name="lmtp_connection_cache_time_limit">lmtp_connection_cache_time_limit</a> 3963(default: 2s)</b></DT><DD> 3964 3965<p> The LMTP-specific version of the 3966<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> configuration parameter. 3967See there for details. </p> 3968 3969<p> This feature is available in Postfix 2.3 and later. </p> 3970 3971 3972</DD> 3973 3974<DT><b><a name="lmtp_connection_reuse_count_limit">lmtp_connection_reuse_count_limit</a> 3975(default: 0)</b></DT><DD> 3976 3977<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> 3978configuration parameter. See there for details. </p> 3979 3980<p> This feature is available in Postfix 2.11 and later. </p> 3981 3982 3983</DD> 3984 3985<DT><b><a name="lmtp_connection_reuse_time_limit">lmtp_connection_reuse_time_limit</a> 3986(default: 300s)</b></DT><DD> 3987 3988<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> 3989configuration parameter. See there for details. </p> 3990 3991<p> This feature is available in Postfix 2.3 and later. </p> 3992 3993 3994</DD> 3995 3996<DT><b><a name="lmtp_data_done_timeout">lmtp_data_done_timeout</a> 3997(default: 600s)</b></DT><DD> 3998 3999<p> The Postfix LMTP client time limit for sending the LMTP ".", 4000and for receiving the remote LMTP server response. When no response 4001is received within the deadline, a warning is logged that the mail 4002may be delivered multiple times. </p> 4003 4004<p> 4005Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4006The default time unit is s (seconds). 4007</p> 4008 4009 4010</DD> 4011 4012<DT><b><a name="lmtp_data_init_timeout">lmtp_data_init_timeout</a> 4013(default: 120s)</b></DT><DD> 4014 4015<p> 4016The Postfix LMTP client time limit for sending the LMTP DATA command, 4017and 4018for receiving the remote LMTP server response. 4019</p> 4020 4021<p> 4022Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4023The default time unit is s (seconds). 4024</p> 4025 4026 4027</DD> 4028 4029<DT><b><a name="lmtp_data_xfer_timeout">lmtp_data_xfer_timeout</a> 4030(default: 180s)</b></DT><DD> 4031 4032<p> 4033The Postfix LMTP client time limit for sending the LMTP message 4034content. 4035When the connection stalls for more than $<a href="postconf.5.html#lmtp_data_xfer_timeout">lmtp_data_xfer_timeout</a> 4036the LMTP client terminates the transfer. 4037</p> 4038 4039<p> 4040Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4041The default time unit is s (seconds). 4042</p> 4043 4044 4045</DD> 4046 4047<DT><b><a name="lmtp_defer_if_no_mx_address_found">lmtp_defer_if_no_mx_address_found</a> 4048(default: no)</b></DT><DD> 4049 4050<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> 4051configuration parameter. See there for details. </p> 4052 4053<p> This feature is available in Postfix 2.3 and later. </p> 4054 4055 4056</DD> 4057 4058<DT><b><a name="lmtp_destination_concurrency_limit">lmtp_destination_concurrency_limit</a> 4059(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 4060 4061<p> The maximal number of parallel deliveries to the same destination 4062via the lmtp message delivery transport. This limit is enforced by 4063the queue manager. The message delivery transport name is the first 4064field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 4065 4066 4067</DD> 4068 4069<DT><b><a name="lmtp_destination_recipient_limit">lmtp_destination_recipient_limit</a> 4070(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 4071 4072<p> The maximal number of recipients per message for the lmtp 4073message delivery transport. This limit is enforced by the queue 4074manager. The message delivery transport name is the first field in 4075the entry in the <a href="master.5.html">master.cf</a> file. </p> 4076 4077<p> Setting this parameter to a value of 1 changes the meaning of 4078<a href="postconf.5.html#lmtp_destination_concurrency_limit">lmtp_destination_concurrency_limit</a> from concurrency per domain into 4079concurrency per recipient. </p> 4080 4081 4082</DD> 4083 4084<DT><b><a name="lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> 4085(default: empty)</b></DT><DD> 4086 4087<p> Lookup tables, indexed by the remote LMTP server address, with 4088case insensitive lists of LHLO keywords (pipelining, starttls, 4089auth, etc.) that the Postfix LMTP client will ignore in the LHLO 4090response 4091from a remote LMTP server. See <a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> for 4092details. The table is not indexed by hostname for consistency with 4093<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>. </p> 4094 4095<p> This feature is available in Postfix 2.3 and later. </p> 4096 4097 4098</DD> 4099 4100<DT><b><a name="lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> 4101(default: empty)</b></DT><DD> 4102 4103<p> A case insensitive list of LHLO keywords (pipelining, starttls, 4104auth, etc.) that the Postfix LMTP client will ignore in the LHLO 4105response 4106from a remote LMTP server. </p> 4107 4108<p> This feature is available in Postfix 2.3 and later. </p> 4109 4110<p> Notes: </p> 4111 4112<ul> 4113 4114<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 4115this action from being logged. </p> 4116 4117<li> <p> Use the <a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> feature to 4118discard LHLO keywords selectively. </p> 4119 4120</ul> 4121 4122 4123</DD> 4124 4125<DT><b><a name="lmtp_dns_resolver_options">lmtp_dns_resolver_options</a> 4126(default: empty)</b></DT><DD> 4127 4128<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a> 4129configuration parameter. See there for details. </p> 4130 4131<p> This feature is available in Postfix 2.8 and later. </p> 4132 4133 4134</DD> 4135 4136<DT><b><a name="lmtp_dns_support_level">lmtp_dns_support_level</a> 4137(default: empty)</b></DT><DD> 4138 4139<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> 4140configuration parameter. See there for details. </p> 4141 4142<p> This feature is available in Postfix 2.11 and later. </p> 4143 4144 4145</DD> 4146 4147<DT><b><a name="lmtp_enforce_tls">lmtp_enforce_tls</a> 4148(default: no)</b></DT><DD> 4149 4150<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> configuration 4151parameter. See there for details. </p> 4152 4153<p> This feature is available in Postfix 2.3 and later. </p> 4154 4155 4156</DD> 4157 4158<DT><b><a name="lmtp_generic_maps">lmtp_generic_maps</a> 4159(default: empty)</b></DT><DD> 4160 4161<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> configuration 4162parameter. See there for details. </p> 4163 4164<p> This feature is available in Postfix 2.3 and later. </p> 4165 4166 4167</DD> 4168 4169<DT><b><a name="lmtp_header_checks">lmtp_header_checks</a> 4170(default: empty)</b></DT><DD> 4171 4172<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> configuration 4173parameter. See there for details. </p> 4174 4175<p> This feature is available in Postfix 2.5 and later. </p> 4176 4177 4178</DD> 4179 4180<DT><b><a name="lmtp_host_lookup">lmtp_host_lookup</a> 4181(default: dns)</b></DT><DD> 4182 4183<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> configuration 4184parameter. See there for details. </p> 4185 4186<p> This feature is available in Postfix 2.3 and later. </p> 4187 4188 4189</DD> 4190 4191<DT><b><a name="lmtp_lhlo_name">lmtp_lhlo_name</a> 4192(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 4193 4194<p> 4195The hostname to send in the LMTP LHLO command. 4196</p> 4197 4198<p> 4199The default value is the machine hostname. Specify a hostname or 4200[ip.add.re.ss]. 4201</p> 4202 4203<p> 4204This information can be specified in the <a href="postconf.5.html">main.cf</a> file for all LMTP 4205clients, or it can be specified in the <a href="master.5.html">master.cf</a> file for a specific 4206client, for example: 4207</p> 4208 4209<blockquote> 4210<pre> 4211/etc/postfix/<a href="master.5.html">master.cf</a>: 4212 mylmtp ... lmtp -o <a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a>=foo.bar.com 4213</pre> 4214</blockquote> 4215 4216<p> 4217This feature is available in Postfix 2.3 and later. 4218</p> 4219 4220 4221</DD> 4222 4223<DT><b><a name="lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> 4224(default: 300s)</b></DT><DD> 4225 4226<p> The Postfix LMTP client time limit for sending the LHLO command, 4227and for receiving the initial remote LMTP server response. </p> 4228 4229<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 4230(weeks). The default time unit is s (seconds). </p> 4231 4232 4233</DD> 4234 4235<DT><b><a name="lmtp_line_length_limit">lmtp_line_length_limit</a> 4236(default: 990)</b></DT><DD> 4237 4238<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_line_length_limit">smtp_line_length_limit</a> 4239configuration parameter. See there for details. </p> 4240 4241<p> This feature is available in Postfix 2.3 and later. </p> 4242 4243 4244</DD> 4245 4246<DT><b><a name="lmtp_mail_timeout">lmtp_mail_timeout</a> 4247(default: 300s)</b></DT><DD> 4248 4249<p> 4250The Postfix LMTP client time limit for sending the MAIL FROM command, 4251and for receiving the remote LMTP server response. 4252</p> 4253 4254<p> 4255Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4256The default time unit is s (seconds). 4257</p> 4258 4259 4260</DD> 4261 4262<DT><b><a name="lmtp_mime_header_checks">lmtp_mime_header_checks</a> 4263(default: empty)</b></DT><DD> 4264 4265<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> 4266configuration parameter. See there for details. </p> 4267 4268<p> This feature is available in Postfix 2.5 and later. </p> 4269 4270 4271</DD> 4272 4273<DT><b><a name="lmtp_mx_address_limit">lmtp_mx_address_limit</a> 4274(default: 5)</b></DT><DD> 4275 4276<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> configuration 4277parameter. See there for details. </p> 4278 4279<p> This feature is available in Postfix 2.3 and later. </p> 4280 4281 4282</DD> 4283 4284<DT><b><a name="lmtp_mx_session_limit">lmtp_mx_session_limit</a> 4285(default: 2)</b></DT><DD> 4286 4287<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> configuration 4288parameter. See there for details. </p> 4289 4290<p> This feature is available in Postfix 2.3 and later. </p> 4291 4292 4293</DD> 4294 4295<DT><b><a name="lmtp_nested_header_checks">lmtp_nested_header_checks</a> 4296(default: empty)</b></DT><DD> 4297 4298<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> 4299configuration parameter. See there for details. </p> 4300 4301<p> This feature is available in Postfix 2.5 and later. </p> 4302 4303 4304</DD> 4305 4306<DT><b><a name="lmtp_per_record_deadline">lmtp_per_record_deadline</a> 4307(default: no)</b></DT><DD> 4308 4309<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> 4310configuration parameter. See there for details. </p> 4311 4312<p> This feature is available in Postfix 2.9 and later. </p> 4313 4314 4315</DD> 4316 4317<DT><b><a name="lmtp_pix_workaround_delay_time">lmtp_pix_workaround_delay_time</a> 4318(default: 10s)</b></DT><DD> 4319 4320<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> 4321configuration parameter. See there for details. </p> 4322 4323<p> This feature is available in Postfix 2.3 and later. </p> 4324 4325 4326</DD> 4327 4328<DT><b><a name="lmtp_pix_workaround_maps">lmtp_pix_workaround_maps</a> 4329(default: empty)</b></DT><DD> 4330 4331<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> 4332configuration parameter. See there for details. </p> 4333 4334<p> This feature is available in Postfix 2.4 and later. </p> 4335 4336 4337</DD> 4338 4339<DT><b><a name="lmtp_pix_workaround_threshold_time">lmtp_pix_workaround_threshold_time</a> 4340(default: 500s)</b></DT><DD> 4341 4342<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> 4343configuration parameter. See there for details. </p> 4344 4345<p> This feature is available in Postfix 2.3 and later. </p> 4346 4347 4348</DD> 4349 4350<DT><b><a name="lmtp_pix_workarounds">lmtp_pix_workarounds</a> 4351(default: empty)</b></DT><DD> 4352 4353<p> The LMTP-specific version of the smtp_pix_workaround 4354configuration parameter. See there for details. </p> 4355 4356<p> This feature is available in Postfix 2.4 and later. </p> 4357 4358 4359</DD> 4360 4361<DT><b><a name="lmtp_quit_timeout">lmtp_quit_timeout</a> 4362(default: 300s)</b></DT><DD> 4363 4364<p> 4365The Postfix LMTP client time limit for sending the QUIT command, 4366and for receiving the remote LMTP server response. 4367</p> 4368 4369<p> 4370Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4371The default time unit is s (seconds). 4372</p> 4373 4374 4375</DD> 4376 4377<DT><b><a name="lmtp_quote_rfc821_envelope">lmtp_quote_rfc821_envelope</a> 4378(default: yes)</b></DT><DD> 4379 4380<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> 4381configuration parameter. See there for details. </p> 4382 4383<p> This feature is available in Postfix 2.3 and later. </p> 4384 4385 4386</DD> 4387 4388<DT><b><a name="lmtp_randomize_addresses">lmtp_randomize_addresses</a> 4389(default: yes)</b></DT><DD> 4390 4391<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> 4392configuration parameter. See there for details. </p> 4393 4394<p> This feature is available in Postfix 2.3 and later. </p> 4395 4396 4397</DD> 4398 4399<DT><b><a name="lmtp_rcpt_timeout">lmtp_rcpt_timeout</a> 4400(default: 300s)</b></DT><DD> 4401 4402<p> 4403The Postfix LMTP client time limit for sending the RCPT TO command, 4404and for receiving the remote LMTP server response. 4405</p> 4406 4407<p> 4408Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4409The default time unit is s (seconds). 4410</p> 4411 4412 4413</DD> 4414 4415<DT><b><a name="lmtp_reply_filter">lmtp_reply_filter</a> 4416(default: empty)</b></DT><DD> 4417 4418<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> 4419configuration parameter. See there for details. </p> 4420 4421<p> This feature is available in Postfix 2.7 and later. </p> 4422 4423 4424</DD> 4425 4426<DT><b><a name="lmtp_rset_timeout">lmtp_rset_timeout</a> 4427(default: 20s)</b></DT><DD> 4428 4429<p> The Postfix LMTP client time limit for sending the RSET command, 4430and for receiving the remote LMTP server response. The LMTP client 4431sends RSET in 4432order to finish a recipient address probe, or to verify that a 4433cached connection is still alive. </p> 4434 4435<p> 4436Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 4437The default time unit is s (seconds). 4438</p> 4439 4440 4441</DD> 4442 4443<DT><b><a name="lmtp_sasl_auth_cache_name">lmtp_sasl_auth_cache_name</a> 4444(default: empty)</b></DT><DD> 4445 4446<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> 4447configuration parameter. See there for details. </p> 4448 4449<p> This feature is available in Postfix 2.5 and later. </p> 4450 4451 4452</DD> 4453 4454<DT><b><a name="lmtp_sasl_auth_cache_time">lmtp_sasl_auth_cache_time</a> 4455(default: 90d)</b></DT><DD> 4456 4457<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> 4458configuration parameter. See there for details. </p> 4459 4460<p> This feature is available in Postfix 2.5 and later. </p> 4461 4462 4463</DD> 4464 4465<DT><b><a name="lmtp_sasl_auth_enable">lmtp_sasl_auth_enable</a> 4466(default: no)</b></DT><DD> 4467 4468<p> 4469Enable SASL authentication in the Postfix LMTP client. 4470</p> 4471 4472 4473</DD> 4474 4475<DT><b><a name="lmtp_sasl_auth_soft_bounce">lmtp_sasl_auth_soft_bounce</a> 4476(default: yes)</b></DT><DD> 4477 4478<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> 4479configuration parameter. See there for details. </p> 4480 4481<p> This feature is available in Postfix 2.5 and later. </p> 4482 4483 4484</DD> 4485 4486<DT><b><a name="lmtp_sasl_mechanism_filter">lmtp_sasl_mechanism_filter</a> 4487(default: empty)</b></DT><DD> 4488 4489<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> 4490configuration parameter. See there for details. </p> 4491 4492<p> This feature is available in Postfix 2.3 and later. </p> 4493 4494 4495</DD> 4496 4497<DT><b><a name="lmtp_sasl_password_maps">lmtp_sasl_password_maps</a> 4498(default: empty)</b></DT><DD> 4499 4500<p> 4501Optional Postfix LMTP client lookup tables with one username:password entry 4502per host or domain. If a remote host or domain has no username:password 4503entry, then the Postfix LMTP client will not attempt to authenticate 4504to the remote host. 4505</p> 4506 4507 4508</DD> 4509 4510<DT><b><a name="lmtp_sasl_path">lmtp_sasl_path</a> 4511(default: empty)</b></DT><DD> 4512 4513<p> Implementation-specific information that is passed through to 4514the SASL plug-in implementation that is selected with 4515<b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b>. Typically this specifies the name of a 4516configuration file or rendezvous point. </p> 4517 4518<p> This feature is available in Postfix 2.3 and later. </p> 4519 4520 4521</DD> 4522 4523<DT><b><a name="lmtp_sasl_security_options">lmtp_sasl_security_options</a> 4524(default: noplaintext, noanonymous)</b></DT><DD> 4525 4526<p> SASL security options; as of Postfix 2.3 the list of available 4527features depends on the SASL client implementation that is selected 4528with <b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b>. </p> 4529 4530<p> The following security features are defined for the <b>cyrus</b> 4531client SASL implementation: </p> 4532 4533<dl> 4534 4535<dt><b>noplaintext</b></dt> 4536 4537<dd>Disallow authentication methods that use plaintext passwords. </dd> 4538 4539<dt><b>noactive</b></dt> 4540 4541<dd>Disallow authentication methods that are vulnerable to non-dictionary 4542active attacks. </dd> 4543 4544<dt><b>nodictionary</b></dt> 4545 4546<dd>Disallow authentication methods that are vulnerable to passive 4547dictionary attack. </dd> 4548 4549<dt><b>noanonymous</b></dt> 4550 4551<dd>Disallow anonymous logins. </dd> 4552 4553</dl> 4554 4555<p> 4556Example: 4557</p> 4558 4559<pre> 4560<a href="postconf.5.html#lmtp_sasl_security_options">lmtp_sasl_security_options</a> = noplaintext 4561</pre> 4562 4563 4564</DD> 4565 4566<DT><b><a name="lmtp_sasl_tls_security_options">lmtp_sasl_tls_security_options</a> 4567(default: $<a href="postconf.5.html#lmtp_sasl_security_options">lmtp_sasl_security_options</a>)</b></DT><DD> 4568 4569<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> 4570configuration parameter. See there for details. </p> 4571 4572<p> This feature is available in Postfix 2.3 and later. </p> 4573 4574 4575</DD> 4576 4577<DT><b><a name="lmtp_sasl_tls_verified_security_options">lmtp_sasl_tls_verified_security_options</a> 4578(default: $<a href="postconf.5.html#lmtp_sasl_tls_security_options">lmtp_sasl_tls_security_options</a>)</b></DT><DD> 4579 4580<p> The LMTP-specific version of the 4581<a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> configuration parameter. 4582See there for details. </p> 4583 4584<p> This feature is available in Postfix 2.3 and later. </p> 4585 4586 4587</DD> 4588 4589<DT><b><a name="lmtp_sasl_type">lmtp_sasl_type</a> 4590(default: cyrus)</b></DT><DD> 4591 4592<p> The SASL plug-in type that the Postfix LMTP client should use 4593for authentication. The available types are listed with the 4594"<b>postconf -A</b>" command. </p> 4595 4596<p> This feature is available in Postfix 2.3 and later. </p> 4597 4598 4599</DD> 4600 4601<DT><b><a name="lmtp_send_dummy_mail_auth">lmtp_send_dummy_mail_auth</a> 4602(default: no)</b></DT><DD> 4603 4604<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> 4605configuration parameter. See there for details. </p> 4606 4607<p> This feature is available in Postfix 2.9 and later. </p> 4608 4609 4610</DD> 4611 4612<DT><b><a name="lmtp_send_xforward_command">lmtp_send_xforward_command</a> 4613(default: no)</b></DT><DD> 4614 4615<p> 4616Send an XFORWARD command to the remote LMTP server when the LMTP LHLO 4617server response announces XFORWARD support. This allows an <a href="lmtp.8.html">lmtp(8)</a> 4618delivery agent, used for content filter message injection, to 4619forward the name, address, protocol and HELO name of the original 4620client to the content filter and downstream queuing LMTP server. 4621Before you change the value to yes, it is best to make sure that 4622your content filter supports this command. 4623</p> 4624 4625<p> 4626This feature is available in Postfix 2.1 and later. 4627</p> 4628 4629 4630</DD> 4631 4632<DT><b><a name="lmtp_sender_dependent_authentication">lmtp_sender_dependent_authentication</a> 4633(default: no)</b></DT><DD> 4634 4635<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> 4636configuration parameter. See there for details. </p> 4637 4638<p> This feature is available in Postfix 2.3 and later. </p> 4639 4640 4641</DD> 4642 4643<DT><b><a name="lmtp_skip_5xx_greeting">lmtp_skip_5xx_greeting</a> 4644(default: yes)</b></DT><DD> 4645 4646<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> 4647configuration parameter. See there for details. </p> 4648 4649<p> This feature is available in Postfix 2.3 and later. </p> 4650 4651 4652</DD> 4653 4654<DT><b><a name="lmtp_skip_quit_response">lmtp_skip_quit_response</a> 4655(default: no)</b></DT><DD> 4656 4657<p> 4658Wait for the response to the LMTP QUIT command. 4659</p> 4660 4661 4662</DD> 4663 4664<DT><b><a name="lmtp_starttls_timeout">lmtp_starttls_timeout</a> 4665(default: 300s)</b></DT><DD> 4666 4667<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> configuration 4668parameter. See there for details. </p> 4669 4670<p> This feature is available in Postfix 2.3 and later. </p> 4671 4672 4673</DD> 4674 4675<DT><b><a name="lmtp_tcp_port">lmtp_tcp_port</a> 4676(default: 24)</b></DT><DD> 4677 4678<p> 4679The default TCP port that the Postfix LMTP client connects to. 4680</p> 4681 4682 4683</DD> 4684 4685<DT><b><a name="lmtp_tls_CAfile">lmtp_tls_CAfile</a> 4686(default: empty)</b></DT><DD> 4687 4688<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> 4689configuration parameter. See there for details. </p> 4690 4691<p> This feature is available in Postfix 2.3 and later. </p> 4692 4693 4694</DD> 4695 4696<DT><b><a name="lmtp_tls_CApath">lmtp_tls_CApath</a> 4697(default: empty)</b></DT><DD> 4698 4699<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> 4700configuration parameter. See there for details. </p> 4701 4702<p> This feature is available in Postfix 2.3 and later. </p> 4703 4704 4705</DD> 4706 4707<DT><b><a name="lmtp_tls_block_early_mail_reply">lmtp_tls_block_early_mail_reply</a> 4708(default: empty)</b></DT><DD> 4709 4710<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> 4711configuration parameter. See there for details. </p> 4712 4713<p> This feature is available in Postfix 2.7 and later. </p> 4714 4715 4716</DD> 4717 4718<DT><b><a name="lmtp_tls_cert_file">lmtp_tls_cert_file</a> 4719(default: empty)</b></DT><DD> 4720 4721<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> 4722configuration parameter. See there for details. </p> 4723 4724<p> This feature is available in Postfix 2.3 and later. </p> 4725 4726 4727</DD> 4728 4729<DT><b><a name="lmtp_tls_ciphers">lmtp_tls_ciphers</a> 4730(default: medium)</b></DT><DD> 4731 4732<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> configuration 4733parameter. See there for details. </p> 4734 4735<p> This feature is available in Postfix 2.6 and later. </p> 4736 4737 4738</DD> 4739 4740<DT><b><a name="lmtp_tls_dcert_file">lmtp_tls_dcert_file</a> 4741(default: empty)</b></DT><DD> 4742 4743<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> 4744configuration parameter. See there for details. </p> 4745 4746<p> This feature is available in Postfix 2.3 and later. </p> 4747 4748 4749</DD> 4750 4751<DT><b><a name="lmtp_tls_dkey_file">lmtp_tls_dkey_file</a> 4752(default: $<a href="postconf.5.html#lmtp_tls_dcert_file">lmtp_tls_dcert_file</a>)</b></DT><DD> 4753 4754<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> 4755configuration parameter. See there for details. </p> 4756 4757<p> This feature is available in Postfix 2.3 and later. </p> 4758 4759 4760</DD> 4761 4762<DT><b><a name="lmtp_tls_eccert_file">lmtp_tls_eccert_file</a> 4763(default: empty)</b></DT><DD> 4764 4765<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> configuration 4766parameter. See there for details. </p> 4767 4768<p> This feature is available in Postfix 2.6 and later, when Postfix is 4769compiled and linked with OpenSSL 1.0.0 or later. </p> 4770 4771 4772</DD> 4773 4774<DT><b><a name="lmtp_tls_eckey_file">lmtp_tls_eckey_file</a> 4775(default: empty)</b></DT><DD> 4776 4777<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> configuration 4778parameter. See there for details. </p> 4779 4780<p> This feature is available in Postfix 2.6 and later, when Postfix is 4781compiled and linked with OpenSSL 1.0.0 or later. </p> 4782 4783 4784</DD> 4785 4786<DT><b><a name="lmtp_tls_enforce_peername">lmtp_tls_enforce_peername</a> 4787(default: yes)</b></DT><DD> 4788 4789<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> 4790configuration parameter. See there for details. </p> 4791 4792<p> This feature is available in Postfix 2.3 and later. </p> 4793 4794 4795</DD> 4796 4797<DT><b><a name="lmtp_tls_exclude_ciphers">lmtp_tls_exclude_ciphers</a> 4798(default: empty)</b></DT><DD> 4799 4800<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> 4801configuration parameter. See there for details. </p> 4802 4803<p> This feature is available in Postfix 2.3 and later. </p> 4804 4805 4806</DD> 4807 4808<DT><b><a name="lmtp_tls_fingerprint_cert_match">lmtp_tls_fingerprint_cert_match</a> 4809(default: empty)</b></DT><DD> 4810 4811<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> 4812configuration parameter. See there for details. </p> 4813 4814<p> This feature is available in Postfix 2.5 and later. </p> 4815 4816 4817</DD> 4818 4819<DT><b><a name="lmtp_tls_fingerprint_digest">lmtp_tls_fingerprint_digest</a> 4820(default: md5)</b></DT><DD> 4821 4822<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> 4823configuration parameter. See there for details. </p> 4824 4825<p> This feature is available in Postfix 2.5 and later. </p> 4826 4827 4828</DD> 4829 4830<DT><b><a name="lmtp_tls_force_insecure_host_tlsa_lookup">lmtp_tls_force_insecure_host_tlsa_lookup</a> 4831(default: no)</b></DT><DD> 4832 4833<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> 4834configuration parameter. See there for details. </p> 4835 4836<p> This feature is available in Postfix 2.11 and later. </p> 4837 4838 4839</DD> 4840 4841<DT><b><a name="lmtp_tls_key_file">lmtp_tls_key_file</a> 4842(default: $<a href="postconf.5.html#lmtp_tls_cert_file">lmtp_tls_cert_file</a>)</b></DT><DD> 4843 4844<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> 4845configuration parameter. See there for details. </p> 4846 4847<p> This feature is available in Postfix 2.3 and later. </p> 4848 4849 4850</DD> 4851 4852<DT><b><a name="lmtp_tls_loglevel">lmtp_tls_loglevel</a> 4853(default: 0)</b></DT><DD> 4854 4855<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> 4856configuration parameter. See there for details. </p> 4857 4858<p> This feature is available in Postfix 2.3 and later. </p> 4859 4860 4861</DD> 4862 4863<DT><b><a name="lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a> 4864(default: medium)</b></DT><DD> 4865 4866<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> 4867configuration parameter. See there for details. </p> 4868 4869<p> This feature is available in Postfix 2.3 and later. </p> 4870 4871 4872</DD> 4873 4874<DT><b><a name="lmtp_tls_mandatory_exclude_ciphers">lmtp_tls_mandatory_exclude_ciphers</a> 4875(default: empty)</b></DT><DD> 4876 4877<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> 4878configuration parameter. See there for details. </p> 4879 4880<p> This feature is available in Postfix 2.3 and later. </p> 4881 4882 4883</DD> 4884 4885<DT><b><a name="lmtp_tls_mandatory_protocols">lmtp_tls_mandatory_protocols</a> 4886(default: !SSLv2, !SSLv3)</b></DT><DD> 4887 4888<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> 4889configuration parameter. See there for details. </p> 4890 4891<p> This feature is available in Postfix 2.3 and later. </p> 4892 4893 4894</DD> 4895 4896<DT><b><a name="lmtp_tls_note_starttls_offer">lmtp_tls_note_starttls_offer</a> 4897(default: no)</b></DT><DD> 4898 4899<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> 4900configuration parameter. See there for details. </p> 4901 4902<p> This feature is available in Postfix 2.3 and later. </p> 4903 4904 4905</DD> 4906 4907<DT><b><a name="lmtp_tls_per_site">lmtp_tls_per_site</a> 4908(default: empty)</b></DT><DD> 4909 4910<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> configuration 4911parameter. See there for details. </p> 4912 4913<p> This feature is available in Postfix 2.3 and later. </p> 4914 4915 4916</DD> 4917 4918<DT><b><a name="lmtp_tls_policy_maps">lmtp_tls_policy_maps</a> 4919(default: empty)</b></DT><DD> 4920 4921<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> 4922configuration parameter. See there for details. </p> 4923 4924<p> This feature is available in Postfix 2.3 and later. </p> 4925 4926 4927</DD> 4928 4929<DT><b><a name="lmtp_tls_protocols">lmtp_tls_protocols</a> 4930(default: !SSLv2, !SSLv3)</b></DT><DD> 4931 4932<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> configuration 4933parameter. See there for details. </p> 4934 4935<p> This feature is available in Postfix 2.6 and later. </p> 4936 4937 4938</DD> 4939 4940<DT><b><a name="lmtp_tls_scert_verifydepth">lmtp_tls_scert_verifydepth</a> 4941(default: 9)</b></DT><DD> 4942 4943<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> 4944configuration parameter. See there for details. </p> 4945 4946<p> This feature is available in Postfix 2.3 and later. </p> 4947 4948 4949</DD> 4950 4951<DT><b><a name="lmtp_tls_secure_cert_match">lmtp_tls_secure_cert_match</a> 4952(default: nexthop)</b></DT><DD> 4953 4954<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> 4955configuration parameter. See there for details. </p> 4956 4957<p> This feature is available in Postfix 2.3 and later. </p> 4958 4959 4960</DD> 4961 4962<DT><b><a name="lmtp_tls_security_level">lmtp_tls_security_level</a> 4963(default: empty)</b></DT><DD> 4964 4965<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> configuration 4966parameter. See there for details. </p> 4967 4968<p> This feature is available in Postfix 2.3 and later. </p> 4969 4970 4971</DD> 4972 4973<DT><b><a name="lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a> 4974(default: empty)</b></DT><DD> 4975 4976<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> 4977configuration parameter. See there for details. </p> 4978 4979<p> This feature is available in Postfix 2.3 and later. </p> 4980 4981 4982</DD> 4983 4984<DT><b><a name="lmtp_tls_session_cache_timeout">lmtp_tls_session_cache_timeout</a> 4985(default: 3600s)</b></DT><DD> 4986 4987<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> 4988configuration parameter. See there for details. </p> 4989 4990<p> This feature is available in Postfix 2.3 and later. </p> 4991 4992 4993</DD> 4994 4995<DT><b><a name="lmtp_tls_trust_anchor_file">lmtp_tls_trust_anchor_file</a> 4996(default: empty)</b></DT><DD> 4997 4998<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> 4999configuration parameter. See there for details. </p> 5000 5001<p> This feature is available in Postfix 2.11 and later. </p> 5002 5003 5004</DD> 5005 5006<DT><b><a name="lmtp_tls_verify_cert_match">lmtp_tls_verify_cert_match</a> 5007(default: hostname)</b></DT><DD> 5008 5009<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> 5010configuration parameter. See there for details. </p> 5011 5012<p> This feature is available in Postfix 2.3 and later. </p> 5013 5014 5015</DD> 5016 5017<DT><b><a name="lmtp_use_tls">lmtp_use_tls</a> 5018(default: no)</b></DT><DD> 5019 5020<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> configuration 5021parameter. See there for details. </p> 5022 5023<p> This feature is available in Postfix 2.3 and later. </p> 5024 5025 5026</DD> 5027 5028<DT><b><a name="lmtp_xforward_timeout">lmtp_xforward_timeout</a> 5029(default: 300s)</b></DT><DD> 5030 5031<p> 5032The Postfix LMTP client time limit for sending the XFORWARD command, 5033and for receiving the remote LMTP server response. 5034</p> 5035 5036<p> 5037In case of problems the client does NOT try the next address on 5038the mail exchanger list. 5039</p> 5040 5041<p> 5042Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 5043The default time unit is s (seconds). 5044</p> 5045 5046<p> 5047This feature is available in Postfix 2.1 and later. 5048</p> 5049 5050 5051</DD> 5052 5053<DT><b><a name="local_command_shell">local_command_shell</a> 5054(default: empty)</b></DT><DD> 5055 5056<p> 5057Optional shell program for <a href="local.8.html">local(8)</a> delivery to non-Postfix command. 5058By default, non-Postfix commands are executed directly; commands 5059are given to given to the default shell (typically, /bin/sh) only 5060when they contain shell meta characters or shell built-in commands. 5061</p> 5062 5063<p> "sendmail's restricted shell" (smrsh) is what most people will 5064use in order to restrict what programs can be run from e.g. .forward 5065files (smrsh is part of the Sendmail distribution). </p> 5066 5067<p> Note: when a shell program is specified, it is invoked even 5068when the command contains no shell built-in commands or meta 5069characters. </p> 5070 5071<p> 5072Example: 5073</p> 5074 5075<pre> 5076<a href="postconf.5.html#local_command_shell">local_command_shell</a> = /some/where/smrsh -c 5077<a href="postconf.5.html#local_command_shell">local_command_shell</a> = /bin/bash -c 5078</pre> 5079 5080 5081</DD> 5082 5083<DT><b><a name="local_destination_concurrency_limit">local_destination_concurrency_limit</a> 5084(default: 2)</b></DT><DD> 5085 5086<p> The maximal number of parallel deliveries via the local mail 5087delivery transport to the same recipient (when 5088"<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or the maximal number of 5089parallel deliveries to the same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when 5090"<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> > 1"). This limit is enforced by 5091the queue manager. The message delivery transport name is the first 5092field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 5093 5094<p> A low limit of 2 is recommended, just in case someone has an 5095expensive shell command in a .forward file or in an alias (e.g., 5096a mailing list manager). You don't want to run lots of those at 5097the same time. </p> 5098 5099 5100</DD> 5101 5102<DT><b><a name="local_destination_recipient_limit">local_destination_recipient_limit</a> 5103(default: 1)</b></DT><DD> 5104 5105<p> The maximal number of recipients per message delivery via the 5106local mail delivery transport. This limit is enforced by the queue 5107manager. The message delivery transport name is the first field in 5108the entry in the <a href="master.5.html">master.cf</a> file. </p> 5109 5110<p> Setting this parameter to a value > 1 changes the meaning of 5111<a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> from concurrency per recipient 5112into concurrency per domain. </p> 5113 5114 5115</DD> 5116 5117<DT><b><a name="local_header_rewrite_clients">local_header_rewrite_clients</a> 5118(default: <a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b></DT><DD> 5119 5120<p> Rewrite message header addresses in mail from these clients and 5121update incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or 5122$<a href="postconf.5.html#mydomain">mydomain</a>; either don't rewrite message headers from other clients 5123at all, or rewrite message headers and update incomplete addresses 5124with the domain specified in the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> 5125parameter. </p> 5126 5127<p> See the <a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a> and <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> parameters 5128for details of how domain names are appended to incomplete addresses. 5129</p> 5130 5131<p> Specify a list of zero or more of the following: </p> 5132 5133<dl> 5134 5135<dt><b><a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a></b></dt> 5136 5137<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5138client IP address matches $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. This is enabled by 5139default. </dd> 5140 5141<dt><b><a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a></b></dt> 5142 5143<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5144client IP address matches any network or network address listed in 5145$<a href="postconf.5.html#mynetworks">mynetworks</a>. This setting will not prevent remote mail header 5146address rewriting when mail from a remote client is forwarded by 5147a neighboring system. </dd> 5148 5149<dt><b><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> </b></dt> 5150 5151<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5152client is successfully authenticated via the <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH) 5153protocol. </dd> 5154 5155<dt><b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> </b></dt> 5156 5157<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5158remote SMTP client TLS certificate fingerprint or public key fingerprint 5159(Postfix 2.9 and later) is listed in $<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a>. 5160The fingerprint digest algorithm is configurable via the 5161<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to 5162Postfix version 2.5). </dd> 5163 5164<dt><b><a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> </b></dt> 5165 5166<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5167remote SMTP client TLS certificate is successfully verified, regardless of 5168whether it is listed on the server, and regardless of the certifying 5169authority. </dd> 5170 5171<dt><b><a name="check_address_map">check_address_map</a> <i><a href="DATABASE_README.html">type:table</a></i> </b></dt> 5172 5173<dt><b><i><a href="DATABASE_README.html">type:table</a></i> </b></dt> 5174 5175<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the 5176client IP address matches the specified lookup table. 5177The lookup result is ignored, and no subnet lookup is done. This 5178is suitable for, e.g., pop-before-smtp lookup tables. </dd> 5179 5180</dl> 5181 5182<p> Examples: </p> 5183 5184<p> The Postfix < 2.2 backwards compatible setting: always rewrite 5185message headers, and always append my own domain to incomplete 5186header addresses. </p> 5187 5188<blockquote> 5189<pre> 5190<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all 5191</pre> 5192</blockquote> 5193 5194<p> The purist (and default) setting: rewrite headers only in mail 5195from Postfix sendmail and in SMTP mail from this machine. </p> 5196 5197<blockquote> 5198<pre> 5199<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a> 5200</pre> 5201</blockquote> 5202 5203<p> The intermediate setting: rewrite header addresses and append 5204$<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> information only with mail from Postfix 5205sendmail, from local clients, or from authorized SMTP clients. </p> 5206 5207<p> Note: this setting will not prevent remote mail header address 5208rewriting when mail from a remote client is forwarded by a neighboring 5209system. </p> 5210 5211<blockquote> 5212<pre> 5213<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, 5214 <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> 5215 <a href="postconf.5.html#check_address_map">check_address_map</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/pop-before-smtp 5216</pre> 5217</blockquote> 5218 5219 5220</DD> 5221 5222<DT><b><a name="local_recipient_maps">local_recipient_maps</a> 5223(default: <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b></DT><DD> 5224 5225<p> Lookup tables with all names or addresses of local recipients: 5226a recipient address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, 5227$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. Specify @domain as a 5228wild-card for domains that do not have a valid recipient list. 5229Technically, tables listed with $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> are used as 5230lists: Postfix needs to know only if a lookup string is found or 5231not, but it does not use the result from table lookup. </p> 5232 5233<p> 5234If this parameter is non-empty (the default), then the Postfix SMTP 5235server will reject mail for unknown local users. 5236</p> 5237 5238<p> 5239To turn off local recipient checking in the Postfix SMTP server, 5240specify "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =" (i.e. empty). 5241</p> 5242 5243<p> 5244The default setting assumes that you use the default Postfix local 5245delivery agent for local delivery. You need to update the 5246<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> setting if: 5247</p> 5248 5249<ul> 5250 5251<li>You redefine the local delivery agent in <a href="master.5.html">master.cf</a>. 5252 5253<li>You redefine the "<a href="postconf.5.html#local_transport">local_transport</a>" setting in <a href="postconf.5.html">main.cf</a>. 5254 5255<li>You use the "<a href="postconf.5.html#luser_relay">luser_relay</a>", "<a href="postconf.5.html#mailbox_transport">mailbox_transport</a>", or "<a href="postconf.5.html#fallback_transport">fallback_transport</a>" 5256feature of the Postfix <a href="local.8.html">local(8)</a> delivery agent. 5257 5258</ul> 5259 5260<p> 5261Details are described in the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> file. 5262</p> 5263 5264<p> 5265Beware: if the Postfix SMTP server runs chrooted, you need to access 5266the passwd file via the <a href="proxymap.8.html">proxymap(8)</a> service, in order to overcome 5267chroot access restrictions. The alternative, maintaining a copy of 5268the system password file in the chroot jail is not practical. 5269</p> 5270 5271<p> 5272Examples: 5273</p> 5274 5275<pre> 5276<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = 5277</pre> 5278 5279 5280</DD> 5281 5282<DT><b><a name="local_transport">local_transport</a> 5283(default: <a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 5284 5285<p> The default mail delivery transport and next-hop destination 5286for final delivery to domains listed with <a href="postconf.5.html#mydestination">mydestination</a>, and for 5287[ipaddress] destinations that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 5288This information can be overruled with the <a href="transport.5.html">transport(5)</a> table. </p> 5289 5290<p> 5291By default, local mail is delivered to the transport called "local", 5292which is just the name of a service that is defined the <a href="master.5.html">master.cf</a> file. 5293</p> 5294 5295<p> 5296Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 5297is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>. 5298The <i>:nexthop</i> destination is optional; its syntax is documented 5299in the manual page of the corresponding delivery agent. 5300</p> 5301 5302<p> 5303Beware: if you override the default local delivery agent then you 5304need to review the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> document, otherwise the 5305SMTP server may reject mail for local recipients. 5306</p> 5307 5308 5309</DD> 5310 5311<DT><b><a name="luser_relay">luser_relay</a> 5312(default: empty)</b></DT><DD> 5313 5314<p> 5315Optional catch-all destination for unknown <a href="local.8.html">local(8)</a> recipients. 5316By default, mail for unknown recipients in domains that match 5317$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> is returned 5318as undeliverable. 5319</p> 5320 5321<p> 5322The following $name expansions are done on <a href="postconf.5.html#luser_relay">luser_relay</a>: 5323</p> 5324 5325<dl> 5326 5327<dt><b>$domain</b></dt> 5328 5329<dd>The recipient domain. </dd> 5330 5331<dt><b>$extension</b></dt> 5332 5333<dd>The recipient address extension. </dd> 5334 5335<dt><b>$home</b></dt> 5336 5337<dd>The recipient's home directory. </dd> 5338 5339<dt><b>$local</b></dt> 5340 5341<dd>The entire recipient address localpart. </dd> 5342 5343<dt><b>$recipient</b></dt> 5344 5345<dd>The full recipient address. </dd> 5346 5347<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt> 5348 5349<dd>The address extension delimiter that was found in the recipient 5350address (Postfix 2.11 and later), or the system-wide recipient 5351address extension delimiter (Postfix 2.10 and earlier). </dd> 5352 5353<dt><b>$shell</b></dt> 5354 5355<dd>The recipient's login shell. </dd> 5356 5357<dt><b>$user</b></dt> 5358 5359<dd>The recipient username. </dd> 5360 5361<dt><b>${name?value}</b></dt> 5362 5363<dd>Expands to <i>value</i> when <i>$name</i> has a non-empty value. </dd> 5364 5365<dt><b>${name:value}</b></dt> 5366 5367<dd>Expands to <i>value</i> when <i>$name</i> has an empty value. </dd> 5368 5369</dl> 5370 5371<p> 5372Instead of $name you can also specify ${name} or $(name). 5373</p> 5374 5375<p> 5376Note: <a href="postconf.5.html#luser_relay">luser_relay</a> works only for the Postfix <a href="local.8.html">local(8)</a> delivery agent. 5377</p> 5378 5379<p> 5380Note: if you use this feature for accounts not in the UNIX password 5381file, then you must specify "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =" (i.e. empty) 5382in the <a href="postconf.5.html">main.cf</a> file, otherwise the Postfix SMTP server will reject mail 5383for non-UNIX accounts with "User unknown in local recipient table". 5384</p> 5385 5386<p> 5387Examples: 5388</p> 5389 5390<pre> 5391<a href="postconf.5.html#luser_relay">luser_relay</a> = $user@other.host 5392<a href="postconf.5.html#luser_relay">luser_relay</a> = $local@other.host 5393<a href="postconf.5.html#luser_relay">luser_relay</a> = admin+$local 5394</pre> 5395 5396 5397</DD> 5398 5399<DT><b><a name="mail_name">mail_name</a> 5400(default: Postfix)</b></DT><DD> 5401 5402<p> 5403The mail system name that is displayed in Received: headers, in 5404the SMTP greeting banner, and in bounced mail. 5405</p> 5406 5407 5408</DD> 5409 5410<DT><b><a name="mail_owner">mail_owner</a> 5411(default: postfix)</b></DT><DD> 5412 5413<p> 5414The UNIX system account that owns the Postfix queue and most Postfix 5415daemon processes. Specify the name of an unprivileged user account 5416that does not share a user or group ID with other accounts, and that 5417owns no other files 5418or processes on the system. In particular, don't specify nobody 5419or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID. 5420</p> 5421 5422<p> 5423When this parameter value is changed you need to re-run "<b>postfix 5424set-permissions</b>" (with Postfix version 2.0 and earlier: 5425"<b>/etc/postfix/post-install set-permissions</b>". 5426</p> 5427 5428 5429</DD> 5430 5431<DT><b><a name="mail_release_date">mail_release_date</a> 5432(default: see "postconf -d" output)</b></DT><DD> 5433 5434<p> 5435The Postfix release date, in "YYYYMMDD" format. 5436</p> 5437 5438 5439</DD> 5440 5441<DT><b><a name="mail_spool_directory">mail_spool_directory</a> 5442(default: see "postconf -d" output)</b></DT><DD> 5443 5444<p> 5445The directory where <a href="local.8.html">local(8)</a> UNIX-style mailboxes are kept. The 5446default setting depends on the system type. Specify a name ending 5447in / for maildir-style delivery. 5448</p> 5449 5450<p> 5451Note: maildir delivery is done with the privileges of the recipient. 5452If you use the <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> setting for maildir style 5453delivery, then you must create the top-level maildir directory in 5454advance. Postfix will not create it. 5455</p> 5456 5457<p> 5458Examples: 5459</p> 5460 5461<pre> 5462<a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> = /var/mail 5463<a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> = /var/spool/mail 5464</pre> 5465 5466 5467</DD> 5468 5469<DT><b><a name="mail_version">mail_version</a> 5470(default: see "postconf -d" output)</b></DT><DD> 5471 5472<p> 5473The version of the mail system. Stable releases are named 5474<i>major</i>.<i>minor</i>.<i>patchlevel</i>. Experimental releases 5475also include the release date. The version string can be used in, 5476for example, the SMTP greeting banner. 5477</p> 5478 5479 5480</DD> 5481 5482<DT><b><a name="mailbox_command">mailbox_command</a> 5483(default: empty)</b></DT><DD> 5484 5485<p> 5486Optional external command that the <a href="local.8.html">local(8)</a> delivery agent should 5487use for mailbox delivery. The command is run with the user ID and 5488the primary group ID privileges of the recipient. Exception: 5489command delivery for root executes with $<a href="postconf.5.html#default_privs">default_privs</a> privileges. 5490This is not a problem, because 1) mail for root should always be 5491aliased to a real user and 2) don't log in as root, use "su" instead. 5492</p> 5493 5494<p> 5495The following environment variables are exported to the command: 5496</p> 5497 5498<dl> 5499 5500<dt><b>CLIENT_ADDRESS</b></dt> 5501 5502<dd>Remote client network address. Available in Postfix version 2.2 and 5503later. </dd> 5504 5505<dt><b>CLIENT_HELO</b></dt> 5506 5507<dd>Remote client EHLO command parameter. Available in Postfix version 2.2 5508and later.</dd> 5509 5510<dt><b>CLIENT_HOSTNAME</b></dt> 5511 5512<dd>Remote client hostname. Available in Postfix version 2.2 and later. 5513</dd> 5514 5515<dt><b>CLIENT_PROTOCOL</b></dt> 5516 5517<dd>Remote client protocol. Available in Postfix version 2.2 and later. 5518</dd> 5519 5520<dt><b>DOMAIN</b></dt> 5521 5522<dd>The domain part of the recipient address. </dd> 5523 5524<dt><b>EXTENSION</b></dt> 5525 5526<dd>The optional address extension. </dd> 5527 5528<dt><b>HOME</b></dt> 5529 5530<dd>The recipient home directory. </dd> 5531 5532<dt><b>LOCAL</b></dt> 5533 5534<dd>The recipient address localpart. </dd> 5535 5536<dt><b>LOGNAME</b></dt> 5537 5538<dd>The recipient's username. </dd> 5539 5540<dt><b>ORIGINAL_RECIPIENT</b></dt> 5541 5542<dd>The entire recipient address, before any address rewriting or 5543aliasing. </dd> 5544 5545<dt><b>RECIPIENT</b></dt> 5546 5547<dd>The full recipient address. </dd> 5548 5549<dt><b>SASL_METHOD</b></dt> 5550 5551<dd>SASL authentication method specified in the remote client AUTH 5552command. Available in Postfix version 2.2 and later. </dd> 5553 5554<dt><b>SASL_SENDER</b></dt> 5555 5556<dd>SASL sender address specified in the remote client MAIL FROM 5557command. Available in Postfix version 2.2 and later. </dd> 5558 5559<dt><b>SASL_USER</b></dt> 5560 5561<dd>SASL username specified in the remote client AUTH command. 5562Available in Postfix version 2.2 and later. </dd> 5563 5564<dt><b>SENDER</b></dt> 5565 5566<dd>The full sender address. </dd> 5567 5568<dt><b>SHELL</b></dt> 5569 5570<dd>The recipient's login shell. </dd> 5571 5572<dt><b>USER</b></dt> 5573 5574<dd>The recipient username. </dd> 5575 5576</dl> 5577 5578<p> 5579Unlike other Postfix configuration parameters, the <a href="postconf.5.html#mailbox_command">mailbox_command</a> 5580parameter is not subjected to $name substitutions. This is to make 5581it easier to specify shell syntax (see example below). 5582</p> 5583 5584<p> 5585If you can, avoid shell meta characters because they will force 5586Postfix to run an expensive shell process. If you're delivering 5587via Procmail then running a shell won't make a noticeable difference 5588in the total cost. 5589</p> 5590 5591<p> 5592Note: if you use the <a href="postconf.5.html#mailbox_command">mailbox_command</a> feature to deliver mail 5593system-wide, you must set up an alias that forwards mail for root 5594to a real user. 5595</p> 5596 5597<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 5598is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 5599<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 5600<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 5601 5602<p> 5603Examples: 5604</p> 5605 5606<pre> 5607<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/procmail 5608<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/procmail -a "$EXTENSION" 5609<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/maildrop -d "$USER" 5610 -f "$SENDER" "$EXTENSION" 5611</pre> 5612 5613 5614</DD> 5615 5616<DT><b><a name="mailbox_command_maps">mailbox_command_maps</a> 5617(default: empty)</b></DT><DD> 5618 5619<p> 5620Optional lookup tables with per-recipient external commands to use 5621for <a href="local.8.html">local(8)</a> mailbox delivery. Behavior is as with <a href="postconf.5.html#mailbox_command">mailbox_command</a>. 5622</p> 5623 5624<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 5625is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 5626<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 5627<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 5628 5629 5630</DD> 5631 5632<DT><b><a name="mailbox_delivery_lock">mailbox_delivery_lock</a> 5633(default: see "postconf -d" output)</b></DT><DD> 5634 5635<p> 5636How to lock a UNIX-style <a href="local.8.html">local(8)</a> mailbox before attempting delivery. 5637For a list of available file locking methods, use the "<b>postconf 5638-l</b>" command. 5639</p> 5640 5641<p> 5642This setting is ignored with <b>maildir</b> style delivery, 5643because such deliveries are safe without explicit locks. 5644</p> 5645 5646<p> 5647Note: The <b>dotlock</b> method requires that the recipient UID or 5648GID has write access to the parent directory of the mailbox file. 5649</p> 5650 5651<p> 5652Note: the default setting of this parameter is system dependent. 5653</p> 5654 5655 5656</DD> 5657 5658<DT><b><a name="mailbox_size_limit">mailbox_size_limit</a> 5659(default: 51200000)</b></DT><DD> 5660 5661<p> The maximal size of any <a href="local.8.html">local(8)</a> individual mailbox or maildir 5662file, or zero (no limit). In fact, this limits the size of any 5663file that is written to upon local delivery, including files written 5664by external commands that are executed by the <a href="local.8.html">local(8)</a> delivery 5665agent. </p> 5666 5667<p> 5668This limit must not be smaller than the message size limit. 5669</p> 5670 5671 5672</DD> 5673 5674<DT><b><a name="mailbox_transport">mailbox_transport</a> 5675(default: empty)</b></DT><DD> 5676 5677<p> 5678Optional message delivery transport that the <a href="local.8.html">local(8)</a> delivery 5679agent should use for mailbox delivery to all local recipients, 5680whether or not they are found in the UNIX passwd database. 5681</p> 5682 5683<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 5684is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 5685<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 5686<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 5687 5688 5689</DD> 5690 5691<DT><b><a name="mailbox_transport_maps">mailbox_transport_maps</a> 5692(default: empty)</b></DT><DD> 5693 5694<p> Optional lookup tables with per-recipient message delivery 5695transports to use for <a href="local.8.html">local(8)</a> mailbox delivery, whether or not the 5696recipients are found in the UNIX passwd database. </p> 5697 5698<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low 5699is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, 5700<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, 5701<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p> 5702 5703<p> For safety reasons, this feature does not allow $number 5704substitutions in regular expression maps. </p> 5705 5706<p> This feature is available in Postfix 2.3 and later. </p> 5707 5708 5709</DD> 5710 5711<DT><b><a name="mailq_path">mailq_path</a> 5712(default: see "postconf -d" output)</b></DT><DD> 5713 5714<p> 5715Sendmail compatibility feature that specifies where the Postfix 5716<a href="mailq.1.html">mailq(1)</a> command is installed. This command can be used to 5717list the Postfix mail queue. 5718</p> 5719 5720 5721</DD> 5722 5723<DT><b><a name="manpage_directory">manpage_directory</a> 5724(default: see "postconf -d" output)</b></DT><DD> 5725 5726<p> 5727Where the Postfix manual pages are installed. 5728</p> 5729 5730 5731</DD> 5732 5733<DT><b><a name="maps_rbl_domains">maps_rbl_domains</a> 5734(default: empty)</b></DT><DD> 5735 5736<p> 5737Obsolete feature: use the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> feature instead. 5738</p> 5739 5740 5741</DD> 5742 5743<DT><b><a name="maps_rbl_reject_code">maps_rbl_reject_code</a> 5744(default: 554)</b></DT><DD> 5745 5746<p> 5747The numerical Postfix SMTP server response code when a remote SMTP 5748client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>, 5749<a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>, <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or 5750<a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction. 5751</p> 5752 5753<p> 5754Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 5755</p> 5756 5757 5758</DD> 5759 5760<DT><b><a name="masquerade_classes">masquerade_classes</a> 5761(default: envelope_sender, header_sender, header_recipient)</b></DT><DD> 5762 5763<p> 5764What addresses are subject to address masquerading. 5765</p> 5766 5767<p> 5768By default, address masquerading is limited to envelope sender 5769addresses, and to header sender and header recipient addresses. 5770This allows you to use address masquerading on a mail gateway while 5771still being able to forward mail to users on individual machines. 5772</p> 5773 5774<p> 5775Specify zero or more of: envelope_sender, envelope_recipient, 5776header_sender, header_recipient 5777</p> 5778 5779 5780</DD> 5781 5782<DT><b><a name="masquerade_domains">masquerade_domains</a> 5783(default: empty)</b></DT><DD> 5784 5785<p> 5786Optional list of domains whose subdomain structure will be stripped 5787off in email addresses. 5788</p> 5789 5790<p> 5791The list is processed left to right, and processing stops at the 5792first match. Thus, 5793</p> 5794 5795<blockquote> 5796<pre> 5797<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = foo.example.com example.com 5798</pre> 5799</blockquote> 5800 5801<p> 5802strips "user@any.thing.foo.example.com" to "user@foo.example.com", 5803but strips "user@any.thing.else.example.com" to "user@example.com". 5804</p> 5805 5806<p> 5807A domain name prefixed with ! means do not masquerade this domain 5808or its subdomains. Thus, 5809</p> 5810 5811<blockquote> 5812<pre> 5813<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = !foo.example.com example.com 5814</pre> 5815</blockquote> 5816 5817<p> 5818does not change "user@any.thing.foo.example.com" or "user@foo.example.com", 5819but strips "user@any.thing.else.example.com" to "user@example.com". 5820</p> 5821 5822<p> Note: with Postfix version 2.2, message header address masquerading 5823happens only when message header address rewriting is enabled: </p> 5824 5825<ul> 5826 5827<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 5828 5829<li> The message is received from a network client that matches 5830$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 5831 5832<li> The message is received from the network, and the 5833<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 5834 5835</ul> 5836 5837<p> To get the behavior before Postfix version 2.2, specify 5838"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 5839 5840<p> 5841Example: 5842</p> 5843 5844<pre> 5845<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = $<a href="postconf.5.html#mydomain">mydomain</a> 5846</pre> 5847 5848 5849</DD> 5850 5851<DT><b><a name="masquerade_exceptions">masquerade_exceptions</a> 5852(default: empty)</b></DT><DD> 5853 5854<p> 5855Optional list of user names that are not subjected to address 5856masquerading, even when their address matches $<a href="postconf.5.html#masquerade_domains">masquerade_domains</a>. 5857</p> 5858 5859<p> 5860By default, address masquerading makes no exceptions. 5861</p> 5862 5863<p> 5864Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns, 5865separated by commas and/or whitespace. The list is matched left to 5866right, and the search stops on the first match. A "/file/name" 5867pattern is replaced 5868by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name 5869matches a lookup key (the lookup result is ignored). Continue long 5870lines by starting the next line with whitespace. Specify "!pattern" 5871to exclude a name from the list. The form "!/file/name" is supported 5872only in Postfix version 2.4 and later. </p> 5873 5874<p> 5875Examples: 5876</p> 5877 5878<pre> 5879<a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> = root, mailer-daemon 5880<a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> = root 5881</pre> 5882 5883 5884</DD> 5885 5886<DT><b><a name="master_service_disable">master_service_disable</a> 5887(default: empty)</b></DT><DD> 5888 5889<p> Selectively disable <a href="master.8.html">master(8)</a> listener ports by service type 5890or by service name and type. Specify a list of service types 5891("inet", "unix", "fifo", or "pass") or "name/type" tuples, where 5892"name" is the first field of a <a href="master.5.html">master.cf</a> entry and "type" is a 5893service type. As with other Postfix matchlists, a search stops at 5894the first match. Specify "!pattern" to exclude a service from the 5895list. By default, all <a href="master.8.html">master(8)</a> listener ports are enabled. </p> 5896 5897<p> Note: this feature does not support "/file/name" or "<a href="DATABASE_README.html">type:table</a>" 5898patterns, nor does it support wildcards such as "*" or "all". This 5899is intentional. </p> 5900 5901<p> Examples: </p> 5902 5903<pre> 5904# With Postfix 2.6..2.10 use '.' instead of '/'. 5905# Turn on all <a href="master.8.html">master(8)</a> listener ports (the default). 5906<a href="postconf.5.html#master_service_disable">master_service_disable</a> = 5907# Turn off only the main SMTP listener port. 5908<a href="postconf.5.html#master_service_disable">master_service_disable</a> = smtp/inet 5909# Turn off all TCP/IP listener ports. 5910<a href="postconf.5.html#master_service_disable">master_service_disable</a> = inet 5911# Turn off all TCP/IP listener ports except "foo". 5912<a href="postconf.5.html#master_service_disable">master_service_disable</a> = !foo/inet, inet 5913</pre> 5914 5915<p> This feature is available in Postfix 2.6 and later. </p> 5916 5917 5918</DD> 5919 5920<DT><b><a name="max_idle">max_idle</a> 5921(default: 100s)</b></DT><DD> 5922 5923<p> 5924The maximum amount of time that an idle Postfix daemon process waits 5925for an incoming connection before terminating voluntarily. This 5926parameter 5927is ignored by the Postfix queue manager and by other long-lived 5928Postfix daemon processes. 5929</p> 5930 5931<p> 5932Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 5933The default time unit is s (seconds). 5934</p> 5935 5936 5937</DD> 5938 5939<DT><b><a name="max_use">max_use</a> 5940(default: 100)</b></DT><DD> 5941 5942<p> 5943The maximal number of incoming connections that a Postfix daemon 5944process will service before terminating voluntarily. This parameter 5945is ignored by the Postfix queue 5946manager and by other long-lived Postfix daemon processes. 5947</p> 5948 5949 5950</DD> 5951 5952<DT><b><a name="maximal_backoff_time">maximal_backoff_time</a> 5953(default: 4000s)</b></DT><DD> 5954 5955<p> 5956The maximal time between attempts to deliver a deferred message. 5957</p> 5958 5959<p> This parameter should be set to a value greater than or equal 5960to $<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a>. See also $<a href="postconf.5.html#queue_run_delay">queue_run_delay</a>. </p> 5961 5962<p> 5963Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 5964The default time unit is s (seconds). 5965</p> 5966 5967 5968</DD> 5969 5970<DT><b><a name="maximal_queue_lifetime">maximal_queue_lifetime</a> 5971(default: 5d)</b></DT><DD> 5972 5973<p> 5974Consider a message as undeliverable, when delivery fails with a 5975temporary error, and the time in the queue has reached the 5976<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> limit. 5977</p> 5978 5979<p> 5980Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 5981The default time unit is d (days). 5982</p> 5983 5984<p> 5985Specify 0 when mail delivery should be tried only once. 5986</p> 5987 5988 5989</DD> 5990 5991<DT><b><a name="message_reject_characters">message_reject_characters</a> 5992(default: empty)</b></DT><DD> 5993 5994<p> The set of characters that Postfix will reject in message 5995content. The usual C-like escape sequences are recognized: <tt>\a 5996\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and 5997<tt>\\</tt>. </p> 5998 5999<p> Note 1: this feature does not recognize text that requires MIME 6000decoding. It inspects raw message content, just like <a href="postconf.5.html#header_checks">header_checks</a> 6001and <a href="postconf.5.html#body_checks">body_checks</a>. </p> 6002 6003<p> Note 2: this feature is disabled with "<a href="postconf.5.html#receive_override_options">receive_override_options</a> 6004= <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>". </p> 6005 6006<p> Example: </p> 6007 6008<pre> 6009<a href="postconf.5.html#message_reject_characters">message_reject_characters</a> = \0 6010</pre> 6011 6012<p> This feature is available in Postfix 2.3 and later. </p> 6013 6014 6015</DD> 6016 6017<DT><b><a name="message_size_limit">message_size_limit</a> 6018(default: 10240000)</b></DT><DD> 6019 6020<p> 6021The maximal size in bytes of a message, including envelope information. 6022</p> 6023 6024<p> Note: be careful when making changes. Excessively small values 6025will result in the loss of non-delivery notifications, when a bounce 6026message size exceeds the local or remote MTA's message size limit. 6027</p> 6028 6029 6030</DD> 6031 6032<DT><b><a name="message_strip_characters">message_strip_characters</a> 6033(default: empty)</b></DT><DD> 6034 6035<p> The set of characters that Postfix will remove from message 6036content. The usual C-like escape sequences are recognized: <tt>\a 6037\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and 6038<tt>\\</tt>. </p> 6039 6040<p> Note 1: this feature does not recognize text that requires MIME 6041decoding. It inspects raw message content, just like <a href="postconf.5.html#header_checks">header_checks</a> 6042and <a href="postconf.5.html#body_checks">body_checks</a>. </p> 6043 6044<p> Note 2: this feature is disabled with "<a href="postconf.5.html#receive_override_options">receive_override_options</a> 6045= <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>". </p> 6046 6047<p> Example: </p> 6048 6049<pre> 6050<a href="postconf.5.html#message_strip_characters">message_strip_characters</a> = \0 6051</pre> 6052 6053<p> This feature is available in Postfix 2.3 and later. </p> 6054 6055 6056</DD> 6057 6058<DT><b><a name="milter_command_timeout">milter_command_timeout</a> 6059(default: 30s)</b></DT><DD> 6060 6061<p> The time limit for sending an SMTP command to a Milter (mail 6062filter) application, and for receiving the response. </p> 6063 6064<p> Specify a non-zero time value (an integral value plus an optional 6065one-letter suffix that specifies the time unit). </p> 6066 6067<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 6068(weeks). The default time unit is s (seconds). </p> 6069 6070<p> This feature is available in Postfix 2.3 and later. </p> 6071 6072 6073</DD> 6074 6075<DT><b><a name="milter_connect_macros">milter_connect_macros</a> 6076(default: see "postconf -d" output)</b></DT><DD> 6077 6078<p> The macros that are sent to Milter (mail filter) applications 6079after completion of an SMTP connection. See <a href="MILTER_README.html">MILTER_README</a> 6080for a list of available macro names and their meanings. </p> 6081 6082<p> This feature is available in Postfix 2.3 and later. </p> 6083 6084 6085</DD> 6086 6087<DT><b><a name="milter_connect_timeout">milter_connect_timeout</a> 6088(default: 30s)</b></DT><DD> 6089 6090<p> The time limit for connecting to a Milter (mail filter) 6091application, and for negotiating protocol options. </p> 6092 6093<p> Specify a non-zero time value (an integral value plus an optional 6094one-letter suffix that specifies the time unit). </p> 6095 6096<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 6097(weeks). The default time unit is s (seconds). </p> 6098 6099<p> This feature is available in Postfix 2.3 and later. </p> 6100 6101 6102</DD> 6103 6104<DT><b><a name="milter_content_timeout">milter_content_timeout</a> 6105(default: 300s)</b></DT><DD> 6106 6107<p> The time limit for sending message content to a Milter (mail 6108filter) application, and for receiving the response. </p> 6109 6110<p> Specify a non-zero time value (an integral value plus an optional 6111one-letter suffix that specifies the time unit). </p> 6112 6113<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 6114(weeks). The default time unit is s (seconds). </p> 6115 6116<p> This feature is available in Postfix 2.3 and later. </p> 6117 6118 6119</DD> 6120 6121<DT><b><a name="milter_data_macros">milter_data_macros</a> 6122(default: see "postconf -d" output)</b></DT><DD> 6123 6124<p> The macros that are sent to version 4 or higher Milter (mail 6125filter) applications after the SMTP DATA command. See <a href="MILTER_README.html">MILTER_README</a> 6126for a list of available macro names and their meanings. </p> 6127 6128<p> This feature is available in Postfix 2.3 and later. </p> 6129 6130 6131</DD> 6132 6133<DT><b><a name="milter_default_action">milter_default_action</a> 6134(default: tempfail)</b></DT><DD> 6135 6136<p> The default action when a Milter (mail filter) application is 6137unavailable or mis-configured. Specify one of the following: </p> 6138 6139<dl compact> 6140 6141<dt>accept</dt> <dd>Proceed as if the mail filter was not present. 6142</dd> 6143 6144<dt>reject</dt> <dd>Reject all further commands in this session 6145with a permanent status code.</dd> 6146 6147<dt>tempfail</dt> <dd>Reject all further commands in this session 6148with a temporary status code. </dd> 6149 6150<dt>quarantine</dt> <dd>Like "accept", but freeze the message in 6151the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a>. Available with Postfix 2.6 and later. </dd> 6152 6153</dl> 6154 6155<p> This feature is available in Postfix 2.3 and later. </p> 6156 6157 6158</DD> 6159 6160<DT><b><a name="milter_end_of_data_macros">milter_end_of_data_macros</a> 6161(default: see "postconf -d" output)</b></DT><DD> 6162 6163<p> The macros that are sent to Milter (mail filter) applications 6164after the message end-of-data. See <a href="MILTER_README.html">MILTER_README</a> for a list of 6165available macro names and their meanings. </p> 6166 6167<p> This feature is available in Postfix 2.3 and later. </p> 6168 6169 6170</DD> 6171 6172<DT><b><a name="milter_end_of_header_macros">milter_end_of_header_macros</a> 6173(default: see "postconf -d" output)</b></DT><DD> 6174 6175<p> The macros that are sent to Milter (mail filter) applications 6176after the end of the message header. See <a href="MILTER_README.html">MILTER_README</a> for a list 6177of available macro names and their meanings. </p> 6178 6179<p> This feature is available in Postfix 2.5 and later. </p> 6180 6181 6182</DD> 6183 6184<DT><b><a name="milter_header_checks">milter_header_checks</a> 6185(default: empty)</b></DT><DD> 6186 6187<p> Optional lookup tables for content inspection of message headers 6188that are produced by Milter applications. See the <a href="header_checks.5.html">header_checks(5)</a> 6189manual page available actions. Currently, PREPEND is not implemented. 6190</p> 6191 6192<p> The following example sends all mail that is marked as SPAM to 6193a spam handling machine. Note that matches are case-insensitive 6194by default. </p> 6195 6196<pre> 6197/etc/postfix/<a href="postconf.5.html">main.cf</a>: 6198 <a href="postconf.5.html#milter_header_checks">milter_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/<a href="postconf.5.html#milter_header_checks">milter_header_checks</a> 6199</pre> 6200 6201<pre> 6202/etc/postfix/<a href="postconf.5.html#milter_header_checks">milter_header_checks</a>: 6203 /^X-SPAM-FLAG:\s+YES/ FILTER mysmtp:sanitizer.example.com:25 6204</pre> 6205 6206<p> The <a href="postconf.5.html#milter_header_checks">milter_header_checks</a> mechanism could also be used for 6207whitelisting. For example it could be used to skip heavy content 6208inspection for DKIM-signed mail from known friendly domains. </p> 6209 6210<p> This feature is available in Postfix 2.7, and as an optional 6211patch for Postfix 2.6. </p> 6212 6213 6214</DD> 6215 6216<DT><b><a name="milter_helo_macros">milter_helo_macros</a> 6217(default: see "postconf -d" output)</b></DT><DD> 6218 6219<p> The macros that are sent to Milter (mail filter) applications 6220after the SMTP HELO or EHLO command. See 6221<a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their meanings. 6222</p> 6223 6224<p> This feature is available in Postfix 2.3 and later. </p> 6225 6226 6227</DD> 6228 6229<DT><b><a name="milter_macro_daemon_name">milter_macro_daemon_name</a> 6230(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 6231 6232<p> The {daemon_name} macro value for Milter (mail filter) applications. 6233See <a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their 6234meanings. </p> 6235 6236<p> This feature is available in Postfix 2.3 and later. </p> 6237 6238 6239</DD> 6240 6241<DT><b><a name="milter_macro_v">milter_macro_v</a> 6242(default: $<a href="postconf.5.html#mail_name">mail_name</a> $<a href="postconf.5.html#mail_version">mail_version</a>)</b></DT><DD> 6243 6244<p> The {v} macro value for Milter (mail filter) applications. 6245See <a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their 6246meanings. </p> 6247 6248<p> This feature is available in Postfix 2.3 and later. </p> 6249 6250 6251</DD> 6252 6253<DT><b><a name="milter_mail_macros">milter_mail_macros</a> 6254(default: see "postconf -d" output)</b></DT><DD> 6255 6256<p> The macros that are sent to Milter (mail filter) applications 6257after the SMTP MAIL FROM command. See <a href="MILTER_README.html">MILTER_README</a> 6258for a list of available macro names and their meanings. </p> 6259 6260<p> This feature is available in Postfix 2.3 and later. </p> 6261 6262 6263</DD> 6264 6265<DT><b><a name="milter_protocol">milter_protocol</a> 6266(default: 6)</b></DT><DD> 6267 6268<p> The mail filter protocol version and optional protocol extensions 6269for communication with a Milter application; prior to Postfix 2.6 6270the default protocol is 2. Postfix 6271sends this version number during the initial protocol handshake. 6272It should match the version number that is expected by the mail 6273filter application (or by its Milter library). </p> 6274 6275<p>Protocol versions: </p> 6276 6277<dl compact> 6278 6279<dt>2</dt> <dd>Use Sendmail 8 mail filter protocol version 2 (default 6280with Sendmail version 8.11 .. 8.13 and Postfix version 2.3 .. 62812.5).</dd> 6282 6283<dt>3</dt> <dd>Use Sendmail 8 mail filter protocol version 3.</dd> 6284 6285<dt>4</dt> <dd>Use Sendmail 8 mail filter protocol version 4.</dd> 6286 6287<dt>6</dt> <dd>Use Sendmail 8 mail filter protocol version 6 (default 6288with Sendmail version 8.14 and Postfix version 2.6).</dd> 6289 6290</dl> 6291 6292<p>Protocol extensions: </p> 6293 6294<dl compact> 6295 6296<dt>no_header_reply</dt> <dd> Specify this when the Milter application 6297will not reply for each individual message header.</dd> 6298 6299</dl> 6300 6301<p> This feature is available in Postfix 2.3 and later. </p> 6302 6303 6304</DD> 6305 6306<DT><b><a name="milter_rcpt_macros">milter_rcpt_macros</a> 6307(default: see "postconf -d" output)</b></DT><DD> 6308 6309<p> The macros that are sent to Milter (mail filter) applications 6310after the SMTP RCPT TO command. See <a href="MILTER_README.html">MILTER_README</a> 6311for a list of available macro names and their meanings. </p> 6312 6313<p> This feature is available in Postfix 2.3 and later. </p> 6314 6315 6316</DD> 6317 6318<DT><b><a name="milter_unknown_command_macros">milter_unknown_command_macros</a> 6319(default: see "postconf -d" output)</b></DT><DD> 6320 6321<p> The macros that are sent to version 3 or higher Milter (mail 6322filter) applications after an unknown SMTP command. See <a href="MILTER_README.html">MILTER_README</a> 6323for a list of available macro names and their meanings. </p> 6324 6325<p> This feature is available in Postfix 2.3 and later. </p> 6326 6327 6328</DD> 6329 6330<DT><b><a name="mime_boundary_length_limit">mime_boundary_length_limit</a> 6331(default: 2048)</b></DT><DD> 6332 6333<p> 6334The maximal length of MIME multipart boundary strings. The MIME 6335processor is unable to distinguish between boundary strings that 6336do not differ in the first $<a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> characters. 6337</p> 6338 6339<p> 6340This feature is available in Postfix 2.0 and later. 6341</p> 6342 6343 6344</DD> 6345 6346<DT><b><a name="mime_header_checks">mime_header_checks</a> 6347(default: $<a href="postconf.5.html#header_checks">header_checks</a>)</b></DT><DD> 6348 6349<p> 6350Optional lookup tables for content inspection of MIME related 6351message headers, as described in the <a href="header_checks.5.html">header_checks(5)</a> manual page. 6352</p> 6353 6354<p> 6355This feature is available in Postfix 2.0 and later. 6356</p> 6357 6358 6359</DD> 6360 6361<DT><b><a name="mime_nesting_limit">mime_nesting_limit</a> 6362(default: 100)</b></DT><DD> 6363 6364<p> 6365The maximal recursion level that the MIME processor will handle. 6366Postfix refuses mail that is nested deeper than the specified limit. 6367</p> 6368 6369<p> 6370This feature is available in Postfix 2.0 and later. 6371</p> 6372 6373 6374</DD> 6375 6376<DT><b><a name="minimal_backoff_time">minimal_backoff_time</a> 6377(default: 300s)</b></DT><DD> 6378 6379<p> 6380The minimal time between attempts to deliver a deferred message; 6381prior to Postfix 2.4 the default value was 1000s. 6382</p> 6383 6384<p> 6385This parameter also limits the time an unreachable destination is 6386kept in the short-term, in-memory, destination status cache. 6387</p> 6388 6389<p> This parameter should be set greater than or equal to 6390$<a href="postconf.5.html#queue_run_delay">queue_run_delay</a>. See also $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>. </p> 6391 6392<p> 6393Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 6394The default time unit is s (seconds). 6395</p> 6396 6397 6398</DD> 6399 6400<DT><b><a name="multi_instance_directories">multi_instance_directories</a> 6401(default: empty)</b></DT><DD> 6402 6403<p> An optional list of non-default Postfix configuration directories; 6404these directories belong to additional Postfix instances that share 6405the Postfix executable files and documentation with the default 6406Postfix instance, and that are started, stopped, etc., together 6407with the default Postfix instance. Specify a list of pathnames 6408separated by comma or whitespace. </p> 6409 6410<p> When $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> is empty, the <a href="postfix.1.html">postfix(1)</a> command 6411runs in single-instance mode and operates on a single Postfix 6412instance only. Otherwise, the <a href="postfix.1.html">postfix(1)</a> command runs in multi-instance 6413mode and invokes the multi-instance manager specified with the 6414<a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> parameter. The multi-instance manager in 6415turn executes <a href="postfix.1.html">postfix(1)</a> commands for the default instance and for 6416all Postfix instances in $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>. </p> 6417 6418<p> Currently, this parameter setting is ignored except for the 6419default <a href="postconf.5.html">main.cf</a> file. </p> 6420 6421<p> This feature is available in Postfix 2.6 and later. </p> 6422 6423 6424</DD> 6425 6426<DT><b><a name="multi_instance_enable">multi_instance_enable</a> 6427(default: no)</b></DT><DD> 6428 6429<p> Allow this Postfix instance to be started, stopped, etc., by a 6430multi-instance manager. By default, new instances are created in 6431a safe state that prevents them from being started inadvertently. 6432This parameter is reserved for the multi-instance manager. </p> 6433 6434<p> This feature is available in Postfix 2.6 and later. </p> 6435 6436 6437</DD> 6438 6439<DT><b><a name="multi_instance_group">multi_instance_group</a> 6440(default: empty)</b></DT><DD> 6441 6442<p> The optional instance group name of this Postfix instance. A 6443group identifies closely-related Postfix instances that the 6444multi-instance manager can start, stop, etc., as a unit. This 6445parameter is reserved for the multi-instance manager. </p> 6446 6447<p> This feature is available in Postfix 2.6 and later. </p> 6448 6449 6450</DD> 6451 6452<DT><b><a name="multi_instance_name">multi_instance_name</a> 6453(default: empty)</b></DT><DD> 6454 6455<p> The optional instance name of this Postfix instance. This name 6456becomes also the default value for the <a href="postconf.5.html#syslog_name">syslog_name</a> parameter. </p> 6457 6458<p> This feature is available in Postfix 2.6 and later. </p> 6459 6460 6461</DD> 6462 6463<DT><b><a name="multi_instance_wrapper">multi_instance_wrapper</a> 6464(default: empty)</b></DT><DD> 6465 6466<p> The pathname of a multi-instance manager command that the 6467<a href="postfix.1.html">postfix(1)</a> command invokes when the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> 6468parameter value is non-empty. The pathname may be followed by 6469initial command arguments separated by whitespace; shell 6470metacharacters such as quotes are not supported in this context. 6471</p> 6472 6473<p> The <a href="postfix.1.html">postfix(1)</a> command invokes the manager command with the 6474<a href="postfix.1.html">postfix(1)</a> non-option command arguments on the manager command line, 6475and with all installation configuration parameters exported into 6476the manager command process environment. The manager command in 6477turn invokes the <a href="postfix.1.html">postfix(1)</a> command for individual Postfix instances 6478as "postfix -c <i><a href="postconf.5.html#config_directory">config_directory</a></i> <i>command</i>". </p> 6479 6480<p> This feature is available in Postfix 2.6 and later. </p> 6481 6482 6483</DD> 6484 6485<DT><b><a name="multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> 6486(default: 550)</b></DT><DD> 6487 6488<p> 6489The numerical Postfix SMTP server response code when a remote SMTP 6490client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> 6491restriction. 6492</p> 6493 6494<p> 6495Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 6496</p> 6497 6498<p> 6499This feature is available in Postfix 2.1 and later. 6500</p> 6501 6502 6503</DD> 6504 6505<DT><b><a name="mydestination">mydestination</a> 6506(default: $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b></DT><DD> 6507 6508<p> The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a> 6509mail delivery transport. By default this is the Postfix <a href="local.8.html">local(8)</a> 6510delivery agent which looks up all recipients in /etc/passwd and 6511/etc/aliases. The SMTP server validates recipient addresses with 6512$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> and rejects non-existent recipients. See also 6513the <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. 6514</p> 6515 6516<p> 6517The default <a href="postconf.5.html#mydestination">mydestination</a> value specifies names for the local 6518machine only. On a mail domain gateway, you should also include 6519$<a href="postconf.5.html#mydomain">mydomain</a>. 6520</p> 6521 6522<p> 6523The $<a href="postconf.5.html#local_transport">local_transport</a> delivery method is also selected for mail 6524addressed to user@[the.net.work.address] of the mail system (the 6525IP addresses specified with the <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> and <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> 6526parameters). 6527</p> 6528 6529<p> 6530Warnings: 6531</p> 6532 6533<ul> 6534 6535<li><p>Do not specify the names of virtual domains - those domains 6536are specified elsewhere. See <a href="VIRTUAL_README.html">VIRTUAL_README</a> for more information. </p> 6537 6538<li><p>Do not specify the names of domains that this machine is 6539backup MX host for. See <a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> for how to 6540set up backup MX hosts. </p> 6541 6542<li><p>By default, the Postfix SMTP server rejects mail for recipients 6543not listed with the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> parameter. See the 6544<a href="postconf.5.html">postconf(5)</a> manual for a description of the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> 6545and <a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> parameters. </p> 6546 6547</ul> 6548 6549<p> 6550Specify a list of host or domain names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" 6551patterns, separated by commas and/or whitespace. A "/file/name" 6552pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 6553is matched when a name matches a lookup key (the lookup result is 6554ignored). Continue long lines by starting the next line with 6555whitespace. </p> 6556 6557<p> 6558Examples: 6559</p> 6560 6561<pre> 6562<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a> $<a href="postconf.5.html#mydomain">mydomain</a> 6563<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a> www.$<a href="postconf.5.html#mydomain">mydomain</a>, ftp.$<a href="postconf.5.html#mydomain">mydomain</a> 6564</pre> 6565 6566 6567</DD> 6568 6569<DT><b><a name="mydomain">mydomain</a> 6570(default: see "postconf -d" output)</b></DT><DD> 6571 6572<p> 6573The internet domain name of this mail system. The default is to 6574use $<a href="postconf.5.html#myhostname">myhostname</a> minus the first component, or "localdomain" (Postfix 65752.3 and later). $<a href="postconf.5.html#mydomain">mydomain</a> is used as 6576a default value for many other configuration parameters. 6577</p> 6578 6579<p> 6580Example: 6581</p> 6582 6583<pre> 6584<a href="postconf.5.html#mydomain">mydomain</a> = domain.tld 6585</pre> 6586 6587 6588</DD> 6589 6590<DT><b><a name="myhostname">myhostname</a> 6591(default: see "postconf -d" output)</b></DT><DD> 6592 6593<p> 6594The internet hostname of this mail system. The default is to use 6595the fully-qualified domain name (FQDN) from gethostname(), or to 6596use the non-FQDN result from gethostname() and append ".$<a href="postconf.5.html#mydomain">mydomain</a>". 6597$<a href="postconf.5.html#myhostname">myhostname</a> is used as a default value for many other configuration 6598parameters. </p> 6599 6600<p> 6601Example: 6602</p> 6603 6604<pre> 6605<a href="postconf.5.html#myhostname">myhostname</a> = host.example.com 6606</pre> 6607 6608 6609</DD> 6610 6611<DT><b><a name="mynetworks">mynetworks</a> 6612(default: see "postconf -d" output)</b></DT><DD> 6613 6614<p> 6615The list of "trusted" remote SMTP clients that have more privileges than 6616"strangers". 6617</p> 6618 6619<p> 6620In particular, "trusted" SMTP clients are allowed to relay mail 6621through Postfix. See the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> parameter 6622description in the <a href="postconf.5.html">postconf(5)</a> manual. 6623</p> 6624 6625<p> 6626You can specify the list of "trusted" network addresses by hand 6627or you can let Postfix do it for you (which is the default). 6628See the description of the <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> parameter for more 6629information. 6630</p> 6631 6632<p> 6633If you specify the <a href="postconf.5.html#mynetworks">mynetworks</a> list by hand, 6634Postfix ignores the <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> setting. 6635</p> 6636 6637<p> Specify a list of network addresses or network/netmask patterns, 6638separated by commas and/or whitespace. Continue long lines by 6639starting the next line with whitespace. </p> 6640 6641<p> The netmask specifies the number of bits in the network part 6642of a host address. You can also specify "/file/name" or "<a href="DATABASE_README.html">type:table</a>" 6643patterns. A "/file/name" pattern is replaced by its contents; a 6644"<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a table entry matches a 6645lookup string (the lookup result is ignored). </p> 6646 6647<p> The list is matched left to right, and the search stops on the 6648first match. Specify "!pattern" to exclude an address or network 6649block from the list. The form "!/file/name" is supported only 6650in Postfix version 2.4 and later. </p> 6651 6652<p> Note: IP version 6 address information must be specified inside 6653<tt>[]</tt> in the <a href="postconf.5.html#mynetworks">mynetworks</a> value, and in files specified with 6654"/file/name". IP version 6 addresses contain the ":" character, 6655and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" pattern. </p> 6656 6657<p> Examples: </p> 6658 6659<pre> 6660<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 6661<a href="postconf.5.html#mynetworks">mynetworks</a> = !192.168.0.1, 192.168.0.0/28 6662<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64 6663<a href="postconf.5.html#mynetworks">mynetworks</a> = $<a href="postconf.5.html#config_directory">config_directory</a>/mynetworks 6664<a href="postconf.5.html#mynetworks">mynetworks</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/network_table 6665</pre> 6666 6667 6668</DD> 6669 6670<DT><b><a name="mynetworks_style">mynetworks_style</a> 6671(default: subnet)</b></DT><DD> 6672 6673<p> 6674The method to generate the default value for the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter. 6675This is the list of trusted networks for relay access control etc. 6676</p> 6677 6678<ul> 6679 6680<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host" when Postfix should 6681"trust" only the local machine. </p> 6682 6683<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" when Postfix 6684should "trust" remote SMTP clients in the same IP subnetworks as the local 6685machine. On Linux, this works correctly only with interfaces 6686specified with the "ifconfig" command. </p> 6687 6688<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" when Postfix should 6689"trust" remote SMTP clients in the same IP class A/B/C networks as the 6690local machine. Don't do this with a dialup site - it would cause 6691Postfix to "trust" your entire provider's network. Instead, specify 6692an explicit <a href="postconf.5.html#mynetworks">mynetworks</a> list by hand, as described with the <a href="postconf.5.html#mynetworks">mynetworks</a> 6693configuration parameter. </p> 6694 6695</ul> 6696 6697 6698</DD> 6699 6700<DT><b><a name="myorigin">myorigin</a> 6701(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 6702 6703<p> 6704The domain name that locally-posted mail appears to come 6705from, and that locally posted mail is delivered to. The default, 6706$<a href="postconf.5.html#myhostname">myhostname</a>, is adequate for small sites. If you run a domain with 6707multiple machines, you should (1) change this to $<a href="postconf.5.html#mydomain">mydomain</a> and (2) 6708set up a domain-wide alias database that aliases each user to 6709user@that.users.mailhost. 6710</p> 6711 6712<p> 6713Example: 6714</p> 6715 6716<pre> 6717<a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a> 6718</pre> 6719 6720 6721</DD> 6722 6723<DT><b><a name="nested_header_checks">nested_header_checks</a> 6724(default: $<a href="postconf.5.html#header_checks">header_checks</a>)</b></DT><DD> 6725 6726<p> 6727Optional lookup tables for content inspection of non-MIME message 6728headers in attached messages, as described in the <a href="header_checks.5.html">header_checks(5)</a> 6729manual page. 6730</p> 6731 6732<p> 6733This feature is available in Postfix 2.0 and later. 6734</p> 6735 6736 6737</DD> 6738 6739<DT><b><a name="newaliases_path">newaliases_path</a> 6740(default: see "postconf -d" output)</b></DT><DD> 6741 6742<p> 6743Sendmail compatibility feature that specifies the location of the 6744<a href="newaliases.1.html">newaliases(1)</a> command. This command can be used to rebuild the 6745<a href="local.8.html">local(8)</a> <a href="aliases.5.html">aliases(5)</a> database. 6746</p> 6747 6748 6749</DD> 6750 6751<DT><b><a name="non_fqdn_reject_code">non_fqdn_reject_code</a> 6752(default: 504)</b></DT><DD> 6753 6754<p> 6755The numerical Postfix SMTP server reply code when a client request 6756is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>, <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> 6757or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction. 6758</p> 6759 6760 6761</DD> 6762 6763<DT><b><a name="non_smtpd_milters">non_smtpd_milters</a> 6764(default: empty)</b></DT><DD> 6765 6766<p> A list of Milter (mail filter) applications for new mail that 6767does not arrive via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server. This includes local 6768submission via the <a href="sendmail.1.html">sendmail(1)</a> command line, new mail that arrives 6769via the Postfix <a href="qmqpd.8.html">qmqpd(8)</a> server, and old mail that is re-injected 6770into the queue with "postsuper -r". Specify space or comma as 6771separator. See the <a href="MILTER_README.html">MILTER_README</a> document for details. </p> 6772 6773<p> This feature is available in Postfix 2.3 and later. </p> 6774 6775 6776</DD> 6777 6778<DT><b><a name="notify_classes">notify_classes</a> 6779(default: resource, software)</b></DT><DD> 6780 6781<p> 6782The list of error classes that are reported to the postmaster. The 6783default is to report only the most serious problems. The paranoid 6784may wish to turn on the policy (UCE and mail relaying) and protocol 6785error (broken mail software) reports. 6786</p> 6787 6788<p> NOTE: postmaster notifications may contain confidential information 6789such as SASL passwords or message content. It is the system 6790administrator's responsibility to treat such information with care. 6791</p> 6792 6793<p> 6794The error classes are: 6795</p> 6796 6797<dl> 6798 6799<dt><b>bounce</b> (also implies <b>2bounce</b>)</dt> 6800 6801<dd>Send the postmaster copies of the headers of bounced mail, and 6802send transcripts of SMTP sessions when Postfix rejects mail. The 6803notification is sent to the address specified with the 6804<a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> configuration parameter (default: postmaster). 6805</dd> 6806 6807<dt><b>2bounce</b></dt> 6808 6809<dd>Send undeliverable bounced mail to the postmaster. The notification 6810is sent to the address specified with the <a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> 6811configuration parameter (default: postmaster). </dd> 6812 6813<dt><b>data</b></dt> 6814 6815<dd>Send the postmaster a transcript of the SMTP session with an 6816error because a critical data file was unavailable. The notification 6817is sent to the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> 6818configuration parameter (default: postmaster). <br> This feature 6819is available in Postfix 2.9 and later. </dd> 6820 6821<dt><b>delay</b></dt> 6822 6823<dd>Send the postmaster copies of the headers of delayed mail (see 6824<a href="postconf.5.html#delay_warning_time">delay_warning_time</a>). The 6825notification is sent to the address specified with the 6826<a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> configuration parameter (default: postmaster). 6827</dd> 6828 6829<dt><b>policy</b></dt> 6830 6831<dd>Send the postmaster a transcript of the SMTP session when a 6832client request was rejected because of (UCE) policy. The notification 6833is sent to the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> 6834configuration parameter (default: postmaster). </dd> 6835 6836<dt><b>protocol</b></dt> 6837 6838<dd>Send the postmaster a transcript of the SMTP session in case 6839of client or server protocol errors. The notification is sent to 6840the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration 6841parameter (default: postmaster). </dd> 6842 6843<dt><b>resource</b></dt> 6844 6845<dd>Inform the postmaster of mail not delivered due to resource 6846problems. The notification is sent to the address specified with 6847the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration parameter (default: 6848postmaster). </dd> 6849 6850<dt><b>software</b></dt> 6851 6852<dd>Inform the postmaster of mail not delivered due to software 6853problems. The notification is sent to the address specified with 6854the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration parameter (default: 6855postmaster). </dd> 6856 6857</dl> 6858 6859<p> 6860Examples: 6861</p> 6862 6863<pre> 6864<a href="postconf.5.html#notify_classes">notify_classes</a> = bounce, delay, policy, protocol, resource, software 6865<a href="postconf.5.html#notify_classes">notify_classes</a> = 2bounce, resource, software 6866</pre> 6867 6868 6869</DD> 6870 6871<DT><b><a name="owner_request_special">owner_request_special</a> 6872(default: yes)</b></DT><DD> 6873 6874<p> 6875Give special treatment to owner-listname and listname-request 6876address localparts: don't split such addresses when the 6877<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is set to "-". This feature is useful for 6878mailing lists. 6879</p> 6880 6881 6882</DD> 6883 6884<DT><b><a name="parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> 6885(default: see "postconf -d" output)</b></DT><DD> 6886 6887<p> 6888What Postfix features match subdomains of "domain.tld" automatically, 6889instead of requiring an explicit ".domain.tld" pattern. This is 6890planned backwards compatibility: eventually, all Postfix features 6891are expected to require explicit ".domain.tld" style patterns when 6892you really want to match subdomains. 6893</p> 6894 6895 6896</DD> 6897 6898<DT><b><a name="permit_mx_backup_networks">permit_mx_backup_networks</a> 6899(default: empty)</b></DT><DD> 6900 6901<p> 6902Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to 6903only domains whose primary MX hosts match the listed networks. 6904The parameter value syntax is the same as with the <a href="postconf.5.html#mynetworks">mynetworks</a> 6905parameter; note, however, that the default value is empty. </p> 6906 6907 6908</DD> 6909 6910<DT><b><a name="pickup_service_name">pickup_service_name</a> 6911(default: pickup)</b></DT><DD> 6912 6913<p> 6914The name of the <a href="pickup.8.html">pickup(8)</a> service. This service picks up local mail 6915submissions from the Postfix <a href="QSHAPE_README.html#maildrop_queue">maildrop queue</a>. 6916</p> 6917 6918<p> 6919This feature is available in Postfix 2.0 and later. 6920</p> 6921 6922 6923</DD> 6924 6925<DT><b><a name="plaintext_reject_code">plaintext_reject_code</a> 6926(default: 450)</b></DT><DD> 6927 6928<p> 6929The numerical Postfix SMTP server response code when a request 6930is rejected by the <b><a href="postconf.5.html#reject_plaintext_session">reject_plaintext_session</a></b> restriction. 6931</p> 6932 6933<p> This feature is available in Postfix 2.3 and later. </p> 6934 6935 6936</DD> 6937 6938<DT><b><a name="postmulti_control_commands">postmulti_control_commands</a> 6939(default: reload flush)</b></DT><DD> 6940 6941<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager 6942treats as "control" commands, that operate on running instances. For 6943these commands, disabled instances are skipped. </p> 6944 6945<p> This feature is available in Postfix 2.6 and later. </p> 6946 6947 6948</DD> 6949 6950<DT><b><a name="postmulti_start_commands">postmulti_start_commands</a> 6951(default: start)</b></DT><DD> 6952 6953<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager treats 6954as "start" commands. For these commands, disabled instances are "checked" 6955rather than "started", and failure to "start" a member instance of an 6956instance group will abort the start-up of later instances. </p> 6957 6958<p> This feature is available in Postfix 2.6 and later. </p> 6959 6960 6961</DD> 6962 6963<DT><b><a name="postmulti_stop_commands">postmulti_stop_commands</a> 6964(default: see "postconf -d" output)</b></DT><DD> 6965 6966<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager treats 6967as "stop" commands. For these commands, disabled instances are skipped, 6968and enabled instances are processed in reverse order. </p> 6969 6970<p> This feature is available in Postfix 2.6 and later. </p> 6971 6972 6973</DD> 6974 6975<DT><b><a name="postscreen_access_list">postscreen_access_list</a> 6976(default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>)</b></DT><DD> 6977 6978<p> Permanent white/blacklist for remote SMTP client IP addresses. 6979<a href="postscreen.8.html">postscreen(8)</a> searches this list immediately after a remote SMTP 6980client connects. Specify a comma- or whitespace-separated list of 6981commands (in upper or lower case) or lookup tables. The search stops 6982upon the first command that fires for the client IP address. </p> 6983 6984<dl> 6985 6986<dt> <b> <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> </b> </dt> <dd> Whitelist the client and 6987terminate the search if the client IP address matches $<a href="postconf.5.html#mynetworks">mynetworks</a>. 6988Do not subject the client to any before/after 220 greeting tests. 6989Pass the connection immediately to a Postfix SMTP server process. 6990</dd> 6991 6992<dt> <b> <a href="DATABASE_README.html">type:table</a> </b> </dt> <dd> Query the specified lookup 6993table. Each table lookup result is an access list, except that 6994access lists inside a table cannot specify <a href="DATABASE_README.html">type:table</a> entries. <br> 6995To discourage the use of hash, btree, etc. tables, there is no 6996support for substring matching like <a href="smtpd.8.html">smtpd(8)</a>. Use CIDR tables 6997instead. </dd> 6998 6999<dt> <b> permit </b> </dt> <dd> Whitelist the client and terminate 7000the search. Do not subject the client to any before/after 220 7001greeting tests. Pass the connection immediately to a Postfix SMTP 7002server process. </dd> 7003 7004<dt> <b> reject </b> </dt> <dd> Blacklist the client and terminate 7005the search. Subject the client to the action configured with the 7006<a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> configuration parameter. </dd> 7007 7008<dt> <b> dunno </b> </dt> <dd> All <a href="postscreen.8.html">postscreen(8)</a> access lists 7009implicitly have this command at the end. <br> When <b> dunno </b> 7010is executed inside a lookup table, return from the lookup table and 7011evaluate the next command. <br> When <b> dunno </b> is executed 7012outside a lookup table, terminate the search, and subject the client 7013to the configured before/after 220 greeting tests. </dd> 7014 7015</dl> 7016 7017<p> Example: </p> 7018 7019<pre> 7020/etc/postfix/<a href="postconf.5.html">main.cf</a>: 7021 <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, 7022 <a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr 7023 <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> = enforce 7024</pre> 7025 7026<pre> 7027/etc/postfix/postscreen_access.<a href="cidr_table.5.html">cidr</a>: 7028 # Rules are evaluated in the order as specified. 7029 # Blacklist 192.168.* except 192.168.0.1. 7030 192.168.0.1 dunno 7031 192.168.0.0/16 reject 7032</pre> 7033 7034<p> This feature is available in Postfix 2.8. </p> 7035 7036 7037</DD> 7038 7039<DT><b><a name="postscreen_bare_newline_action">postscreen_bare_newline_action</a> 7040(default: ignore)</b></DT><DD> 7041 7042<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client sends 7043a bare newline character, that is, a newline not preceded by carriage 7044return. Specify one of the following: </p> 7045 7046<dl> 7047 7048<dt> <b>ignore</b> </dt> 7049 7050<dd> Ignore the failure of this test. Allow other tests to complete. 7051Do <i>not</i> repeat this test before some the result from some 7052other test expires. 7053This option is useful for testing and collecting statistics 7054without blocking mail permanently. </dd> 7055 7056<dt> <b>enforce</b> </dt> 7057 7058<dd> Allow other tests to complete. Reject attempts to deliver mail 7059with a 550 SMTP reply, and log the helo/sender/recipient information. 7060Repeat this test the next time the client connects. </dd> 7061 7062<dt> <b>drop</b> </dt> 7063 7064<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7065this test the next time the client connects. </dd> 7066 7067</dl> 7068 7069<p> This feature is available in Postfix 2.8. </p> 7070 7071 7072</DD> 7073 7074<DT><b><a name="postscreen_bare_newline_enable">postscreen_bare_newline_enable</a> 7075(default: no)</b></DT><DD> 7076 7077<p> Enable "bare newline" SMTP protocol tests in the <a href="postscreen.8.html">postscreen(8)</a> 7078server. These tests are expensive: a remote SMTP client must 7079disconnect after 7080it passes the test, before it can talk to a real Postfix SMTP server. 7081</p> 7082 7083<p> This feature is available in Postfix 2.8. </p> 7084 7085 7086</DD> 7087 7088<DT><b><a name="postscreen_bare_newline_ttl">postscreen_bare_newline_ttl</a> 7089(default: 30d)</b></DT><DD> 7090 7091<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from 7092a successful "bare newline" SMTP protocol test. During this 7093time, the client IP address is excluded from this test. The default 7094is long because a remote SMTP client must disconnect after it passes 7095the test, 7096before it can talk to a real Postfix SMTP server. </p> 7097 7098<p> Specify a non-zero time value (an integral value plus an optional 7099one-letter suffix that specifies the time unit). Time units: s 7100(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7101 7102<p> This feature is available in Postfix 2.8. </p> 7103 7104 7105</DD> 7106 7107<DT><b><a name="postscreen_blacklist_action">postscreen_blacklist_action</a> 7108(default: ignore)</b></DT><DD> 7109 7110<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client is 7111permanently blacklisted with the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parameter. 7112Specify one of the following: </p> 7113 7114<dl> 7115 7116<dt> <b>ignore</b> (default) </dt> 7117 7118<dd> Ignore this result. Allow other tests to complete. Repeat 7119this test the next time the client connects. 7120This option is useful for testing and collecting statistics 7121without blocking mail. </dd> 7122 7123<dt> <b>enforce</b> </dt> 7124 7125<dd> Allow other tests to complete. Reject attempts to deliver mail 7126with a 550 SMTP reply, and log the helo/sender/recipient information. 7127Repeat this test the next time the client connects. </dd> 7128 7129<dt> <b>drop</b> </dt> 7130 7131<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7132this test the next time the client connects. </dd> 7133 7134</dl> 7135 7136<p> This feature is available in Postfix 2.8. </p> 7137 7138 7139</DD> 7140 7141<DT><b><a name="postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> 7142(default: 12h)</b></DT><DD> 7143 7144<p> The amount of time between <a href="postscreen.8.html">postscreen(8)</a> cache cleanup runs. 7145Cache cleanup increases the load on the cache database and should 7146therefore not be run frequently. This feature requires that the 7147cache database supports the "delete" and "sequence" operators. 7148Specify a zero interval to disable cache cleanup. </p> 7149 7150<p> After each cache cleanup run, the <a href="postscreen.8.html">postscreen(8)</a> daemon logs the 7151number of entries that were retained and dropped. A cleanup run is 7152logged as "partial" when the daemon terminates early after "<b>postfix 7153reload</b>", "<b>postfix stop</b>", or no requests for $<a href="postconf.5.html#max_idle">max_idle</a> 7154seconds. </p> 7155 7156<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 7157(weeks). </p> 7158 7159<p> This feature is available in Postfix 2.8. </p> 7160 7161 7162</DD> 7163 7164<DT><b><a name="postscreen_cache_map">postscreen_cache_map</a> 7165(default: <a href="DATABASE_README.html#types">btree</a>:$<a href="postconf.5.html#data_directory">data_directory</a>/postscreen_cache)</b></DT><DD> 7166 7167<p> Persistent storage for the <a href="postscreen.8.html">postscreen(8)</a> server decisions. </p> 7168 7169<p> To share a <a href="postscreen.8.html">postscreen(8)</a> cache between multiple <a href="postscreen.8.html">postscreen(8)</a> 7170instances, use "<a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> = <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/path/to/file". 7171This requires Postfix version 2.9 or later; earlier <a href="proxymap.8.html">proxymap(8)</a> 7172implementations don't support cache cleanup. For an alternative 7173approach see the <a href="memcache_table.5.html">memcache_table(5)</a> manpage. </p> 7174 7175<p> This feature is available in Postfix 2.8. </p> 7176 7177 7178</DD> 7179 7180<DT><b><a name="postscreen_cache_retention_time">postscreen_cache_retention_time</a> 7181(default: 7d)</b></DT><DD> 7182 7183<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will cache an expired 7184temporary whitelist entry before it is removed. This prevents clients 7185from being logged as "NEW" just because their cache entry expired 7186an hour ago. It also prevents the cache from filling up with clients 7187that passed some deep protocol test once and never came back. </p> 7188 7189<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 7190(weeks). </p> 7191 7192<p> This feature is available in Postfix 2.8. </p> 7193 7194 7195</DD> 7196 7197<DT><b><a name="postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a> 7198(default: $<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>)</b></DT><DD> 7199 7200<p> How many simultaneous connections any remote SMTP client is 7201allowed to have 7202with the <a href="postscreen.8.html">postscreen(8)</a> daemon. By default, this limit is the same 7203as with the Postfix SMTP server. Note that the triage process can 7204take several seconds, with the time spent in <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> 7205delay, and with the time spent talking to the <a href="postscreen.8.html">postscreen(8)</a> built-in 7206dummy SMTP protocol engine. </p> 7207 7208<p> This feature is available in Postfix 2.8. </p> 7209 7210 7211</DD> 7212 7213<DT><b><a name="postscreen_command_count_limit">postscreen_command_count_limit</a> 7214(default: 20)</b></DT><DD> 7215 7216<p> The limit on the total number of commands per SMTP session for 7217<a href="postscreen.8.html">postscreen(8)</a>'s built-in SMTP protocol engine. This SMTP engine 7218defers or rejects all attempts to deliver mail, therefore there is 7219no need to enforce separate limits on the number of junk commands 7220and error commands. </p> 7221 7222<p> This feature is available in Postfix 2.8. </p> 7223 7224 7225</DD> 7226 7227<DT><b><a name="postscreen_command_filter">postscreen_command_filter</a> 7228(default: $<a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>)</b></DT><DD> 7229 7230<p> A mechanism to transform commands from remote SMTP clients. 7231See <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> for further details. </p> 7232 7233<p> This feature is available in Postfix 2.8 and later. </p> 7234 7235 7236</DD> 7237 7238<DT><b><a name="postscreen_command_time_limit">postscreen_command_time_limit</a> 7239(default: ${stress?10}${stress:300}s)</b></DT><DD> 7240 7241<p> The time limit to read an entire command line with <a href="postscreen.8.html">postscreen(8)</a>'s 7242built-in SMTP protocol engine. </p> 7243 7244<p> This feature is available in Postfix 2.8. </p> 7245 7246 7247</DD> 7248 7249<DT><b><a name="postscreen_disable_vrfy_command">postscreen_disable_vrfy_command</a> 7250(default: $<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a>)</b></DT><DD> 7251 7252<p> Disable the SMTP VRFY command in the <a href="postscreen.8.html">postscreen(8)</a> daemon. See 7253<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> for details. </p> 7254 7255<p> This feature is available in Postfix 2.8. </p> 7256 7257 7258</DD> 7259 7260<DT><b><a name="postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a> 7261(default: $<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>)</b></DT><DD> 7262 7263<p> Lookup tables, indexed by the remote SMTP client address, with 7264case insensitive lists of EHLO keywords (pipelining, starttls, auth, 7265etc.) that the <a href="postscreen.8.html">postscreen(8)</a> server will not send in the EHLO response 7266to a remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> for details. 7267The table is not searched by hostname for robustness reasons. </p> 7268 7269<p> This feature is available in Postfix 2.8 and later. </p> 7270 7271 7272</DD> 7273 7274<DT><b><a name="postscreen_discard_ehlo_keywords">postscreen_discard_ehlo_keywords</a> 7275(default: $<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>)</b></DT><DD> 7276 7277<p> A case insensitive list of EHLO keywords (pipelining, starttls, 7278auth, etc.) that the <a href="postscreen.8.html">postscreen(8)</a> server will not send in the EHLO 7279response to a remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> 7280for details. </p> 7281 7282<p> This feature is available in Postfix 2.8 and later. </p> 7283 7284 7285</DD> 7286 7287<DT><b><a name="postscreen_dnsbl_action">postscreen_dnsbl_action</a> 7288(default: ignore)</b></DT><DD> 7289 7290<p>The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client's combined 7291DNSBL score is equal to or greater than a threshold (as defined 7292with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> 7293parameters). Specify one of the following: </p> 7294 7295<dl> 7296 7297<dt> <b>ignore</b> (default) </dt> 7298 7299<dd> Ignore the failure of this test. Allow other tests to complete. 7300Repeat this test the next time the client connects. 7301This option is useful for testing and collecting statistics 7302without blocking mail. </dd> 7303 7304<dt> <b>enforce</b> </dt> 7305 7306<dd> Allow other tests to complete. Reject attempts to deliver mail 7307with a 550 SMTP reply, and log the helo/sender/recipient information. 7308Repeat this test the next time the client connects. </dd> 7309 7310<dt> <b>drop</b> </dt> 7311 7312<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7313this test the next time the client connects. </dd> 7314 7315</dl> 7316 7317<p> This feature is available in Postfix 2.8. </p> 7318 7319 7320</DD> 7321 7322<DT><b><a name="postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> 7323(default: empty)</b></DT><DD> 7324 7325<p> A mapping from actual DNSBL domain name which includes a secret 7326password, to the DNSBL domain name that postscreen will reply with 7327when it rejects mail. When no mapping is found, the actual DNSBL 7328domain will be used. </p> 7329 7330<p> For maximal stability it is best to use a file that is read 7331into memory such as <a href="pcre_table.5.html">pcre</a>:, <a href="regexp_table.5.html">regexp</a>: or <a href="DATABASE_README.html#types">texthash</a>: (<a href="DATABASE_README.html#types">texthash</a>: is similar 7332to <a href="DATABASE_README.html#types">hash</a>:, except a) there is no need to run <a href="postmap.1.html">postmap(1)</a> before the 7333file can be used, and b) <a href="DATABASE_README.html#types">texthash</a>: does not detect changes after 7334the file is read). </p> 7335 7336<p> Example: </p> 7337 7338<pre> 7339/etc/postfix/<a href="postconf.5.html">main.cf</a>: 7340 <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> = <a href="DATABASE_README.html#types">texthash</a>:/etc/postfix/dnsbl_reply 7341</pre> 7342 7343<pre> 7344/etc/postfix/dnsbl_reply: 7345 secret.zen.spamhaus.org zen.spamhaus.org 7346</pre> 7347 7348<p> This feature is available in Postfix 2.8. </p> 7349 7350 7351</DD> 7352 7353<DT><b><a name="postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> 7354(default: empty)</b></DT><DD> 7355 7356<p>Optional list of DNS white/blacklist domains, filters and weight 7357factors. When the list is non-empty, the <a href="dnsblog.8.html">dnsblog(8)</a> daemon will 7358query these domains with the IP addresses of remote SMTP clients, 7359and <a href="postscreen.8.html">postscreen(8)</a> will update an SMTP client's DNSBL score with 7360each non-error reply. </p> 7361 7362<p> Caution: when postscreen rejects mail, it replies with the DNSBL 7363domain name. Use the <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> feature to hide 7364"password" information in DNSBL domain names. </p> 7365 7366<p> When a client's score is equal to or greater than the threshold 7367specified with <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a>, <a href="postscreen.8.html">postscreen(8)</a> can drop 7368the connection with the remote SMTP client. </p> 7369 7370<p> Specify a list of domain=filter*weight entries, separated by 7371comma or whitespace. </p> 7372 7373<ul> 7374 7375<li> <p> When no "=filter" is specified, <a href="postscreen.8.html">postscreen(8)</a> will use any 7376non-error DNSBL reply. Otherwise, <a href="postscreen.8.html">postscreen(8)</a> uses only DNSBL 7377replies that match the filter. The filter has the form d.d.d.d, 7378where each d is a number, or a pattern inside [] that contains one 7379or more ";"-separated numbers or number..number ranges. </p> 7380 7381<li> <p> When no "*weight" is specified, <a href="postscreen.8.html">postscreen(8)</a> increments 7382the remote SMTP client's DNSBL score by 1. Otherwise, the weight must be 7383an integral number, and <a href="postscreen.8.html">postscreen(8)</a> adds the specified weight to 7384the remote SMTP client's DNSBL score. Specify a negative number for 7385whitelisting. </p> 7386 7387<li> <p> When one <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> entry produces multiple 7388DNSBL responses, <a href="postscreen.8.html">postscreen(8)</a> applies the weight at most once. 7389</p> 7390 7391</ul> 7392 7393<p> Examples: </p> 7394 7395<p> To use example.com as a high-confidence blocklist, and to 7396block mail with example.net and example.org only when both agree: 7397</p> 7398 7399<pre> 7400<a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> = 2 7401<a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = example.com*2, example.net, example.org 7402</pre> 7403 7404<p> To filter only DNSBL replies containing 127.0.0.4: </p> 7405 7406<pre> 7407<a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = example.com=127.0.0.4 7408</pre> 7409 7410<p> This feature is available in Postfix 2.8. </p> 7411 7412 7413</DD> 7414 7415<DT><b><a name="postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> 7416(default: 1)</b></DT><DD> 7417 7418<p> The inclusive lower bound for blocking a remote SMTP client, based on 7419its combined DNSBL score as defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> 7420parameter. </p> 7421 7422<p> This feature is available in Postfix 2.8. </p> 7423 7424 7425</DD> 7426 7427<DT><b><a name="postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a> 7428(default: 1h)</b></DT><DD> 7429 7430<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from 7431a successful DNS blocklist test. During this time, the client IP address 7432is excluded from this test. The default is relatively short, because a 7433good client can immediately talk to a real Postfix SMTP server. 7434</p> 7435 7436<p> Specify a non-zero time value (an integral value plus an optional 7437one-letter suffix that specifies the time unit). Time units: s 7438(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7439 7440<p> This feature is available in Postfix 2.8. </p> 7441 7442 7443</DD> 7444 7445<DT><b><a name="postscreen_dnsbl_whitelist_threshold">postscreen_dnsbl_whitelist_threshold</a> 7446(default: 0)</b></DT><DD> 7447 7448<p> Allow a remote SMTP client to skip "before" and "after 220 7449greeting" protocol tests, based on its combined DNSBL score as 7450defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter. </p> 7451 7452<p> Specify a negative value to enable this feature. When a client 7453passes the <a href="postconf.5.html#postscreen_dnsbl_whitelist_threshold">postscreen_dnsbl_whitelist_threshold</a> without having 7454failed other tests, all pending or disabled tests are flagged as 7455completed with a time-to-live value equal to <a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>. 7456When a test was already completed, its time-to-live value is updated 7457if it was less than <a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>. </p> 7458 7459<p> This feature is available in Postfix 2.11. </p> 7460 7461 7462</DD> 7463 7464<DT><b><a name="postscreen_enforce_tls">postscreen_enforce_tls</a> 7465(default: $<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b></DT><DD> 7466 7467<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, and 7468require that clients use TLS encryption. See smtpd_postscreen_enforce_tls 7469for details. </p> 7470 7471<p> This feature is available in Postfix 2.8 and later. 7472Preferably, use <a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> instead. </p> 7473 7474 7475</DD> 7476 7477<DT><b><a name="postscreen_expansion_filter">postscreen_expansion_filter</a> 7478(default: see "postconf -d" output)</b></DT><DD> 7479 7480<p> List of characters that are permitted in <a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> 7481attribute expansions. See <a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> for further 7482details. </p> 7483 7484<p> This feature is available in Postfix 2.8 and later. </p> 7485 7486 7487</DD> 7488 7489<DT><b><a name="postscreen_forbidden_commands">postscreen_forbidden_commands</a> 7490(default: $<a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>)</b></DT><DD> 7491 7492<p> List of commands that the <a href="postscreen.8.html">postscreen(8)</a> server considers in 7493violation of the SMTP protocol. See <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> for 7494syntax, and <a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> for possible actions. 7495</p> 7496 7497<p> This feature is available in Postfix 2.8. </p> 7498 7499 7500</DD> 7501 7502<DT><b><a name="postscreen_greet_action">postscreen_greet_action</a> 7503(default: ignore)</b></DT><DD> 7504 7505<p>The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client speaks 7506before its turn within the time specified with the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> 7507parameter. Specify one of the following: </p> 7508 7509<dl> 7510 7511<dt> <b>ignore</b> (default) </dt> 7512 7513<dd> Ignore the failure of this test. Allow other tests to complete. 7514Repeat this test the next time the client connects. 7515This option is useful for testing and collecting statistics 7516without blocking mail. </dd> 7517 7518<dt> <b>enforce</b> </dt> 7519 7520<dd> Allow other tests to complete. Reject attempts to deliver mail 7521with a 550 SMTP reply, and log the helo/sender/recipient information. 7522Repeat this test the next time the client connects. </dd> 7523 7524<dt> <b>drop</b> </dt> 7525 7526<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7527this test the next time the client connects. </dd> 7528 7529</dl> 7530 7531<p> In either case, <a href="postscreen.8.html">postscreen(8)</a> will not whitelist the remote SMTP client 7532IP address. </p> 7533 7534<p> This feature is available in Postfix 2.8. </p> 7535 7536 7537</DD> 7538 7539<DT><b><a name="postscreen_greet_banner">postscreen_greet_banner</a> 7540(default: $<a href="postconf.5.html#smtpd_banner">smtpd_banner</a>)</b></DT><DD> 7541 7542<p> The <i>text</i> in the optional "220-<i>text</i>..." server 7543response that 7544<a href="postscreen.8.html">postscreen(8)</a> sends ahead of the real Postfix SMTP server's "220 7545text..." response, in an attempt to confuse bad SMTP clients so 7546that they speak before their turn (pre-greet). Specify an empty 7547value to disable this feature. </p> 7548 7549<p> This feature is available in Postfix 2.8. </p> 7550 7551 7552</DD> 7553 7554<DT><b><a name="postscreen_greet_ttl">postscreen_greet_ttl</a> 7555(default: 1d)</b></DT><DD> 7556 7557<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from 7558a successful PREGREET test. During this time, the client IP address 7559is excluded from this test. The default is relatively short, because 7560a good client can immediately talk to a real Postfix SMTP server. </p> 7561 7562<p> Specify a non-zero time value (an integral value plus an optional 7563one-letter suffix that specifies the time unit). Time units: s 7564(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7565 7566<p> This feature is available in Postfix 2.8. </p> 7567 7568 7569</DD> 7570 7571<DT><b><a name="postscreen_greet_wait">postscreen_greet_wait</a> 7572(default: ${stress?2}${stress:6}s)</b></DT><DD> 7573 7574<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will wait for an SMTP 7575client to send a command before its turn, and for DNS blocklist 7576lookup results to arrive (default: up to 2 seconds under stress, 7577up to 6 seconds otherwise). <p> 7578 7579<p> Specify a non-zero time value (an integral value plus an optional 7580one-letter suffix that specifies the time unit). </p> 7581 7582<p> Time units: s (seconds), m (minutes), h (hours), d (days), w 7583(weeks). </p> 7584 7585<p> This feature is available in Postfix 2.8. </p> 7586 7587 7588</DD> 7589 7590<DT><b><a name="postscreen_helo_required">postscreen_helo_required</a> 7591(default: $<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a>)</b></DT><DD> 7592 7593<p> Require that a remote SMTP client sends HELO or EHLO before 7594commencing a MAIL transaction. </p> 7595 7596<p> This feature is available in Postfix 2.8. </p> 7597 7598 7599</DD> 7600 7601<DT><b><a name="postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> 7602(default: drop)</b></DT><DD> 7603 7604<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client sends 7605non-SMTP commands as specified with the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> 7606parameter. Specify one of the following: </p> 7607 7608<dl> 7609 7610<dt> <b>ignore</b> </dt> 7611 7612<dd> Ignore the failure of this test. Allow other tests to complete. 7613Do <i>not</i> repeat this test before some the result from some 7614other test expires. 7615This option is useful for testing and collecting statistics 7616without blocking mail permanently. </dd> 7617 7618<dt> <b>enforce</b> </dt> 7619 7620<dd> Allow other tests to complete. Reject attempts to deliver mail 7621with a 550 SMTP reply, and log the helo/sender/recipient information. 7622Repeat this test the next time the client connects. </dd> 7623 7624<dt> <b>drop</b> </dt> 7625 7626<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7627this test the next time the client connects. This action is the 7628same as with the Postfix SMTP server's <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> 7629feature. </dd> 7630 7631</dl> 7632 7633<p> This feature is available in Postfix 2.8. </p> 7634 7635 7636</DD> 7637 7638<DT><b><a name="postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> 7639(default: no)</b></DT><DD> 7640 7641<p> Enable "non-SMTP command" tests in the <a href="postscreen.8.html">postscreen(8)</a> server. These 7642tests are expensive: a client must disconnect after it passes the 7643test, before it can talk to a real Postfix SMTP server. </p> 7644 7645<p> This feature is available in Postfix 2.8. </p> 7646 7647 7648</DD> 7649 7650<DT><b><a name="postscreen_non_smtp_command_ttl">postscreen_non_smtp_command_ttl</a> 7651(default: 30d)</b></DT><DD> 7652 7653<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from 7654a successful "non_smtp_command" SMTP protocol test. During this 7655time, the client IP address is excluded from this test. The default 7656is long because a client must disconnect after it passes the test, 7657before it can talk to a real Postfix SMTP server. </p> 7658 7659<p> Specify a non-zero time value (an integral value plus an optional 7660one-letter suffix that specifies the time unit). Time units: s 7661(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7662 7663<p> This feature is available in Postfix 2.8. </p> 7664 7665 7666</DD> 7667 7668<DT><b><a name="postscreen_pipelining_action">postscreen_pipelining_action</a> 7669(default: enforce)</b></DT><DD> 7670 7671<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client 7672sends 7673multiple commands instead of sending one command and waiting for 7674the server to respond. Specify one of the following: </p> 7675 7676<dl> 7677 7678<dt> <b>ignore</b> </dt> 7679 7680<dd> Ignore the failure of this test. Allow other tests to complete. 7681Do <i>not</i> repeat this test before some the result from some 7682other test expires. 7683This option is useful for testing and collecting statistics 7684without blocking mail permanently. </dd> 7685 7686<dt> <b>enforce</b> </dt> 7687 7688<dd> Allow other tests to complete. Reject attempts to deliver mail 7689with a 550 SMTP reply, and log the helo/sender/recipient information. 7690Repeat this test the next time the client connects. </dd> 7691 7692<dt> <b>drop</b> </dt> 7693 7694<dd> Drop the connection immediately with a 521 SMTP reply. Repeat 7695this test the next time the client connects. </dd> 7696 7697</dl> 7698 7699<p> This feature is available in Postfix 2.8. </p> 7700 7701 7702</DD> 7703 7704<DT><b><a name="postscreen_pipelining_enable">postscreen_pipelining_enable</a> 7705(default: no)</b></DT><DD> 7706 7707<p> Enable "pipelining" SMTP protocol tests in the <a href="postscreen.8.html">postscreen(8)</a> 7708server. These tests are expensive: a good client must disconnect 7709after it passes the test, before it can talk to a real Postfix SMTP 7710server. </p> 7711 7712<p> This feature is available in Postfix 2.8. </p> 7713 7714 7715</DD> 7716 7717<DT><b><a name="postscreen_pipelining_ttl">postscreen_pipelining_ttl</a> 7718(default: 30d)</b></DT><DD> 7719 7720<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from 7721a successful "pipelining" SMTP protocol test. During this time, the 7722client IP address is excluded from this test. The default is 7723long because a good client must disconnect after it passes the test, 7724before it can talk to a real Postfix SMTP server. </p> 7725 7726<p> Specify a non-zero time value (an integral value plus an optional 7727one-letter suffix that specifies the time unit). Time units: s 7728(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7729 7730<p> This feature is available in Postfix 2.8. </p> 7731 7732 7733</DD> 7734 7735<DT><b><a name="postscreen_post_queue_limit">postscreen_post_queue_limit</a> 7736(default: $<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b></DT><DD> 7737 7738<p> The number of clients that can be waiting for service from a 7739real Postfix SMTP server process. When this queue is full, all 7740clients will 7741receive a 421 response. </p> 7742 7743<p> This feature is available in Postfix 2.8. </p> 7744 7745 7746</DD> 7747 7748<DT><b><a name="postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> 7749(default: $<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b></DT><DD> 7750 7751<p> The number of non-whitelisted clients that can be waiting for 7752a decision whether they will receive service from a real Postfix 7753SMTP server 7754process. When this queue is full, all non-whitelisted clients will 7755receive a 421 response. </p> 7756 7757<p> This feature is available in Postfix 2.8. </p> 7758 7759 7760</DD> 7761 7762<DT><b><a name="postscreen_reject_footer">postscreen_reject_footer</a> 7763(default: $<a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a>)</b></DT><DD> 7764 7765<p> Optional information that is appended after a 4XX or 5XX 7766<a href="postscreen.8.html">postscreen(8)</a> server 7767response. See <a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> for further details. </p> 7768 7769<p> This feature is available in Postfix 2.8 and later. </p> 7770 7771 7772</DD> 7773 7774<DT><b><a name="postscreen_tls_security_level">postscreen_tls_security_level</a> 7775(default: $<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b></DT><DD> 7776 7777<p> The SMTP TLS security level for the <a href="postscreen.8.html">postscreen(8)</a> server; when 7778a non-empty value is specified, this overrides the obsolete parameters 7779<a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>. See <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> 7780for details. </p> 7781 7782<p> This feature is available in Postfix 2.8 and later. </p> 7783 7784 7785</DD> 7786 7787<DT><b><a name="postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> 7788(default: empty)</b></DT><DD> 7789 7790<p> The name of the proxy protocol used by an optional before-postscreen 7791proxy agent. When a proxy agent is used, this protocol conveys local 7792and remote address and port information. Specify 7793"<a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> = haproxy" to enable the haproxy 7794protocol. <p> 7795 7796<p> This feature is available in Postfix 2.10 and later. </p> 7797 7798 7799</DD> 7800 7801<DT><b><a name="postscreen_upstream_proxy_timeout">postscreen_upstream_proxy_timeout</a> 7802(default: 5s)</b></DT><DD> 7803 7804<p> The time limit for the proxy protocol specified with the 7805<a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> parameter. </p> 7806 7807<p> This feature is available in Postfix 2.10 and later. </p> 7808 7809 7810</DD> 7811 7812<DT><b><a name="postscreen_use_tls">postscreen_use_tls</a> 7813(default: $<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b></DT><DD> 7814 7815<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients, 7816but do not require that clients use TLS encryption. </p> 7817 7818<p> This feature is available in Postfix 2.8 and later. 7819Preferably, use <a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> instead. </p> 7820 7821 7822</DD> 7823 7824<DT><b><a name="postscreen_watchdog_timeout">postscreen_watchdog_timeout</a> 7825(default: 10s)</b></DT><DD> 7826 7827<p> How much time a <a href="postscreen.8.html">postscreen(8)</a> process may take to respond to 7828a remote SMTP client command or to perform a cache operation before it 7829is terminated by a built-in watchdog timer. This is a safety 7830mechanism that prevents <a href="postscreen.8.html">postscreen(8)</a> from becoming non-responsive 7831due to a bug in Postfix itself or in system software. To avoid 7832false alarms and unnecessary cache corruption this limit cannot be 7833set under 10s. </p> 7834 7835<p> Specify a non-zero time value (an integral value plus an optional 7836one-letter suffix that specifies the time unit). Time units: s 7837(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 7838 7839<p> This feature is available in Postfix 2.8. </p> 7840 7841 7842</DD> 7843 7844<DT><b><a name="postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> 7845(default: <a href="DATABASE_README.html#types">static</a>:all)</b></DT><DD> 7846 7847<p> A list of local <a href="postscreen.8.html">postscreen(8)</a> server IP addresses where a 7848non-whitelisted remote SMTP client can obtain <a href="postscreen.8.html">postscreen(8)</a>'s temporary 7849whitelist status. This status is required before the client can 7850talk to a Postfix SMTP server process. By default, a client can 7851obtain <a href="postscreen.8.html">postscreen(8)</a>'s whitelist status on any local <a href="postscreen.8.html">postscreen(8)</a> 7852server IP address. </p> 7853 7854<p> When <a href="postscreen.8.html">postscreen(8)</a> listens on both primary and backup MX 7855addresses, the <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> parameter can be 7856configured to give the temporary whitelist status only when a client 7857connects to a primary MX address. Once a client is whitelisted it 7858can talk to a Postfix SMTP server on any address. Thus, clients 7859that connect only to backup MX addresses will never become whitelisted, 7860and will never be allowed to talk to a Postfix SMTP server process. 7861</p> 7862 7863<p> Specify a list of network addresses or network/netmask patterns, 7864separated by commas and/or whitespace. The netmask specifies the 7865number of bits in the network part of a host address. Continue long 7866lines by starting the next line with whitespace. </p> 7867 7868<p> You can also specify "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A 7869"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" 7870lookup table is matched when a table entry matches a lookup string 7871(the lookup result is ignored). </p> 7872 7873<p> The list is matched left to right, and the search stops on the 7874first match. Specify "!pattern" to exclude an address or network 7875block from the list. </p> 7876 7877<p> Note: IP version 6 address information must be specified inside 7878[] in the <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> value, and in files 7879specified with "/file/name". IP version 6 addresses contain the 7880":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 7881pattern. </p> 7882 7883<p> Example: </p> 7884 7885<pre> 7886/etc/postfix/<a href="postconf.5.html">main.cf</a>: 7887 # Don't whitelist connections to the backup IP address. 7888 <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> = !168.100.189.8, <a href="DATABASE_README.html#types">static</a>:all 7889</pre> 7890 7891<p> This feature is available in Postfix 2.9 and later. </p> 7892 7893 7894</DD> 7895 7896<DT><b><a name="prepend_delivered_header">prepend_delivered_header</a> 7897(default: command, file, forward)</b></DT><DD> 7898 7899<p> The message delivery contexts where the Postfix <a href="local.8.html">local(8)</a> delivery 7900agent prepends a Delivered-To: message header with the address 7901that the mail was delivered to. This information is used for mail 7902delivery loop detection. </p> 7903 7904<p> 7905By default, the Postfix local delivery agent prepends a Delivered-To: 7906header when forwarding mail and when delivering to file (mailbox) 7907and command. Turning off the Delivered-To: header when forwarding 7908mail is not recommended. 7909</p> 7910 7911<p> 7912Specify zero or more of <b>forward</b>, <b>file</b>, or <b>command</b>. 7913</p> 7914 7915<p> 7916Example: 7917</p> 7918 7919<pre> 7920<a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a> = forward 7921</pre> 7922 7923 7924</DD> 7925 7926<DT><b><a name="process_id">process_id</a> 7927(read-only)</b></DT><DD> 7928 7929<p> 7930The process ID of a Postfix command or daemon process. 7931</p> 7932 7933 7934</DD> 7935 7936<DT><b><a name="process_id_directory">process_id_directory</a> 7937(default: pid)</b></DT><DD> 7938 7939<p> 7940The location of Postfix PID files relative to $<a href="postconf.5.html#queue_directory">queue_directory</a>. 7941This is a read-only parameter. 7942</p> 7943 7944 7945</DD> 7946 7947<DT><b><a name="process_name">process_name</a> 7948(read-only)</b></DT><DD> 7949 7950<p> 7951The process name of a Postfix command or daemon process. 7952</p> 7953 7954 7955</DD> 7956 7957<DT><b><a name="propagate_unmatched_extensions">propagate_unmatched_extensions</a> 7958(default: canonical, virtual)</b></DT><DD> 7959 7960<p> 7961What address lookup tables copy an address extension from the lookup 7962key to the lookup result. 7963</p> 7964 7965<p> 7966For example, with a <a href="virtual.5.html">virtual(5)</a> mapping of "<i>joe@example.com => 7967joe.user@example.net</i>", the address "<i>joe+foo@example.com</i>" 7968would rewrite to "<i>joe.user+foo@example.net</i>". 7969</p> 7970 7971<p> 7972Specify zero or more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, 7973<b>forward</b>, <b>include</b> or <b>generic</b>. These cause 7974address extension 7975propagation with <a href="canonical.5.html">canonical(5)</a>, <a href="virtual.5.html">virtual(5)</a>, and <a href="aliases.5.html">aliases(5)</a> maps, 7976with <a href="local.8.html">local(8)</a> .forward and :include: file lookups, and with <a href="smtp.8.html">smtp(8)</a> 7977generic maps, respectively. </p> 7978 7979<p> 7980Note: enabling this feature for types other than <b>canonical</b> 7981and <b>virtual</b> is likely to cause problems when mail is forwarded 7982to other sites, especially with mail that is sent to a mailing list 7983exploder address. 7984</p> 7985 7986<p> 7987Examples: 7988</p> 7989 7990<pre> 7991<a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> = canonical, virtual, alias, 7992 forward, include 7993<a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> = canonical, virtual 7994</pre> 7995 7996 7997</DD> 7998 7999<DT><b><a name="proxy_interfaces">proxy_interfaces</a> 8000(default: empty)</b></DT><DD> 8001 8002<p> 8003The network interface addresses that this mail system receives mail 8004on by way of a proxy or network address translation unit. 8005</p> 8006 8007<p> 8008This feature is available in Postfix 2.0 and later. 8009</p> 8010 8011<p> You must specify your "outside" proxy/NAT addresses when your 8012system is a backup MX host for other domains, otherwise mail delivery 8013loops will happen when the primary MX host is down. </p> 8014 8015<p> 8016Example: 8017</p> 8018 8019<pre> 8020<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4 8021</pre> 8022 8023 8024</DD> 8025 8026<DT><b><a name="proxy_read_maps">proxy_read_maps</a> 8027(default: see "postconf -d" output)</b></DT><DD> 8028 8029<p> 8030The lookup tables that the <a href="proxymap.8.html">proxymap(8)</a> server is allowed to 8031access for the read-only service. 8032Table references that don't begin with <a href="proxymap.8.html">proxy</a>: are ignored. 8033</p> 8034 8035<p> 8036This feature is available in Postfix 2.0 and later. 8037</p> 8038 8039 8040</DD> 8041 8042<DT><b><a name="proxy_write_maps">proxy_write_maps</a> 8043(default: see "postconf -d" output)</b></DT><DD> 8044 8045<p> The lookup tables that the <a href="proxymap.8.html">proxymap(8)</a> server is allowed to 8046access for the read-write service. Postfix-owned local database 8047files should be stored under the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>. 8048Table references that don't begin with <a href="proxymap.8.html">proxy</a>: are ignored. </p> 8049 8050<p> 8051This feature is available in Postfix 2.5 and later. 8052</p> 8053 8054 8055</DD> 8056 8057<DT><b><a name="proxymap_service_name">proxymap_service_name</a> 8058(default: proxymap)</b></DT><DD> 8059 8060<p> The name of the proxymap read-only table lookup service. This 8061service is normally implemented by the <a href="proxymap.8.html">proxymap(8)</a> daemon. </p> 8062 8063<p> This feature is available in Postfix 2.6 and later. </p> 8064 8065 8066</DD> 8067 8068<DT><b><a name="proxywrite_service_name">proxywrite_service_name</a> 8069(default: proxywrite)</b></DT><DD> 8070 8071<p> The name of the proxywrite read-write table lookup service. 8072This service is normally implemented by the <a href="proxymap.8.html">proxymap(8)</a> daemon. 8073</p> 8074 8075<p> This feature is available in Postfix 2.6 and later. </p> 8076 8077 8078</DD> 8079 8080<DT><b><a name="qmgr_clog_warn_time">qmgr_clog_warn_time</a> 8081(default: 300s)</b></DT><DD> 8082 8083<p> 8084The minimal delay between warnings that a specific destination is 8085clogging up the Postfix <a href="QSHAPE_README.html#active_queue">active queue</a>. Specify 0 to disable. 8086</p> 8087 8088<p> 8089This feature is enabled with the <a href="postconf.5.html#helpful_warnings">helpful_warnings</a> parameter. 8090</p> 8091 8092<p> 8093This feature is available in Postfix 2.0 and later. 8094</p> 8095 8096 8097</DD> 8098 8099<DT><b><a name="qmgr_daemon_timeout">qmgr_daemon_timeout</a> 8100(default: 1000s)</b></DT><DD> 8101 8102<p> How much time a Postfix queue manager process may take to handle 8103a request before it is terminated by a built-in watchdog timer. 8104</p> 8105 8106<p> 8107Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 8108The default time unit is s (seconds). 8109</p> 8110 8111<p> This feature is available in Postfix 2.8 and later. </p> 8112 8113 8114</DD> 8115 8116<DT><b><a name="qmgr_fudge_factor">qmgr_fudge_factor</a> 8117(default: 100)</b></DT><DD> 8118 8119<p> 8120Obsolete feature: the percentage of delivery resources that a busy 8121mail system will use up for delivery of a large mailing list 8122message. 8123</p> 8124 8125<p> 8126This feature exists only in the <a href="qmgr.8.html">oqmgr(8)</a> old queue manager. The 8127current queue manager solves the problem in a better way. 8128</p> 8129 8130 8131</DD> 8132 8133<DT><b><a name="qmgr_ipc_timeout">qmgr_ipc_timeout</a> 8134(default: 60s)</b></DT><DD> 8135 8136<p> The time limit for the queue manager to send or receive information 8137over an internal communication channel. The purpose is to break 8138out of deadlock situations. If the time limit is exceeded the 8139software either retries or aborts the operation. </p> 8140 8141<p> 8142Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 8143The default time unit is s (seconds). 8144</p> 8145 8146<p> This feature is available in Postfix 2.8 and later. </p> 8147 8148 8149</DD> 8150 8151<DT><b><a name="qmgr_message_active_limit">qmgr_message_active_limit</a> 8152(default: 20000)</b></DT><DD> 8153 8154<p> 8155The maximal number of messages in the <a href="QSHAPE_README.html#active_queue">active queue</a>. 8156</p> 8157 8158 8159</DD> 8160 8161<DT><b><a name="qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> 8162(default: 20000)</b></DT><DD> 8163 8164<p> The maximal number of recipients held in memory by the Postfix 8165queue manager, and the maximal size of the short-term, 8166in-memory "dead" destination status cache. </p> 8167 8168 8169</DD> 8170 8171<DT><b><a name="qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> 8172(default: 10)</b></DT><DD> 8173 8174<p> 8175The minimal number of in-memory recipients for any message. This 8176takes priority over any other in-memory recipient limits (i.e., 8177the global <a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> and the per transport 8178_recipient_limit) if necessary. The minimum value allowed for this 8179parameter is 1. 8180</p> 8181 8182 8183</DD> 8184 8185<DT><b><a name="qmqpd_authorized_clients">qmqpd_authorized_clients</a> 8186(default: empty)</b></DT><DD> 8187 8188<p> 8189What remote QMQP clients are allowed to connect to the Postfix QMQP 8190server port. 8191</p> 8192 8193<p> 8194By default, no client is allowed to use the service. This is 8195because the QMQP server will relay mail to any destination. 8196</p> 8197 8198<p> 8199Specify a list of client patterns. A list pattern specifies a host 8200name, a domain name, an internet address, or a network/mask pattern, 8201where the mask specifies the number of bits in the network part. 8202When a pattern specifies a file name, its contents are substituted 8203for the file name; when a pattern is a "<a href="DATABASE_README.html">type:table</a>" table specification, 8204table lookup is used instead. </p> 8205 8206<p> 8207Patterns are separated by whitespace and/or commas. In order to 8208reverse the result, precede a pattern with an 8209exclamation point (!). The form "!/file/name" is supported only 8210in Postfix version 2.4 and later. 8211</p> 8212 8213<p> 8214Example: 8215</p> 8216 8217<pre> 8218<a href="postconf.5.html#qmqpd_authorized_clients">qmqpd_authorized_clients</a> = !192.168.0.1, 192.168.0.0/24 8219</pre> 8220 8221 8222</DD> 8223 8224<DT><b><a name="qmqpd_client_port_logging">qmqpd_client_port_logging</a> 8225(default: no)</b></DT><DD> 8226 8227<p> Enable logging of the remote QMQP client port in addition to 8228the hostname and IP address. The logging format is "host[address]:port". 8229</p> 8230 8231<p> This feature is available in Postfix 2.5 and later. </p> 8232 8233 8234</DD> 8235 8236<DT><b><a name="qmqpd_error_delay">qmqpd_error_delay</a> 8237(default: 1s)</b></DT><DD> 8238 8239<p> 8240How long the Postfix QMQP server will pause before sending a negative 8241reply to the remote QMQP client. The purpose is to slow down confused 8242or malicious clients. 8243</p> 8244 8245<p> 8246Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 8247The default time unit is s (seconds). 8248</p> 8249 8250 8251</DD> 8252 8253<DT><b><a name="qmqpd_timeout">qmqpd_timeout</a> 8254(default: 300s)</b></DT><DD> 8255 8256<p> 8257The time limit for sending or receiving information over the network. 8258If a read or write operation blocks for more than $<a href="postconf.5.html#qmqpd_timeout">qmqpd_timeout</a> 8259seconds the Postfix QMQP server gives up and disconnects. 8260</p> 8261 8262<p> 8263Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 8264The default time unit is s (seconds). 8265</p> 8266 8267 8268</DD> 8269 8270<DT><b><a name="queue_directory">queue_directory</a> 8271(default: see "postconf -d" output)</b></DT><DD> 8272 8273<p> 8274The location of the Postfix top-level queue directory. This is the 8275root directory of Postfix daemon processes that run chrooted. 8276</p> 8277 8278 8279</DD> 8280 8281<DT><b><a name="queue_file_attribute_count_limit">queue_file_attribute_count_limit</a> 8282(default: 100)</b></DT><DD> 8283 8284<p> 8285The maximal number of (name=value) attributes that may be stored 8286in a Postfix queue file. The limit is enforced by the <a href="cleanup.8.html">cleanup(8)</a> 8287server. 8288</p> 8289 8290<p> 8291This feature is available in Postfix 2.0 and later. 8292</p> 8293 8294 8295</DD> 8296 8297<DT><b><a name="queue_minfree">queue_minfree</a> 8298(default: 0)</b></DT><DD> 8299 8300<p> 8301The minimal amount of free space in bytes in the queue file system 8302that is needed to receive mail. This is currently used by the 8303Postfix SMTP server to decide if it will accept any mail at all. 8304</p> 8305 8306<p> 8307By default, the Postfix SMTP server rejects MAIL FROM commands when 8308the amount of free space is less than 1.5*$<a href="postconf.5.html#message_size_limit">message_size_limit</a> 8309(Postfix version 2.1 and later). 8310To specify a higher minimum free space limit, specify a <a href="postconf.5.html#queue_minfree">queue_minfree</a> 8311value that is at least 1.5*$<a href="postconf.5.html#message_size_limit">message_size_limit</a>. 8312</p> 8313 8314<p> 8315With Postfix versions 2.0 and earlier, a <a href="postconf.5.html#queue_minfree">queue_minfree</a> value of 8316zero means there is no minimum required amount of free space. 8317</p> 8318 8319 8320</DD> 8321 8322<DT><b><a name="queue_run_delay">queue_run_delay</a> 8323(default: 300s)</b></DT><DD> 8324 8325<p> 8326The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager; 8327prior to Postfix 2.4 the default value was 1000s. 8328</p> 8329 8330<p> This parameter should be set less than or equal to 8331$<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a>. See also $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>. </p> 8332 8333<p> 8334Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 8335The default time unit is s (seconds). 8336</p> 8337 8338 8339</DD> 8340 8341<DT><b><a name="queue_service_name">queue_service_name</a> 8342(default: qmgr)</b></DT><DD> 8343 8344<p> 8345The name of the <a href="qmgr.8.html">qmgr(8)</a> service. This service manages the Postfix 8346queue and schedules delivery requests. 8347</p> 8348 8349<p> 8350This feature is available in Postfix 2.0 and later. 8351</p> 8352 8353 8354</DD> 8355 8356<DT><b><a name="rbl_reply_maps">rbl_reply_maps</a> 8357(default: empty)</b></DT><DD> 8358 8359<p> 8360Optional lookup tables with RBL response templates. The tables are 8361indexed by the RBL domain name. By default, Postfix uses the default 8362template as specified with the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> configuration 8363parameter. See there for a discussion of the syntax of RBL reply 8364templates. 8365</p> 8366 8367<p> 8368This feature is available in Postfix 2.0 and later. 8369</p> 8370 8371 8372</DD> 8373 8374<DT><b><a name="readme_directory">readme_directory</a> 8375(default: see "postconf -d" output)</b></DT><DD> 8376 8377<p> 8378The location of Postfix README files that describe how to build, 8379configure or operate a specific Postfix subsystem or feature. 8380</p> 8381 8382 8383</DD> 8384 8385<DT><b><a name="receive_override_options">receive_override_options</a> 8386(default: empty)</b></DT><DD> 8387 8388<p> Enable or disable recipient validation, built-in content 8389filtering, or address mapping. Typically, these are specified in 8390<a href="master.5.html">master.cf</a> as command-line arguments for the <a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a> or 8391<a href="pickup.8.html">pickup(8)</a> daemons. </p> 8392 8393<p> Specify zero or more of the following options. The options 8394override <a href="postconf.5.html">main.cf</a> settings and are either implemented by <a href="smtpd.8.html">smtpd(8)</a>, 8395<a href="qmqpd.8.html">qmqpd(8)</a>, or <a href="pickup.8.html">pickup(8)</a> themselves, or they are forwarded to the 8396cleanup server. </p> 8397 8398<dl> 8399 8400<dt><b><a name="no_unknown_recipient_checks">no_unknown_recipient_checks</a></b></dt> 8401 8402<dd>Do not try to reject unknown recipients (SMTP server only). 8403This is typically specified AFTER an external content filter. 8404</dd> 8405 8406<dt><b><a name="no_address_mappings">no_address_mappings</a></b></dt> 8407 8408<dd>Disable canonical address mapping, virtual alias map expansion, 8409address masquerading, and automatic BCC (blind carbon-copy) 8410recipients. This is typically specified BEFORE an external content 8411filter. </dd> 8412 8413<dt><b><a name="no_header_body_checks">no_header_body_checks</a></b></dt> 8414 8415<dd>Disable header/body_checks. This is typically specified AFTER 8416an external content filter. </dd> 8417 8418<dt><b><a name="no_milters">no_milters</a></b></dt> 8419 8420<dd>Disable Milter (mail filter) applications. This is typically 8421specified AFTER an external content filter. </dd> 8422 8423</dl> 8424 8425<p> 8426Note: when the "BEFORE content filter" <a href="postconf.5.html#receive_override_options">receive_override_options</a> 8427setting is specified in the <a href="postconf.5.html">main.cf</a> file, specify the "AFTER content 8428filter" <a href="postconf.5.html#receive_override_options">receive_override_options</a> setting in <a href="master.5.html">master.cf</a> (and vice 8429versa). 8430</p> 8431 8432<p> 8433Examples: 8434</p> 8435 8436<pre> 8437<a href="postconf.5.html#receive_override_options">receive_override_options</a> = 8438 <a href="postconf.5.html#no_unknown_recipient_checks">no_unknown_recipient_checks</a>, <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a> 8439<a href="postconf.5.html#receive_override_options">receive_override_options</a> = <a href="postconf.5.html#no_address_mappings">no_address_mappings</a> 8440</pre> 8441 8442<p> 8443This feature is available in Postfix 2.1 and later. 8444</p> 8445 8446 8447</DD> 8448 8449<DT><b><a name="recipient_bcc_maps">recipient_bcc_maps</a> 8450(default: empty)</b></DT><DD> 8451 8452<p> 8453Optional BCC (blind carbon-copy) address lookup tables, indexed by 8454recipient address. The BCC address (multiple results are not 8455supported) is added when mail enters from outside of Postfix. 8456</p> 8457 8458<p> 8459This feature is available in Postfix 2.1 and later. 8460</p> 8461 8462<p> 8463The table search order is as follows: 8464</p> 8465 8466<ul> 8467 8468<li> Look up the "user+extension@domain.tld" address including the 8469optional address extension. 8470 8471<li> Look up the "user@domain.tld" address without the optional 8472address extension. 8473 8474<li> Look up the "user+extension" address local part when the 8475recipient domain equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 8476or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 8477 8478<li> Look up the "user" address local part when the recipient domain 8479equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 8480 8481<li> Look up the "@domain.tld" part. 8482 8483</ul> 8484 8485<p> 8486Specify the types and names of databases to use. After change, 8487run "<b>postmap /etc/postfix/recipient_bcc</b>". 8488</p> 8489 8490<p> 8491Note: with Postfix 2.3 and later the BCC address is added as if it 8492was specified with NOTIFY=NONE. The sender will not be notified 8493when the BCC address is undeliverable, as long as all down-stream 8494software implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>. 8495</p> 8496 8497<p> 8498Note: with Postfix 2.2 and earlier the sender will be notified 8499when the BCC address is undeliverable. 8500</p> 8501 8502<p> Note: automatic BCC recipients are produced only for new mail. 8503To avoid mailer loops, automatic BCC recipients are not generated 8504after Postfix forwards mail internally, or after Postfix generates 8505mail itself. </p> 8506 8507<p> 8508Example: 8509</p> 8510 8511<pre> 8512<a href="postconf.5.html#recipient_bcc_maps">recipient_bcc_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/recipient_bcc 8513</pre> 8514 8515 8516</DD> 8517 8518<DT><b><a name="recipient_canonical_classes">recipient_canonical_classes</a> 8519(default: envelope_recipient, header_recipient)</b></DT><DD> 8520 8521<p> What addresses are subject to <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> address 8522mapping. By default, <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> address mapping is 8523applied to envelope recipient addresses, and to header recipient 8524addresses. </p> 8525 8526<p> Specify one or more of: envelope_recipient, header_recipient 8527</p> 8528 8529<p> This feature is available in Postfix 2.2 and later. </p> 8530 8531 8532</DD> 8533 8534<DT><b><a name="recipient_canonical_maps">recipient_canonical_maps</a> 8535(default: empty)</b></DT><DD> 8536 8537<p> 8538Optional address mapping lookup tables for envelope and header 8539recipient addresses. 8540The table format and lookups are documented in <a href="canonical.5.html">canonical(5)</a>. 8541</p> 8542 8543<p> 8544Note: $<a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> is processed before $<a href="postconf.5.html#canonical_maps">canonical_maps</a>. 8545</p> 8546 8547<p> 8548Example: 8549</p> 8550 8551<pre> 8552<a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/recipient_canonical 8553</pre> 8554 8555 8556</DD> 8557 8558<DT><b><a name="recipient_delimiter">recipient_delimiter</a> 8559(default: empty)</b></DT><DD> 8560 8561<p> The set of characters that can separate a user name from its 8562extension (example: user+foo), or a .forward file name from its 8563extension (example: .forward+foo). Basically, the software tries 8564user+foo and .forward+foo before trying user and .forward. This 8565implementation recognizes one delimiter character and one extension 8566per email address or .forward file name. </p> 8567 8568<p> When the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> set contains multiple characters 8569(Postfix 2.11 and later), a user name or .forward file name is 8570separated from its extension by the first character that matches 8571the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> set. </p> 8572 8573<p> See <a href="canonical.5.html">canonical(5)</a>, <a href="local.8.html">local(8)</a>, <a href="relocated.5.html">relocated(5)</a> and <a href="virtual.5.html">virtual(5)</a> for the 8574effects of <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> on lookups in aliases, canonical, 8575virtual, and relocated maps, and see the <a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> 8576parameter for propagating an extension from one email address to 8577another. </p> 8578 8579<p> When used in <a href="postconf.5.html#command_execution_directory">command_execution_directory</a>, <a href="postconf.5.html#forward_path">forward_path</a>, or 8580<a href="postconf.5.html#luser_relay">luser_relay</a>, ${<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>} is replaced with the actual 8581recipient delimiter that was found in the recipient email address 8582(Postfix 2.11 and later), or it is replaced with the <a href="postconf.5.html">main.cf</a> 8583<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> parameter value (Postfix 2.10 and earlier). 8584</p> 8585 8586<p> The <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is not applied to the mailer-daemon 8587address, the postmaster address, or the double-bounce address. With 8588the default "<a href="postconf.5.html#owner_request_special">owner_request_special</a> = yes" setting, the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> 8589is also not applied to addresses with the special "owner-" prefix 8590or the special "-request" suffix. </p> 8591 8592<p> 8593Examples: 8594</p> 8595 8596<pre> 8597# Handle Postfix-style extensions. 8598<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = + 8599</pre> 8600 8601<pre> 8602# Handle both Postfix and qmail extensions (Postfix 2.11 and later). 8603<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +- 8604</pre> 8605 8606<pre> 8607# Use .forward for mail without address extension, and for mail with 8608# an unrecognized address extension. 8609<a href="postconf.5.html#forward_path">forward_path</a> = $home/.forward${<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>}${extension}, 8610 $home/.forward 8611</pre> 8612 8613 8614</DD> 8615 8616<DT><b><a name="reject_code">reject_code</a> 8617(default: 554)</b></DT><DD> 8618 8619<p> 8620The numerical Postfix SMTP server response code when a remote SMTP 8621client request is rejected by the "reject" restriction. 8622</p> 8623 8624<p> 8625Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 8626</p> 8627 8628 8629</DD> 8630 8631<DT><b><a name="reject_tempfail_action">reject_tempfail_action</a> 8632(default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>)</b></DT><DD> 8633 8634<p> The Postfix SMTP server's action when a reject-type restriction 8635fails due to a temporary error condition. Specify "defer" to defer 8636the remote SMTP client request immediately. With the default 8637"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look 8638for opportunities to reject mail, and defers the client request 8639only if it would otherwise be accepted. </p> 8640 8641<p> For finer control, see: <a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a>, 8642<a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a>, <a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a>, 8643and <a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a>. </p> 8644 8645<p> This feature is available in Postfix 2.6 and later. </p> 8646 8647 8648</DD> 8649 8650<DT><b><a name="relay_clientcerts">relay_clientcerts</a> 8651(default: empty)</b></DT><DD> 8652 8653<p> List of tables with remote SMTP client-certificate fingerprints or 8654public key fingerprints (Postfix 2.9 and later) for which the Postfix 8655SMTP server will allow access with the <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> 8656feature. The fingerprint digest algorithm is configurable via the 8657<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to 8658Postfix version 2.5). </p> 8659 8660<p> Postfix lookup tables are in the form of (key, value) pairs. 8661Since we only need the key, the value can be chosen freely, e.g. 8662the name of the user or host: 8663D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home </p> 8664 8665<p> Example: </p> 8666 8667<pre> 8668<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relay_clientcerts 8669</pre> 8670 8671<p>For more fine-grained control, use <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> to select 8672an appropriate <a href="access.5.html">access(5)</a> policy for each client. 8673See <a href="RESTRICTION_CLASS_README.html">RESTRICTION_CLASS_README</a>.</p> 8674 8675<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key 8676fingerprint incorrectly. To use public-key fingerprints, upgrade 8677to Postfix 2.9.6 or later. </p> 8678 8679<p>This feature is available with Postfix version 2.2.</p> 8680 8681 8682</DD> 8683 8684<DT><b><a name="relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> 8685(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 8686 8687<p> The maximal number of parallel deliveries to the same destination 8688via the relay message delivery transport. This limit is enforced 8689by the queue manager. The message delivery transport name is the 8690first field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 8691 8692<p> This feature is available in Postfix 2.0 and later. </p> 8693 8694 8695</DD> 8696 8697<DT><b><a name="relay_destination_recipient_limit">relay_destination_recipient_limit</a> 8698(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 8699 8700<p> The maximal number of recipients per message for the relay 8701message delivery transport. This limit is enforced by the queue 8702manager. The message delivery transport name is the first field in 8703the entry in the <a href="master.5.html">master.cf</a> file. </p> 8704 8705<p> Setting this parameter to a value of 1 changes the meaning of 8706<a href="postconf.5.html#relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> from concurrency per domain 8707into concurrency per recipient. </p> 8708 8709<p> This feature is available in Postfix 2.0 and later. </p> 8710 8711 8712</DD> 8713 8714<DT><b><a name="relay_domains">relay_domains</a> 8715(default: $<a href="postconf.5.html#mydestination">mydestination</a>)</b></DT><DD> 8716 8717<p> What destination domains (and subdomains thereof) this system 8718will relay mail to. Subdomain matching is controlled with the 8719<a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> parameter. For details about how 8720the <a href="postconf.5.html#relay_domains">relay_domains</a> value is used, see the description of the 8721<a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> and <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> SMTP recipient 8722restrictions. </p> 8723 8724<p> Domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a> are delivered with the 8725$<a href="postconf.5.html#relay_transport">relay_transport</a> mail delivery transport. The SMTP server validates 8726recipient addresses with $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> and rejects non-existent 8727recipients. See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the 8728<a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p> 8729 8730<p> Note: Postfix will not automatically forward mail for domains 8731that list this system as their primary or backup MX host. See the 8732<a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> restriction in the <a href="postconf.5.html">postconf(5)</a> manual page. </p> 8733 8734<p> Specify a list of host or domain names, "/file/name" patterns 8735or "<a href="DATABASE_README.html">type:table</a>" lookup tables, separated by commas and/or whitespace. 8736Continue long lines by starting the next line with whitespace. A 8737"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" 8738lookup table is matched when a (parent) domain appears as lookup 8739key. Specify "!pattern" to exclude a domain from the list. The form 8740"!/file/name" is supported only in Postfix version 2.4 and later. 8741</p> 8742 8743 8744</DD> 8745 8746<DT><b><a name="relay_domains_reject_code">relay_domains_reject_code</a> 8747(default: 554)</b></DT><DD> 8748 8749<p> 8750The numerical Postfix SMTP server response code when a client 8751request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient 8752restriction. 8753</p> 8754 8755<p> 8756Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 8757</p> 8758 8759 8760</DD> 8761 8762<DT><b><a name="relay_recipient_maps">relay_recipient_maps</a> 8763(default: empty)</b></DT><DD> 8764 8765<p> Optional lookup tables with all valid addresses in the domains 8766that match $<a href="postconf.5.html#relay_domains">relay_domains</a>. Specify @domain as a wild-card for 8767domains that have no valid recipient list, and become a source of 8768backscatter mail: Postfix accepts spam for non-existent recipients 8769and then floods innocent people with undeliverable mail. Technically, 8770tables 8771listed with $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> are used as lists: Postfix needs 8772to know only if a lookup string is found or not, but it does not 8773use the result from table lookup. </p> 8774 8775<p> 8776If this parameter is non-empty, then the Postfix SMTP server will reject 8777mail to unknown relay users. This feature is off by default. 8778</p> 8779 8780<p> 8781See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> 8782file. 8783</p> 8784 8785<p> 8786Example: 8787</p> 8788 8789<pre> 8790<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relay_recipients 8791</pre> 8792 8793<p> 8794This feature is available in Postfix 2.0 and later. 8795</p> 8796 8797 8798</DD> 8799 8800<DT><b><a name="relay_transport">relay_transport</a> 8801(default: relay)</b></DT><DD> 8802 8803<p> 8804The default mail delivery transport and next-hop destination for 8805remote delivery to domains listed with $<a href="postconf.5.html#relay_domains">relay_domains</a>. In order of 8806decreasing precedence, the nexthop destination is taken from 8807$<a href="postconf.5.html#relay_transport">relay_transport</a>, $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>, or 8808from the recipient domain. This information can be overruled with 8809the <a href="transport.5.html">transport(5)</a> table. 8810</p> 8811 8812<p> 8813Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 8814is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>. 8815The <i>:nexthop</i> destination is optional; its syntax is documented 8816in the manual page of the corresponding delivery agent. 8817</p> 8818 8819<p> 8820See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> 8821file. 8822</p> 8823 8824<p> 8825This feature is available in Postfix 2.0 and later. 8826</p> 8827 8828 8829</DD> 8830 8831<DT><b><a name="relayhost">relayhost</a> 8832(default: empty)</b></DT><DD> 8833 8834<p> 8835The next-hop destination of non-local mail; overrides non-local 8836domains in recipient addresses. This information is overruled with 8837<a href="postconf.5.html#relay_transport">relay_transport</a>, <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, 8838<a href="postconf.5.html#default_transport">default_transport</a>, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> 8839and with the <a href="transport.5.html">transport(5)</a> table. 8840</p> 8841 8842<p> 8843On an intranet, specify the organizational domain name. If your 8844internal DNS uses no MX records, specify the name of the intranet 8845gateway host instead. 8846</p> 8847 8848<p> 8849In the case of SMTP, specify a domain name, hostname, hostname:port, 8850[hostname]:port, [hostaddress] or [hostaddress]:port. The form 8851[hostname] turns off MX lookups. 8852</p> 8853 8854<p> 8855If you're connected via UUCP, see the <a href="UUCP_README.html">UUCP_README</a> file for useful 8856information. 8857</p> 8858 8859<p> 8860Examples: 8861</p> 8862 8863<pre> 8864<a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a> 8865<a href="postconf.5.html#relayhost">relayhost</a> = [gateway.example.com] 8866<a href="postconf.5.html#relayhost">relayhost</a> = uucphost 8867<a href="postconf.5.html#relayhost">relayhost</a> = [an.ip.add.ress] 8868</pre> 8869 8870 8871</DD> 8872 8873<DT><b><a name="relocated_maps">relocated_maps</a> 8874(default: empty)</b></DT><DD> 8875 8876<p> 8877Optional lookup tables with new contact information for users or 8878domains that no longer exist. The table format and lookups are 8879documented in <a href="relocated.5.html">relocated(5)</a>. 8880</p> 8881 8882<p> 8883If you use this feature, run "<b>postmap /etc/postfix/relocated</b>" to 8884build the necessary DBM or DB file after change, then "<b>postfix 8885reload</b>" to make the changes visible. 8886</p> 8887 8888<p> 8889Examples: 8890</p> 8891 8892<pre> 8893<a href="postconf.5.html#relocated_maps">relocated_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/relocated 8894<a href="postconf.5.html#relocated_maps">relocated_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relocated 8895</pre> 8896 8897 8898</DD> 8899 8900<DT><b><a name="remote_header_rewrite_domain">remote_header_rewrite_domain</a> 8901(default: empty)</b></DT><DD> 8902 8903<p> Don't rewrite message headers from remote clients at all when 8904this parameter is empty; otherwise, rewrite message headers and 8905append the specified domain name to incomplete addresses. The 8906<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls what clients Postfix 8907considers local. </p> 8908 8909<p> Examples: </p> 8910 8911<p> The safe setting: append "domain.invalid" to incomplete header 8912addresses from remote SMTP clients, so that those addresses cannot 8913be confused with local addresses. </p> 8914 8915<blockquote> 8916<pre> 8917<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> = domain.invalid 8918</pre> 8919</blockquote> 8920 8921<p> The default, purist, setting: don't rewrite headers from remote 8922clients at all. </p> 8923 8924<blockquote> 8925<pre> 8926<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> = 8927</pre> 8928</blockquote> 8929 8930 8931</DD> 8932 8933<DT><b><a name="require_home_directory">require_home_directory</a> 8934(default: no)</b></DT><DD> 8935 8936<p> 8937Require that a <a href="local.8.html">local(8)</a> recipient's home directory exists 8938before mail delivery is attempted. By default this test is disabled. 8939It can be useful for environments that import home directories to 8940the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED). 8941</p> 8942 8943 8944</DD> 8945 8946<DT><b><a name="reset_owner_alias">reset_owner_alias</a> 8947(default: no)</b></DT><DD> 8948 8949<p> Reset the <a href="local.8.html">local(8)</a> delivery agent's idea of the owner-alias 8950attribute, when delivering mail to a child alias that does not have 8951its own owner alias. </p> 8952 8953<p> This feature is available in Postfix 2.8 and later. With older 8954Postfix releases, the behavior is as if this parameter is set to 8955"yes". </p> 8956 8957<p> As documented in <a href="aliases.5.html">aliases(5)</a>, when an alias <i>name</i> has a 8958companion alias named owner-<i>name</i>, delivery errors will be 8959reported to the owner alias instead of the sender. This configuration 8960is recommended for mailing lists. <p> 8961 8962<p> A less known property of the owner alias is that it also forces 8963the <a href="local.8.html">local(8)</a> delivery agent to write local and remote addresses 8964from alias expansion to a new queue file, instead of attempting to 8965deliver mail to local addresses as soon as they come out of alias 8966expansion. </p> 8967 8968<p> Writing local addresses from alias expansion to a new queue 8969file allows for robust handling of temporary delivery errors: errors 8970with one local member have no effect on deliveries to other members 8971of the list. On the other hand, delivery to local addresses as 8972soon as they come out of alias expansion is fragile: a temporary 8973error with one local address from alias expansion will cause the 8974entire alias to be expanded repeatedly until the error goes away, 8975or until the message expires in the queue. In that case, a problem 8976with one list member results in multiple message deliveries to other 8977list members. </p> 8978 8979<p> The default behavior of Postfix 2.8 and later is to keep the 8980owner-alias attribute of the parent alias, when delivering mail to 8981a child alias that does not have its own owner alias. Then, local 8982addresses from that child alias will be written to a new queue file, 8983and a temporary error with one local address will not affect delivery 8984to other mailing list members. </p> 8985 8986<p> Unfortunately, older Postfix releases reset the owner-alias 8987attribute when delivering mail to a child alias that does not have 8988its own owner alias. The <a href="local.8.html">local(8)</a> delivery agent then attempts to 8989deliver local addresses as soon as they come out of child alias 8990expansion. If delivery to any address from child alias expansion 8991fails with a temporary error condition, the entire mailing list may 8992be expanded repeatedly until the mail expires in the queue, resulting 8993in multiple deliveries of the same message to mailing list members. 8994</p> 8995 8996 8997</DD> 8998 8999<DT><b><a name="resolve_dequoted_address">resolve_dequoted_address</a> 9000(default: yes)</b></DT><DD> 9001 9002<p> Resolve a recipient address safely instead of correctly, by 9003looking inside quotes. </p> 9004 9005<p> By default, the Postfix address resolver does not quote the 9006address localpart as per <a href="http://tools.ietf.org/html/rfc822">RFC 822</a>, so that additional @ or % or ! 9007operators remain visible. This behavior is safe but it is also 9008technically incorrect. </p> 9009 9010<p> If you specify "<a href="postconf.5.html#resolve_dequoted_address">resolve_dequoted_address</a> = no", then 9011the Postfix 9012resolver will not know about additional @ etc. operators in the 9013address localpart. This opens opportunities for obscure mail relay 9014attacks with user@domain@domain addresses when Postfix provides 9015backup MX service for Sendmail systems. </p> 9016 9017 9018</DD> 9019 9020<DT><b><a name="resolve_null_domain">resolve_null_domain</a> 9021(default: no)</b></DT><DD> 9022 9023<p> Resolve an address that ends in the "@" null domain as if the 9024local hostname were specified, instead of rejecting the address as 9025invalid. </p> 9026 9027<p> This feature is available in Postfix 2.1 and later. 9028Earlier versions always resolve the null domain as the local 9029hostname. </p> 9030 9031<p> The Postfix SMTP server uses this feature to reject mail from 9032or to addresses that end in the "@" null domain, and from addresses 9033that rewrite into a form that ends in the "@" null domain. </p> 9034 9035 9036</DD> 9037 9038<DT><b><a name="resolve_numeric_domain">resolve_numeric_domain</a> 9039(default: no)</b></DT><DD> 9040 9041<p> Resolve "user@ipaddress" as "user@[ipaddress]", instead of 9042rejecting the address as invalid. </p> 9043 9044<p> This feature is available in Postfix 2.3 and later. 9045 9046 9047</DD> 9048 9049<DT><b><a name="rewrite_service_name">rewrite_service_name</a> 9050(default: rewrite)</b></DT><DD> 9051 9052<p> 9053The name of the address rewriting service. This service rewrites 9054addresses to standard form and resolves them to a (delivery method, 9055next-hop host, recipient) triple. 9056</p> 9057 9058<p> 9059This feature is available in Postfix 2.0 and later. 9060</p> 9061 9062 9063</DD> 9064 9065<DT><b><a name="sample_directory">sample_directory</a> 9066(default: /etc/postfix)</b></DT><DD> 9067 9068<p> 9069The name of the directory with example Postfix configuration files. 9070Starting with Postfix 2.1, these files have been replaced with the 9071<a href="postconf.5.html">postconf(5)</a> manual page. 9072</p> 9073 9074 9075</DD> 9076 9077<DT><b><a name="send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> 9078(default: no)</b></DT><DD> 9079 9080<p> When authenticating to a remote SMTP or LMTP server with the 9081default setting "no", send no SASL authoriZation ID (authzid); send 9082only the SASL authentiCation ID (authcid) plus the authcid's password. 9083</p> 9084 9085<p> The non-default setting "yes" enables the behavior of older 9086Postfix versions. These always send a SASL authzid that is equal 9087to the SASL authcid, but this causes inter-operability problems 9088with some SMTP servers. </p> 9089 9090<p> This feature is available in Postfix 2.4.4 and later. </p> 9091 9092 9093</DD> 9094 9095<DT><b><a name="sender_based_routing">sender_based_routing</a> 9096(default: no)</b></DT><DD> 9097 9098<p> 9099This parameter should not be used. It was replaced by <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> 9100in Postfix version 2.3. 9101</p> 9102 9103 9104</DD> 9105 9106<DT><b><a name="sender_bcc_maps">sender_bcc_maps</a> 9107(default: empty)</b></DT><DD> 9108 9109<p> Optional BCC (blind carbon-copy) address lookup tables, indexed 9110by sender address. The BCC address (multiple results are not 9111supported) is added when mail enters from outside of Postfix. </p> 9112 9113<p> 9114This feature is available in Postfix 2.1 and later. 9115</p> 9116 9117<p> 9118The table search order is as follows: 9119</p> 9120 9121<ul> 9122 9123<li> Look up the "user+extension@domain.tld" address including the 9124optional address extension. 9125 9126<li> Look up the "user@domain.tld" address without the optional 9127address extension. 9128 9129<li> Look up the "user+extension" address local part when the 9130sender domain equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 9131or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 9132 9133<li> Look up the "user" address local part when the sender domain 9134equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 9135 9136<li> Look up the "@domain.tld" part. 9137 9138</ul> 9139 9140<p> 9141Specify the types and names of databases to use. After change, 9142run "<b>postmap /etc/postfix/sender_bcc</b>". 9143</p> 9144 9145<p> 9146Note: with Postfix 2.3 and later the BCC address is added as if it 9147was specified with NOTIFY=NONE. The sender will not be notified 9148when the BCC address is undeliverable, as long as all down-stream 9149software implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>. 9150</p> 9151 9152<p> 9153Note: with Postfix 2.2 and earlier the sender will be notified 9154when the BCC address is undeliverable. 9155</p> 9156 9157<p> Note: automatic BCC recipients are produced only for new mail. 9158To avoid mailer loops, automatic BCC recipients are not generated 9159after Postfix forwards mail internally, or after Postfix generates 9160mail itself. </p> 9161 9162<p> 9163Example: 9164</p> 9165 9166<pre> 9167<a href="postconf.5.html#sender_bcc_maps">sender_bcc_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_bcc 9168</pre> 9169 9170 9171</DD> 9172 9173<DT><b><a name="sender_canonical_classes">sender_canonical_classes</a> 9174(default: envelope_sender, header_sender)</b></DT><DD> 9175 9176<p> What addresses are subject to <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address 9177mapping. By default, <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address mapping is 9178applied to envelope sender addresses, and to header sender addresses. 9179</p> 9180 9181<p> Specify one or more of: envelope_sender, header_sender </p> 9182 9183<p> This feature is available in Postfix 2.2 and later. </p> 9184 9185 9186</DD> 9187 9188<DT><b><a name="sender_canonical_maps">sender_canonical_maps</a> 9189(default: empty)</b></DT><DD> 9190 9191<p> 9192Optional address mapping lookup tables for envelope and header 9193sender addresses. 9194The table format and lookups are documented in <a href="canonical.5.html">canonical(5)</a>. 9195</p> 9196 9197<p> 9198Example: you want to rewrite the SENDER address "user@ugly.domain" 9199to "user@pretty.domain", while still being able to send mail to 9200the RECIPIENT address "user@ugly.domain". 9201</p> 9202 9203<p> 9204Note: $<a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> is processed before $<a href="postconf.5.html#canonical_maps">canonical_maps</a>. 9205</p> 9206 9207<p> 9208Example: 9209</p> 9210 9211<pre> 9212<a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_canonical 9213</pre> 9214 9215 9216</DD> 9217 9218<DT><b><a name="sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> 9219(default: empty)</b></DT><DD> 9220 9221<p> A sender-dependent override for the global <a href="postconf.5.html#default_transport">default_transport</a> 9222parameter setting. The tables are searched by the envelope sender 9223address and @domain. A lookup result of DUNNO terminates the search 9224without overriding the global <a href="postconf.5.html#default_transport">default_transport</a> parameter setting. 9225This information is overruled with the <a href="transport.5.html">transport(5)</a> table. </p> 9226 9227<p> Note: this overrides <a href="postconf.5.html#default_transport">default_transport</a>, not <a href="postconf.5.html#transport_maps">transport_maps</a>, and 9228therefore the expected syntax is that of <a href="postconf.5.html#default_transport">default_transport</a>, not the 9229syntax of <a href="postconf.5.html#transport_maps">transport_maps</a>. Specifically, this does not support the 9230<a href="postconf.5.html#transport_maps">transport_maps</a> syntax for null transport, null nexthop, or null 9231email addresses. </p> 9232 9233<p> For safety reasons, this feature does not allow $number 9234substitutions in regular expression maps. </p> 9235 9236<p> This feature is available in Postfix 2.7 and later. </p> 9237 9238 9239</DD> 9240 9241<DT><b><a name="sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> 9242(default: empty)</b></DT><DD> 9243 9244<p> A sender-dependent override for the global <a href="postconf.5.html#relayhost">relayhost</a> parameter 9245setting. The tables are searched by the envelope sender address and 9246@domain. A lookup result of DUNNO terminates the search without 9247overriding the global <a href="postconf.5.html#relayhost">relayhost</a> parameter setting (Postfix 2.6 and 9248later). This information is overruled with <a href="postconf.5.html#relay_transport">relay_transport</a>, 9249<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, <a href="postconf.5.html#default_transport">default_transport</a> and with 9250the <a href="transport.5.html">transport(5)</a> table. </p> 9251 9252<p> For safety reasons, this feature does not allow $number 9253substitutions in regular expression maps. </p> 9254 9255<p> 9256This feature is available in Postfix 2.3 and later. 9257</p> 9258 9259 9260</DD> 9261 9262<DT><b><a name="sendmail_fix_line_endings">sendmail_fix_line_endings</a> 9263(default: always)</b></DT><DD> 9264 9265<p> Controls how the Postfix sendmail command converts email message 9266line endings from <CR><LF> into UNIX format (<LF>). 9267</p> 9268 9269<dl> 9270 9271<dt> <b>always</b> </dt> <dd> Always convert message lines ending 9272in <CR><LF>. This setting is the default with Postfix 92732.9 and later. </dd> 9274 9275<dt> <b>strict</b> </dt> <dd> Convert message lines ending in 9276<CR><LF> only if the first input line ends in 9277<CR><LF>. This setting is backwards-compatible with 9278Postfix 2.8 and earlier. </dd> 9279 9280<dt> <b>never</b> </dt> <dd> Never convert message lines ending in 9281<CR><LF>. This setting exists for completeness only. 9282</dd> 9283 9284</dl> 9285 9286<p> This feature is available in Postfix 2.9 and later. </p> 9287 9288 9289</DD> 9290 9291<DT><b><a name="sendmail_path">sendmail_path</a> 9292(default: see "postconf -d" output)</b></DT><DD> 9293 9294<p> 9295A Sendmail compatibility feature that specifies the location of 9296the Postfix <a href="sendmail.1.html">sendmail(1)</a> command. This command can be used to 9297submit mail into the Postfix queue. 9298</p> 9299 9300 9301</DD> 9302 9303<DT><b><a name="service_throttle_time">service_throttle_time</a> 9304(default: 60s)</b></DT><DD> 9305 9306<p> 9307How long the Postfix <a href="master.8.html">master(8)</a> waits before forking a server that 9308appears to be malfunctioning. 9309</p> 9310 9311<p> 9312Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9313The default time unit is s (seconds). 9314</p> 9315 9316 9317</DD> 9318 9319<DT><b><a name="setgid_group">setgid_group</a> 9320(default: postdrop)</b></DT><DD> 9321 9322<p> 9323The group ownership of set-gid Postfix commands and of group-writable 9324Postfix directories. When this parameter value is changed you need 9325to re-run "<b>postfix set-permissions</b>" (with Postfix version 2.0 and 9326earlier: "<b>/etc/postfix/post-install set-permissions</b>". 9327</p> 9328 9329 9330</DD> 9331 9332<DT><b><a name="show_user_unknown_table_name">show_user_unknown_table_name</a> 9333(default: yes)</b></DT><DD> 9334 9335<p> 9336Display the name of the recipient table in the "User unknown" 9337responses. The extra detail makes trouble shooting easier but also 9338reveals information that is nobody elses business. 9339</p> 9340 9341<p> 9342This feature is available in Postfix 2.0 and later. 9343</p> 9344 9345 9346</DD> 9347 9348<DT><b><a name="showq_service_name">showq_service_name</a> 9349(default: showq)</b></DT><DD> 9350 9351<p> 9352The name of the <a href="showq.8.html">showq(8)</a> service. This service produces mail queue 9353status reports. 9354</p> 9355 9356<p> 9357This feature is available in Postfix 2.0 and later. 9358</p> 9359 9360 9361</DD> 9362 9363<DT><b><a name="smtp_address_preference">smtp_address_preference</a> 9364(default: any)</b></DT><DD> 9365 9366<p> The address type ("ipv6", "ipv4" or "any") that the Postfix 9367SMTP client will try first, when a destination has IPv6 and IPv4 9368addresses with equal MX preference. This feature has no effect 9369unless the <a href="postconf.5.html#inet_protocols">inet_protocols</a> setting enables both IPv4 and IPv6. 9370With Postfix 2.8 the default is "ipv6". </p> 9371 9372<p> Notes for mail delivery between sites that have both IPv4 and 9373IPv6 connectivity: </p> 9374 9375<ul> 9376 9377<li> <p> The setting "<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> = ipv6" is unsafe. 9378It can fail to deliver mail when there is an outage that affects 9379IPv6, while the destination is still reachable over IPv4. </p> 9380 9381<li> <p> The setting "<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> = any" is safe. With 9382this, mail will eventually be delivered even if there is an outage 9383that affects IPv6 or IPv4, as long as it does not affect both. </p> 9384 9385</ul> 9386 9387<p> This feature is available in Postfix 2.8 and later. </p> 9388 9389 9390</DD> 9391 9392<DT><b><a name="smtp_always_send_ehlo">smtp_always_send_ehlo</a> 9393(default: yes)</b></DT><DD> 9394 9395<p> 9396Always send EHLO at the start of an SMTP session. 9397</p> 9398 9399<p> 9400With "<a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> = no", the Postfix SMTP client sends 9401EHLO only when 9402the word "ESMTP" appears in the server greeting banner (example: 9403220 spike.porcupine.org ESMTP Postfix). 9404</p> 9405 9406 9407</DD> 9408 9409<DT><b><a name="smtp_bind_address">smtp_bind_address</a> 9410(default: empty)</b></DT><DD> 9411 9412<p> 9413An optional numerical network address that the Postfix SMTP client 9414should bind to when making an IPv4 connection. 9415</p> 9416 9417<p> 9418This can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP clients, or 9419it can be specified in the <a href="master.5.html">master.cf</a> file for a specific client, 9420for example: 9421</p> 9422 9423<blockquote> 9424<pre> 9425/etc/postfix/<a href="master.5.html">master.cf</a>: 9426 smtp ... smtp -o <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>=11.22.33.44 9427</pre> 9428</blockquote> 9429 9430<p> Note 1: when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies no more than one IPv4 9431address, and that address is a non-loopback address, it is 9432automatically used as the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>. This supports virtual 9433IP hosting, but can be a problem on multi-homed firewalls. See the 9434<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> documentation for more detail. </p> 9435 9436<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 9437but this form is not required here. </p> 9438 9439 9440</DD> 9441 9442<DT><b><a name="smtp_bind_address6">smtp_bind_address6</a> 9443(default: empty)</b></DT><DD> 9444 9445<p> 9446An optional numerical network address that the Postfix SMTP client 9447should bind to when making an IPv6 connection. 9448</p> 9449 9450<p> This feature is available in Postfix 2.2 and later. </p> 9451 9452<p> 9453This can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP clients, or 9454it can be specified in the <a href="master.5.html">master.cf</a> file for a specific client, 9455for example: 9456</p> 9457 9458<blockquote> 9459<pre> 9460/etc/postfix/<a href="master.5.html">master.cf</a>: 9461 smtp ... smtp -o <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>=1:2:3:4:5:6:7:8 9462</pre> 9463</blockquote> 9464 9465<p> Note 1: when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies no more than one IPv6 9466address, and that address is a non-loopback address, it is 9467automatically used as the <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>. This supports virtual 9468IP hosting, but can be a problem on multi-homed firewalls. See the 9469<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> documentation for more detail. </p> 9470 9471<p> Note 2: address information may be enclosed inside <tt>[]</tt>, 9472but this form is not recommended here. </p> 9473 9474 9475</DD> 9476 9477<DT><b><a name="smtp_body_checks">smtp_body_checks</a> 9478(default: empty)</b></DT><DD> 9479 9480<p> Restricted <a href="header_checks.5.html">body_checks(5)</a> tables for the Postfix SMTP client. 9481These tables are searched while mail is being delivered. Actions 9482that change the delivery time or destination are not available. 9483</p> 9484 9485<p> This feature is available in Postfix 2.5 and later. </p> 9486 9487 9488</DD> 9489 9490<DT><b><a name="smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> 9491(default: version dependent)</b></DT><DD> 9492 9493<p> When the remote SMTP servername is a DNS CNAME, replace the 9494servername with the result from CNAME expansion for the purpose of 9495logging, SASL password lookup, TLS 9496policy decisions, or TLS certificate verification. The value "no" 9497hardens Postfix <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> hostname-based policies against 9498false hostname information in DNS CNAME records, and makes SASL 9499password file lookups more predictable. This is the default setting 9500as of Postfix 2.3. </p> 9501 9502<p> When DNS CNAME records are validated with secure DNS lookups 9503(<a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> = dnssec), they are always allowed to 9504override the above servername (Postfix 2.11 and later). </p> 9505 9506<p> This feature is available in Postfix 2.2.9 and later. </p> 9507 9508 9509</DD> 9510 9511<DT><b><a name="smtp_connect_timeout">smtp_connect_timeout</a> 9512(default: 30s)</b></DT><DD> 9513 9514<p> 9515The Postfix SMTP client time limit for completing a TCP connection, or 9516zero (use the operating system built-in time limit). 9517</p> 9518 9519<p> 9520When no connection can be made within the deadline, the Postfix 9521SMTP client 9522tries the next address on the mail exchanger list. Specify 0 to 9523disable the time limit (i.e. use whatever timeout is implemented by 9524the operating system). 9525</p> 9526 9527<p> 9528Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9529The default time unit is s (seconds). 9530</p> 9531 9532 9533</DD> 9534 9535<DT><b><a name="smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> 9536(default: empty)</b></DT><DD> 9537 9538<p> Permanently enable SMTP connection caching for the specified 9539destinations. With SMTP connection caching, a connection is not 9540closed immediately after completion of a mail transaction. Instead, 9541the connection is kept open for up to $<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> 9542seconds. This allows connections to be reused for other deliveries, 9543and can improve mail delivery performance. </p> 9544 9545<p> Specify a comma or white space separated list of destinations 9546or pseudo-destinations: </p> 9547 9548<ul> 9549 9550<li> if mail is sent without a <a href="postconf.5.html#relayhost">relay host</a>: a domain name (the 9551right-hand side of an email address, without the [] around a numeric 9552IP address), 9553 9554<li> if mail is sent via a <a href="postconf.5.html#relayhost">relay host</a>: a <a href="postconf.5.html#relayhost">relay host</a> name (without 9555[] or non-default TCP port), as specified in <a href="postconf.5.html">main.cf</a> or in the 9556transport map, 9557 9558<li> if mail is sent via a UNIX-domain socket: a pathname (without 9559the unix: prefix), 9560 9561<li> a /file/name with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names as 9562defined above, 9563 9564<li> a "<a href="DATABASE_README.html">type:table</a>" with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names on 9565the left-hand side. The right-hand side result from "<a href="DATABASE_README.html">type:table</a>" 9566lookups is ignored. 9567 9568</ul> 9569 9570<p> This feature is available in Postfix 2.2 and later. </p> 9571 9572 9573</DD> 9574 9575<DT><b><a name="smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> 9576(default: yes)</b></DT><DD> 9577 9578<p> Temporarily enable SMTP connection caching while a destination 9579has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. With SMTP connection 9580caching, a connection is not closed immediately after completion 9581of a mail transaction. Instead, the connection is kept open for 9582up to $<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> seconds. This allows 9583connections to be reused for other deliveries, and can improve mail 9584delivery performance. </p> 9585 9586<p> This feature is available in Postfix 2.2 and later. </p> 9587 9588 9589</DD> 9590 9591<DT><b><a name="smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> 9592(default: 2s)</b></DT><DD> 9593 9594<p> When SMTP connection caching is enabled, the amount of time that 9595an unused SMTP client socket is kept open before it is closed. Do 9596not specify larger values without permission from the remote sites. 9597</p> 9598 9599<p> This feature is available in Postfix 2.2 and later. </p> 9600 9601 9602</DD> 9603 9604<DT><b><a name="smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> 9605(default: 0)</b></DT><DD> 9606 9607<p> When SMTP connection caching is enabled, the number of times 9608that an SMTP session may be reused before it is closed, or zero (no 9609limit). With a reuse count limit of N, a connection is used up to 9610N+1 times. </p> 9611 9612<p> NOTE: This feature is unsafe. When a high-volume destination 9613has multiple inbound MTAs, then the slowest inbound MTA will attract 9614the most connections to that destination. This limitation does not 9615exist with the <a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> feature. </p> 9616 9617<p> This feature is available in Postfix 2.11. </p> 9618 9619 9620</DD> 9621 9622<DT><b><a name="smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> 9623(default: 300s)</b></DT><DD> 9624 9625<p> The amount of time during which Postfix will use an SMTP 9626connection repeatedly. The timer starts when the connection is 9627initiated (i.e. it includes the connect, greeting and helo latency, 9628in addition to the latencies of subsequent mail delivery transactions). 9629</p> 9630 9631<p> This feature addresses a performance stability problem with 9632remote SMTP servers. This problem is not specific to Postfix: it 9633can happen when any MTA sends large amounts of SMTP email to a site 9634that has multiple MX hosts. </p> 9635 9636<p> The problem starts when one of a set of MX hosts becomes slower 9637than the rest. Even though SMTP clients connect to fast and slow 9638MX hosts with equal probability, the slow MX host ends up with more 9639simultaneous inbound connections than the faster MX hosts, because 9640the slow MX host needs more time to serve each client request. </p> 9641 9642<p> The slow MX host becomes a connection attractor. If one MX 9643host becomes N times slower than the rest, it dominates mail delivery 9644latency unless there are more than N fast MX hosts to counter the 9645effect. And if the number of MX hosts is smaller than N, the mail 9646delivery latency becomes effectively that of the slowest MX host 9647divided by the total number of MX hosts. </p> 9648 9649<p> The solution uses connection caching in a way that differs from 9650Postfix version 2.2. By limiting the amount of time during which a connection 9651can be used repeatedly (instead of limiting the number of deliveries 9652over that connection), Postfix not only restores fairness in the 9653distribution of simultaneous connections across a set of MX hosts, 9654it also favors deliveries over connections that perform well, which 9655is exactly what we want. </p> 9656 9657<p> The default reuse time limit, 300s, is comparable to the various 9658smtp transaction timeouts which are fair estimates of maximum excess 9659latency for a slow delivery. Note that hosts may accept thousands 9660of messages over a single connection within the default connection 9661reuse time limit. This number is much larger than the default Postfix 9662version 2.2 limit of 10 messages per cached connection. It may prove necessary 9663to lower the limit to avoid interoperability issues with MTAs that 9664exhibit bugs when many messages are delivered via a single connection. 9665A lower reuse time limit risks losing the benefit of connection 9666reuse when the average connection and mail delivery latency exceeds 9667the reuse time limit. </p> 9668 9669<p> This feature is available in Postfix 2.3 and later. </p> 9670 9671 9672</DD> 9673 9674<DT><b><a name="smtp_data_done_timeout">smtp_data_done_timeout</a> 9675(default: 600s)</b></DT><DD> 9676 9677<p> 9678The Postfix SMTP client time limit for sending the SMTP ".", and 9679for receiving the remote SMTP server response. 9680</p> 9681 9682<p> 9683When no response is received within the deadline, a warning is 9684logged that the mail may be delivered multiple times. 9685</p> 9686 9687<p> 9688Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9689The default time unit is s (seconds). 9690</p> 9691 9692 9693</DD> 9694 9695<DT><b><a name="smtp_data_init_timeout">smtp_data_init_timeout</a> 9696(default: 120s)</b></DT><DD> 9697 9698<p> 9699The Postfix SMTP client time limit for sending the SMTP DATA command, 9700and for receiving the remote SMTP server response. 9701</p> 9702 9703<p> 9704Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9705The default time unit is s (seconds). 9706</p> 9707 9708 9709</DD> 9710 9711<DT><b><a name="smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> 9712(default: 180s)</b></DT><DD> 9713 9714<p> 9715The Postfix SMTP client time limit for sending the SMTP message content. 9716When the connection makes no progress for more than $<a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> 9717seconds the Postfix SMTP client terminates the transfer. 9718</p> 9719 9720<p> 9721Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 9722The default time unit is s (seconds). 9723</p> 9724 9725 9726</DD> 9727 9728<DT><b><a name="smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> 9729(default: no)</b></DT><DD> 9730 9731<p> 9732Defer mail delivery when no MX record resolves to an IP address. 9733</p> 9734 9735<p> 9736The default (no) is to return the mail as undeliverable. With older 9737Postfix versions the default was to keep trying to deliver the mail 9738until someone fixed the MX record or until the mail was too old. 9739</p> 9740 9741<p> 9742Note: the Postfix SMTP client always ignores MX records with equal 9743or worse preference 9744than the local MTA itself. 9745</p> 9746 9747<p> 9748This feature is available in Postfix 2.1 and later. 9749</p> 9750 9751 9752</DD> 9753 9754<DT><b><a name="smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> 9755(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 9756 9757<p> The maximal number of parallel deliveries to the same destination 9758via the smtp message delivery transport. This limit is enforced by 9759the queue manager. The message delivery transport name is the first 9760field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 9761 9762 9763</DD> 9764 9765<DT><b><a name="smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> 9766(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 9767 9768<p> The maximal number of recipients per message for the smtp 9769message delivery transport. This limit is enforced by the queue 9770manager. The message delivery transport name is the first field in 9771the entry in the <a href="master.5.html">master.cf</a> file. </p> 9772 9773<p> Setting this parameter to a value of 1 changes the meaning of 9774<a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> from concurrency per domain 9775into concurrency per recipient. </p> 9776 9777 9778</DD> 9779 9780<DT><b><a name="smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> 9781(default: empty)</b></DT><DD> 9782 9783<p> Lookup tables, indexed by the remote SMTP server address, with 9784case insensitive lists of EHLO keywords (pipelining, starttls, auth, 9785etc.) that the Postfix SMTP client will ignore in the EHLO response from a 9786remote SMTP server. See <a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> for details. The 9787table is not indexed by hostname for consistency with 9788<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>. </p> 9789 9790<p> This feature is available in Postfix 2.2 and later. </p> 9791 9792 9793</DD> 9794 9795<DT><b><a name="smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> 9796(default: empty)</b></DT><DD> 9797 9798<p> A case insensitive list of EHLO keywords (pipelining, starttls, 9799auth, etc.) that the Postfix SMTP client will ignore in the EHLO 9800response from a remote SMTP server. </p> 9801 9802<p> This feature is available in Postfix 2.2 and later. </p> 9803 9804<p> Notes: </p> 9805 9806<ul> 9807 9808<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 9809this action from being logged. </p> 9810 9811<li> <p> Use the <a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> feature to 9812discard EHLO keywords selectively. </p> 9813 9814</ul> 9815 9816 9817</DD> 9818 9819<DT><b><a name="smtp_dns_resolver_options">smtp_dns_resolver_options</a> 9820(default: empty)</b></DT><DD> 9821 9822<p> DNS Resolver options for the Postfix SMTP client. Specify zero 9823or more of the following options, separated by comma or whitespace. 9824Option names are case-sensitive. Some options refer to domain names 9825that are specified in the file /etc/resolv.conf or equivalent. </p> 9826 9827<dl> 9828 9829<dt><b>res_defnames</b></dt> 9830 9831<dd> Append the current domain name to single-component names (those 9832that do not contain a "." character). This can produce incorrect 9833results, and is the hard-coded behavior prior to Postfix 2.8. </dd> 9834 9835<dt><b>res_dnsrch</b></dt> 9836 9837<dd> Search for host names in the current domain and in parent 9838domains. This can produce incorrect results and is therefore not 9839recommended. </dd> 9840 9841</dl> 9842 9843<p> This feature is available in Postfix 2.8 and later. </p> 9844 9845 9846</DD> 9847 9848<DT><b><a name="smtp_dns_support_level">smtp_dns_support_level</a> 9849(default: empty)</b></DT><DD> 9850 9851<p> Level of DNS support in the Postfix SMTP client. With 9852"<a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>" left at its empty default value, the legacy 9853"<a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a>" parameter controls whether DNS is enabled in 9854the Postfix SMTP client, otherwise the legacy parameter is ignored. 9855</p> 9856 9857<p> Specify one of the following: </p> 9858 9859<dl> 9860 9861<dt><b>disabled</b></dt> 9862 9863<dd>Disable DNS lookups. No MX lookups are performed and hostname 9864to address lookups are unconditionally "native". This setting is 9865not appropriate for hosts that deliver mail to the public Internet. 9866Some obsolete how-to documents recommend disabling DNS lookups in 9867some configurations with content_filters. This is no longer required 9868and strongly discouraged. </dd> 9869 9870<dt><b>enabled</b></dt> 9871 9872<dd>Enable DNS lookups. Nexthop destination domains not enclosed 9873in "[]" will be subject to MX lookups. If "dns" and "native" are 9874included in the "<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" parameter value, DNS will be 9875queried first to resolve MX-host A records, followed by "native" 9876lookups if no answer is found in DNS. </dd> 9877 9878<dt><b>dnssec</b></dt> 9879 9880<dd>Enable <a href="https://tools.ietf.org/html/rfc4033">DNSSEC</a> 9881lookups. The "dnssec" setting differs from the "enabled" setting 9882above in the following ways: <ul> <li>Any MX lookups will set 9883RES_USE_DNSSEC and RES_USE_EDNS0 to request DNSSEC-validated 9884responses. If the MX response is DNSSEC-validated the corresponding 9885hostnames are considered validated. <li> The address lookups of 9886validated hostnames are also validated, (provided of course 9887"<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" includes "dns", see below). <li>Temporary 9888failures in DNSSEC-enabled hostname-to-address resolution block any 9889"native" lookups. Additional "native" lookups only happen when 9890DNSSEC lookups hard-fail (NODATA or NXDOMAIN). </ul> </dd> 9891 9892</dl> 9893 9894<p> The Postfix SMTP client considers non-MX "[nexthop]" and 9895"[nexthop]:port" destinations equivalent to statically-validated 9896MX records of the form "nexthop. IN MX 0 nexthop." Therefore, 9897with "dnssec" support turned on, validated hostname-to-address 9898lookups apply to the nexthop domain of any "[nexthop]" or 9899"[nexthop]:port" destination. This is also true for LMTP "inet:host" 9900and "inet:host:port" destinations, as LMTP hostnames are never 9901subject to MX lookups. </p> 9902 9903<p>The "dnssec" setting is recommended only if you plan to use the 9904<a href="TLS_README.html#client_tls_dane">dane</a> or <a 9905href="TLS_README.html#client_tls_dane">dane-only</a> TLS security 9906level, otherwise enabling DNSSEC support in Postfix offers no 9907additional security. Postfix DNSSEC support relies on an upstream 9908recursive nameserver that validates DNSSEC signatures. Such a DNS 9909server will always filter out forged DNS responses, even when Postfix 9910itself is not configured to use DNSSEC. </p> 9911 9912<p> When using Postfix DANE support the "<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" parameter 9913should include "dns", as <a 9914href="https://tools.ietf.org/html/rfc6698">DANE</a> is not applicable 9915to hosts resolved via "native" lookups. </p> 9916 9917<p> As mentioned above, Postfix is not a validating <a 9918href="https://tools.ietf.org/html/rfc4035#section-4.9">stub 9919resolver</a>; it relies on the system's configured DNSSEC-validating 9920<a href="https://tools.ietf.org/html/rfc4035#section-3.2">recursive 9921nameserver</a> to perform all DNSSEC validation. Since this 9922nameserver's DNSSEC-validated responses will be fully trusted, it 9923is strongly recommended that the MTA host have a local DNSSEC-validating 9924recursive caching nameserver listening on a loopback address, and 9925be configured to use only this nameserver for all lookups. Otherwise, 9926Postfix may remain subject to man-in-the-middle attacks that forge 9927responses from the recursive nameserver</p> 9928 9929<p>DNSSEC support requires a version of Postfix compiled against a 9930reasonably-modern DNS resolver(3) library that implements the 9931RES_USE_DNSSEC and RES_USE_EDNS0 resolver options. </p> 9932 9933<p> This feature is available in Postfix 2.11 and later. </p> 9934 9935 9936</DD> 9937 9938<DT><b><a name="smtp_enforce_tls">smtp_enforce_tls</a> 9939(default: no)</b></DT><DD> 9940 9941<p> Enforcement mode: require that remote SMTP servers use TLS 9942encryption, and never send mail in the clear. This also requires 9943that the remote SMTP server hostname matches the information in 9944the remote server certificate, and that the remote SMTP server 9945certificate was issued by a CA that is trusted by the Postfix SMTP 9946client. If the certificate doesn't verify or the hostname doesn't 9947match, delivery is deferred and mail stays in the queue. </p> 9948 9949<p> The server hostname is matched against all names provided as 9950dNSNames in the SubjectAlternativeName. If no dNSNames are specified, 9951the CommonName is checked. The behavior may be changed with the 9952<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> option. </p> 9953 9954<p> This option is useful only if you are definitely sure that you 9955will only connect to servers that support <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> _and_ that 9956provide valid server certificates. Typical use is for clients that 9957send all their email to a dedicated mailhub. </p> 9958 9959<p> This feature is available in Postfix 2.2 and later. With 9960Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p> 9961 9962 9963</DD> 9964 9965<DT><b><a name="smtp_fallback_relay">smtp_fallback_relay</a> 9966(default: $<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b></DT><DD> 9967 9968<p> 9969Optional list of relay hosts for SMTP destinations that can't be 9970found or that are unreachable. With Postfix 2.2 and earlier this 9971parameter is called <a href="postconf.5.html#fallback_relay">fallback_relay</a>. </p> 9972 9973<p> 9974By default, mail is returned to the sender when a destination is 9975not found, and delivery is deferred when a destination is unreachable. 9976</p> 9977 9978<p> With bulk email deliveries, it can be beneficial to run the 9979fallback relay MTA on the same host, so that it can reuse the sender 9980IP address. This speeds up deliveries that are delayed by IP-based 9981reputation systems (greylist, etc.). </p> 9982 9983<p> The fallback relays must be SMTP destinations. Specify a domain, 9984host, host:port, [host]:port, [address] or [address]:port; the form 9985[host] turns off MX lookups. If you specify multiple SMTP 9986destinations, Postfix will try them in the specified order. </p> 9987 9988<p> To prevent mailer loops between MX hosts and fall-back hosts, 9989Postfix version 2.2 and later will not use the fallback relays for 9990destinations that it is MX host for (assuming DNS lookup is turned on). 9991</p> 9992 9993 9994</DD> 9995 9996<DT><b><a name="smtp_generic_maps">smtp_generic_maps</a> 9997(default: empty)</b></DT><DD> 9998 9999<p> Optional lookup tables that perform address rewriting in the 10000Postfix SMTP client, typically to transform a locally valid address into 10001a globally valid address when sending mail across the Internet. 10002This is needed when the local machine does not have its own Internet 10003domain name, but uses something like <i>localdomain.local</i> 10004instead. </p> 10005 10006<p> The table format and lookups are documented in <a href="generic.5.html">generic(5)</a>; 10007examples are shown in the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> and 10008<a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> documents. </p> 10009 10010<p> This feature is available in Postfix 2.2 and later. </p> 10011 10012 10013</DD> 10014 10015<DT><b><a name="smtp_header_checks">smtp_header_checks</a> 10016(default: empty)</b></DT><DD> 10017 10018<p> Restricted <a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP client. 10019These tables are searched while mail is being delivered. Actions 10020that change the delivery time or destination are not available. 10021</p> 10022 10023<p> This feature is available in Postfix 2.5 and later. </p> 10024 10025 10026</DD> 10027 10028<DT><b><a name="smtp_helo_name">smtp_helo_name</a> 10029(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 10030 10031<p> 10032The hostname to send in the SMTP EHLO or HELO command. 10033</p> 10034 10035<p> 10036The default value is the machine hostname. Specify a hostname or 10037[ip.add.re.ss]. 10038</p> 10039 10040<p> 10041This information can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP 10042clients, or it can be specified in the <a href="master.5.html">master.cf</a> file for a specific 10043client, for example: 10044</p> 10045 10046<blockquote> 10047<pre> 10048/etc/postfix/<a href="master.5.html">master.cf</a>: 10049 mysmtp ... smtp -o <a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a>=foo.bar.com 10050</pre> 10051</blockquote> 10052 10053<p> 10054This feature is available in Postfix 2.0 and later. 10055</p> 10056 10057 10058</DD> 10059 10060<DT><b><a name="smtp_helo_timeout">smtp_helo_timeout</a> 10061(default: 300s)</b></DT><DD> 10062 10063<p> 10064The Postfix SMTP client time limit for sending the HELO or EHLO command, 10065and for receiving the initial remote SMTP server response. 10066</p> 10067 10068<p> 10069Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 10070The default time unit is s (seconds). 10071</p> 10072 10073 10074</DD> 10075 10076<DT><b><a name="smtp_host_lookup">smtp_host_lookup</a> 10077(default: dns)</b></DT><DD> 10078 10079<p> 10080What mechanisms the Postfix SMTP client uses to look up a host's 10081IP address. This parameter is ignored when DNS lookups are disabled 10082(see: <a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> and <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>). The "dns" 10083mechanism is always tried before "native" if both are listed. 10084</p> 10085 10086<p> 10087Specify one of the following: 10088</p> 10089 10090<dl> 10091 10092<dt><b>dns</b></dt> 10093 10094<dd>Hosts can be found in the DNS (preferred). </dd> 10095 10096<dt><b>native</b></dt> 10097 10098<dd>Use the native naming service only (nsswitch.conf, or equivalent 10099mechanism). </dd> 10100 10101<dt><b>dns, native</b></dt> 10102 10103<dd>Use the native service for hosts not found in the DNS. </dd> 10104 10105</dl> 10106 10107<p> 10108This feature is available in Postfix 2.1 and later. 10109</p> 10110 10111 10112</DD> 10113 10114<DT><b><a name="smtp_line_length_limit">smtp_line_length_limit</a> 10115(default: 998)</b></DT><DD> 10116 10117<p> 10118The maximal length of message header and body lines that Postfix 10119will send via SMTP. This limit does not include the <CR><LF> 10120at the end of each line. Longer lines are broken by inserting 10121"<CR><LF><SPACE>", to minimize the damage to MIME 10122formatted mail. 10123</p> 10124 10125<p> 10126The Postfix limit of 998 characters not including <CR><LF> 10127is consistent with the SMTP limit of 1000 characters including 10128<CR><LF>. The Postfix limit was 990 with Postfix 2.8 10129and earlier. 10130</p> 10131 10132 10133</DD> 10134 10135<DT><b><a name="smtp_mail_timeout">smtp_mail_timeout</a> 10136(default: 300s)</b></DT><DD> 10137 10138<p> 10139The Postfix SMTP client time limit for sending the MAIL FROM command, 10140and for receiving the remote SMTP server response. 10141</p> 10142 10143<p> 10144Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 10145The default time unit is s (seconds). 10146</p> 10147 10148 10149</DD> 10150 10151<DT><b><a name="smtp_mime_header_checks">smtp_mime_header_checks</a> 10152(default: empty)</b></DT><DD> 10153 10154<p> Restricted mime_<a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP 10155client. These tables are searched while mail is being delivered. 10156Actions that change the delivery time or destination are not 10157available. </p> 10158 10159<p> This feature is available in Postfix 2.5 and later. </p> 10160 10161 10162</DD> 10163 10164<DT><b><a name="smtp_mx_address_limit">smtp_mx_address_limit</a> 10165(default: 5)</b></DT><DD> 10166 10167<p> 10168The maximal number of MX (mail exchanger) IP addresses that can 10169result from Postfix SMTP client mail exchanger lookups, or zero (no 10170limit). Prior to 10171Postfix version 2.3, this limit was disabled by default. 10172</p> 10173 10174<p> 10175This feature is available in Postfix 2.1 and later. 10176</p> 10177 10178 10179</DD> 10180 10181<DT><b><a name="smtp_mx_session_limit">smtp_mx_session_limit</a> 10182(default: 2)</b></DT><DD> 10183 10184<p> The maximal number of SMTP sessions per delivery request before 10185the Postfix SMTP client 10186gives up or delivers to a fall-back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no 10187limit). This restriction ignores sessions that fail to complete the 10188SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to 10189complete the EHLO and TLS handshake (Postfix version 2.3 and later). </p> 10190 10191<p> This feature is available in Postfix 2.1 and later. </p> 10192 10193 10194</DD> 10195 10196<DT><b><a name="smtp_nested_header_checks">smtp_nested_header_checks</a> 10197(default: empty)</b></DT><DD> 10198 10199<p> Restricted nested_<a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP 10200client. These tables are searched while mail is being delivered. 10201Actions that change the delivery time or destination are not 10202available. </p> 10203 10204<p> This feature is available in Postfix 2.5 and later. </p> 10205 10206 10207</DD> 10208 10209<DT><b><a name="smtp_never_send_ehlo">smtp_never_send_ehlo</a> 10210(default: no)</b></DT><DD> 10211 10212<p> Never send EHLO at the start of an SMTP session. See also the 10213<a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> parameter. </p> 10214 10215 10216</DD> 10217 10218<DT><b><a name="smtp_per_record_deadline">smtp_per_record_deadline</a> 10219(default: no)</b></DT><DD> 10220 10221<p> Change the behavior of the smtp_*_timeout time limits, from a 10222time limit per read or write system call, to a time limit to send 10223or receive a complete record (an SMTP command line, SMTP response 10224line, SMTP message content line, or TLS protocol message). This 10225limits the impact from hostile peers that trickle data one byte at 10226a time. </p> 10227 10228<p> Note: when per-record deadlines are enabled, a short timeout 10229may cause problems with TLS over very slow network connections. 10230The reasons are that a TLS protocol message can be up to 16 kbytes 10231long (with TLSv1), and that an entire TLS protocol message must be 10232sent or received within the per-record deadline. </p> 10233 10234<p> This feature is available in Postfix 2.9 and later. With older 10235Postfix releases, the behavior is as if this parameter is set to 10236"no". </p> 10237 10238 10239</DD> 10240 10241<DT><b><a name="smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> 10242(default: 10s)</b></DT><DD> 10243 10244<p> 10245How long the Postfix SMTP client pauses before sending 10246".<CR><LF>" in order to work around the PIX firewall 10247"<CR><LF>.<CR><LF>" bug. 10248</p> 10249 10250<p> 10251Choosing a too short time makes this workaround ineffective when 10252sending large messages over slow network connections. 10253</p> 10254 10255 10256</DD> 10257 10258<DT><b><a name="smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> 10259(default: empty)</b></DT><DD> 10260 10261<p> Lookup tables, indexed by the remote SMTP server address, with 10262per-destination workarounds for CISCO PIX firewall bugs. The table 10263is not indexed by hostname for consistency with 10264<a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a>. </p> 10265 10266<p> This feature is available in Postfix 2.4 and later. </p> 10267 10268 10269</DD> 10270 10271<DT><b><a name="smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> 10272(default: 500s)</b></DT><DD> 10273 10274<p> How long a message must be queued before the Postfix SMTP client 10275turns on the PIX firewall "<CR><LF>.<CR><LF>" 10276bug workaround for delivery through firewalls with "smtp fixup" 10277mode turned on. </p> 10278 10279<p> 10280By default, the workaround is turned off for mail that is queued 10281for less than 500 seconds. In other words, the workaround is normally 10282turned off for the first delivery attempt. 10283</p> 10284 10285<p> 10286Specify 0 to enable the PIX firewall 10287"<CR><LF>.<CR><LF>" bug workaround upon the 10288first delivery attempt. 10289</p> 10290 10291 10292</DD> 10293 10294<DT><b><a name="smtp_pix_workarounds">smtp_pix_workarounds</a> 10295(default: disable_esmtp, delay_dotcrlf)</b></DT><DD> 10296 10297<p> A list that specifies zero or more workarounds for CISCO PIX 10298firewall bugs. These workarounds are implemented by the Postfix 10299SMTP client. Workaround names are separated by comma or space, and 10300are case insensitive. This parameter setting can be overruled with 10301per-destination <a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> settings. </p> 10302 10303<dl> 10304 10305<dt><b>delay_dotcrlf</b><dd> Insert a delay before sending 10306".<CR><LF>" after the end of the message content. The 10307delay is subject to the <a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> and 10308<a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> parameter settings. </dd> 10309 10310<dt><b>disable_esmtp</b><dd> Disable all extended SMTP commands: 10311send HELO instead of EHLO. </dd> 10312 10313</dl> 10314 10315<p> This feature is available in Postfix 2.4 and later. The default 10316settings are backwards compatible with earlier Postfix versions. 10317</p> 10318 10319 10320</DD> 10321 10322<DT><b><a name="smtp_quit_timeout">smtp_quit_timeout</a> 10323(default: 300s)</b></DT><DD> 10324 10325<p> 10326The Postfix SMTP client time limit for sending the QUIT command, 10327and for receiving the remote SMTP server response. 10328</p> 10329 10330<p> 10331Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 10332The default time unit is s (seconds). 10333</p> 10334 10335 10336</DD> 10337 10338<DT><b><a name="smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> 10339(default: yes)</b></DT><DD> 10340 10341<p> 10342Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands 10343as required 10344by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. This includes putting quotes around an address localpart 10345that ends in ".". 10346</p> 10347 10348<p> 10349The default is to comply with <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. If you have to send mail to 10350a broken SMTP server, configure a special SMTP client in <a href="master.5.html">master.cf</a>: 10351</p> 10352 10353<blockquote> 10354<pre> 10355/etc/postfix/<a href="master.5.html">master.cf</a>: 10356 broken-smtp . . . smtp -o <a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a>=no 10357</pre> 10358</blockquote> 10359 10360<p> 10361and route mail for the destination in question to the "broken-smtp" 10362message delivery with a <a href="transport.5.html">transport(5)</a> table. 10363</p> 10364 10365<p> 10366This feature is available in Postfix 2.1 and later. 10367</p> 10368 10369 10370</DD> 10371 10372<DT><b><a name="smtp_randomize_addresses">smtp_randomize_addresses</a> 10373(default: yes)</b></DT><DD> 10374 10375<p> 10376Randomize the order of equal-preference MX host addresses. This 10377is a performance feature of the Postfix SMTP client. 10378</p> 10379 10380 10381</DD> 10382 10383<DT><b><a name="smtp_rcpt_timeout">smtp_rcpt_timeout</a> 10384(default: 300s)</b></DT><DD> 10385 10386<p> 10387The Postfix SMTP client time limit for sending the SMTP RCPT TO 10388command, and for receiving the remote SMTP server response. 10389</p> 10390 10391<p> 10392Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 10393The default time unit is s (seconds). 10394</p> 10395 10396 10397</DD> 10398 10399<DT><b><a name="smtp_reply_filter">smtp_reply_filter</a> 10400(default: empty)</b></DT><DD> 10401 10402<p> A mechanism to transform replies from remote SMTP servers one 10403line at a time. This is a last-resort tool to work around server 10404replies that break inter-operability with the Postfix SMTP client. 10405Other uses involve fault injection to test Postfix's handling of 10406invalid responses. </p> 10407 10408<p> Notes: </p> 10409 10410<ul> 10411 10412<li> <p> In the case of a multi-line reply, the Postfix SMTP client 10413uses the final reply line's numerical SMTP reply code and enhanced 10414status code. </p> 10415 10416<li> <p> The numerical SMTP reply code (XYZ) takes precedence over 10417the enhanced status code (X.Y.Z). When the enhanced status code 10418initial digit differs from the SMTP reply code initial digit, or 10419when no enhanced status code is present, the Postfix SMTP client 10420uses a generic enhanced status code (X.0.0) instead. </p> 10421 10422</ul> 10423 10424<p> Specify the name of a "<a href="DATABASE_README.html">type:table</a>" lookup table. The search 10425string is a single SMTP reply line as received from the remote SMTP 10426server, except that the trailing <CR><LF> are removed. 10427When the lookup succeeds, the result replaces the single SMTP reply 10428line. </p> 10429 10430<p> Examples: </p> 10431 10432<pre> 10433/etc/postfix/<a href="postconf.5.html">main.cf</a>: 10434 <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/reply_filter 10435</pre> 10436 10437<pre> 10438/etc/postfix/reply_filter: 10439 # Transform garbage into "250-filler..." so that it looks like 10440 # one line from a multi-line reply. It does not matter what we 10441 # substitute here as long it has the right syntax. The Postfix 10442 # SMTP client will use the final line's numerical SMTP reply 10443 # code and enhanced status code. 10444 !/^([2-5][0-9][0-9]($|[- ]))/ 250-filler for garbage 10445</pre> 10446 10447<p> This feature is available in Postfix 2.7. </p> 10448 10449 10450</DD> 10451 10452<DT><b><a name="smtp_rset_timeout">smtp_rset_timeout</a> 10453(default: 20s)</b></DT><DD> 10454 10455<p> The Postfix SMTP client time limit for sending the RSET command, 10456and for receiving the remote SMTP server response. The SMTP client 10457sends RSET in 10458order to finish a recipient address probe, or to verify that a 10459cached session is still usable. </p> 10460 10461<p> This feature is available in Postfix 2.1 and later. </p> 10462 10463 10464</DD> 10465 10466<DT><b><a name="smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> 10467(default: empty)</b></DT><DD> 10468 10469<p> An optional table to prevent repeated SASL authentication 10470failures with the same remote SMTP server hostname, username and 10471password. Each table (key, value) pair contains a server name, a 10472username and password, and the full server response. This information 10473is stored when a remote SMTP server rejects an authentication attempt 10474with a 535 reply code. As long as the <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> 10475information does no change, and as long as the <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> 10476information does not expire (see <a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a>) the 10477Postfix SMTP client avoids SASL authentication attempts with the 10478same server, username and password, and instead bounces or defers 10479mail as controlled with the <a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> configuration 10480parameter. </p> 10481 10482<p> Use a per-destination delivery concurrency of 1 (for example, 10483"<a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> = 1", 10484"<a href="postconf.5.html#relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> = 1", etc.), otherwise multiple 10485delivery agents may experience a login failure at the same time. 10486</p> 10487 10488<p> The table must be accessed via the proxywrite service, i.e. the 10489map name must start with "<a href="proxymap.8.html">proxy</a>:". The table should be stored under 10490the directory specified with the <a href="postconf.5.html#data_directory">data_directory</a> parameter. </p> 10491 10492<p> This feature uses cryptographic hashing to protect plain-text 10493passwords, and requires that Postfix is compiled with TLS support. 10494</p> 10495 10496<p> Example: </p> 10497 10498<pre> 10499<a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> = <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/var/db/postfix/sasl_auth_cache 10500</pre> 10501 10502<p> This feature is available in Postfix 2.5 and later. </p> 10503 10504 10505</DD> 10506 10507<DT><b><a name="smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> 10508(default: 90d)</b></DT><DD> 10509 10510<p> The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it 10511is removed. </p> 10512 10513<p> This feature is available in Postfix 2.5 and later. </p> 10514 10515 10516</DD> 10517 10518<DT><b><a name="smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> 10519(default: no)</b></DT><DD> 10520 10521<p> 10522Enable SASL authentication in the Postfix SMTP client. By default, 10523the Postfix SMTP client uses no authentication. 10524</p> 10525 10526<p> 10527Example: 10528</p> 10529 10530<pre> 10531<a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> = yes 10532</pre> 10533 10534 10535</DD> 10536 10537<DT><b><a name="smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> 10538(default: yes)</b></DT><DD> 10539 10540<p> When a remote SMTP server rejects a SASL authentication request 10541with a 535 reply code, defer mail delivery instead of returning 10542mail as undeliverable. The latter behavior was hard-coded prior to 10543Postfix version 2.5. </p> 10544 10545<p> Note: the setting "yes" overrides the global <a href="postconf.5.html#soft_bounce">soft_bounce</a> 10546parameter, but the setting "no" does not. </p> 10547 10548<p> Example: </p> 10549 10550<pre> 10551# Default as of Postfix 2.5 10552<a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> = yes 10553# The old hard-coded default 10554<a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> = no 10555</pre> 10556 10557<p> This feature is available in Postfix 2.5 and later. </p> 10558 10559 10560</DD> 10561 10562<DT><b><a name="smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> 10563(default: empty)</b></DT><DD> 10564 10565<p> 10566If non-empty, a Postfix SMTP client filter for the remote SMTP 10567server's list of offered SASL mechanisms. Different client and 10568server implementations may support different mechanism lists; by 10569default, the Postfix SMTP client will use the intersection of the 10570two. <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> specifies an optional third mechanism 10571list to intersect with. </p> 10572 10573<p> Specify mechanism names, "/file/name" patterns or "<a href="DATABASE_README.html">type:table</a>" 10574lookup tables. The right-hand side result from "<a href="DATABASE_README.html">type:table</a>" lookups 10575is ignored. Specify "!pattern" to exclude a mechanism name from the 10576list. The form "!/file/name" is supported only in Postfix version 105772.4 and later. </p> 10578 10579<p> This feature is available in Postfix 2.2 and later. </p> 10580 10581<p> 10582Examples: 10583</p> 10584 10585<pre> 10586<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = plain, login 10587<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = /etc/postfix/smtp_mechs 10588<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = !gssapi, !login, <a href="DATABASE_README.html#types">static</a>:rest 10589</pre> 10590 10591 10592</DD> 10593 10594<DT><b><a name="smtp_sasl_password_maps">smtp_sasl_password_maps</a> 10595(default: empty)</b></DT><DD> 10596 10597<p> 10598Optional Postfix SMTP client lookup tables with one username:password 10599entry 10600per remote hostname or domain, or sender address when sender-dependent 10601authentication is enabled. If no username:password entry is found, 10602then the Postfix SMTP client will not 10603attempt to authenticate to the remote host. 10604</p> 10605 10606<p> 10607The Postfix SMTP client opens the lookup table before going to 10608chroot jail, so you can leave the password file in /etc/postfix. 10609</p> 10610 10611 10612</DD> 10613 10614<DT><b><a name="smtp_sasl_path">smtp_sasl_path</a> 10615(default: empty)</b></DT><DD> 10616 10617<p> Implementation-specific information that the Postfix SMTP client 10618passes through to 10619the SASL plug-in implementation that is selected with 10620<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. Typically this specifies the name of a 10621configuration file or rendezvous point. </p> 10622 10623<p> This feature is available in Postfix 2.3 and later. </p> 10624 10625 10626</DD> 10627 10628<DT><b><a name="smtp_sasl_security_options">smtp_sasl_security_options</a> 10629(default: noplaintext, noanonymous)</b></DT><DD> 10630 10631<p> Postfix SMTP client SASL security options; as of Postfix 2.3 10632the list of available 10633features depends on the SASL client implementation that is selected 10634with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. </p> 10635 10636<p> The following security features are defined for the <b>cyrus</b> 10637client SASL implementation: </p> 10638 10639<p> 10640Specify zero or more of the following: 10641</p> 10642 10643<dl> 10644 10645<dt><b>noplaintext</b></dt> 10646 10647<dd>Disallow methods that use plaintext passwords. </dd> 10648 10649<dt><b>noactive</b></dt> 10650 10651<dd>Disallow methods subject to active (non-dictionary) attack. 10652</dd> 10653 10654<dt><b>nodictionary</b></dt> 10655 10656<dd>Disallow methods subject to passive (dictionary) attack. </dd> 10657 10658<dt><b>noanonymous</b></dt> 10659 10660<dd>Disallow methods that allow anonymous authentication. </dd> 10661 10662<dt><b>mutual_auth</b></dt> 10663 10664<dd>Only allow methods that provide mutual authentication (not 10665available with SASL version 1). </dd> 10666 10667</dl> 10668 10669<p> 10670Example: 10671</p> 10672 10673<pre> 10674<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> = noplaintext 10675</pre> 10676 10677 10678</DD> 10679 10680<DT><b><a name="smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> 10681(default: $<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b></DT><DD> 10682 10683<p> The SASL authentication security options that the Postfix SMTP 10684client uses for TLS encrypted SMTP sessions. </p> 10685 10686<p> This feature is available in Postfix 2.2 and later. </p> 10687 10688 10689</DD> 10690 10691<DT><b><a name="smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> 10692(default: $<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b></DT><DD> 10693 10694<p> The SASL authentication security options that the Postfix SMTP 10695client uses for TLS encrypted SMTP sessions with a verified server 10696certificate. </p> 10697 10698<p> When mail is sent to the public MX host for the recipient's 10699domain, server certificates are by default optional, and delivery 10700proceeds even if certificate verification fails. For delivery via 10701a submission service that requires SASL authentication, it may be 10702appropriate to send plaintext passwords only when the connection 10703to the server is strongly encrypted <b>and</b> the server identity 10704is verified. </p> 10705 10706<p> The <a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> parameter makes it 10707possible to only enable plaintext mechanisms when a secure connection 10708to the server is available. Submission servers subject to this 10709policy must either have verifiable certificates or offer suitable 10710non-plaintext SASL mechanisms. </p> 10711 10712<p> This feature is available in Postfix 2.6 and later. </p> 10713 10714 10715</DD> 10716 10717<DT><b><a name="smtp_sasl_type">smtp_sasl_type</a> 10718(default: cyrus)</b></DT><DD> 10719 10720<p> The SASL plug-in type that the Postfix SMTP client should use 10721for authentication. The available types are listed with the 10722"<b>postconf -A</b>" command. </p> 10723 10724<p> This feature is available in Postfix 2.3 and later. </p> 10725 10726 10727</DD> 10728 10729<DT><b><a name="smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> 10730(default: no)</b></DT><DD> 10731 10732<p> Whether or not to append the "AUTH=<>" option to the MAIL 10733FROM command in SASL-authenticated SMTP sessions. The default is 10734not to send this, to avoid problems with broken remote SMTP servers. 10735Before Postfix 2.9 the behavior is as if "<a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> 10736= yes". 10737 10738<p> This feature is available in Postfix 2.9 and later. </p> 10739 10740 10741</DD> 10742 10743<DT><b><a name="smtp_send_xforward_command">smtp_send_xforward_command</a> 10744(default: no)</b></DT><DD> 10745 10746<p> 10747Send the non-standard XFORWARD command when the Postfix SMTP server 10748EHLO response announces XFORWARD support. 10749</p> 10750 10751<p> 10752This allows a Postfix SMTP delivery agent, used for injecting mail 10753into 10754a content filter, to forward the name, address, protocol and HELO 10755name of the original client to the content filter and downstream 10756queuing SMTP server. This can produce more useful logging than 10757localhost[127.0.0.1] etc. 10758</p> 10759 10760<p> 10761This feature is available in Postfix 2.1 and later. 10762</p> 10763 10764 10765</DD> 10766 10767<DT><b><a name="smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> 10768(default: no)</b></DT><DD> 10769 10770<p> 10771Enable sender-dependent authentication in the Postfix SMTP client; this is 10772available only with SASL authentication, and disables SMTP connection 10773caching to ensure that mail from different senders will use the 10774appropriate credentials. </p> 10775 10776<p> 10777This feature is available in Postfix 2.3 and later. 10778</p> 10779 10780 10781</DD> 10782 10783<DT><b><a name="smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> 10784(default: yes)</b></DT><DD> 10785 10786<p> 10787Skip SMTP servers that greet with a 4XX status code (go away, try 10788again later). 10789</p> 10790 10791<p> 10792By default, the Postfix SMTP client moves on the next mail exchanger. 10793Specify 10794"<a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> = no" if Postfix should defer delivery 10795immediately. 10796</p> 10797 10798<p> This feature is available in Postfix 2.0 and earlier. 10799Later Postfix versions always skip remote SMTP servers that greet 10800with a 108014XX status code. </p> 10802 10803 10804</DD> 10805 10806<DT><b><a name="smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> 10807(default: yes)</b></DT><DD> 10808 10809<p> 10810Skip remote SMTP servers that greet with a 5XX status code. 10811</p> 10812 10813<p> By default, the Postfix SMTP client moves on the next mail 10814exchanger. Specify "<a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> = no" if Postfix should 10815bounce the mail immediately. Caution: the latter behavior appears 10816to contradict <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p> 10817 10818 10819</DD> 10820 10821<DT><b><a name="smtp_skip_quit_response">smtp_skip_quit_response</a> 10822(default: yes)</b></DT><DD> 10823 10824<p> 10825Do not wait for the response to the SMTP QUIT command. 10826</p> 10827 10828 10829</DD> 10830 10831<DT><b><a name="smtp_starttls_timeout">smtp_starttls_timeout</a> 10832(default: 300s)</b></DT><DD> 10833 10834<p> Time limit for Postfix SMTP client write and read operations 10835during TLS startup and shutdown handshake procedures. </p> 10836 10837<p> This feature is available in Postfix 2.2 and later. </p> 10838 10839 10840</DD> 10841 10842<DT><b><a name="smtp_tls_CAfile">smtp_tls_CAfile</a> 10843(default: empty)</b></DT><DD> 10844 10845<p> A file containing CA certificates of root CAs trusted to sign 10846either remote SMTP server certificates or intermediate CA certificates. 10847These are loaded into memory before the <a href="smtp.8.html">smtp(8)</a> client enters the 10848chroot jail. If the number of trusted roots is large, consider using 10849<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> instead, but note that the latter directory must be 10850present in the chroot jail if the <a href="smtp.8.html">smtp(8)</a> client is chrooted. This 10851file may also be used to augment the client certificate trust chain, 10852but it is best to include all the required certificates directly in 10853$<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. </p> 10854 10855<p> Specify "<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /path/to/system_CA_file" to use 10856ONLY the system-supplied default certificate authority certificates. 10857</p> 10858 10859<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from 10860appending the system-supplied default CAs and trusting third-party 10861certificates. </p> 10862 10863<p> Example: </p> 10864 10865<pre> 10866<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/CAcert.pem 10867</pre> 10868 10869<p> This feature is available in Postfix 2.2 and later. </p> 10870 10871 10872</DD> 10873 10874<DT><b><a name="smtp_tls_CApath">smtp_tls_CApath</a> 10875(default: empty)</b></DT><DD> 10876 10877<p> Directory with PEM format certificate authority certificates 10878that the Postfix SMTP client uses to verify a remote SMTP server 10879certificate. Don't forget to create the necessary "hash" links 10880with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". 10881</p> 10882 10883<p> To use this option in chroot mode, this directory (or a copy) 10884must be inside the chroot jail. </p> 10885 10886<p> Specify "<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> = /path/to/system_CA_directory" to 10887use ONLY the system-supplied default certificate authority certificates. 10888</p> 10889 10890<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from 10891appending the system-supplied default CAs and trusting third-party 10892certificates. </p> 10893 10894<p> Example: </p> 10895 10896<pre> 10897<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> = /etc/postfix/certs 10898</pre> 10899 10900<p> This feature is available in Postfix 2.2 and later. </p> 10901 10902 10903</DD> 10904 10905<DT><b><a name="smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> 10906(default: no)</b></DT><DD> 10907 10908<p> Try to detect a mail hijacking attack based on a TLS protocol 10909vulnerability (CVE-2009-3555), where an attacker prepends malicious 10910HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. 10911The attack would succeed with non-Postfix SMTP servers that reply 10912to the malicious HELO, MAIL, RCPT, DATA commands after negotiating 10913the Postfix SMTP client TLS session. </p> 10914 10915<p> This feature is available in Postfix 2.7. </p> 10916 10917 10918</DD> 10919 10920<DT><b><a name="smtp_tls_cert_file">smtp_tls_cert_file</a> 10921(default: empty)</b></DT><DD> 10922 10923<p> File with the Postfix SMTP client RSA certificate in PEM format. 10924This file may also contain the Postfix SMTP client private RSA key, 10925and these may be the same as the Postfix SMTP server RSA certificate and key 10926file. </p> 10927 10928<p> Do not configure client certificates unless you <b>must</b> present 10929client TLS certificates to one or more servers. Client certificates are 10930not usually needed, and can cause problems in configurations that work 10931well without them. The recommended setting is to let the defaults stand: </p> 10932 10933<blockquote> 10934<pre> 10935<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> = 10936<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> = 10937<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> = 10938<a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> = 10939<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> = 10940<a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> = 10941</pre> 10942</blockquote> 10943 10944<p> The best way to use the default settings is to comment out the above 10945parameters in <a href="postconf.5.html">main.cf</a> if present. </p> 10946 10947<p> To enable remote SMTP servers to verify the Postfix SMTP client 10948certificate, the issuing CA certificates must be made available to the 10949server. You should include the required certificates in the client 10950certificate file, the client certificate first, then the issuing 10951CA(s) (bottom-up order). </p> 10952 10953<p> Example: the certificate for "client.example.com" was issued by 10954"intermediate CA" which itself has a certificate issued by "root CA". 10955Create the client.pem file with "cat client_cert.pem intermediate_CA.pem 10956root_CA.pem > client.pem". </p> 10957 10958<p> If you also want to verify remote SMTP server certificates issued by 10959these CAs, you can add the CA certificates to the <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>, in 10960which case it is not necessary to have them in the <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>, 10961<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> or <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>. </p> 10962 10963<p> A certificate supplied here must be usable as an SSL client certificate 10964and hence pass the "openssl verify -purpose sslclient ..." test. </p> 10965 10966<p> Example: </p> 10967 10968<pre> 10969<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> = /etc/postfix/client.pem 10970</pre> 10971 10972<p> This feature is available in Postfix 2.2 and later. </p> 10973 10974 10975</DD> 10976 10977<DT><b><a name="smtp_tls_cipherlist">smtp_tls_cipherlist</a> 10978(default: empty)</b></DT><DD> 10979 10980<p> Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS 10981cipher list. As this feature applies to all TLS security levels, it is easy 10982to create inter-operability problems by choosing a non-default cipher 10983list. Do not use a non-default TLS cipher list on hosts that deliver email 10984to the public Internet: you will be unable to send email to servers that 10985only support the ciphers you exclude. Using a restricted cipher list 10986may be more appropriate for an internal MTA, where one can exert some 10987control over the TLS software and settings of the peer servers. </p> 10988 10989<p> <b>Note:</b> do not use "" quotes around the parameter value. </p> 10990 10991<p> This feature is available in Postfix version 2.2. It is not used with 10992Postfix 2.3 and later; use <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> instead. </p> 10993 10994 10995</DD> 10996 10997<DT><b><a name="smtp_tls_ciphers">smtp_tls_ciphers</a> 10998(default: medium)</b></DT><DD> 10999 11000<p> The minimum TLS cipher grade that the Postfix SMTP client 11001will use with opportunistic TLS encryption. Cipher types listed in 11002<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> are excluded from the base definition of 11003the selected cipher grade. The default value is "medium" for 11004Postfix releases after the middle of 2015, "export" for older 11005releases. </p> 11006 11007<p> When TLS is mandatory the cipher grade is chosen via the 11008<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> configuration parameter, see there for syntax 11009details. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure 11010ciphers on a per-destination basis. </p> 11011 11012<p> This feature is available in Postfix 2.6 and later. With earlier Postfix 11013releases only the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter is implemented, 11014and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p> 11015 11016 11017</DD> 11018 11019<DT><b><a name="smtp_tls_dcert_file">smtp_tls_dcert_file</a> 11020(default: empty)</b></DT><DD> 11021 11022<p> File with the Postfix SMTP client DSA certificate in PEM format. 11023This file may also contain the Postfix SMTP client private DSA key. </p> 11024 11025<p> See the discussion under <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for more details. 11026</p> 11027 11028<p> Example: </p> 11029 11030<pre> 11031<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> = /etc/postfix/client-dsa.pem 11032</pre> 11033 11034<p> This feature is available in Postfix 2.2 and later. </p> 11035 11036 11037</DD> 11038 11039<DT><b><a name="smtp_tls_dkey_file">smtp_tls_dkey_file</a> 11040(default: $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b></DT><DD> 11041 11042<p> File with the Postfix SMTP client DSA private key in PEM format. 11043This file may be combined with the Postfix SMTP client DSA certificate 11044file specified with $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>. </p> 11045 11046<p> The private key must be accessible without a pass-phrase, i.e. it 11047must not be encrypted. File permissions should grant read-only 11048access to the system superuser account ("root"), and no access 11049to anyone else. </p> 11050 11051<p> This feature is available in Postfix 2.2 and later. </p> 11052 11053 11054</DD> 11055 11056<DT><b><a name="smtp_tls_eccert_file">smtp_tls_eccert_file</a> 11057(default: empty)</b></DT><DD> 11058 11059<p> File with the Postfix SMTP client ECDSA certificate in PEM format. 11060This file may also contain the Postfix SMTP client ECDSA private key. </p> 11061 11062<p> See the discussion under <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for more details. 11063</p> 11064 11065<p> Example: </p> 11066 11067<pre> 11068<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> = /etc/postfix/ecdsa-ccert.pem 11069</pre> 11070 11071<p> This feature is available in Postfix 2.6 and later, when Postfix is 11072compiled and linked with OpenSSL 1.0.0 or later. </p> 11073 11074 11075</DD> 11076 11077<DT><b><a name="smtp_tls_eckey_file">smtp_tls_eckey_file</a> 11078(default: $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b></DT><DD> 11079 11080<p> File with the Postfix SMTP client ECDSA private key in PEM format. 11081This file may be combined with the Postfix SMTP client ECDSA 11082certificate file specified with $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>. </p> 11083 11084<p> The private key must be accessible without a pass-phrase, i.e. it 11085must not be encrypted. File permissions should grant read-only 11086access to the system superuser account ("root"), and no access 11087to anyone else. </p> 11088 11089<p> This feature is available in Postfix 2.6 and later, when Postfix is 11090compiled and linked with OpenSSL 1.0.0 or later. </p> 11091 11092 11093</DD> 11094 11095<DT><b><a name="smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> 11096(default: yes)</b></DT><DD> 11097 11098<p> With mandatory TLS encryption, require that the remote SMTP 11099server hostname matches the information in the remote SMTP server 11100certificate. As of <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> the requirements for hostname checking 11101for MTA clients are not specified. </p> 11102 11103<p> This option can be set to "no" to disable strict peer name 11104checking. This setting has no effect on sessions that are controlled 11105via the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table. </p> 11106 11107<p> Disabling the hostname verification can make sense in closed 11108environment where special CAs are created. If not used carefully, 11109this option opens the danger of a "man-in-the-middle" attack (the 11110CommonName of this attacker will be logged). </p> 11111 11112<p> This feature is available in Postfix 2.2 and later. With 11113Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p> 11114 11115 11116</DD> 11117 11118<DT><b><a name="smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> 11119(default: empty)</b></DT><DD> 11120 11121<p> List of ciphers or cipher types to exclude from the Postfix 11122SMTP client cipher 11123list at all TLS security levels. This is not an OpenSSL cipherlist, it is 11124a simple list separated by whitespace and/or commas. The elements are a 11125single cipher, or one or more "+" separated cipher properties, in which 11126case only ciphers matching <b>all</b> the properties are excluded. </p> 11127 11128<p> Examples (some of these will cause problems): </p> 11129 11130<blockquote> 11131<pre> 11132<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL 11133<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = MD5, DES 11134<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = DES+MD5 11135<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = AES256-SHA, DES-CBC3-MD5 11136<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = kEDH+aRSA 11137</pre> 11138</blockquote> 11139 11140<p> The first setting, disables anonymous ciphers. The next setting 11141disables ciphers that use the MD5 digest algorithm or the (single) DES 11142encryption algorithm. The next setting disables ciphers that use MD5 and 11143DES together. The next setting disables the two ciphers "AES256-SHA" 11144and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH" 11145key exchange with RSA authentication. </p> 11146 11147<p> This feature is available in Postfix 2.3 and later. </p> 11148 11149 11150</DD> 11151 11152<DT><b><a name="smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> 11153(default: empty)</b></DT><DD> 11154 11155<p> List of acceptable remote SMTP server certificate fingerprints for 11156the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = 11157fingerprint). At this security level, certificate authorities are not 11158used, and certificate expiration times are ignored. Instead, server 11159certificates are verified directly via their certificate fingerprint 11160or public key fingerprint (Postfix 2.9 and later). The fingerprint 11161is a message digest of the server certificate (or public key). The 11162digest algorithm is selected via the <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> 11163parameter. </p> 11164 11165<p> When an <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a></b> table entry specifies the 11166"fingerprint" security level, any "match" attributes in that entry specify 11167the list of valid fingerprints for the corresponding destination. Multiple 11168fingerprints can be combined with a "|" delimiter in a single match 11169attribute, or multiple match attributes can be employed. </p> 11170 11171<p> Example: Certificate fingerprint verification with internal mailhub. 11172Two matching fingerprints are listed. The <a href="postconf.5.html#relayhost">relayhost</a> may be multiple 11173physical hosts behind a load-balancer, each with its own private/public 11174key and self-signed certificate. Alternatively, a single <a href="postconf.5.html#relayhost">relayhost</a> may 11175be in the process of switching from one set of private/public keys to 11176another, and both keys are trusted just prior to the transition. </p> 11177 11178<blockquote> 11179<pre> 11180<a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com] 11181<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint 11182<a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = md5 11183<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> = 11184 3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 11185 EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 11186</pre> 11187</blockquote> 11188 11189<p> Example: Certificate fingerprint verification with selected destinations. 11190As in the example above, we show two matching fingerprints: </p> 11191 11192<blockquote> 11193<pre> 11194/etc/postfix/<a href="postconf.5.html">main.cf</a>: 11195 <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_policy 11196 <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = md5 11197</pre> 11198</blockquote> 11199 11200<blockquote> 11201<pre> 11202/etc/postfix/tls_policy: 11203 example.com fingerprint 11204 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 11205 match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 11206</pre> 11207</blockquote> 11208 11209<p> This feature is available in Postfix 2.5 and later. </p> 11210 11211 11212</DD> 11213 11214<DT><b><a name="smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> 11215(default: md5)</b></DT><DD> 11216 11217<p> The message digest algorithm used to construct remote SMTP server 11218certificate fingerprints. At the "fingerprint" TLS security level 11219(<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = fingerprint), the server certificate is 11220verified by directly matching its certificate fingerprint or its public 11221key fingerprint (Postfix 2.9 and later). The fingerprint is the 11222message digest of the server certificate (or its public key) 11223using the selected 11224algorithm. With a digest algorithm resistant to "second pre-image" 11225attacks, it is not feasible to create a new public key and a matching 11226certificate (or public/private key-pair) that has the same fingerprint. </p> 11227 11228<p> The default algorithm is <b>md5</b>; this is consistent with 11229the backwards compatible setting of the digest used to verify client 11230certificates in the SMTP server. </p> 11231 11232<p> The best practice algorithm is now <b>sha1</b>. Recent advances in hash 11233function cryptanalysis have led to md5 being deprecated in favor of sha1. 11234However, as long as there are no known "second pre-image" attacks 11235against md5, its use in this context can still be considered safe. 11236</p> 11237 11238<p> While additional digest algorithms are often available with OpenSSL's 11239libcrypto, only those used by libssl in SSL cipher suites are available to 11240Postfix. For now this means just md5 or sha1. </p> 11241 11242<p> To find the fingerprint of a specific certificate file, with a 11243specific digest algorithm, run: 11244</p> 11245 11246<blockquote> 11247<pre> 11248$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem 11249</pre> 11250</blockquote> 11251 11252<p> The text to the right of "=" sign is the desired fingerprint. 11253For example: </p> 11254 11255<blockquote> 11256<pre> 11257$ openssl x509 -noout -fingerprint -sha1 -in cert.pem 11258SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A 11259</pre> 11260</blockquote> 11261 11262<p> To extract the public key fingerprint from an X.509 certificate, 11263you need to extract the public key from the certificate and compute 11264the appropriate digest of its DER (ASN.1) encoding. With OpenSSL 11265the "-pubkey" option of the "x509" command extracts the public 11266key always in "PEM" format. We pipe the result to another OpenSSL 11267command that converts the key to DER and then to the "dgst" command 11268to compute the fingerprint. </p> 11269 11270<p> The actual command to transform the key to DER format depends 11271on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the 11272"pkey" command supports all key types. With OpenSSL 0.9.8 and 11273earlier, the key type is always RSA (nobody uses DSA, and EC 11274keys are not fully supported by 0.9.8), so the "rsa" command is 11275used. </p> 11276<blockquote> 11277<pre> 11278# OpenSSL 1.0 with all certificates and SHA-1 fingerprints. 11279$ openssl x509 -in cert.pem -noout -pubkey | 11280 openssl pkey -pubin -outform DER | 11281 openssl dgst -sha1 -c 11282(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58 11283</pre> 11284</blockquote> 11285 11286<blockquote> 11287<pre> 11288# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints. 11289$ openssl x509 -in cert.pem -noout -pubkey | 11290 openssl rsa -pubin -outform DER | 11291 openssl dgst -md5 -c 11292(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50 11293</pre> 11294</blockquote> 11295 11296<p> The Postfix SMTP server and client log the peer (leaf) certificate 11297fingerprint and public key fingerprint when the TLS loglevel is 2 or 11298higher. </p> 11299 11300<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key 11301fingerprint incorrectly. To use public-key fingerprints, upgrade 11302to Postfix 2.9.6 or later. </p> 11303 11304<p> This feature is available in Postfix 2.5 and later. </p> 11305 11306 11307</DD> 11308 11309<DT><b><a name="smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> 11310(default: no)</b></DT><DD> 11311 11312<p> Lookup the associated DANE TLSA RRset even when a hostname is 11313not an alias and its address records lie in an unsigned zone. This 11314is unlikely to ever yield DNSSEC validated results, since child 11315zones of unsigned zones are also unsigned in the absence of DLV or 11316locally configured non-root trust-anchors. We anticipate that such 11317mechanisms will not be used for just the "_tcp" subdomain of a host. 11318Suppressing the TLSA RRset lookup reduces latency and avoids potential 11319interoperability problems with nameservers for unsigned zones that 11320are not prepared to handle the new TLSA RRset. </p> 11321 11322<p> This feature is available in Postfix 2.11. </p> 11323 11324 11325</DD> 11326 11327<DT><b><a name="smtp_tls_key_file">smtp_tls_key_file</a> 11328(default: $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b></DT><DD> 11329 11330<p> File with the Postfix SMTP client RSA private key in PEM format. 11331This file may be combined with the Postfix SMTP client RSA certificate 11332file specified with $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. </p> 11333 11334<p> The private key must be accessible without a pass-phrase, i.e. it 11335must not be encrypted. File permissions should grant read-only 11336access to the system superuser account ("root"), and no access 11337to anyone else. </p> 11338 11339<p> Example: </p> 11340 11341<pre> 11342<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> = $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> 11343</pre> 11344 11345<p> This feature is available in Postfix 2.2 and later. </p> 11346 11347 11348</DD> 11349 11350<DT><b><a name="smtp_tls_loglevel">smtp_tls_loglevel</a> 11351(default: 0)</b></DT><DD> 11352 11353<p> Enable additional Postfix SMTP client logging of TLS activity. 11354Each logging level also includes the information that is logged at 11355a lower logging level. </p> 11356 11357<dl compact> 11358 11359<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd> 11360 11361<dt> </dt> <dd> 1 Log only a summary message on TLS handshake completion 11362— no logging of remote SMTP server certificate trust-chain 11363verification errors if server certificate verification is not required. 11364With Postfix 2.8 and earlier, log the summary message and unconditionally 11365log trust-chain verification errors. </dd> 11366 11367<dt> </dt> <dd> 2 Also log levels during TLS negotiation. </dd> 11368 11369<dt> </dt> <dd> 3 Also log hexadecimal and ASCII dump of TLS negotiation 11370process. </dd> 11371 11372<dt> </dt> <dd> 4 Also log hexadecimal and ASCII dump of complete 11373transmission after STARTTLS. </dd> 11374 11375</dl> 11376 11377<p> Do not use "<a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> = 2" or higher except in case of 11378problems. Use of loglevel 4 is strongly discouraged. </p> 11379 11380<p> This feature is available in Postfix 2.2 and later. </p> 11381 11382 11383</DD> 11384 11385<DT><b><a name="smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> 11386(default: medium)</b></DT><DD> 11387 11388<p> The minimum TLS cipher grade that the Postfix SMTP client will 11389use with 11390mandatory TLS encryption. The default value "medium" is suitable 11391for most destinations with which you may want to enforce TLS, and 11392is beyond the reach of today's cryptanalytic methods. See 11393<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure ciphers 11394on a per-destination basis. </p> 11395 11396<p> The following cipher grades are supported: </p> 11397 11398<dl> 11399<dt><b>export</b></dt> 11400<dd> Enable "EXPORT" grade or better OpenSSL ciphers. The underlying 11401cipherlist is specified via the <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> configuration 11402parameter, which you are strongly encouraged to not change. This 11403choice is insecure and SHOULD NOT be used. </dd> 11404 11405<dt><b>low</b></dt> 11406<dd> Enable "LOW" grade or better OpenSSL ciphers. The underlying 11407cipherlist is specified via the <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> configuration 11408parameter, which you are strongly encouraged to not change. This 11409choice is insecure and SHOULD NOT be used. </dd> 11410 11411<dt><b>medium</b></dt> 11412<dd> Enable "MEDIUM" grade or better OpenSSL ciphers. 11413The underlying cipherlist is specified via the <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> 11414configuration parameter, which you are strongly encouraged to not change. 11415</dd> 11416 11417<dt><b>high</b></dt> 11418<dd> Enable only "HIGH" grade OpenSSL ciphers. This setting may 11419be appropriate when all mandatory TLS destinations (e.g. when all 11420mail is routed to a suitably capable <a href="postconf.5.html#relayhost">relayhost</a>) support at least one 11421"HIGH" grade cipher. The underlying cipherlist is specified via the 11422<a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> configuration parameter, which you are strongly 11423encouraged to not change. </dd> 11424 11425<dt><b>null</b></dt> 11426<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication 11427without encryption. This setting is only appropriate in the rare case 11428that all servers are prepared to use NULL ciphers (not normally enabled 11429in TLS servers). A plausible use-case is an LMTP server listening on a 11430UNIX-domain socket that is configured to support "NULL" ciphers. The 11431underlying cipherlist is specified via the <a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> 11432configuration parameter, which you are strongly encouraged to not 11433change. </dd> 11434 11435</dl> 11436 11437<p> The underlying cipherlists for grades other than "null" include 11438anonymous ciphers, but these are automatically filtered out if the 11439Postfix SMTP client is configured to verify server certificates. 11440You are very unlikely to need to take any steps to exclude anonymous 11441ciphers, they are excluded automatically as necessary. If you must 11442exclude anonymous ciphers at the "may" or "encrypt" security levels, 11443when the Postfix SMTP client does not need or use peer certificates, set 11444"<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL". To exclude anonymous ciphers only when 11445TLS is enforced, set "<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> = aNULL". </p> 11446 11447<p> This feature is available in Postfix 2.3 and later. </p> 11448 11449 11450</DD> 11451 11452<DT><b><a name="smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> 11453(default: empty)</b></DT><DD> 11454 11455<p> Additional list of ciphers or cipher types to exclude from the 11456Postfix SMTP client cipher list at mandatory TLS security levels. This list 11457works in addition to the exclusions listed with <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> 11458(see there for syntax details). </p> 11459 11460<p> Starting with Postfix 2.6, the mandatory cipher exclusions can be 11461specified on a per-destination basis via the TLS policy "exclude" 11462attribute. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for notes and examples. </p> 11463 11464<p> This feature is available in Postfix 2.3 and later. </p> 11465 11466 11467</DD> 11468 11469<DT><b><a name="smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> 11470(default: !SSLv2, !SSLv3)</b></DT><DD> 11471 11472<p> List of SSL/TLS protocols that the Postfix SMTP client will use with 11473mandatory TLS encryption. In <a href="postconf.5.html">main.cf</a> the values are separated by 11474whitespace, commas or colons. In the policy table "protocols" attribute 11475(see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid separator is colon. An 11476empty value means allow all protocols. The valid protocol names, (see 11477<b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and "TLSv1". The 11478default value is "!SSLv2, !SSLv3" for Postfix releases after the 11479middle of 2015, "!SSLv2" for older releases. </p> 11480 11481<p> With Postfix ≥ 2.5 the parameter syntax was expanded to support 11482protocol exclusions. One can explicitly exclude "SSLv2" by setting 11483"<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2". To exclude both "SSLv2" and 11484"SSLv3" set "<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3". Listing 11485the protocols to include, rather than protocols to exclude, is 11486supported, but not recommended. The exclusion form more closely 11487matches the underlying OpenSSL interface semantics. 11488</p> 11489 11490<p> The range of protocols advertised by an SSL/TLS client must be 11491contiguous. When a protocol version is enabled, disabling any 11492higher version implicitly disables all versions above that higher 11493version. Thus, for example: </p> 11494<blockquote> 11495<pre> 11496<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !TLSv1 11497</pre> 11498</blockquote> 11499<p> also disables any protocols version higher than TLSv1 leaving 11500only "SSLv3" enabled. </p> 11501 11502<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" 11503and "TLSv1.2". When Postfix ≤ 2.5 is linked against OpenSSL 1.0.1 11504or later, these, or any other new protocol versions, cannot be 11505disabled except by also disabling "TLSv1" (typically leaving just 11506"SSLv3"). The latest patch levels of Postfix ≥ 2.6, and all 11507versions of Postfix ≥ 2.10 can explicitly disable support for 11508"TLSv1.1" or "TLSv1.2". </p> 11509 11510<p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and 11511<a href="TLS_README.html#client_tls_dane">dane-only</a> security 11512levels, when usable TLSA records are obtained for the remote SMTP 11513server, the Postfix SMTP client is obligated to include the SNI TLS 11514extension in its SSL client hello message. This may help the remote 11515SMTP server live up to its promise to provide a certificate that 11516matches its TLSA records. Since TLS extensions require TLS 1.0 or 11517later, the Postfix SMTP client must disable "SSLv2" and "SSLv3" when 11518SNI is required. If you use "dane" or "dane-only" do not disable 11519TLSv1, except perhaps via the policy table for destinations which 11520you are sure will support "TLSv1.1" or "TLSv1.2". </p> 11521 11522<p> See the documentation of the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> parameter and 11523<a href="TLS_README.html">TLS_README</a> for more information about security levels. </p> 11524 11525<p> Example: </p> 11526 11527<pre> 11528# Preferred syntax with Postfix ≥ 2.5: 11529<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3 11530# Legacy syntax: 11531<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = TLSv1 11532</pre> 11533 11534<p> This feature is available in Postfix 2.3 and later. </p> 11535 11536 11537</DD> 11538 11539<DT><b><a name="smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> 11540(default: no)</b></DT><DD> 11541 11542<p> Log the hostname of a remote SMTP server that offers STARTTLS, 11543when TLS is not already enabled for that server. </p> 11544 11545<p> The logfile record looks like: </p> 11546 11547<pre> 11548postfix/smtp[pid]: Host offered STARTTLS: [name.of.host] 11549</pre> 11550 11551<p> This feature is available in Postfix 2.2 and later. </p> 11552 11553 11554</DD> 11555 11556<DT><b><a name="smtp_tls_per_site">smtp_tls_per_site</a> 11557(default: empty)</b></DT><DD> 11558 11559<p> Optional lookup tables with the Postfix SMTP client TLS usage 11560policy by next-hop destination and by remote SMTP server hostname. 11561When both lookups succeed, the more specific per-site policy (NONE, 11562MUST, etc) overrides the less specific one (MAY), and the more secure 11563per-site policy (MUST, etc) overrides the less secure one (NONE). 11564With Postfix 2.3 and later <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> is strongly discouraged: 11565use <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> instead. </p> 11566 11567<p> Use of the bare hostname as the per-site table lookup key is 11568discouraged. Always use the full destination nexthop (enclosed in 11569[] with a possible ":port" suffix). A recipient domain or MX-enabled 11570transport next-hop with no port suffix may look like a bare hostname, 11571but is still a suitable <i>destination</i>. </p> 11572 11573<p> Specify a next-hop destination or server hostname on the left-hand 11574side; no wildcards are allowed. The next-hop destination is either 11575the recipient domain, or the destination specified with a <a href="transport.5.html">transport(5)</a> 11576table, the <a href="postconf.5.html#relayhost">relayhost</a> parameter, or the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter. 11577On the right hand side specify one of the following keywords: </p> 11578 11579<dl> 11580 11581<dt> NONE </dt> <dd> Don't use TLS at all. This overrides a less 11582specific <b>MAY</b> lookup result from the alternate host or next-hop 11583lookup key, and overrides the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, 11584and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> settings. </dd> 11585 11586<dt> MAY </dt> <dd> Try to use TLS if the server announces support, 11587otherwise use the unencrypted connection. This has less precedence 11588than a more specific result (including <b>NONE</b>) from the alternate 11589host or next-hop lookup key, and has less precedence than the more 11590specific global "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" or "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> 11591= yes". </dd> 11592 11593<dt> MUST_NOPEERMATCH </dt> <dd> Require TLS encryption, but do not 11594require that the remote SMTP server hostname matches the information 11595in the remote SMTP server certificate, or that the server certificate 11596was issued by a trusted CA. This overrides a less secure <b>NONE</b> 11597or a less specific <b>MAY</b> lookup result from the alternate host 11598or next-hop lookup key, and overrides the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, 11599<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> settings. </dd> 11600 11601<dt> MUST </dt> <dd> Require TLS encryption, require that the remote 11602SMTP server hostname matches the information in the remote SMTP 11603server certificate, and require that the remote SMTP server certificate 11604was issued by a trusted CA. This overrides a less secure <b>NONE</b> 11605and <b>MUST_NOPEERMATCH</b> or a less specific <b>MAY</b> lookup 11606result from the alternate host or next-hop lookup key, and overrides 11607the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> 11608settings. </dd> 11609 11610</dl> 11611 11612<p> The above keywords correspond to the "none", "may", "encrypt" and 11613"verify" security levels for the new <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> parameter 11614introduced in Postfix 2.3. Starting with Postfix 2.3, and independently 11615of how the policy is specified, the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and 11616<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameters apply when TLS encryption 11617is mandatory. Connections for which encryption is optional typically 11618enable all "export" grade and better ciphers (see <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> 11619and <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>). </p> 11620 11621<p> As long as no secure DNS lookup mechanism is available, false 11622hostnames in MX or CNAME responses can change the server hostname 11623that Postfix uses for TLS policy lookup and server certificate 11624verification. Even with a perfect match between the server hostname and 11625the server certificate, there is no guarantee that Postfix is connected 11626to the right server. See <a href="TLS_README.html">TLS_README</a> (Closing a DNS loophole with obsolete 11627per-site TLS policies) for a possible work-around. </p> 11628 11629<p> This feature is available in Postfix 2.2 and later. With 11630Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> instead. </p> 11631 11632 11633</DD> 11634 11635<DT><b><a name="smtp_tls_policy_maps">smtp_tls_policy_maps</a> 11636(default: empty)</b></DT><DD> 11637 11638<p> Optional lookup tables with the Postfix SMTP client TLS security 11639policy by next-hop destination; when a non-empty value is specified, 11640this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter. See 11641<a href="TLS_README.html">TLS_README</a> for a more detailed discussion of TLS security levels. 11642</p> 11643 11644<p> The TLS policy table is indexed by the full next-hop destination, 11645which is either the recipient domain, or the verbatim next-hop 11646specified in the transport table, $<a href="postconf.5.html#local_transport">local_transport</a>, $<a href="postconf.5.html#virtual_transport">virtual_transport</a>, 11647$<a href="postconf.5.html#relay_transport">relay_transport</a> or $<a href="postconf.5.html#default_transport">default_transport</a>. This includes any enclosing 11648square brackets and any non-default destination server port suffix. The 11649LMTP socket type prefix (inet: or unix:) is not included in the lookup 11650key. </p> 11651 11652<p> Only the next-hop domain, or $<a href="postconf.5.html#myhostname">myhostname</a> with LMTP over UNIX-domain 11653sockets, is used as the nexthop name for certificate verification. The 11654port and any enclosing square brackets are used in the table lookup key, 11655but are not used for server name verification. </p> 11656 11657<p> When the lookup key is a domain name without enclosing square brackets 11658or any <i>:port</i> suffix (typically the recipient domain), and the full 11659domain is not found in the table, just as with the <a href="transport.5.html">transport(5)</a> table, 11660the parent domain starting with a leading "." is matched recursively. This 11661allows one to specify a security policy for a recipient domain and all 11662its sub-domains. </p> 11663 11664<p> The lookup result is a security level, followed by an optional list 11665of whitespace and/or comma separated name=value attributes that override 11666related <a href="postconf.5.html">main.cf</a> settings. The TLS security levels in order of increasing 11667security are: </p> 11668 11669<dl> 11670 11671<dt><b><a href="TLS_README.html#client_tls_none">none</a></b></dt> 11672<dd>No TLS. No additional attributes are supported at this level. </dd> 11673 11674<dt><b><a href="TLS_README.html#client_tls_may">may</a></b></dt> 11675<dd>Opportunistic TLS. Since sending in the clear is acceptable, 11676demanding stronger than default TLS security merely reduces 11677inter-operability. The optional "ciphers", "exclude" and "protocols" 11678attributes (available for opportunistic TLS with Postfix ≥ 2.6) 11679override the "<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>", "<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>" and 11680"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>" configuration parameters. When opportunistic TLS 11681handshakes fail, Postfix retries the connection with TLS disabled. 11682This allows mail delivery to sites with non-interoperable TLS 11683implementations.</dd> 11684 11685<dt><b><a href="TLS_README.html#client_tls_encrypt">encrypt</a></b></dt> 11686<dd>Mandatory TLS encryption. At this level 11687and higher, the optional "protocols" attribute overrides the <a href="postconf.5.html">main.cf</a> 11688<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter, the optional "ciphers" attribute 11689overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter, and the 11690optional "exclude" attribute (Postfix ≥ 2.6) overrides the <a href="postconf.5.html">main.cf</a> 11691<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> parameter. In the policy table, 11692multiple protocols or excluded ciphers must be separated by colons, 11693as attribute values may not contain whitespace or commas. </dd> 11694 11695<dt><b><a href="TLS_README.html#client_tls_dane">dane</a></b></dt> 11696<dd>Opportunistic DANE TLS. The TLS policy for the destination is 11697obtained via TLSA records in DNSSEC. If no TLSA records are found, 11698the effective security level used is <a 11699href="TLS_README.html#client_tls_may">may</a>. If TLSA records are 11700found, but none are usable, the effective security level is <a 11701href="TLS_README.html#client_tls_encrypt">encrypt</a>. When usable 11702TLSA records are obtained for the remote SMTP server, the 11703server certificate must match the TLSA records. <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE) 11704TLS authentication and DNSSEC support is available with Postfix 117052.11 and later. </dd> 11706 11707<dt><b><a href="TLS_README.html#client_tls_dane">dane-only</a></b></dt> 11708<dd>Mandatory DANE TLS. The TLS policy for the destination is 11709obtained via TLSA records in DNSSEC. If no TLSA records are found, 11710or none are usable, no connection is made to the server. When 11711usable TLSA records are obtained for the remote SMTP server, the 11712server certificate must match the TLSA records. <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE) TLS 11713authentication and DNSSEC support is available with Postfix 2.11 11714and later. </dd> 11715 11716<dt><b><a href="TLS_README.html#client_tls_fingerprint">fingerprint</a></b></dt> 11717<dd>Certificate fingerprint 11718verification. Available with Postfix 2.5 and later. At this security 11719level, there are no trusted certificate authorities. The certificate 11720trust chain, expiration date, ... are not checked. Instead, 11721the optional <b>match</b> attribute, or else the <a href="postconf.5.html">main.cf</a> 11722<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a></b> parameter, lists the certificate 11723fingerprints or the public key fingerprint (Postfix 2.9 and later) 11724of the valid server certificate. The digest 11725algorithm used to calculate the fingerprint is selected by the 11726<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> parameter. Multiple fingerprints can 11727be combined with a "|" delimiter in a single match attribute, or multiple 11728match attributes can be employed. The ":" character is not used as a 11729delimiter as it occurs between each pair of fingerprint (hexadecimal) 11730digits. </dd> 11731 11732<dt><b><a href="TLS_README.html#client_tls_verify">verify</a></b></dt> 11733<dd>Mandatory TLS verification. At this security 11734level, DNS MX lookups are trusted to be secure enough, and the name 11735verified in the server certificate is usually obtained indirectly via 11736unauthenticated DNS MX lookups. The optional "match" attribute overrides 11737the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter. In the policy table, 11738multiple match patterns and strategies must be separated by colons. 11739In practice explicit control over matching is more common with the 11740"secure" policy, described below. </dd> 11741 11742<dt><b><a href="TLS_README.html#client_tls_secure">secure</a></b></dt> 11743<dd>Secure-channel TLS. At this security level, DNS 11744MX lookups, though potentially used to determine the candidate next-hop 11745gateway IP addresses, are <b>not</b> trusted to be secure enough for TLS 11746peername verification. Instead, the default name verified in the server 11747certificate is obtained directly from the next-hop, or is explicitly 11748specified via the optional <b>match</b> attribute which overrides the 11749<a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> parameter. In the policy table, 11750multiple match patterns and strategies must be separated by colons. 11751The match attribute is most useful when multiple domains are supported by 11752common server, the policy entries for additional domains specify matching 11753rules for the primary domain certificate. While transport table overrides 11754routing the secondary domains to the primary nexthop also allow secure 11755verification, they risk delivery to the wrong destination when domains 11756change hands or are re-assigned to new gateways. With the "match" 11757attribute approach, routing is not perturbed, and mail is deferred if 11758verification of a new MX host fails. </dd> 11759 11760</dl> 11761 11762<p> 11763Example: 11764</p> 11765 11766<pre> 11767/etc/postfix/<a href="postconf.5.html">main.cf</a>: 11768 <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_policy 11769 # Postfix 2.5 and later 11770 <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = md5 11771</pre> 11772 11773<pre> 11774/etc/postfix/tls_policy: 11775 example.edu none 11776 example.mil may 11777 example.gov encrypt protocols=TLSv1 11778 example.com verify ciphers=high 11779 example.net secure 11780 .example.net secure match=.example.net:example.net 11781 [mail.example.org]:587 secure match=nexthop 11782 # Postfix 2.5 and later 11783 [thumb.example.org] fingerprint 11784 match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 11785 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 11786</pre> 11787 11788<p> <b>Note:</b> The <b>hostname</b> strategy if listed in a non-default 11789setting of <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> or in the <b>match</b> attribute 11790in the policy table can render the <b>secure</b> level vulnerable to 11791DNS forgery. Do not use the <b>hostname</b> strategy for secure-channel 11792configurations in environments where DNS security is not assured. </p> 11793 11794<p> This feature is available in Postfix 2.3 and later. </p> 11795 11796 11797</DD> 11798 11799<DT><b><a name="smtp_tls_protocols">smtp_tls_protocols</a> 11800(default: !SSLv2, !SSLv3)</b></DT><DD> 11801 11802<p> List of TLS protocols that the Postfix SMTP client will exclude or 11803include with opportunistic TLS encryption. The default value is 11804"!SSLv2, !SSLv3" for Postfix releases after the middle of 2015, 11805"!SSLv2" for older releases. Before Postfix 2.6, the Postfix SMTP 11806client would use all protocols with opportunistic TLS. </p> 11807 11808<p> In <a href="postconf.5.html">main.cf</a> the values are separated by whitespace, commas or 11809colons. In the policy table (see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid 11810separator is colon. An empty value means allow all protocols. The valid 11811protocol names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" 11812and "TLSv1". </p> 11813 11814<p> The range of protocols advertised by an SSL/TLS client must be 11815contiguous. When a protocol version is enabled, disabling any 11816higher version implicitly disables all versions above that higher 11817version. Thus, for example: </p> 11818<blockquote> 11819<pre> 11820<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !TLSv1 11821</pre> 11822</blockquote> 11823<p> also disables any protocols version higher than TLSv1 leaving 11824only "SSLv3" enabled. </p> 11825 11826<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" 11827and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all 11828versions of Postfix ≥ 2.10 can explicitly disable support for 11829"TLSv1.1" or "TLSv1.2"</p> 11830 11831<p> To include a protocol list its name, to exclude it, prefix the name 11832with a "!" character. To exclude SSLv2 for opportunistic TLS set 11833"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set 11834"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3". Explicitly listing the protocols to 11835include, rather than protocols to exclude, is supported, but not 11836recommended. The exclusion form more closely matches the underlying 11837OpenSSL interface semantics. </p> 11838 11839<p> Example: </p> 11840<pre> 11841# TLSv1 or better: 11842<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3 11843</pre> 11844 11845<p> This feature is available in Postfix 2.6 and later. </p> 11846 11847 11848</DD> 11849 11850<DT><b><a name="smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> 11851(default: 9)</b></DT><DD> 11852 11853<p> The verification depth for remote SMTP server certificates. A depth 11854of 1 is sufficient if the issuing CA is listed in a local CA file. </p> 11855 11856<p> The default verification depth is 9 (the OpenSSL default) for 11857compatibility with earlier Postfix behavior. Prior to Postfix 2.5, 11858the default value was 5, but the limit was not actually enforced. If 11859you have set this to a lower non-default value, certificates with longer 11860trust chains may now fail to verify. Certificate chains with 1 or 2 11861CAs are common, deeper chains are more rare and any number between 5 11862and 9 should suffice in practice. You can choose a lower number if, 11863for example, you trust certificates directly signed by an issuing CA 11864but not any CAs it delegates to. </p> 11865 11866<p> This feature is available in Postfix 2.2 and later. </p> 11867 11868 11869</DD> 11870 11871<DT><b><a name="smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> 11872(default: nexthop, dot-nexthop)</b></DT><DD> 11873 11874<p> How the Postfix SMTP client verifies the server certificate 11875peername for the "secure" TLS security level. In a "secure" TLS policy table 11876($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) entry the optional "match" attribute 11877overrides this <a href="postconf.5.html">main.cf</a> setting. </p> 11878 11879<p> This parameter specifies one or more patterns or strategies separated 11880by commas, whitespace or colons. In the policy table the only valid 11881separator is the colon character. </p> 11882 11883<p> For a description of the pattern and strategy syntax see the 11884<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter. The "hostname" strategy should 11885be avoided in this context, as in the absence of a secure global DNS, using 11886the results of MX lookups in certificate verification is not immune to active 11887(man-in-the-middle) attacks on DNS. </p> 11888 11889<p> 11890Sample <a href="postconf.5.html">main.cf</a> setting: 11891</p> 11892 11893<blockquote> 11894<pre> 11895<a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> = nexthop 11896</pre> 11897</blockquote> 11898 11899<p> 11900Sample policy table override: 11901</p> 11902 11903<blockquote> 11904<pre> 11905example.net secure match=example.com:.example.com 11906.example.net secure match=example.com:.example.com 11907</pre> 11908</blockquote> 11909 11910<p> This feature is available in Postfix 2.3 and later. </p> 11911 11912 11913</DD> 11914 11915<DT><b><a name="smtp_tls_security_level">smtp_tls_security_level</a> 11916(default: empty)</b></DT><DD> 11917 11918<p> The default SMTP TLS security level for the Postfix SMTP client; 11919when a non-empty value is specified, this overrides the obsolete 11920parameters <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>. 11921</p> 11922 11923<p> Specify one of the following security levels: </p> 11924 11925<dl> 11926 11927<dt><b><a href="TLS_README.html#client_tls_none">none</a></b></dt> 11928<dd> No TLS. TLS will not be used unless enabled for specific 11929destinations via <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>. </dd> 11930 11931<dt><b><a href="TLS_README.html#client_tls_may">may</a></b></dt> 11932<dd> Opportunistic TLS. Use TLS if this is supported by the remote 11933SMTP server, otherwise use plaintext. Since 11934sending in the clear is acceptable, demanding stronger than default TLS 11935security merely reduces inter-operability. 11936The "<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>" and "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>" (Postfix ≥ 2.6) 11937configuration parameters provide control over the protocols and 11938cipher grade used with opportunistic TLS. With earlier releases the 11939opportunistic TLS cipher grade is always "export" and no protocols 11940are disabled. 11941When TLS handshakes fail, the connection is retried with TLS disabled. 11942This allows mail delivery to sites with non-interoperable TLS 11943implementations. </dd> 11944 11945<dt><b><a href="TLS_README.html#client_tls_encrypt">encrypt</a></b></dt> 11946<dd>Mandatory TLS encryption. Since a minimum 11947level of security is intended, it is reasonable to be specific about 11948sufficiently secure protocol versions and ciphers. At this security level 11949and higher, the <a href="postconf.5.html">main.cf</a> parameters <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> and 11950<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> specify the TLS protocols and minimum 11951cipher grade which the administrator considers secure enough for 11952mandatory encrypted sessions. This security level is not an appropriate 11953default for systems delivering mail to the Internet. </dd> 11954 11955<dt><b><a href="TLS_README.html#client_tls_dane">dane</a></b></dt> 11956<dd>Opportunistic DANE TLS. At this security level, the TLS policy 11957for the destination is obtained via DNSSEC. For TLSA policy to be 11958in effect, the destination domain's containing DNS zone must be 11959signed and the Postfix SMTP client's operating system must be 11960configured to send its DNS queries to a recursive DNS nameserver 11961that is able to validate the signed records. Each MX host's DNS 11962zone should also be signed, and should publish DANE TLSA (<a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a>) 11963records that specify how that MX host's TLS certificate is to be 11964verified. TLSA records do not preempt the normal SMTP MX host 11965selection algorithm, if some MX hosts support TLSA and others do 11966not, TLS security will vary from delivery to delivery. It is up 11967to the domain owner to configure their MX hosts and their DNS 11968sensibly. To configure the Postfix SMTP client for DNSSEC lookups 11969see the documentation for the <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> <a href="postconf.5.html">main.cf</a> 11970parameter. When DNSSEC-validated TLSA records are not found the 11971effective tls security level is "may". When TLSA records are found, 11972but are all unusable the effective security level is "encrypt". For 11973purposes of protocol and cipher selection, the "dane" security level 11974is treated like a "mandatory" TLS security level, and weak ciphers 11975and protocols are disabled. Since DANE authenticates server 11976certificates the "aNULL" cipher-suites are transparently excluded 11977at this level, no need to configure this manually. <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE) 11978TLS authentication is available with Postfix 2.11 and later. </dd> 11979 11980<dt><b><a href="TLS_README.html#client_tls_dane">dane-only</a></b></dt> 11981<dd>Mandatory DANE TLS. This is just like "dane" above, but DANE 11982TLSA authentication is required. There is no fallback to "may" or 11983"encrypt" when TLSA records are missing or unusable. <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> 11984(DANE) TLS authentication is available with Postfix 2.11 and later. 11985</dd> 11986 11987<dt><b><a href="TLS_README.html#client_tls_fingerprint">fingerprint</a></b></dt> 11988<dd>Certificate fingerprint verification. 11989At this security level, there are no trusted certificate authorities. 11990The certificate trust chain, expiration date, etc., are 11991not checked. Instead, the <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a></b> 11992parameter lists the certificate fingerprint or public key fingerprint 11993(Postfix 2.9 and later) of the valid server certificate. The digest 11994algorithm used to calculate the fingerprint is selected by the 11995<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> parameter. Available with Postfix 119962.5 and later. </dd> 11997 11998<dt><b><a href="TLS_README.html#client_tls_verify">verify</a></b></dt> 11999<dd>Mandatory TLS verification. At this security 12000level, DNS MX lookups are trusted to be secure enough, and the name 12001verified in the server certificate is usually obtained indirectly 12002via unauthenticated DNS MX lookups. The <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> 12003parameter controls how the server name is verified. In practice explicit 12004control over matching is more common at the "secure" level, described 12005below. This security level is not an appropriate default for systems 12006delivering mail to the Internet. </dd> 12007 12008<dt><b><a href="TLS_README.html#client_tls_secure">secure</a></b></dt> 12009<dd>Secure-channel TLS. At this security level, 12010DNS MX lookups, though potentially used to determine the candidate 12011next-hop gateway IP addresses, are <b>not</b> trusted to be secure enough 12012for TLS peername verification. Instead, the default name verified in 12013the server certificate is obtained from the next-hop domain as specified 12014in the <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> configuration parameter. The default 12015matching rule is that a server certificate matches when its name is equal 12016to or is a sub-domain of the nexthop domain. This security level is not 12017an appropriate default for systems delivering mail to the Internet. </dd> 12018 12019</dl> 12020 12021<p> 12022Examples: 12023</p> 12024 12025<pre> 12026# No TLS. Formerly: <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>=no and <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>=no. 12027<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = none 12028</pre> 12029 12030<pre> 12031# Opportunistic TLS. 12032<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may 12033# Postfix ≥ 2.6: 12034# Do not tweak opportunistic ciphers or protocol unless it is essential 12035# to do so (if a security vulnerability is found in the SSL library that 12036# can be mitigated by disabling a particular protocol or raising the 12037# cipher grade from "export" to "low" or "medium"). 12038<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = export 12039<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3 12040</pre> 12041 12042<pre> 12043# Mandatory (high-grade) TLS encryption. 12044<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt 12045<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high 12046</pre> 12047 12048<pre> 12049# Mandatory TLS verification of hostname or nexthop domain. 12050<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = verify 12051<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high 12052<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> = hostname, nexthop, dot-nexthop 12053</pre> 12054 12055<pre> 12056# Secure channel TLS with exact nexthop name match. 12057<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = secure 12058<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = TLSv1 12059<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high 12060<a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> = nexthop 12061</pre> 12062 12063<pre> 12064# Certificate fingerprint verification (Postfix ≥ 2.5). 12065# The CA-less "fingerprint" security level only scales to a limited 12066# number of destinations. As a global default rather than a per-site 12067# setting, this is practical when mail for all recipients is sent 12068# to a central mail hub. 12069<a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com] 12070<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint 12071<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3 12072<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high 12073<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> = 12074 3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 12075 EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 12076</pre> 12077 12078<p> This feature is available in Postfix 2.3 and later. </p> 12079 12080 12081</DD> 12082 12083<DT><b><a name="smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> 12084(default: empty)</b></DT><DD> 12085 12086<p> Name of the file containing the optional Postfix SMTP client 12087TLS session cache. Specify a database type that supports enumeration, 12088such as <b>btree</b> or <b>sdbm</b>; there is no need to support 12089concurrent access. The file is created if it does not exist. The <a href="smtp.8.html">smtp(8)</a> 12090daemon does not use this parameter directly, rather the cache is 12091implemented indirectly in the <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon. This means that 12092per-smtp-instance <a href="master.5.html">master.cf</a> overrides of this parameter are not effective. 12093Note, that each of the cache databases supported by <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon: 12094$<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, $<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> 12095(and with Postfix 2.3 and later $<a href="postconf.5.html#lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a>), needs to 12096be stored separately. It is not at this time possible to store multiple 12097caches in a single database. </p> 12098 12099<p> Note: <b>dbm</b> databases are not suitable. TLS 12100session objects are too large. </p> 12101 12102<p> As of version 2.5, Postfix no longer uses root privileges when 12103opening this file. The file should now be stored under the Postfix-owned 12104<a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to open the file 12105under a non-Postfix directory is redirected to the Postfix-owned 12106<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p> 12107 12108<p> Example: </p> 12109 12110<pre> 12111<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:/var/db/postfix/smtp_scache 12112</pre> 12113 12114<p> This feature is available in Postfix 2.2 and later. </p> 12115 12116 12117</DD> 12118 12119<DT><b><a name="smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> 12120(default: 3600s)</b></DT><DD> 12121 12122<p> The expiration time of Postfix SMTP client TLS session cache 12123information. A cache cleanup is performed periodically 12124every $<a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> seconds. As with 12125$<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>, this parameter is implemented in the 12126<a href="tlsmgr.8.html">tlsmgr(8)</a> daemon and therefore per-smtp-instance <a href="master.5.html">master.cf</a> overrides 12127are not possible. </p> 12128 12129<p> As of Postfix 2.11 this setting cannot exceed 100 days. If set 12130≤ 0, session caching is disabled. If set to a positive value 12131less than 2 minutes, the minimum value of 2 minutes is used instead. </p> 12132 12133<p> This feature is available in Postfix 2.2 and later. </p> 12134 12135 12136</DD> 12137 12138<DT><b><a name="smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> 12139(default: empty)</b></DT><DD> 12140 12141<p> Zero or more PEM-format files with trust-anchor certificates 12142and/or public keys. If the parameter is not empty the root CAs in 12143CAfile and CApath are no longer trusted. Rather, the Postfix SMTP 12144client will only trust certificate-chains signed by one of the 12145trust-anchors contained in the chosen files. The specified 12146trust-anchor certificates and public keys are not subject to 12147expiration, and need not be (self-signed) root CAs. They may, if 12148desired, be intermediate certificates. Therefore, these certificates 12149also may be found "in the middle" of the trust chain presented by 12150the remote SMTP server, and any untrusted issuing parent certificates 12151will be ignored. Specify a list of pathnames separated by comma 12152or whitespace. </p> 12153 12154<p> Whether specified in <a href="postconf.5.html">main.cf</a>, or on a per-destination basis, 12155the trust-anchor PEM file must be accessible to the Postfix SMTP 12156client in the chroot jail if applicable. The trust-anchor file 12157should contain only certificates and public keys, no private key 12158material, and must be readable by the non-privileged $<a href="postconf.5.html#mail_owner">mail_owner</a> 12159user. This allows destinations to be bound to a set of specific 12160CAs or public keys without trusting the same CAs for all destinations. 12161</p> 12162 12163<p> The <a href="postconf.5.html">main.cf</a> parameter supports single-purpose Postfix installations 12164that send mail to a fixed set of SMTP peers. At most sites, if 12165trust-anchor files are used at all, they will be specified on a 12166per-destination basis via the "tafile" attribute of the "verify" 12167and "secure" levels in <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>. </p> 12168 12169<p> The underlying mechanism is in support of <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA), 12170which defines mechanisms for a client to securely determine server 12171TLS certificates via DNS. </p> 12172 12173<p> If you want your trust anchors to be public keys, with OpenSSL 12174you can extract a single PEM public key from a PEM X.509 file 12175containing a single certificate, as follows: </p> 12176 12177<blockquote> 12178<pre> 12179$ openssl x509 -in cert.pem -out ta-key.pem -noout -pubkey 12180</pre> 12181</blockquote> 12182 12183<p> This feature is available in Postfix 2.11 and later. </p> 12184 12185 12186</DD> 12187 12188<DT><b><a name="smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> 12189(default: hostname)</b></DT><DD> 12190 12191<p> How the Postfix SMTP client verifies the server certificate 12192peername for the 12193"verify" TLS security level. In a "verify" TLS policy table 12194($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) entry the optional "match" attribute 12195overrides this <a href="postconf.5.html">main.cf</a> setting. </p> 12196 12197<p> This parameter specifies one or more patterns or strategies separated 12198by commas, whitespace or colons. In the policy table the only valid 12199separator is the colon character. </p> 12200 12201<p> Patterns specify domain names, or domain name suffixes: </p> 12202 12203<dl> 12204 12205<dt><i>example.com</i></dt> <dd> Match the <i>example.com</i> domain, 12206i.e. one of the names the server certificate must be <i>example.com</i>, 12207upper and lower case distinctions are ignored. </dd> 12208 12209<dt><i>.example.com</i></dt> 12210<dd> Match subdomains of the <i>example.com</i> domain, i.e. match 12211a name in the server certificate that consists of a non-zero number of 12212labels followed by a <i>.example.com</i> suffix. Case distinctions are 12213ignored.</dd> 12214 12215</dl> 12216 12217<p> Strategies specify a transformation from the next-hop domain 12218to the expected name in the server certificate: </p> 12219 12220<dl> 12221 12222<dt>nexthop</dt> 12223<dd> Match against the next-hop domain, which is either the recipient 12224domain, or the transport next-hop configured for the domain stripped of 12225any optional socket type prefix, enclosing square brackets and trailing 12226port. When MX lookups are not suppressed, this is the original nexthop 12227domain prior to the MX lookup, not the result of the MX lookup. For 12228LMTP delivery via UNIX-domain sockets, the verified next-hop name is 12229$<a href="postconf.5.html#myhostname">myhostname</a>. This strategy is suitable for use with the "secure" 12230policy. Case is ignored.</dd> 12231 12232<dt>dot-nexthop</dt> 12233<dd> As above, but match server certificate names that are subdomains 12234of the next-hop domain. Case is ignored.</dd> 12235 12236<dt>hostname</dt> <dd> Match against the hostname of the server, often 12237obtained via an unauthenticated DNS MX lookup. For LMTP delivery via 12238UNIX-domain sockets, the verified name is $<a href="postconf.5.html#myhostname">myhostname</a>. This matches 12239the verification strategy of the "MUST" keyword in the obsolete 12240<a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table, and is suitable for use with the "verify" 12241security level. When the next-hop name is enclosed in square brackets 12242to suppress MX lookups, the "hostname" strategy is the same as the 12243"nexthop" strategy. Case is ignored.</dd> 12244 12245</dl> 12246 12247<p> 12248Sample <a href="postconf.5.html">main.cf</a> setting: 12249</p> 12250 12251<pre> 12252<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> = hostname, nexthop, dot-nexthop 12253</pre> 12254 12255<p> 12256Sample policy table override: 12257</p> 12258 12259<pre> 12260example.com verify match=hostname:nexthop 12261.example.com verify match=example.com:.example.com:hostname 12262</pre> 12263 12264<p> This feature is available in Postfix 2.3 and later. </p> 12265 12266 12267</DD> 12268 12269<DT><b><a name="smtp_use_tls">smtp_use_tls</a> 12270(default: no)</b></DT><DD> 12271 12272<p> Opportunistic mode: use TLS when a remote SMTP server announces 12273STARTTLS support, otherwise send the mail in the clear. Beware: 12274some SMTP servers offer STARTTLS even if it is not configured. With 12275Postfix < 2.3, if the TLS handshake fails, and no other server is 12276available, delivery is deferred and mail stays in the queue. If this 12277is a concern for you, use the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> feature instead. </p> 12278 12279<p> This feature is available in Postfix 2.2 and later. With 12280Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p> 12281 12282 12283</DD> 12284 12285<DT><b><a name="smtp_xforward_timeout">smtp_xforward_timeout</a> 12286(default: 300s)</b></DT><DD> 12287 12288<p> 12289The Postfix SMTP client time limit for sending the XFORWARD command, 12290and for receiving the remote SMTP server response. 12291</p> 12292 12293<p> 12294Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 12295The default time unit is s (seconds). 12296</p> 12297 12298<p> 12299This feature is available in Postfix 2.1 and later. 12300</p> 12301 12302 12303</DD> 12304 12305<DT><b><a name="smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> 12306(default: $<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b></DT><DD> 12307 12308<p> What remote SMTP clients are allowed to specify the XVERP command. 12309This command requests that mail be delivered one recipient at a 12310time with a per recipient return address. </p> 12311 12312<p> By default, no clients are allowed to specify XVERP. </p> 12313 12314<p> This parameter was renamed with Postfix version 2.1. The default value 12315is backwards compatible with Postfix version 2.0. </p> 12316 12317<p> Specify a list of network/netmask patterns, separated by commas 12318and/or whitespace. The mask specifies the number of bits in the 12319network part of a host address. You can also specify hostnames or 12320.domain names (the initial dot causes the domain to match any name 12321below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" 12322pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 12323is matched when a table entry matches a lookup string (the lookup 12324result is ignored). Continue long lines by starting the next line 12325with whitespace. Specify "!pattern" to exclude an address or network 12326block from the list. The form "!/file/name" is supported only in 12327Postfix version 2.4 and later. </p> 12328 12329<p> Note: IP version 6 address information must be specified inside 12330<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> value, and in 12331files specified with "/file/name". IP version 6 addresses contain 12332the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 12333pattern. </p> 12334 12335 12336</DD> 12337 12338<DT><b><a name="smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> 12339(default: empty)</b></DT><DD> 12340 12341<p> 12342What remote SMTP clients are allowed to use the XCLIENT feature. This 12343command overrides remote SMTP client information that is used for access 12344control. Typical use is for SMTP-based content filters, fetchmail-like 12345programs, or SMTP server access rule testing. See the <a href="XCLIENT_README.html">XCLIENT_README</a> 12346document for details. 12347</p> 12348 12349<p> 12350This feature is available in Postfix 2.1 and later. 12351</p> 12352 12353<p> 12354By default, no clients are allowed to specify XCLIENT. 12355</p> 12356 12357<p> 12358Specify a list of network/netmask patterns, separated by commas 12359and/or whitespace. The mask specifies the number of bits in the 12360network part of a host address. You can also specify hostnames or 12361.domain names (the initial dot causes the domain to match any name 12362below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" 12363pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 12364is matched when a table entry matches a lookup string (the lookup 12365result is ignored). Continue long lines by starting the next line 12366with whitespace. Specify "!pattern" to exclude an address or network 12367block from the list. The form "!/file/name" is supported only in 12368Postfix version 2.4 and later. </p> 12369 12370<p> Note: IP version 6 address information must be specified inside 12371<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> value, and in 12372files specified with "/file/name". IP version 6 addresses contain 12373the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 12374pattern. </p> 12375 12376 12377</DD> 12378 12379<DT><b><a name="smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> 12380(default: empty)</b></DT><DD> 12381 12382<p> 12383What remote SMTP clients are allowed to use the XFORWARD feature. This 12384command forwards information that is used to improve logging after 12385SMTP-based content filters. See the <a href="XFORWARD_README.html">XFORWARD_README</a> document for 12386details. 12387</p> 12388 12389<p> 12390This feature is available in Postfix 2.1 and later. 12391</p> 12392 12393<p> 12394By default, no clients are allowed to specify XFORWARD. 12395</p> 12396 12397<p> 12398Specify a list of network/netmask patterns, separated by commas 12399and/or whitespace. The mask specifies the number of bits in the 12400network part of a host address. You can also specify hostnames or 12401.domain names (the initial dot causes the domain to match any name 12402below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" 12403pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table 12404is matched when a table entry matches a lookup string (the lookup 12405result is ignored). Continue long lines by starting the next line 12406with whitespace. Specify "!pattern" to exclude an address or network 12407block from the list. The form "!/file/name" is supported only in 12408Postfix version 2.4 and later. </p> 12409 12410<p> Note: IP version 6 address information must be specified inside 12411<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> value, and in 12412files specified with "/file/name". IP version 6 addresses contain 12413the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 12414pattern. </p> 12415 12416 12417</DD> 12418 12419<DT><b><a name="smtpd_banner">smtpd_banner</a> 12420(default: $<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b></DT><DD> 12421 12422<p> 12423The text that follows the 220 status code in the SMTP greeting 12424banner. Some people like to see the mail version advertised. By 12425default, Postfix shows no version. 12426</p> 12427 12428<p> 12429You MUST specify $<a href="postconf.5.html#myhostname">myhostname</a> at the start of the text. This is 12430required by the SMTP protocol. 12431</p> 12432 12433<p> 12434Example: 12435</p> 12436 12437<pre> 12438<a href="postconf.5.html#smtpd_banner">smtpd_banner</a> = $<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a> ($<a href="postconf.5.html#mail_version">mail_version</a>) 12439</pre> 12440 12441 12442</DD> 12443 12444<DT><b><a name="smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> 12445(default: 50)</b></DT><DD> 12446 12447<p> 12448How many simultaneous connections any client is allowed to 12449make to this service. By default, the limit is set to half 12450the default process limit value. 12451</p> 12452 12453<p> 12454To disable this feature, specify a limit of 0. 12455</p> 12456 12457<p> 12458WARNING: The purpose of this feature is to limit abuse. It must 12459not be used to regulate legitimate mail traffic. 12460</p> 12461 12462<p> 12463This feature is available in Postfix 2.2 and later. 12464</p> 12465 12466 12467</DD> 12468 12469<DT><b><a name="smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> 12470(default: 0)</b></DT><DD> 12471 12472<p> 12473The maximal number of connection attempts any client is allowed to 12474make to this service per time unit. The time unit is specified 12475with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter. 12476</p> 12477 12478<p> 12479By default, a client can make as many connections per time unit as 12480Postfix can accept. 12481</p> 12482 12483<p> 12484To disable this feature, specify a limit of 0. 12485</p> 12486 12487<p> 12488WARNING: The purpose of this feature is to limit abuse. It must 12489not be used to regulate legitimate mail traffic. 12490</p> 12491 12492<p> 12493This feature is available in Postfix 2.2 and later. 12494</p> 12495 12496<p> 12497Example: 12498</p> 12499 12500<pre> 12501<a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> = 1000 12502</pre> 12503 12504 12505</DD> 12506 12507<DT><b><a name="smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> 12508(default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)</b></DT><DD> 12509 12510<p> 12511Clients that are excluded from smtpd_client_*_count/rate_limit 12512restrictions. See the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter 12513description for the parameter value syntax. 12514</p> 12515 12516<p> 12517By default, clients in trusted networks are excluded. Specify a 12518list of network blocks, hostnames or .domain names (the initial 12519dot causes the domain to match any name below it). 12520</p> 12521 12522<p> Note: IP version 6 address information must be specified inside 12523<tt>[]</tt> in the <a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> value, and 12524in files specified with "/file/name". IP version 6 addresses 12525contain the ":" character, and would otherwise be confused with a 12526"<a href="DATABASE_README.html">type:table</a>" pattern. </p> 12527 12528<p> 12529This feature is available in Postfix 2.2 and later. 12530</p> 12531 12532 12533</DD> 12534 12535<DT><b><a name="smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> 12536(default: 0)</b></DT><DD> 12537 12538<p> 12539The maximal number of message delivery requests that any client is 12540allowed to make to this service per time unit, regardless of whether 12541or not Postfix actually accepts those messages. The time unit is 12542specified with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter. 12543</p> 12544 12545<p> 12546By default, a client can send as many message delivery requests 12547per time unit as Postfix can accept. 12548</p> 12549 12550<p> 12551To disable this feature, specify a limit of 0. 12552</p> 12553 12554<p> 12555WARNING: The purpose of this feature is to limit abuse. It must 12556not be used to regulate legitimate mail traffic. 12557</p> 12558 12559<p> 12560This feature is available in Postfix 2.2 and later. 12561</p> 12562 12563<p> 12564Example: 12565</p> 12566 12567<pre> 12568<a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> = 1000 12569</pre> 12570 12571 12572</DD> 12573 12574<DT><b><a name="smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> 12575(default: 0)</b></DT><DD> 12576 12577<p> 12578The maximal number of new (i.e., uncached) TLS sessions that a 12579remote SMTP client is allowed to negotiate with this service per 12580time unit. The time unit is specified with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> 12581configuration parameter. 12582</p> 12583 12584<p> 12585By default, a remote SMTP client can negotiate as many new TLS 12586sessions per time unit as Postfix can accept. 12587</p> 12588 12589<p> 12590To disable this feature, specify a limit of 0. Otherwise, specify 12591a limit that is at least the per-client concurrent session limit, 12592or else legitimate client sessions may be rejected. 12593</p> 12594 12595<p> 12596WARNING: The purpose of this feature is to limit abuse. It must 12597not be used to regulate legitimate mail traffic. 12598</p> 12599 12600<p> 12601This feature is available in Postfix 2.3 and later. 12602</p> 12603 12604<p> 12605Example: 12606</p> 12607 12608<pre> 12609<a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> = 100 12610</pre> 12611 12612 12613</DD> 12614 12615<DT><b><a name="smtpd_client_port_logging">smtpd_client_port_logging</a> 12616(default: no)</b></DT><DD> 12617 12618<p> Enable logging of the remote SMTP client port in addition to 12619the hostname and IP address. The logging format is "host[address]:port". 12620</p> 12621 12622<p> This feature is available in Postfix 2.5 and later. </p> 12623 12624 12625</DD> 12626 12627<DT><b><a name="smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> 12628(default: 0)</b></DT><DD> 12629 12630<p> 12631The maximal number of recipient addresses that any client is allowed 12632to send to this service per time unit, regardless of whether or not 12633Postfix actually accepts those recipients. The time unit is specified 12634with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter. 12635</p> 12636 12637<p> 12638By default, a client can send as many recipient addresses per time 12639unit as Postfix can accept. 12640</p> 12641 12642<p> 12643To disable this feature, specify a limit of 0. 12644</p> 12645 12646<p> 12647WARNING: The purpose of this feature is to limit abuse. It must 12648not be used to regulate legitimate mail traffic. 12649</p> 12650 12651<p> 12652This feature is available in Postfix 2.2 and later. 12653</p> 12654 12655<p> 12656Example: 12657</p> 12658 12659<pre> 12660<a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> = 1000 12661</pre> 12662 12663 12664</DD> 12665 12666<DT><b><a name="smtpd_client_restrictions">smtpd_client_restrictions</a> 12667(default: empty)</b></DT><DD> 12668 12669<p> 12670Optional restrictions that the Postfix SMTP server applies in the 12671context of a client connection request. 12672See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 12673restriction lists" for a discussion of evaluation context and time. 12674</p> 12675 12676<p> 12677The default is to allow all connection requests. 12678</p> 12679 12680<p> 12681Specify a list of restrictions, separated by commas and/or whitespace. 12682Continue long lines by starting the next line with whitespace. 12683Restrictions are applied in the order as specified; the first 12684restriction that matches wins. 12685</p> 12686 12687<p> 12688The following restrictions are specific to client hostname or 12689client network address information. 12690</p> 12691 12692<dl> 12693 12694<dt><b><a name="check_ccert_access">check_ccert_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12695 12696<dd> Use the remote SMTP client certificate fingerprint or the public key 12697fingerprint (Postfix 2.9 and later) as lookup key for the specified 12698<a href="access.5.html">access(5)</a> database; with Postfix version 2.2, also require that the 12699remote SMTP client certificate is verified successfully. 12700The fingerprint digest algorithm is configurable via the 12701<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to 12702Postfix version 2.5). This feature is available with Postfix version 127032.2 and later. </dd> 12704 12705<dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12706 12707<dd>Search the specified access database for the client hostname, 12708parent domains, client IP address, or networks obtained by stripping 12709least significant octets. See the <a href="access.5.html">access(5)</a> manual page for details. </dd> 12710 12711<dt><b><a name="check_client_mx_access">check_client_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12712 12713<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for the 12714client hostname, and execute the corresponding action. Note: a result 12715of "OK" is not allowed for safety reasons. Instead, use DUNNO in order 12716to exclude specific hosts from blacklists. This feature is available 12717in Postfix 2.7 and later. </dd> 12718 12719<dt><b><a name="check_client_ns_access">check_client_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12720 12721<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers for 12722the client hostname, and execute the corresponding action. Note: a 12723result of "OK" is not allowed for safety reasons. Instead, use DUNNO 12724in order to exclude specific hosts from blacklists. This feature is 12725available in Postfix 2.7 and later. </dd> 12726 12727<dt><b><a name="check_reverse_client_hostname_access">check_reverse_client_hostname_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12728 12729<dd>Search the specified access database for the unverified reverse 12730client hostname, parent domains, client IP address, or networks 12731obtained by stripping least significant octets. See the <a href="access.5.html">access(5)</a> 12732manual page for details. Note: a result of "OK" is not allowed for 12733safety reasons. Instead, use DUNNO in order to exclude specific 12734hosts from blacklists. This feature is available in Postfix 2.6 12735and later.</dd> 12736 12737<dt><b><a name="check_reverse_client_hostname_mx_access">check_reverse_client_hostname_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12738 12739<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for the 12740unverified reverse client hostname, and execute the corresponding 12741action. Note: a result of "OK" is not allowed for safety reasons. 12742Instead, use DUNNO in order to exclude specific hosts from blacklists. 12743This feature is available in Postfix 2.7 and later. </dd> 12744 12745<dt><b><a name="check_reverse_client_hostname_ns_access">check_reverse_client_hostname_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12746 12747<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers for 12748the unverified reverse client hostname, and execute the corresponding 12749action. Note: a result of "OK" is not allowed for safety reasons. 12750Instead, use DUNNO in order to exclude specific hosts from blacklists. 12751This feature is available in Postfix 2.7 and later. </dd> 12752 12753<dt><b><a name="check_sasl_access">check_sasl_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 12754 12755<dd> Use the remote SMTP client SASL user name as lookup key for 12756the specified <a href="access.5.html">access(5)</a> database. The lookup key has the form 12757"username@domainname" when the <a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> parameter 12758value is non-empty. Unlike the <a href="postconf.5.html#check_client_access">check_client_access</a> feature, 12759<a href="postconf.5.html#check_sasl_access">check_sasl_access</a> does not perform matches of parent domains or IP 12760subnet ranges. This feature is available with Postfix version 2.11 12761and later. </dd> 12762 12763<dt><b><a name="permit_inet_interfaces">permit_inet_interfaces</a></b></dt> 12764 12765<dd>Permit the request when the client IP address matches 12766$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. </dd> 12767 12768<dt><b><a name="permit_mynetworks">permit_mynetworks</a></b></dt> 12769 12770<dd>Permit the request when the client IP address matches any 12771network or network address listed in $<a href="postconf.5.html#mynetworks">mynetworks</a>. </dd> 12772 12773<dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt> 12774 12775<dd> Permit the request when the client is successfully 12776authenticated via the <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH) protocol. </dd> 12777 12778<dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt> 12779 12780<dd> Permit the request when the remote SMTP client certificate is 12781verified successfully. This option must be used only if a special 12782CA issues the certificates and only this CA is listed as trusted 12783CA. Otherwise, clients with a third-party certificate would also 12784be allowed to relay. Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" when the 12785trusted CA is specified with <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> or <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>, 12786to prevent Postfix from appending the system-supplied default CAs. 12787This feature is available with Postfix version 2.2.</dd> 12788 12789<dt><b><a name="permit_tls_clientcerts">permit_tls_clientcerts</a></b></dt> 12790 12791<dd>Permit the request when the remote SMTP client certificate 12792fingerprint or public key fingerprint (Postfix 2.9 and later) is 12793listed in $<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a>. 12794The fingerprint digest algorithm is configurable via the 12795<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to 12796Postfix version 2.5). This feature is available with Postfix version 127972.2. </dd> 12798 12799<dt><b><a name="reject_rbl_client">reject_rbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 12800 12801<dd>Reject the request when the reversed client network address is 12802listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> 12803(Postfix version 2.1 and later only). Each "<i>d</i>" is a number, 12804or a pattern inside "[]" that contains one or more ";"-separated 12805numbers or number..number ranges (Postfix version 2.8 and later). 12806If no "<i>=d.d.d.d</i>" is specified, reject the request when the 12807reversed client network address is listed with any A record under 12808<i>rbl_domain</i>. <br> 12809The <a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> parameter specifies the response code for 12810rejected requests (default: 554), the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter 12811specifies the default server reply, and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter 12812specifies tables with server replies indexed by <i>rbl_domain</i>. 12813This feature is available in Postfix 2.0 and later. </dd> 12814 12815<dt><b><a name="permit_dnswl_client">permit_dnswl_client <i>dnswl_domain=d.d.d.d</i></a></b></dt> 12816 12817<dd>Accept the request when the reversed client network address is 12818listed with the A record "<i>d.d.d.d</i>" under <i>dnswl_domain</i>. 12819Each "<i>d</i>" is a number, or a pattern inside "[]" that contains 12820one or more ";"-separated numbers or number..number ranges. 12821If no "<i>=d.d.d.d</i>" is specified, accept the request when the 12822reversed client network address is listed with any A record under 12823<i>dnswl_domain</i>. <br> For safety, <a href="postconf.5.html#permit_dnswl_client">permit_dnswl_client</a> is silently 12824ignored when it would override <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>. The 12825result is DEFER_IF_REJECT when whitelist lookup fails. This feature 12826is available in Postfix 2.8 and later. </dd> 12827 12828<dt><b><a name="reject_rhsbl_client">reject_rhsbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 12829 12830<dd>Reject the request when the client hostname is listed with the 12831A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version 128322.1 and later only). Each "<i>d</i>" is a number, or a pattern 12833inside "[]" that contains one or more ";"-separated numbers or 12834number..number ranges (Postfix version 2.8 and later). If no 12835"<i>=d.d.d.d</i>" is specified, reject the request when the client 12836hostname is listed with 12837any A record under <i>rbl_domain</i>. See the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> 12838description above for additional RBL related configuration parameters. 12839This feature is available in Postfix 2.0 and later; with Postfix 12840version 2.8 and later, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a> will usually 12841produce better results. </dd> 12842 12843<dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt> 12844 12845<dd>Accept the request when the client hostname is listed with the 12846A record "<i>d.d.d.d</i>" under <i>rhswl_domain</i>. Each "<i>d</i>" 12847is a number, or a pattern inside "[]" that contains one or more 12848";"-separated numbers or number..number ranges. If no 12849"<i>=d.d.d.d</i>" is specified, accept the request when the client 12850hostname is listed with any A record under <i>rhswl_domain</i>. 12851<br> Caution: client name whitelisting is fragile, since the client 12852name lookup can fail due to temporary outages. Client name 12853whitelisting should be used only to reduce false positives in e.g. 12854DNS-based blocklists, and not for making access rule exceptions. 12855<br> For safety, <a href="postconf.5.html#permit_rhswl_client">permit_rhswl_client</a> is silently ignored when it 12856would override <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>. The result is DEFER_IF_REJECT 12857when whitelist lookup fails. This feature is available in Postfix 128582.8 and later. </dd> 12859 12860<dt><b><a name="reject_rhsbl_reverse_client">reject_rhsbl_reverse_client <i>rbl_domain=d.d.d.d</i></a></b></dt> 12861 12862<dd>Reject the request when the unverified reverse client hostname 12863is listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>. 12864Each "<i>d</i>" is a number, or a pattern inside "[]" that contains 12865one or more ";"-separated numbers or number..number ranges. 12866If no "<i>=d.d.d.d</i>" is specified, reject the request when the 12867unverified reverse client hostname is listed with any A record under 12868<i>rbl_domain</i>. See the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> description above for 12869additional RBL related configuration parameters. This feature is 12870available in Postfix 2.8 and later. </dd> 12871 12872<dt><b><a name="reject_unknown_client_hostname">reject_unknown_client_hostname</a></b> (with Postfix < 2.3: reject_unknown_client)</dt> 12873 12874<dd>Reject the request when 1) the client IP address->name mapping 12875fails, 2) the name->address mapping fails, or 3) the name->address 12876mapping does not match the client IP address. <br> This is a 12877stronger restriction than the <a href="postconf.5.html#reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a> 12878feature, which triggers only under condition 1) above. <br> The 12879<a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> parameter specifies the response code 12880for rejected requests (default: 450). The reply is always 450 in 12881case the address->name or name->address lookup failed due to 12882a temporary problem. </dd> 12883 12884<dt><b><a name="reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a></b></dt> 12885 12886<dd>Reject the request when the client IP address has no address->name 12887mapping. <br> This is a weaker restriction than the 12888<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> feature, which requires not only 12889that the address->name and name->address mappings exist, but 12890also that the two mappings reproduce the client IP address. <br> 12891The <a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> parameter specifies the response 12892code for rejected requests (default: 450). The reply is always 450 12893in case the address->name lookup failed due to a temporary 12894problem. <br> This feature is available in Postfix 2.3 and 12895later. </dd> 12896 12897</dl> 12898 12899<p> 12900In addition, you can use any of the following <a name="generic"> 12901generic</a> restrictions. These restrictions are applicable in 12902any SMTP command context. 12903</p> 12904 12905<dl> 12906 12907<dt><b><a name="check_policy_service">check_policy_service <i>servername</i></a></b></dt> 12908 12909<dd>Query the specified policy server. See the <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> 12910document for details. This feature is available in Postfix 2.1 12911and later. </dd> 12912 12913<dt><b><a name="defer">defer</a></b></dt> 12914 12915<dd>Defer the request. The client is told to try again later. This 12916restriction is useful at the end of a restriction list, to make 12917the default policy explicit. <br> The <a href="postconf.5.html#defer_code">defer_code</a> parameter specifies 12918the SMTP server reply code (default: 450).</dd> 12919 12920<dt><b><a name="defer_if_permit">defer_if_permit</a></b></dt> 12921 12922<dd>Defer the request if some later restriction would result in an 12923explicit or implicit PERMIT action. This is useful when a blacklisting 12924feature fails due to a temporary problem. This feature is available 12925in Postfix version 2.1 and later. </dd> 12926 12927<dt><b><a name="defer_if_reject">defer_if_reject</a></b></dt> 12928 12929<dd>Defer the request if some later restriction would result in a 12930REJECT action. This is useful when a whitelisting feature fails 12931due to a temporary problem. This feature is available in Postfix 12932version 2.1 and later. </dd> 12933 12934<dt><b><a name="permit">permit</a></b></dt> 12935 12936<dd>Permit the request. This restriction is useful at the end of 12937a restriction list, to make the default policy explicit.</dd> 12938 12939<dt><b><a name="reject_multi_recipient_bounce">reject_multi_recipient_bounce</a></b></dt> 12940 12941<dd>Reject the request when the envelope sender is the null address, 12942and the message has multiple envelope recipients. This usage has 12943rare but legitimate applications: under certain conditions, 12944multi-recipient mail that was posted with the DSN option NOTIFY=NEVER 12945may be forwarded with the null sender address. 12946<br> Note: this restriction can only work reliably 12947when used in <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> or 12948<a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a>, because the total number of 12949recipients is not known at an earlier stage of the SMTP conversation. 12950Use at the RCPT stage will only reject the second etc. recipient. 12951<br> 12952The <a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> parameter specifies the 12953response code for rejected requests (default: 550). This feature 12954is available in Postfix 2.1 and later. </dd> 12955 12956<dt><b><a name="reject_plaintext_session">reject_plaintext_session</a></b></dt> 12957 12958<dd>Reject the request when the connection is not encrypted. This 12959restriction should not be used before the client has had a chance 12960to negotiate encryption with the AUTH or STARTTLS commands. 12961<br> 12962The <a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> parameter specifies the response 12963code for rejected requests (default: 450). This feature is available 12964in Postfix 2.3 and later. </dd> 12965 12966<dt><b><a name="reject_unauth_pipelining">reject_unauth_pipelining</a></b></dt> 12967 12968<dd>Reject the request when the client sends SMTP commands ahead 12969of time where it is not allowed, or when the client sends SMTP 12970commands ahead of time without knowing that Postfix actually supports 12971ESMTP command pipelining. This stops mail from bulk mail software 12972that improperly uses ESMTP command pipelining in order to speed up 12973deliveries. 12974<br> With Postfix 2.6 and later, the SMTP server sets a per-session 12975flag whenever it detects illegal pipelining, including pipelined 12976EHLO or HELO commands. The <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> feature simply 12977tests whether the flag was set at any point in time during the 12978session. 12979<br> With older Postfix versions, <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> checks 12980the current status of the input read queue, and its usage is not 12981recommended in contexts other than <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a>. </dd> 12982 12983<dt><b><a name="reject">reject</a></b></dt> 12984 12985<dd>Reject the request. This restriction is useful at the end of 12986a restriction list, to make the default policy explicit. The 12987<a href="postconf.5.html#reject_code">reject_code</a> configuration parameter specifies the response code for 12988rejected requests (default: 554).</dd> 12989 12990<dt><b><a name="sleep">sleep <i>seconds</i></a></b></dt> 12991 12992<dd>Pause for the specified number of seconds and proceed with 12993the next restriction in the list, if any. This may stop zombie 12994mail when used as: 12995<pre> 12996/etc/postfix/<a href="postconf.5.html">main.cf</a>: 12997 <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = 12998 sleep 1, <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> 12999 <a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = no 13000</pre> 13001This feature is available in Postfix 2.3. </dd> 13002 13003<dt><b><a name="warn_if_reject">warn_if_reject</a></b></dt> 13004 13005<dd> A safety net for testing. When "<a href="postconf.5.html#warn_if_reject">warn_if_reject</a>" is placed 13006before a reject-type restriction, access table query, or 13007<a href="postconf.5.html#check_policy_service">check_policy_service</a> query, this logs a "reject_warning" message 13008instead of rejecting a request (when a reject-type restriction fails 13009due to a temporary error, this logs a "reject_warning" message for 13010any implicit "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" actions that would normally prevent 13011mail from being accepted by some later access restriction). This 13012feature has no effect on <a href="postconf.5.html#defer_if_reject">defer_if_reject</a> restrictions. </dd> 13013 13014</dl> 13015 13016<p> 13017Other restrictions that are valid in this context: 13018</p> 13019 13020<ul> 13021 13022<li> SMTP command specific restrictions that are described under 13023the <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>, <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or 13024<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameters. When helo, sender or 13025recipient restrictions are listed under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, 13026they have effect only with "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that 13027$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> is evaluated at the time of the RCPT TO 13028command. 13029 13030</ul> 13031 13032<p> 13033Example: 13034</p> 13035 13036<pre> 13037<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> 13038</pre> 13039 13040 13041</DD> 13042 13043<DT><b><a name="smtpd_command_filter">smtpd_command_filter</a> 13044(default: empty)</b></DT><DD> 13045 13046<p> A mechanism to transform commands from remote SMTP clients. 13047This is a last-resort tool to work around client commands that break 13048inter-operability with the Postfix SMTP server. Other uses involve 13049fault injection to test Postfix's handling of invalid commands. 13050</p> 13051 13052<p> Specify the name of a "<a href="DATABASE_README.html">type:table</a>" lookup table. The search 13053string is the SMTP command as received from the remote SMTP client, 13054except that initial whitespace and the trailing <CR><LF> 13055are removed. The result value is executed by the Postfix SMTP 13056server. </p> 13057 13058<p> There is no need to use <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> for the following 13059cases: </p> 13060 13061<ul> 13062 13063<li> <p> Use "<a href="postconf.5.html#resolve_numeric_domain">resolve_numeric_domain</a> = yes" to accept 13064"<i>user@ipaddress</i>". </p> 13065 13066<li> <p> Postfix already accepts the correct form 13067"<i>user@[ipaddress]</i>". Use <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> or <a href="postconf.5.html#canonical_maps">canonical_maps</a> 13068to translate these into domain names if necessary. </p> 13069 13070<li> <p> Use "<a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> = no" to accept "RCPT TO:<<i>User 13071Name <user@example.com>></i>". Postfix will ignore the "<i>User 13072Name</i>" part and deliver to the <i><user@example.com></i> address. 13073</p> 13074 13075</ul> 13076 13077<p> Examples of problems that can be solved with the <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> 13078feature: </p> 13079 13080<pre> 13081/etc/postfix/<a href="postconf.5.html">main.cf</a>: 13082 <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/command_filter 13083</pre> 13084 13085<pre> 13086/etc/postfix/command_filter: 13087 # Work around clients that send malformed HELO commands. 13088 /^HELO\s*$/ HELO domain.invalid 13089</pre> 13090 13091<pre> 13092 # Work around clients that send empty lines. 13093 /^\s*$/ NOOP 13094</pre> 13095 13096<pre> 13097 # Work around clients that send RCPT TO:<'user@domain'>. 13098 # WARNING: do not lose the parameters that follow the address. 13099 /^RCPT\s+TO:\s*<'([^[:space:]]+)'>(.*)/ RCPT TO:<$1>$2 13100</pre> 13101 13102<pre> 13103 # Append XVERP to MAIL FROM commands to request VERP-style delivery. 13104 # See <a href="VERP_README.html">VERP_README</a> for more information on how to use Postfix VERP. 13105 /^(MAIL FROM:<listname@example\.com>.*)/ $1 XVERP 13106</pre> 13107 13108<pre> 13109 # Bounce-never mail sink. Use <a href="postconf.5.html#notify_classes">notify_classes</a>=bounce,resource,software 13110 # to send bounced mail to the postmaster (with message body removed). 13111 /^(RCPT\s+TO:<.*>.*)\s+NOTIFY=\S+(.*)/ $1 NOTIFY=NEVER$2 13112 /^(RCPT\s+TO:.*)/ $1 NOTIFY=NEVER 13113</pre> 13114 13115<p> This feature is available in Postfix 2.7. </p> 13116 13117 13118</DD> 13119 13120<DT><b><a name="smtpd_data_restrictions">smtpd_data_restrictions</a> 13121(default: empty)</b></DT><DD> 13122 13123<p> 13124Optional access restrictions that the Postfix SMTP server applies 13125in the context of the SMTP DATA command. 13126See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 13127restriction lists" for a discussion of evaluation context and time. 13128</p> 13129 13130<p> 13131This feature is available in Postfix 2.0 and later. 13132</p> 13133 13134<p> 13135Specify a list of restrictions, separated by commas and/or whitespace. 13136Continue long lines by starting the next line with whitespace. 13137Restrictions are applied in the order as specified; the first 13138restriction that matches wins. 13139</p> 13140 13141<p> 13142The following restrictions are valid in this context: 13143</p> 13144 13145<ul> 13146 13147<li><a href="#generic">Generic</a> restrictions that can be used 13148in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 13149 13150<li>SMTP command specific restrictions described under 13151<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>, 13152<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. 13153 13154<li>However, no recipient information is available in the case of 13155multi-recipient mail. Acting on only one recipient would be misleading, 13156because any decision will affect all recipients equally. Acting on 13157all recipients would require a possibly very large amount of memory, 13158and would also be misleading for the reasons mentioned before. 13159 13160</ul> 13161 13162<p> 13163Examples: 13164</p> 13165 13166<pre> 13167<a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> 13168<a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> 13169</pre> 13170 13171 13172</DD> 13173 13174<DT><b><a name="smtpd_delay_open_until_valid_rcpt">smtpd_delay_open_until_valid_rcpt</a> 13175(default: yes)</b></DT><DD> 13176 13177<p> Postpone the start of an SMTP mail transaction until a valid 13178RCPT TO command is received. Specify "no" to create a mail transaction 13179as soon as the Postfix SMTP server receives a valid MAIL FROM 13180command. </p> 13181 13182<p> With sites that reject lots of mail, the default setting reduces 13183the use of 13184disk, CPU and memory resources. The downside is that rejected 13185recipients are logged with NOQUEUE instead of a mail transaction 13186ID. This complicates the logfile analysis of multi-recipient mail. 13187</p> 13188 13189<p> This feature is available in Postfix 2.3 and later. </p> 13190 13191 13192</DD> 13193 13194<DT><b><a name="smtpd_delay_reject">smtpd_delay_reject</a> 13195(default: yes)</b></DT><DD> 13196 13197<p> 13198Wait until the RCPT TO command before evaluating 13199$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and 13200$<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until the ETRN command before 13201evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>. 13202</p> 13203 13204<p> 13205This feature is turned on by default because some clients apparently 13206mis-behave when the Postfix SMTP server rejects commands before 13207RCPT TO. 13208</p> 13209 13210<p> 13211The default setting has one major benefit: it allows Postfix to log 13212recipient address information when rejecting a client name/address 13213or sender address, so that it is possible to find out whose mail 13214is being rejected. 13215</p> 13216 13217 13218</DD> 13219 13220<DT><b><a name="smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> 13221(default: empty)</b></DT><DD> 13222 13223<p> Lookup tables, indexed by the remote SMTP client address, with 13224case insensitive lists of EHLO keywords (pipelining, starttls, auth, 13225etc.) that the Postfix SMTP server will not send in the EHLO response 13226to a 13227remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> for details. 13228The table is not searched by hostname for robustness reasons. </p> 13229 13230<p> This feature is available in Postfix 2.2 and later. </p> 13231 13232 13233</DD> 13234 13235<DT><b><a name="smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> 13236(default: empty)</b></DT><DD> 13237 13238<p> A case insensitive list of EHLO keywords (pipelining, starttls, 13239auth, etc.) that the Postfix SMTP server will not send in the EHLO 13240response 13241to a remote SMTP client. </p> 13242 13243<p> This feature is available in Postfix 2.2 and later. </p> 13244 13245<p> Notes: </p> 13246 13247<ul> 13248 13249<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent 13250this action from being logged. </p> 13251 13252<li> <p> Use the <a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> feature 13253to discard EHLO keywords selectively. </p> 13254 13255</ul> 13256 13257 13258</DD> 13259 13260<DT><b><a name="smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> 13261(default: empty)</b></DT><DD> 13262 13263<p> Optional access restrictions that the Postfix SMTP server 13264applies in the context of the SMTP END-OF-DATA command. 13265See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 13266restriction lists" for a discussion of evaluation context and time. 13267</p> 13268 13269<p> This feature is available in Postfix 2.2 and later. </p> 13270 13271<p> See <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> for details and limitations. </p> 13272 13273 13274</DD> 13275 13276<DT><b><a name="smtpd_enforce_tls">smtpd_enforce_tls</a> 13277(default: no)</b></DT><DD> 13278 13279<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, 13280and require that clients use TLS encryption. According to <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> 13281this MUST NOT be applied in case of a publicly-referenced SMTP 13282server. This option is therefore off by default. </p> 13283 13284<p> Note 1: "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p> 13285 13286<p> Note 2: when invoked via "<b>sendmail -bs</b>", Postfix will never offer 13287STARTTLS due to insufficient privileges to access the server private 13288key. This is intended behavior. </p> 13289 13290<p> This feature is available in Postfix 2.2 and later. With 13291Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p> 13292 13293 13294</DD> 13295 13296<DT><b><a name="smtpd_error_sleep_time">smtpd_error_sleep_time</a> 13297(default: 1s)</b></DT><DD> 13298 13299<p>With Postfix version 2.1 and later: the SMTP server response delay after 13300a client has made more than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and 13301fewer than $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering mail. 13302</p> 13303 13304<p>With Postfix version 2.0 and earlier: the SMTP server delay before 13305sending a reject (4xx or 5xx) response, when the client has made 13306fewer than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors without delivering 13307mail. </p> 13308 13309 13310</DD> 13311 13312<DT><b><a name="smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> 13313(default: empty)</b></DT><DD> 13314 13315<p> 13316Optional restrictions that the Postfix SMTP server applies in the 13317context of a client ETRN command. 13318See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 13319restriction lists" for a discussion of evaluation context and time. 13320</p> 13321 13322<p> 13323The Postfix ETRN implementation accepts only destinations that are 13324eligible for the Postfix "fast flush" service. See the <a href="ETRN_README.html">ETRN_README</a> 13325file for details. 13326</p> 13327 13328<p> 13329Specify a list of restrictions, separated by commas and/or whitespace. 13330Continue long lines by starting the next line with whitespace. 13331Restrictions are applied in the order as specified; the first 13332restriction that matches wins. 13333</p> 13334 13335<p> 13336The following restrictions are specific to the domain name information 13337received with the ETRN command. 13338</p> 13339 13340<dl> 13341 13342<dt><b><a name="check_etrn_access">check_etrn_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13343 13344<dd>Search the specified access database for the ETRN domain name 13345or its parent domains. See the <a href="access.5.html">access(5)</a> manual page for details. 13346</dd> 13347 13348</dl> 13349 13350<p> 13351Other restrictions that are valid in this context: 13352</p> 13353 13354<ul> 13355 13356<li><a href="#generic">Generic</a> restrictions that can be used 13357in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 13358 13359<li>SMTP command specific restrictions described under 13360<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>. 13361 13362</ul> 13363 13364<p> 13365Example: 13366</p> 13367 13368<pre> 13369<a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, reject 13370</pre> 13371 13372 13373</DD> 13374 13375<DT><b><a name="smtpd_expansion_filter">smtpd_expansion_filter</a> 13376(default: see "postconf -d" output)</b></DT><DD> 13377 13378<p> 13379What characters are allowed in $name expansions of RBL reply 13380templates. Characters not in the allowed set are replaced by "_". 13381Use C like escapes to specify special characters such as whitespace. 13382</p> 13383 13384<p> 13385This parameter is not subjected to $parameter expansion. 13386</p> 13387 13388<p> 13389This feature is available in Postfix 2.0 and later. 13390</p> 13391 13392 13393</DD> 13394 13395<DT><b><a name="smtpd_forbidden_commands">smtpd_forbidden_commands</a> 13396(default: CONNECT, GET, POST)</b></DT><DD> 13397 13398<p> 13399List of commands that cause the Postfix SMTP server to immediately 13400terminate the session with a 221 code. This can be used to disconnect 13401clients that obviously attempt to abuse the system. In addition to the 13402commands listed in this parameter, commands that follow the "Label:" 13403format of message headers will also cause a disconnect. 13404</p> 13405 13406<p> 13407This feature is available in Postfix 2.2 and later. 13408</p> 13409 13410 13411</DD> 13412 13413<DT><b><a name="smtpd_hard_error_limit">smtpd_hard_error_limit</a> 13414(default: normal: 20, overload: 1)</b></DT><DD> 13415 13416<p> 13417The maximal number of errors a remote SMTP client is allowed to 13418make without delivering mail. The Postfix SMTP server disconnects 13419when the limit is exceeded. Normally the default limit is 20, but 13420it changes under overload to just 1. With Postfix 2.5 and earlier, 13421the SMTP server always allows up to 20 errors by default. 13422 13423</p> 13424 13425 13426</DD> 13427 13428<DT><b><a name="smtpd_helo_required">smtpd_helo_required</a> 13429(default: no)</b></DT><DD> 13430 13431<p> 13432Require that a remote SMTP client introduces itself with the HELO 13433or EHLO command before sending the MAIL command or other commands 13434that require EHLO negotiation. 13435</p> 13436 13437<p> 13438Example: 13439</p> 13440 13441<pre> 13442<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes 13443</pre> 13444 13445 13446</DD> 13447 13448<DT><b><a name="smtpd_helo_restrictions">smtpd_helo_restrictions</a> 13449(default: empty)</b></DT><DD> 13450 13451<p> 13452Optional restrictions that the Postfix SMTP server applies in the 13453context of a client HELO command. 13454See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 13455restriction lists" for a discussion of evaluation context and time. 13456</p> 13457 13458<p> 13459The default is to permit everything. 13460</p> 13461 13462<p> Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 13463restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 13464simply skip <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> by not sending HELO or EHLO). 13465</p> 13466 13467<p> 13468Specify a list of restrictions, separated by commas and/or whitespace. 13469Continue long lines by starting the next line with whitespace. 13470Restrictions are applied in the order as specified; the first 13471restriction that matches wins. 13472</p> 13473 13474<p> 13475The following restrictions are specific to the hostname information 13476received with the HELO or EHLO command. 13477</p> 13478 13479<dl> 13480 13481<dt><b><a name="check_helo_access">check_helo_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13482 13483<dd>Search the specified <a href="access.5.html">access(5)</a> database for the HELO or EHLO 13484hostname or parent domains, and execute the corresponding action. 13485Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 13486restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 13487simply skip <a href="postconf.5.html#check_helo_access">check_helo_access</a> by not sending HELO or EHLO). </dd> 13488 13489<dt><b><a name="check_helo_mx_access">check_helo_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13490 13491<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for 13492the HELO or EHLO hostname, and execute the corresponding action. 13493Note 1: a result of "OK" is not allowed for safety reasons. Instead, 13494use DUNNO in order to exclude specific hosts from blacklists. Note 134952: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 13496restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 13497simply skip <a href="postconf.5.html#check_helo_mx_access">check_helo_mx_access</a> by not sending HELO or EHLO). This 13498feature is available in Postfix 2.1 and later. 13499</dd> 13500 13501<dt><b><a name="check_helo_ns_access">check_helo_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13502 13503<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers 13504for the HELO or EHLO hostname, and execute the corresponding action. 13505Note 1: a result of "OK" is not allowed for safety reasons. Instead, 13506use DUNNO in order to exclude specific hosts from blacklists. Note 135072: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this 13508restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can 13509simply skip <a href="postconf.5.html#check_helo_ns_access">check_helo_ns_access</a> by not sending HELO or EHLO). This 13510feature is available in Postfix 2.1 and later. 13511</dd> 13512 13513<dt><b><a name="reject_invalid_helo_hostname">reject_invalid_helo_hostname</a></b> (with Postfix < 2.3: reject_invalid_hostname)</dt> 13514 13515<dd>Reject the request when the HELO or EHLO hostname is malformed. 13516Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce 13517this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can simply 13518skip <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> by not sending HELO or EHLO). 13519<br> The <a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> specifies the response code 13520for rejected requests (default: 501).</dd> 13521 13522<dt><b><a name="reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a></b> (with Postfix < 2.3: reject_non_fqdn_hostname)</dt> 13523 13524<dd>Reject the request when the HELO or EHLO hostname is not in 13525fully-qualified domain or address literal form, as required by the 13526RFC. Note: specify 13527"<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this restriction 13528(without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can simply skip 13529<a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a> by not sending HELO or EHLO). <br> 13530The <a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for 13531rejected requests (default: 504).</dd> 13532 13533<dt><b><a name="reject_rhsbl_helo">reject_rhsbl_helo <i>rbl_domain=d.d.d.d</i></a></b></dt> 13534 13535<dd>Reject the request when the HELO or EHLO hostname is 13536listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> 13537(Postfix version 2.1 and later only). Each "<i>d</i>" is a number, 13538or a pattern inside "[]" that contains one or more ";"-separated 13539numbers or number..number ranges (Postfix version 2.8 and later). 13540If no "<i>=d.d.d.d</i>" is 13541specified, reject the request when the HELO or EHLO hostname is 13542listed with any A record under <i>rbl_domain</i>. See the 13543<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> description for additional RBL related configuration 13544parameters. Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully 13545enforce this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a 13546client can simply skip <a href="postconf.5.html#reject_rhsbl_helo">reject_rhsbl_helo</a> by not sending HELO or 13547EHLO). This feature is available in Postfix 2.0 13548and later. </dd> 13549 13550<dt><b><a name="reject_unknown_helo_hostname">reject_unknown_helo_hostname</a></b> (with Postfix < 2.3: reject_unknown_hostname)</dt> 13551 13552<dd>Reject the request when the HELO or EHLO hostname has no DNS A 13553or MX record. <br> The <a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> parameter 13554specifies the numerical response code for rejected requests (default: 13555450). <br> The <a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> parameter 13556specifies the action after a temporary DNS error (default: 13557<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully 13558enforce this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a 13559client can simply skip <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> by not sending 13560HELO or EHLO). </dd> 13561 13562</dl> 13563 13564<p> 13565Other restrictions that are valid in this context: 13566</p> 13567 13568<ul> 13569 13570<li> <a href="#generic">Generic</a> restrictions that can be used 13571in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 13572 13573<li> Client hostname or network address specific restrictions 13574described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 13575 13576<li> SMTP command specific restrictions described under 13577<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. When 13578sender or recipient restrictions are listed under <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>, 13579they have effect only with "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that 13580$<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> is evaluated at the time of the RCPT TO 13581command. 13582 13583</ul> 13584 13585<p> 13586Examples: 13587</p> 13588 13589<pre> 13590<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> 13591<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> 13592</pre> 13593 13594 13595</DD> 13596 13597<DT><b><a name="smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> 13598(default: 100)</b></DT><DD> 13599 13600<p> 13601The maximal number of lines in the Postfix SMTP server command history 13602before it is flushed upon receipt of EHLO, RSET, or end of DATA. 13603</p> 13604 13605 13606</DD> 13607 13608<DT><b><a name="smtpd_junk_command_limit">smtpd_junk_command_limit</a> 13609(default: normal: 100, overload: 1)</b></DT><DD> 13610 13611<p> 13612The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote 13613SMTP client can send before the Postfix SMTP server starts to 13614increment the error counter with each junk command. The junk 13615command count is reset after mail is delivered. See also the 13616<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> and <a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> configuration 13617parameters. Normally the default limit is 100, but it changes under 13618overload to just 1. With Postfix 2.5 and earlier, the SMTP server 13619always allows up to 100 junk commands by default. </p> 13620 13621 13622</DD> 13623 13624<DT><b><a name="smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> 13625(default: empty)</b></DT><DD> 13626 13627<p> Enable logging of the named "permit" actions in SMTP server 13628access lists (by default, the SMTP server logs "reject" actions but 13629not "permit" actions). This feature does not affect conditional 13630actions such as "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>". </p> 13631 13632<p> Specify a list of "permit" action names, "/file/name" or 13633"<a href="DATABASE_README.html">type:table</a>" patterns, separated by commas and/or whitespace. The 13634list is matched left to right, and the search stops on the first 13635match. A "/file/name" pattern is replaced by its contents; a 13636"<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name matches a lookup 13637key (the lookup result is ignored). Continue long lines by starting 13638the next line with whitespace. Specify "!pattern" to exclude a name 13639from the list. </p> 13640 13641<p> Examples: </p> 13642 13643<pre> 13644/etc/postfix/<a href="postconf.5.html">main.cf</a>: 13645 # Log all "permit" actions. 13646 <a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> = <a href="DATABASE_README.html#types">static</a>:all 13647</pre> 13648 13649<pre> 13650/etc/postfix/<a href="postconf.5.html">main.cf</a>: 13651 # Log "<a href="postconf.5.html#permit_dnswl_client">permit_dnswl_client</a>" only. 13652 <a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> = <a href="postconf.5.html#permit_dnswl_client">permit_dnswl_client</a> 13653</pre> 13654 13655<p> This feature is available in Postfix 2.10 and later. </p> 13656 13657 13658</DD> 13659 13660<DT><b><a name="smtpd_milters">smtpd_milters</a> 13661(default: empty)</b></DT><DD> 13662 13663<p> A list of Milter (mail filter) applications for new mail that 13664arrives via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server. Specify space or comma as 13665separator. See the <a href="MILTER_README.html">MILTER_README</a> document for details. </p> 13666 13667<p> This feature is available in Postfix 2.3 and later. </p> 13668 13669 13670</DD> 13671 13672<DT><b><a name="smtpd_noop_commands">smtpd_noop_commands</a> 13673(default: empty)</b></DT><DD> 13674 13675<p> 13676List of commands that the Postfix SMTP server replies to with "250 13677Ok", without doing any syntax checks and without changing state. 13678This list overrides any commands built into the Postfix SMTP server. 13679</p> 13680 13681 13682</DD> 13683 13684<DT><b><a name="smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> 13685(default: <>)</b></DT><DD> 13686 13687<p> 13688The lookup key to be used in SMTP <a href="access.5.html">access(5)</a> tables instead of the 13689null sender address. 13690</p> 13691 13692 13693</DD> 13694 13695<DT><b><a name="smtpd_peername_lookup">smtpd_peername_lookup</a> 13696(default: yes)</b></DT><DD> 13697 13698<p> Attempt to look up the remote SMTP client hostname, and verify that 13699the name matches the client IP address. A client name is set to 13700"unknown" when it cannot be looked up or verified, or when name 13701lookup is disabled. Turning off name lookup reduces delays due to 13702DNS lookup and increases the maximal inbound delivery rate. </p> 13703 13704<p> This feature is available in Postfix 2.3 and later. </p> 13705 13706 13707</DD> 13708 13709<DT><b><a name="smtpd_per_record_deadline">smtpd_per_record_deadline</a> 13710(default: normal: no, overload: yes)</b></DT><DD> 13711 13712<p> Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> 13713time limits, from a 13714time limit per read or write system call, to a time limit to send 13715or receive a complete record (an SMTP command line, SMTP response 13716line, SMTP message content line, or TLS protocol message). This 13717limits the impact from hostile peers that trickle data one byte at 13718a time. </p> 13719 13720<p> Note: when per-record deadlines are enabled, a short timeout 13721may cause problems with TLS over very slow network connections. 13722The reasons are that a TLS protocol message can be up to 16 kbytes 13723long (with TLSv1), and that an entire TLS protocol message must be 13724sent or received within the per-record deadline. </p> 13725 13726<p> This feature is available in Postfix 2.9 and later. With older 13727Postfix releases, the behavior is as if this parameter is set to 13728"no". </p> 13729 13730 13731</DD> 13732 13733<DT><b><a name="smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> 13734(default: 300s)</b></DT><DD> 13735 13736<p> 13737The time after which an idle SMTPD policy service connection is 13738closed. 13739</p> 13740 13741<p> 13742This feature is available in Postfix 2.1 and later. 13743</p> 13744 13745 13746</DD> 13747 13748<DT><b><a name="smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> 13749(default: 1000s)</b></DT><DD> 13750 13751<p> 13752The time after which an active SMTPD policy service connection is 13753closed. 13754</p> 13755 13756<p> 13757This feature is available in Postfix 2.1 and later. 13758</p> 13759 13760 13761</DD> 13762 13763<DT><b><a name="smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> 13764(default: 100s)</b></DT><DD> 13765 13766<p> 13767The time limit for connecting to, writing to or receiving from a 13768delegated SMTPD policy server. 13769</p> 13770 13771<p> 13772This feature is available in Postfix 2.1 and later. 13773</p> 13774 13775 13776</DD> 13777 13778<DT><b><a name="smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> 13779(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD> 13780 13781<p> 13782How the Postfix SMTP server announces itself to the proxy filter. 13783By default, the Postfix hostname is used. 13784</p> 13785 13786<p> 13787This feature is available in Postfix 2.1 and later. 13788</p> 13789 13790 13791</DD> 13792 13793<DT><b><a name="smtpd_proxy_filter">smtpd_proxy_filter</a> 13794(default: empty)</b></DT><DD> 13795 13796<p> The hostname and TCP port of the mail filtering proxy server. 13797The proxy receives all mail from the Postfix SMTP server, and is 13798supposed to give the result to another Postfix SMTP server process. 13799</p> 13800 13801<p> Specify "host:port" or "inet:host:port" for a TCP endpoint, or 13802"unix:pathname" for a UNIX-domain endpoint. The host can be specified 13803as an IP address or as a symbolic name; no MX lookups are done. 13804When no "host" or "host:" are specified, the local machine is 13805assumed. Pathname interpretation is relative to the Postfix queue 13806directory. </p> 13807 13808<p> This feature is available in Postfix 2.1 and later. </p> 13809 13810<p> The "inet:" and "unix:" prefixes are available in Postfix 2.3 13811and later. </p> 13812 13813 13814</DD> 13815 13816<DT><b><a name="smtpd_proxy_options">smtpd_proxy_options</a> 13817(default: empty)</b></DT><DD> 13818 13819<p> 13820List of options that control how the Postfix SMTP server 13821communicates with a before-queue content filter. Specify zero or 13822more of the following, separated by comma or whitespace. </p> 13823 13824<dl> 13825 13826<dt><b>speed_adjust</b></dt> 13827 13828<dd> <p> Do not connect to a before-queue content filter until an entire 13829message has been received. This reduces the number of simultaneous 13830before-queue content filter processes. </p> 13831 13832<p> NOTE 1: A filter must not <i>selectively</i> reject recipients 13833of a multi-recipient message. Rejecting all recipients is OK, as 13834is accepting all recipients. </p> 13835 13836<p> NOTE 2: This feature increases the minimum amount of free queue 13837space by $<a href="postconf.5.html#message_size_limit">message_size_limit</a>. The extra space is needed to save the 13838message to a temporary file. </p> </dd> 13839 13840</dl> 13841 13842<p> 13843This feature is available in Postfix 2.7 and later. 13844</p> 13845 13846 13847</DD> 13848 13849<DT><b><a name="smtpd_proxy_timeout">smtpd_proxy_timeout</a> 13850(default: 100s)</b></DT><DD> 13851 13852<p> 13853The time limit for connecting to a proxy filter and for sending or 13854receiving information. When a connection fails the client gets a 13855generic error message while more detailed information is logged to 13856the maillog file. 13857</p> 13858 13859<p> 13860Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 13861The default time unit is s (seconds). 13862</p> 13863 13864<p> 13865This feature is available in Postfix 2.1 and later. 13866</p> 13867 13868 13869</DD> 13870 13871<DT><b><a name="smtpd_recipient_limit">smtpd_recipient_limit</a> 13872(default: 1000)</b></DT><DD> 13873 13874<p> 13875The maximal number of recipients that the Postfix SMTP server 13876accepts per message delivery request. 13877</p> 13878 13879 13880</DD> 13881 13882<DT><b><a name="smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> 13883(default: 1000)</b></DT><DD> 13884 13885<p> The number of recipients that a remote SMTP client can send in 13886excess of the limit specified with $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>, before 13887the Postfix SMTP server increments the per-session error count 13888for each excess recipient. </p> 13889 13890 13891</DD> 13892 13893<DT><b><a name="smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> 13894(default: see "postconf -d" output)</b></DT><DD> 13895 13896<p> 13897Optional restrictions that the Postfix SMTP server applies in the 13898context of a client RCPT TO command, after <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>. 13899See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 13900restriction lists" for a discussion of evaluation context and time. 13901</p> 13902 13903<p> With Postfix versions before 2.10, the rules for relay permission 13904and spam blocking were combined under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>, 13905resulting in error-prone configuration. As of Postfix 2.10, relay 13906permission rules are preferably implemented with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>, 13907so that a permissive spam blocking policy under 13908<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> will no longer result in a permissive 13909mail relay policy. </p> 13910 13911<p> For backwards compatibility, sites that migrate from Postfix 13912versions before 2.10 can set <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> to the empty 13913value, and use <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> exactly as before. </p> 13914 13915<p> 13916IMPORTANT: Either the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> or the 13917<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameter must specify 13918at least one of the following restrictions. Otherwise Postfix will 13919refuse to receive mail: 13920</p> 13921 13922<blockquote> 13923<pre> 13924reject, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> 13925</pre> 13926</blockquote> 13927 13928<blockquote> 13929<pre> 13930defer, <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a> 13931</pre> 13932</blockquote> 13933 13934<p> 13935Specify a list of restrictions, separated by commas and/or whitespace. 13936Continue long lines by starting the next line with whitespace. 13937Restrictions are applied in the order as specified; the first 13938restriction that matches wins. 13939</p> 13940 13941<p> 13942The following restrictions are specific to the recipient address 13943that is received with the RCPT TO command. 13944</p> 13945 13946<dl> 13947 13948<dt><b><a name="check_recipient_access">check_recipient_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13949 13950<dd>Search the specified <a href="access.5.html">access(5)</a> database for the resolved RCPT 13951TO address, domain, parent domains, or localpart@, and execute the 13952corresponding action. </dd> 13953 13954<dt><b><a name="check_recipient_mx_access">check_recipient_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13955 13956<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for 13957the RCPT TO domain, and execute the corresponding action. Note: 13958a result of "OK" is not allowed for safety reasons. Instead, use 13959DUNNO in order to exclude specific hosts from blacklists. This 13960feature is available in Postfix 2.1 and later. </dd> 13961 13962<dt><b><a name="check_recipient_ns_access">check_recipient_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 13963 13964<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers 13965for the RCPT TO domain, and execute the corresponding action. 13966Note: a result of "OK" is not allowed for safety reasons. Instead, 13967use DUNNO in order to exclude specific hosts from blacklists. This 13968feature is available in Postfix 2.1 and later. </dd> 13969 13970<dt><b><a name="permit_auth_destination">permit_auth_destination</a></b></dt> 13971 13972<dd>Permit the request when one of the following is true: 13973 13974<ul> 13975 13976<li> Postfix is mail forwarder: the resolved RCPT TO domain matches 13977$<a href="postconf.5.html#relay_domains">relay_domains</a> or a subdomain thereof, and the address contains no 13978sender-specified routing (user@elsewhere@domain), 13979 13980<li> Postfix is the final destination: the resolved RCPT TO domain 13981matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, 13982$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and the address 13983contains no sender-specified routing (user@elsewhere@domain). 13984 13985</ul></dd> 13986 13987<dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt> 13988 13989<dd>Permit the request when the local mail system is backup MX for 13990the RCPT TO domain, or when the domain is an authorized destination 13991(see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> for definition). 13992 13993<ul> 13994 13995<li> Safety: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> does not accept addresses that have 13996sender-specified routing information (example: user@elsewhere@domain). 13997 13998<li> Safety: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> can be vulnerable to mis-use when 13999access is not restricted with <a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a>. 14000 14001<li> Safety: as of Postfix version 2.3, <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> no longer 14002accepts the address when the local mail system is primary MX for 14003the recipient domain. Exception: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> accepts the address 14004when it specifies an authorized destination (see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> 14005for definition). 14006 14007<li> Limitation: mail may be rejected in case of a temporary DNS 14008lookup problem with Postfix prior to version 2.0. 14009 14010</ul></dd> 14011 14012<dt><b><a name="reject_non_fqdn_recipient">reject_non_fqdn_recipient</a></b></dt> 14013 14014<dd>Reject the request when the RCPT TO address is not in 14015fully-qualified domain form, as required by the RFC. <br> The 14016<a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for 14017rejected requests (default: 504). </dd> 14018 14019<dt><b><a name="reject_rhsbl_recipient">reject_rhsbl_recipient <i>rbl_domain=d.d.d.d</i></a></b></dt> 14020 14021<dd>Reject the request when the RCPT TO domain is listed with the 14022A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version 140232.1 and later only). Each "<i>d</i>" is a number, or a pattern 14024inside "[]" that contains one or more ";"-separated numbers or 14025number..number ranges (Postfix version 2.8 and later). If no 14026"<i>=d.d.d.d</i>" is specified, reject 14027the request when the RCPT TO domain is listed with 14028any A record under <i>rbl_domain</i>. <br> The <a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> 14029parameter specifies the response code for rejected requests (default: 14030554); the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter specifies the default server 14031reply; and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter specifies tables with server 14032replies indexed by <i>rbl_domain</i>. This feature is available 14033in Postfix version 2.0 and later.</dd> 14034 14035<dt><b><a name="reject_unauth_destination">reject_unauth_destination</a></b></dt> 14036 14037<dd>Reject the request unless one of the following is true: 14038 14039<ul> 14040 14041<li> Postfix is mail forwarder: the resolved RCPT TO domain matches 14042$<a href="postconf.5.html#relay_domains">relay_domains</a> or a subdomain thereof, and contains no sender-specified 14043routing (user@elsewhere@domain), 14044 14045<li> Postfix is the final destination: the resolved RCPT TO domain 14046matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, 14047$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and contains 14048no sender-specified routing (user@elsewhere@domain). 14049 14050</ul>The <a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> parameter specifies the response 14051code for rejected requests (default: 554). </dd> 14052 14053<dt><b><a name="defer_unauth_destination">defer_unauth_destination</a></b></dt> 14054 14055<dd> Reject the same requests as <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>, with a 14056non-permanent error code. This feature is available in Postfix 140572.10 and later.</dd> 14058 14059<dt><b><a name="reject_unknown_recipient_domain">reject_unknown_recipient_domain</a></b></dt> 14060 14061<dd>Reject the request when Postfix is not final destination for 14062the recipient domain, and the RCPT TO domain has 1) no DNS A or MX 14063record or 2) a malformed MX record such as a record with 14064a zero-length MX hostname (Postfix version 2.3 and later). <br> The 14065<a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter specifies the numerical 14066response code for rejected requests (default: 450). The response 14067is always 450 in case of a temporary DNS error. <br> The 14068<a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> parameter specifies the action 14069after a temporary DNS error (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). </dd> 14070 14071<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b> (with Postfix version 2.0: check_recipient_maps)</dt> 14072 14073<dd> Reject the request when the RCPT TO address is not listed in 14074the list of valid recipients for its domain class. See the 14075<a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> parameter description for details. 14076This feature is available in Postfix 2.1 and later.</dd> 14077 14078<dt><b><a name="reject_unverified_recipient">reject_unverified_recipient</a></b></dt> 14079 14080<dd>Reject the request when mail to the RCPT TO address is known 14081to bounce, or when the recipient address destination is not reachable. 14082Address verification information is managed by the <a href="verify.8.html">verify(8)</a> server; 14083see the <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> file for details. <br> The 14084<a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> parameter specifies the numerical 14085response code when an address is known to bounce (default: 450, 14086change into 550 when you are confident that it is safe to do so). 14087<br>The <a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> parameter specifies the 14088numerical response code when an address probe failed due to a 14089temporary problem (default: 450). <br> The 14090<a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> parameter specifies the action 14091after address probe failure due to a temporary problem (default: 14092<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). <br> This feature is available in Postfix 2.1 14093and later. </dd> 14094 14095</dl> 14096 14097<p> 14098Other restrictions that are valid in this context: 14099</p> 14100 14101<ul> 14102 14103<li><a href="#generic">Generic</a> restrictions that can be used 14104in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 14105 14106<li>SMTP command specific restrictions described under 14107<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and 14108<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>. 14109 14110</ul> 14111 14112<p> 14113Example: 14114</p> 14115 14116<pre> 14117# The Postfix before 2.10 default mail relay policy. Later Postfix 14118# versions implement this preferably with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>. 14119<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> 14120</pre> 14121 14122 14123</DD> 14124 14125<DT><b><a name="smtpd_reject_footer">smtpd_reject_footer</a> 14126(default: empty)</b></DT><DD> 14127 14128<p> Optional information that is appended after each Postfix SMTP 14129server 141304XX or 5XX response. </p> 14131 14132<p> The following example uses "\c" at the start of the template 14133(supported in Postfix 2.10 and later) to suppress the line break 14134between the reply text and the footer text. With earlier Postfix 14135versions, the footer text always begins on a new line, and the "\c" 14136is output literally. </p> 14137 14138<pre> 14139/etc/postfix/<a href="postconf.5.html">main.cf</a>: 14140 <a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> = \c. For assistance, call 800-555-0101. 14141 Please provide the following information in your problem report: 14142 time ($localtime), client ($client_address) and server 14143 ($server_name). 14144</pre> 14145 14146<p> Server response: </p> 14147 14148<pre> 14149 550-5.5.1 <user@example> Recipient address rejected: User 14150 unknown. For assistance, call 800-555-0101. Please provide the 14151 following information in your problem report: time (Jan 4 15:42:00), 14152 client (192.168.1.248) and server (mail1.example.com). 14153</pre> 14154 14155<p> Note: the above text is meant to make it easier to find the 14156Postfix logfile records for a failed SMTP session. The text itself 14157is not logged to the Postfix SMTP server's maillog file. </p> 14158 14159<p> Be sure to keep the text as short as possible. Long text may 14160be truncated before it is logged to the remote SMTP client's maillog 14161file, or before it is returned to the sender in a delivery status 14162notification. </p> 14163 14164<p> This feature supports a limited number of $name attributes in 14165the footer text. These are replaced by their current value for the 14166SMTP session: </p> 14167 14168<dl> 14169 14170<dt> <b>client_address</b> </dt> <dd> The Client IP address that 14171is logged in the maillog file. </dd> 14172 14173<dt> <b>client_port</b> </dt> <dd> The client TCP port that is 14174logged in the maillog file. </dd> 14175 14176<dt> <b>localtime</b> </dt> <dd> The server local time (Mmm dd 14177hh:mm:ss) that is logged in the maillog file. </dd> 14178 14179<dt> <b>server_name</b> </dt> <dd> The server's <a href="postconf.5.html#myhostname">myhostname</a> value. 14180This attribute is made available for sites with multiple MTAs 14181(perhaps behind a load-balancer), where the server name can help 14182the server support team to quickly find the right log files. </dd> 14183 14184</dl> 14185 14186<p> Notes: </p> 14187 14188<ul> 14189 14190<li> <p> NOT SUPPORTED are other attributes such as sender, recipient, 14191or <a href="postconf.5.html">main.cf</a> parameters. </p> 14192 14193<li> <p> For safety reasons, text that does not match 14194$<a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> is censored. </p> 14195 14196</ul> 14197 14198<p> This feature supports the two-character sequence \n as a request 14199for a line break in the footer text. Postfix automatically inserts 14200after each line break the three-digit SMTP reply code (and optional 14201enhanced status code) from the original Postfix reject message. 14202</p> 14203 14204<p> To work around mail software that mis-handles multi-line replies, 14205specify the two-character sequence \c at the start of the template. 14206This suppresses the line break between the reply text and the footer 14207text (Postfix 2.10 and later). </p> 14208 14209<p> This feature is available in Postfix 2.8 and later. </p> 14210 14211 14212</DD> 14213 14214<DT><b><a name="smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> 14215(default: yes)</b></DT><DD> 14216 14217<p> 14218Request that the Postfix SMTP server rejects mail for unknown 14219recipient addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> 14220access restriction is specified. This prevents the Postfix queue 14221from filling up with undeliverable MAILER-DAEMON messages. 14222</p> 14223 14224<p> An address is always considered "known" when it matches a 14225<a href="virtual.5.html">virtual(5)</a> alias or a <a href="canonical.5.html">canonical(5)</a> mapping. 14226 14227<ul> 14228 14229<li> The recipient domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 14230or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, but the recipient is not listed in 14231$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> is not null. 14232 14233<li> The recipient domain matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> but the 14234recipient is not listed in $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. 14235 14236<li> The recipient domain matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> but the 14237recipient is not listed in $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> 14238is not null. 14239 14240<li> The recipient domain matches $<a href="postconf.5.html#relay_domains">relay_domains</a> but the recipient 14241is not listed in $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>, and $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> 14242is not null. 14243 14244</ul> 14245 14246<p> 14247This feature is available in Postfix 2.1 and later. 14248</p> 14249 14250 14251</DD> 14252 14253<DT><b><a name="smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> 14254(default: no)</b></DT><DD> 14255 14256<p> Request that the Postfix SMTP server rejects mail from unknown 14257sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> 14258access restriction is specified. This can slow down an explosion 14259of forged mail from worms or viruses. </p> 14260 14261<p> An address is always considered "known" when it matches a 14262<a href="virtual.5.html">virtual(5)</a> alias or a <a href="canonical.5.html">canonical(5)</a> mapping. 14263 14264<ul> 14265 14266<li> The sender domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or 14267$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, but the sender is not listed in 14268$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> is not null. 14269 14270<li> The sender domain matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> but the sender 14271is not listed in $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. 14272 14273<li> The sender domain matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> but the 14274sender is not listed in $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> 14275is not null. 14276 14277<li> The sender domain matches $<a href="postconf.5.html#relay_domains">relay_domains</a> but the sender is 14278not listed in $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>, and $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> is 14279not null. 14280 14281</ul> 14282 14283<p> 14284This feature is available in Postfix 2.1 and later. 14285</p> 14286 14287 14288</DD> 14289 14290<DT><b><a name="smtpd_relay_restrictions">smtpd_relay_restrictions</a> 14291(default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>)</b></DT><DD> 14292 14293<p> Access restrictions for mail relay control that the Postfix 14294SMTP server applies in the context of the RCPT TO command, before 14295<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. 14296See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 14297restriction lists" for a discussion of evaluation context and time. 14298</p> 14299 14300<p> With Postfix versions before 2.10, the rules for relay permission 14301and spam blocking were combined under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>, 14302resulting in error-prone configuration. As of Postfix 2.10, relay 14303permission rules are preferably implemented with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>, 14304so that a permissive spam blocking policy under 14305<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> will no longer result in a permissive 14306mail relay policy. </p> 14307 14308<p> For backwards compatibility, sites that migrate from Postfix 14309versions before 2.10 can set <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> to the empty 14310value, and use <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> exactly as before. </p> 14311 14312<p> 14313By default, the Postfix SMTP server accepts: 14314</p> 14315 14316<ul> 14317 14318<li> Mail from clients whose IP address matches $<a href="postconf.5.html#mynetworks">mynetworks</a>, or: 14319 14320<li> Mail to remote destinations that match $<a href="postconf.5.html#relay_domains">relay_domains</a>, except 14321for addresses that contain sender-specified routing 14322(user@elsewhere@domain), or: 14323 14324<li> Mail to local destinations that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 14325or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or 14326$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. 14327 14328</ul> 14329 14330<p> 14331IMPORTANT: Either the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> or the 14332<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameter must specify 14333at least one of the following restrictions. Otherwise Postfix will 14334refuse to receive mail: 14335</p> 14336 14337<blockquote> 14338<pre> 14339reject, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> 14340</pre> 14341</blockquote> 14342 14343<blockquote> 14344<pre> 14345defer, <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a> 14346</pre> 14347</blockquote> 14348 14349<p> 14350Specify a list of restrictions, separated by commas and/or whitespace. 14351Continue long lines by starting the next line with whitespace. 14352The same restrictions are available as documented under 14353<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. 14354</p> 14355 14356<p> This feature is available in Postix 2.10 and later. </p> 14357 14358 14359</DD> 14360 14361<DT><b><a name="smtpd_restriction_classes">smtpd_restriction_classes</a> 14362(default: empty)</b></DT><DD> 14363 14364<p> 14365User-defined aliases for groups of access restrictions. The aliases 14366can be specified in <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> etc., and on the 14367right-hand side of a Postfix <a href="access.5.html">access(5)</a> table. 14368</p> 14369 14370<p> 14371One major application is for implementing per-recipient UCE control. 14372See the <a href="RESTRICTION_CLASS_README.html">RESTRICTION_CLASS_README</a> document for other examples. 14373</p> 14374 14375 14376</DD> 14377 14378<DT><b><a name="smtpd_sasl_application_name">smtpd_sasl_application_name</a> 14379(default: smtpd)</b></DT><DD> 14380 14381<p> 14382The application name that the Postfix SMTP server uses for SASL 14383server initialization. This 14384controls the name of the SASL configuration file. The default value 14385is <b>smtpd</b>, corresponding to a SASL configuration file named 14386<b>smtpd.conf</b>. 14387</p> 14388 14389<p> 14390This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3 14391it was renamed to <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>. 14392</p> 14393 14394 14395</DD> 14396 14397<DT><b><a name="smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> 14398(default: no)</b></DT><DD> 14399 14400<p> 14401Enable SASL authentication in the Postfix SMTP server. By default, 14402the Postfix SMTP server does not use authentication. 14403</p> 14404 14405<p> 14406If a remote SMTP client is authenticated, the <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> 14407access restriction can be used to permit relay access, like this: 14408</p> 14409 14410<blockquote> 14411<pre> 14412# With Postfix 2.10 and later, the mail relay policy is 14413# preferably specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>. 14414<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> = 14415 <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, ... 14416</pre> 14417 14418<pre> 14419# With Postfix before 2.10, the relay policy can be 14420# specified only under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. 14421<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = 14422 <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, ... 14423</pre> 14424</blockquote> 14425 14426<p> To reject all SMTP connections from unauthenticated clients, 14427specify "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes" (which is the default) and use: 14428</p> 14429 14430<blockquote> 14431<pre> 14432<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, reject 14433</pre> 14434</blockquote> 14435 14436<p> 14437See the <a href="SASL_README.html">SASL_README</a> file for SASL configuration and operation details. 14438</p> 14439 14440 14441</DD> 14442 14443<DT><b><a name="smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> 14444(default: no)</b></DT><DD> 14445 14446<p> Report the SASL authenticated user name in the <a href="smtpd.8.html">smtpd(8)</a> Received 14447message header. </p> 14448 14449<p> This feature is available in Postfix 2.3 and later. </p> 14450 14451 14452</DD> 14453 14454<DT><b><a name="smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> 14455(default: empty)</b></DT><DD> 14456 14457<p> 14458What remote SMTP clients the Postfix SMTP server will not offer 14459AUTH support to. 14460</p> 14461 14462<p> 14463Some clients (Netscape 4 at least) have a bug that causes them to 14464require a login and password whenever AUTH is offered, whether it's 14465necessary or not. To work around this, specify, for example, 14466$<a href="postconf.5.html#mynetworks">mynetworks</a> to prevent Postfix from offering AUTH to local clients. 14467</p> 14468 14469<p> 14470Specify a list of network/netmask patterns, separated by commas 14471and/or whitespace. The mask specifies the number of bits in the 14472network part of a host address. You can also "/file/name" or 14473"<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" pattern is replaced by its 14474contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a table entry 14475matches a lookup string (the lookup result is ignored). Continue 14476long lines by starting the next line with whitespace. Specify 14477"!pattern" to exclude an address or network block from the list. 14478The form "!/file/name" is supported only in Postfix version 2.4 and 14479later. </p> 14480 14481<p> Note: IP version 6 address information must be specified inside 14482<tt>[]</tt> in the <a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> value, and in 14483files specified with "/file/name". IP version 6 addresses contain 14484the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" 14485pattern. </p> 14486 14487<p> 14488Example: 14489</p> 14490 14491<pre> 14492<a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> = $<a href="postconf.5.html#mynetworks">mynetworks</a> 14493</pre> 14494 14495<p> 14496This feature is available in Postfix 2.1 and later. 14497</p> 14498 14499 14500</DD> 14501 14502<DT><b><a name="smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> 14503(default: empty)</b></DT><DD> 14504 14505<p> 14506The name of the Postfix SMTP server's local SASL authentication 14507realm. 14508</p> 14509 14510<p> 14511By default, the local authentication realm name is the null string. 14512</p> 14513 14514<p> 14515Examples: 14516</p> 14517 14518<pre> 14519<a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> = $<a href="postconf.5.html#mydomain">mydomain</a> 14520<a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> = $<a href="postconf.5.html#myhostname">myhostname</a> 14521</pre> 14522 14523 14524</DD> 14525 14526<DT><b><a name="smtpd_sasl_path">smtpd_sasl_path</a> 14527(default: smtpd)</b></DT><DD> 14528 14529<p> Implementation-specific information that the Postfix SMTP server 14530passes through to 14531the SASL plug-in implementation that is selected with 14532<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. Typically this specifies the name of a 14533configuration file or rendezvous point. </p> 14534 14535<p> This feature is available in Postfix 2.3 and later. In earlier 14536releases it was called <b><a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a></b>. </p> 14537 14538 14539</DD> 14540 14541<DT><b><a name="smtpd_sasl_security_options">smtpd_sasl_security_options</a> 14542(default: noanonymous)</b></DT><DD> 14543 14544<p> Postfix SMTP server SASL security options; as of Postfix 2.3 14545the list of available 14546features depends on the SASL server implementation that is selected 14547with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. </p> 14548 14549<p> The following security features are defined for the <b>cyrus</b> 14550server SASL implementation: </p> 14551 14552<p> 14553Restrict what authentication mechanisms the Postfix SMTP server 14554will offer to the client. The list of available authentication 14555mechanisms is system dependent. 14556</p> 14557 14558<p> 14559Specify zero or more of the following: 14560</p> 14561 14562<dl> 14563 14564<dt><b>noplaintext</b></dt> 14565 14566<dd>Disallow methods that use plaintext passwords. </dd> 14567 14568<dt><b>noactive</b></dt> 14569 14570<dd>Disallow methods subject to active (non-dictionary) attack. </dd> 14571 14572<dt><b>nodictionary</b></dt> 14573 14574<dd>Disallow methods subject to passive (dictionary) attack. </dd> 14575 14576<dt><b>noanonymous</b></dt> 14577 14578<dd>Disallow methods that allow anonymous authentication. </dd> 14579 14580<dt><b>forward_secrecy</b></dt> 14581 14582<dd>Only allow methods that support forward secrecy (Dovecot only). 14583</dd> 14584 14585<dt><b>mutual_auth</b></dt> 14586 14587<dd>Only allow methods that provide mutual authentication (not available 14588with Cyrus SASL version 1). </dd> 14589 14590</dl> 14591 14592<p> 14593By default, the Postfix SMTP server accepts plaintext passwords but 14594not anonymous logins. 14595</p> 14596 14597<p> 14598Warning: it appears that clients try authentication methods in the 14599order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5) 14600which means that if you disable plaintext passwords, clients will 14601log in anonymously, even when they should be able to use CRAM-MD5. 14602So, if you disable plaintext logins, disable anonymous logins too. 14603Postfix treats anonymous login as no authentication. 14604</p> 14605 14606<p> 14607Example: 14608</p> 14609 14610<pre> 14611<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> = noanonymous, noplaintext 14612</pre> 14613 14614 14615</DD> 14616 14617<DT><b><a name="smtpd_sasl_service">smtpd_sasl_service</a> 14618(default: smtp)</b></DT><DD> 14619 14620<p> The service name that is passed to the SASL plug-in that is 14621selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b> and <b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a></b>. 14622</p> 14623 14624<p> This feature is available in Postfix 2.11 and later. Prior 14625versions behave as if "<b>smtp</b>" is specified. </p> 14626 14627 14628</DD> 14629 14630<DT><b><a name="smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> 14631(default: $<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a>)</b></DT><DD> 14632 14633<p> The SASL authentication security options that the Postfix SMTP 14634server uses for TLS encrypted SMTP sessions. </p> 14635 14636<p> This feature is available in Postfix 2.2 and later. </p> 14637 14638 14639</DD> 14640 14641<DT><b><a name="smtpd_sasl_type">smtpd_sasl_type</a> 14642(default: cyrus)</b></DT><DD> 14643 14644<p> The SASL plug-in type that the Postfix SMTP server should use 14645for authentication. The available types are listed with the 14646"<b>postconf -a</b>" command. </p> 14647 14648<p> This feature is available in Postfix 2.3 and later. </p> 14649 14650 14651</DD> 14652 14653<DT><b><a name="smtpd_sender_login_maps">smtpd_sender_login_maps</a> 14654(default: empty)</b></DT><DD> 14655 14656<p> 14657Optional lookup table with the SASL login names that own sender 14658(MAIL FROM) addresses. 14659</p> 14660 14661<p> 14662Specify zero or more "<a href="DATABASE_README.html">type:table</a>" lookup tables. With lookups from 14663indexed files such as DB or DBM, or from networked tables such as 14664NIS, LDAP or SQL, the following search operations are done with a 14665sender address of <i>user@domain</i>: </p> 14666 14667<dl> 14668 14669<dt> 1) <i>user@domain</i> </dt> 14670 14671<dd>This table lookup is always done and has the highest precedence. </dd> 14672 14673<dt> 2) <i>user</i> </dt> 14674 14675<dd>This table lookup is done only when the <i>domain</i> part of the 14676sender address matches $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> 14677or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. </dd> 14678 14679<dt> 3) <i>@domain</i> </dt> 14680 14681<dd>This table lookup is done last and has the lowest precedence. </dd> 14682 14683</dl> 14684 14685<p> 14686In all cases the result of table lookup must be either "not found" 14687or a list of SASL login names separated by comma and/or whitespace. 14688</p> 14689 14690 14691</DD> 14692 14693<DT><b><a name="smtpd_sender_restrictions">smtpd_sender_restrictions</a> 14694(default: empty)</b></DT><DD> 14695 14696<p> 14697Optional restrictions that the Postfix SMTP server applies in the 14698context of a client MAIL FROM command. 14699See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access 14700restriction lists" for a discussion of evaluation context and time. 14701</p> 14702 14703<p> 14704The default is to permit everything. 14705</p> 14706 14707<p> 14708Specify a list of restrictions, separated by commas and/or whitespace. 14709Continue long lines by starting the next line with whitespace. 14710Restrictions are applied in the order as specified; the first 14711restriction that matches wins. 14712</p> 14713 14714<p> 14715The following restrictions are specific to the sender address 14716received with the MAIL FROM command. 14717</p> 14718 14719<dl> 14720 14721<dt><b><a name="check_sender_access">check_sender_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 14722 14723<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MAIL FROM 14724address, domain, parent domains, or localpart@, and execute the 14725corresponding action. </dd> 14726 14727<dt><b><a name="check_sender_mx_access">check_sender_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 14728 14729<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for 14730the MAIL FROM address, and execute the corresponding action. Note: 14731a result of "OK" is not allowed for safety reasons. Instead, use 14732DUNNO in order to exclude specific hosts from blacklists. This 14733feature is available in Postfix 2.1 and later. </dd> 14734 14735<dt><b><a name="check_sender_ns_access">check_sender_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> 14736 14737<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers 14738for the MAIL FROM address, and execute the corresponding action. 14739Note: a result of "OK" is not allowed for safety reasons. Instead, 14740use DUNNO in order to exclude specific hosts from blacklists. This 14741feature is available in Postfix 2.1 and later. </dd> 14742 14743<dt><b><a name="reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></b></dt> 14744 14745<dd>Enforces the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction for 14746authenticated clients only. This feature is available in 14747Postfix version 2.1 and later. </dd> 14748 14749<dt><b><a name="reject_known_sender_login_mismatch">reject_known_sender_login_mismatch</a></b></dt> 14750 14751<dd>Apply the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction only to MAIL 14752FROM addresses that are known in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>. This 14753feature is available in Postfix version 2.11 and later. </dd> 14754 14755<dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt> 14756 14757<dd>Reject the request when the MAIL FROM address is not in 14758fully-qualified domain form, as required by the RFC. <br> The 14759<a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for 14760rejected requests (default: 504). </dd> 14761 14762<dt><b><a name="reject_rhsbl_sender">reject_rhsbl_sender <i>rbl_domain=d.d.d.d</i></a></b></dt> 14763 14764<dd>Reject the request when the MAIL FROM domain is listed with 14765the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix 14766version 2.1 and later only). Each "<i>d</i>" is a number, or a 14767pattern inside "[]" that contains one or more ";"-separated numbers 14768or number..number ranges (Postfix version 2.8 and later). If no 14769"<i>=d.d.d.d</i>" is specified, 14770reject the request when the MAIL FROM domain is 14771listed with any A record under <i>rbl_domain</i>. <br> The 14772<a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> parameter specifies the response code for 14773rejected requests (default: 554); the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter 14774specifies the default server reply; and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter 14775specifies tables with server replies indexed by <i>rbl_domain</i>. 14776This feature is available in Postfix 2.0 and later.</dd> 14777 14778<dt><b><a name="reject_sender_login_mismatch">reject_sender_login_mismatch</a></b></dt> 14779 14780<dd>Reject the request when $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> specifies an 14781owner for the MAIL FROM address, but the client is not (SASL) logged 14782in as that MAIL FROM address owner; or when the client is (SASL) 14783logged in, but the client login name doesn't own the MAIL FROM 14784address according to $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>.</dd> 14785 14786<dt><b><a name="reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></b></dt> 14787 14788<dd>Enforces the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction for 14789unauthenticated clients only. This feature is available in 14790Postfix version 2.1 and later. </dd> 14791 14792<dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt> 14793 14794<dd>Reject the request when Postfix is not final destination for 14795the sender address, and the MAIL FROM domain has 1) no DNS A or MX 14796record, or 2) a malformed MX record such as a record with 14797a zero-length MX hostname (Postfix version 2.3 and later). <br> The 14798<a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter specifies the numerical 14799response code for rejected requests (default: 450). The response 14800is always 450 in case of a temporary DNS error. <br> The 14801<a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> parameter specifies the action 14802after a temporary DNS error (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). </dd> 14803 14804<dt><b><a name="reject_unlisted_sender">reject_unlisted_sender</a></b></dt> 14805 14806<dd>Reject the request when the MAIL FROM address is not listed in 14807the list of valid recipients for its domain class. See the 14808<a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> parameter description for details. 14809This feature is available in Postfix 2.1 and later.</dd> 14810 14811<dt><b><a name="reject_unverified_sender">reject_unverified_sender</a></b></dt> 14812 14813<dd>Reject the request when mail to the MAIL FROM address is known to 14814bounce, or when the sender address destination is not reachable. 14815Address verification information is managed by the <a href="verify.8.html">verify(8)</a> server; 14816see the <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> file for details. <br> The 14817<a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> parameter specifies the numerical 14818response code when an address is known to bounce (default: 450, 14819change into 550 when you are confident that it is safe to do so). 14820<br>The <a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> specifies the numerical response 14821code when an address probe failed due to a temporary problem 14822(default: 450). <br> The <a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> parameter 14823specifies the action after address probe failure due to a temporary 14824problem (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). <br> This feature is available 14825in Postfix 2.1 and later. </dd> 14826 14827</dl> 14828 14829<p> 14830Other restrictions that are valid in this context: 14831</p> 14832 14833<ul> 14834 14835<li> <a href="#generic">Generic</a> restrictions that can be used 14836in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>. 14837 14838<li> SMTP command specific restrictions described under 14839<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>. 14840 14841<li> SMTP command specific restrictions described under 14842<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. When recipient restrictions are listed 14843under <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, they have effect only with 14844"<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> is 14845evaluated at the time of the RCPT TO command. 14846 14847</ul> 14848 14849<p> 14850Examples: 14851</p> 14852 14853<pre> 14854<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> = <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> 14855<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> = <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>, 14856 <a href="postconf.5.html#check_sender_access">check_sender_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/access 14857</pre> 14858 14859 14860</DD> 14861 14862<DT><b><a name="smtpd_service_name">smtpd_service_name</a> 14863(default: smtpd)</b></DT><DD> 14864 14865<p> The internal service that <a href="postscreen.8.html">postscreen(8)</a> hands off allowed 14866connections to. In a future version there may be different 14867classes of SMTP service. </p> 14868 14869<p> This feature is available in Postfix 2.8. </p> 14870 14871 14872</DD> 14873 14874<DT><b><a name="smtpd_soft_error_limit">smtpd_soft_error_limit</a> 14875(default: 10)</b></DT><DD> 14876 14877<p> 14878The number of errors a remote SMTP client is allowed to make without 14879delivering mail before the Postfix SMTP server slows down all its 14880responses. 14881</p> 14882 14883<ul> 14884 14885<li><p>With Postfix version 2.1 and later, the Postfix SMTP server 14886delays all responses by $<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> seconds. </p> 14887 14888<li><p>With Postfix versions 2.0 and earlier, the Postfix SMTP 14889server delays all responses by (number of errors) seconds. </p> 14890 14891</ul> 14892 14893 14894</DD> 14895 14896<DT><b><a name="smtpd_starttls_timeout">smtpd_starttls_timeout</a> 14897(default: see "postconf -d" output)</b></DT><DD> 14898 14899<p> The time limit for Postfix SMTP server write and read operations 14900during TLS startup and shutdown handshake procedures. The current 14901default value is stress-dependent. Before Postfix version 2.8, it 14902was fixed at 300s. </p> 14903 14904<p> This feature is available in Postfix 2.2 and later. </p> 14905 14906 14907</DD> 14908 14909<DT><b><a name="smtpd_timeout">smtpd_timeout</a> 14910(default: normal: 300s, overload: 10s)</b></DT><DD> 14911 14912<p> 14913The time limit for sending a Postfix SMTP server response and for 14914receiving a remote SMTP client request. Normally the default limit 14915is 300s, but it changes under overload to just 10s. With Postfix 149162.5 and earlier, the SMTP server always uses a time limit of 300s 14917by default. 14918</p> 14919 14920<p> 14921Note: if you set SMTP time limits to very large values you may have 14922to update the global <a href="postconf.5.html#ipc_timeout">ipc_timeout</a> parameter. 14923</p> 14924 14925<p> 14926Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 14927The default time unit is s (seconds). 14928</p> 14929 14930 14931</DD> 14932 14933<DT><b><a name="smtpd_tls_CAfile">smtpd_tls_CAfile</a> 14934(default: empty)</b></DT><DD> 14935 14936<p> A file containing (PEM format) CA certificates of root CAs trusted 14937to sign either remote SMTP client certificates or intermediate CA 14938certificates. These are loaded into memory before the <a href="smtpd.8.html">smtpd(8)</a> server 14939enters the chroot jail. If the number of trusted roots is large, consider 14940using <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> instead, but note that the latter directory must 14941be present in the chroot jail if the <a href="smtpd.8.html">smtpd(8)</a> server is chrooted. This 14942file may also be used to augment the server certificate trust chain, 14943but it is best to include all the required certificates directly in the 14944server certificate file. </p> 14945 14946<p> Specify "<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /path/to/system_CA_file" to use ONLY 14947the system-supplied default certificate authority certificates. 14948</p> 14949 14950<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from 14951appending the system-supplied default CAs and trusting third-party 14952certificates. </p> 14953 14954<p> By default (see <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>), client certificates are not 14955requested, and <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> should remain empty. If you do make use 14956of client certificates, the distinguished names (DNs) of the certificate 14957authorities listed in <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> are sent to the remote SMTP client 14958in the client certificate request message. MUAs with multiple client 14959certificates may use the list of preferred certificate authorities 14960to select the correct client certificate. You may want to put your 14961"preferred" CA or CAs in this file, and install other trusted CAs in 14962$<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>. </p> 14963 14964<p> Example: </p> 14965 14966<pre> 14967<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/CAcert.pem 14968</pre> 14969 14970<p> This feature is available in Postfix 2.2 and later. </p> 14971 14972 14973</DD> 14974 14975<DT><b><a name="smtpd_tls_CApath">smtpd_tls_CApath</a> 14976(default: empty)</b></DT><DD> 14977 14978<p> A directory containing (PEM format) CA certificates of root CAs 14979trusted to sign either remote SMTP client certificates or intermediate CA 14980certificates. Do not forget to create the necessary "hash" links with, 14981for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use 14982<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> in chroot mode, this directory (or a copy) must be 14983inside the chroot jail. </p> 14984 14985<p> Specify "<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> = /path/to/system_CA_directory" to 14986use ONLY the system-supplied default certificate authority certificates. 14987</p> 14988 14989<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from 14990appending the system-supplied default CAs and trusting third-party 14991certificates. </p> 14992 14993<p> By default (see <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>), client certificates are 14994not requested, and <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> should remain empty. In contrast 14995to <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, DNs of certificate authorities installed 14996in $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> are not included in the client certificate 14997request message. MUAs with multiple client certificates may use the 14998list of preferred certificate authorities to select the correct 14999client certificate. You may want to put your "preferred" CA or 15000CAs in $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, and install the remaining trusted CAs in 15001$<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>. </p> 15002 15003<p> Example: </p> 15004 15005<pre> 15006<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> = /etc/postfix/certs 15007</pre> 15008 15009<p> This feature is available in Postfix 2.2 and later. </p> 15010 15011 15012</DD> 15013 15014<DT><b><a name="smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> 15015(default: yes)</b></DT><DD> 15016 15017<p> Force the Postfix SMTP server to issue a TLS session id, even 15018when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> 15019is empty). This behavior is compatible with Postfix < 2.3. </p> 15020 15021<p> With Postfix 2.3 and later the Postfix SMTP server can disable 15022session id generation when TLS session caching is turned off. This 15023keeps remote SMTP clients from caching sessions that almost certainly cannot 15024be re-used. </p> 15025 15026<p> By default, the Postfix SMTP server always generates TLS session 15027ids. This works around a known defect in mail client applications 15028such as MS Outlook, and may also prevent interoperability issues 15029with other MTAs. </p> 15030 15031<p> Example: </p> 15032 15033<pre> 15034<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> = no 15035</pre> 15036 15037<p> This feature is available in Postfix 2.3 and later. </p> 15038 15039 15040</DD> 15041 15042<DT><b><a name="smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> 15043(default: no)</b></DT><DD> 15044 15045<p> Ask a remote SMTP client for a client certificate. This 15046information is needed for certificate based mail relaying with, 15047for example, the <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> feature. </p> 15048 15049<p> Some clients such as Netscape will either complain if no 15050certificate is available (for the list of CAs in $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>) 15051or will offer multiple client certificates to choose from. This 15052may be annoying, so this option is "off" by default. </p> 15053 15054<p> This feature is available in Postfix 2.2 and later. </p> 15055 15056 15057</DD> 15058 15059<DT><b><a name="smtpd_tls_auth_only">smtpd_tls_auth_only</a> 15060(default: no)</b></DT><DD> 15061 15062<p> When TLS encryption is optional in the Postfix SMTP server, do 15063not announce or accept SASL authentication over unencrypted 15064connections. </p> 15065 15066<p> This feature is available in Postfix 2.2 and later. </p> 15067 15068 15069</DD> 15070 15071<DT><b><a name="smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> 15072(default: 9)</b></DT><DD> 15073 15074<p> The verification depth for remote SMTP client certificates. A 15075depth of 1 is sufficient if the issuing CA is listed in a local CA 15076file. </p> 15077 15078<p> The default verification depth is 9 (the OpenSSL default) for 15079compatibility with earlier Postfix behavior. Prior to Postfix 2.5, 15080the default value was 5, but the limit was not actually enforced. If 15081you have set this to a lower non-default value, certificates with longer 15082trust chains may now fail to verify. Certificate chains with 1 or 2 15083CAs are common, deeper chains are more rare and any number between 5 15084and 9 should suffice in practice. You can choose a lower number if, 15085for example, you trust certificates directly signed by an issuing CA 15086but not any CAs it delegates to. </p> 15087 15088<p> This feature is available in Postfix 2.2 and later. </p> 15089 15090 15091</DD> 15092 15093<DT><b><a name="smtpd_tls_cert_file">smtpd_tls_cert_file</a> 15094(default: empty)</b></DT><DD> 15095 15096<p> File with the Postfix SMTP server RSA certificate in PEM format. 15097This file may also contain the Postfix SMTP server private RSA key. </p> 15098 15099<p> Public Internet MX hosts without certificates signed by a "reputable" 15100CA must generate, and be prepared to present to most clients, a 15101self-signed or private-CA signed certificate. The client will not be 15102able to authenticate the server, but unless it is running Postfix 2.3 or 15103similar software, it will still insist on a server certificate. </p> 15104 15105<p> For servers that are <b>not</b> public Internet MX hosts, Postfix 151062.3 supports configurations with no certificates. This entails the 15107use of just the anonymous TLS ciphers, which are not supported by 15108typical SMTP clients. Since such clients will not, as a rule, fall 15109back to plain text after a TLS handshake failure, the server will 15110be unable to receive email from TLS enabled clients. To avoid 15111accidental configurations with no certificates, Postfix 2.3 enables 15112certificate-less operation only when the administrator explicitly 15113sets "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix 15114configurations will not accidentally run with no certificates. </p> 15115 15116<p> Both RSA and DSA certificates are supported. When both types 15117are present, the cipher used determines which certificate will be 15118presented to the client. For Netscape and OpenSSL clients without 15119special cipher choices the RSA certificate is preferred. </p> 15120 15121<p> To enable a remote SMTP client to verify the Postfix SMTP server 15122certificate, the issuing CA certificates must be made available to the 15123client. You should include the required certificates in the server 15124certificate file, the server certificate first, then the issuing 15125CA(s) (bottom-up order). </p> 15126 15127<p> Example: the certificate for "server.example.com" was issued by 15128"intermediate CA" which itself has a certificate of "root CA". 15129Create the server.pem file with "cat server_cert.pem intermediate_CA.pem 15130root_CA.pem > server.pem". </p> 15131 15132<p> If you also want to verify client certificates issued by these 15133CAs, you can add the CA certificates to the <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, in which 15134case it is not necessary to have them in the <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> or 15135<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. </p> 15136 15137<p> A certificate supplied here must be usable as an SSL server certificate 15138and hence pass the "openssl verify -purpose sslserver ..." test. </p> 15139 15140<p> Example: </p> 15141 15142<pre> 15143<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/server.pem 15144</pre> 15145 15146<p> This feature is available in Postfix 2.2 and later. </p> 15147 15148 15149</DD> 15150 15151<DT><b><a name="smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> 15152(default: empty)</b></DT><DD> 15153 15154<p> Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS 15155cipher list. It is easy to create inter-operability problems by choosing 15156a non-default cipher list. Do not use a non-default TLS cipherlist for 15157MX hosts on the public Internet. Clients that begin the TLS handshake, 15158but are unable to agree on a common cipher, may not be able to send any 15159email to the SMTP server. Using a restricted cipher list may be more 15160appropriate for a dedicated MSA or an internal mailhub, where one can 15161exert some control over the TLS software and settings of the connecting 15162clients. </p> 15163 15164<p> <b>Note:</b> do not use "" quotes around the parameter value. </p> 15165 15166<p>This feature is available with Postfix version 2.2. It is not used with 15167Postfix 2.3 and later; use <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> instead. </p> 15168 15169 15170</DD> 15171 15172<DT><b><a name="smtpd_tls_ciphers">smtpd_tls_ciphers</a> 15173(default: medium)</b></DT><DD> 15174 15175<p> The minimum TLS cipher grade that the Postfix SMTP server 15176will use with opportunistic TLS encryption. Cipher types listed in 15177<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are excluded from the base definition of 15178the selected cipher grade. The default value is "medium" for Postfix 15179releases after the middle of 2015, "export" for older releases. 15180</p> 15181 15182<p> When TLS is mandatory the cipher grade is chosen via the 15183<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> configuration parameter, see there for syntax 15184details. </p> 15185 15186<p> This feature is available in Postfix 2.6 and later. With earlier Postfix 15187releases only the <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> parameter is implemented, 15188and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p> 15189 15190 15191</DD> 15192 15193<DT><b><a name="smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> 15194(default: empty)</b></DT><DD> 15195 15196<p> File with the Postfix SMTP server DSA certificate in PEM format. 15197This file may also contain the Postfix SMTP server private DSA key. </p> 15198 15199<p> See the discussion under <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for more details. 15200</p> 15201 15202<p> Example: </p> 15203 15204<pre> 15205<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> = /etc/postfix/server-dsa.pem 15206</pre> 15207 15208<p> This feature is available in Postfix 2.2 and later. </p> 15209 15210 15211</DD> 15212 15213<DT><b><a name="smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> 15214(default: empty)</b></DT><DD> 15215 15216<p> File with DH parameters that the Postfix SMTP server should 15217use with non-export EDH ciphers. </p> 15218 15219<p> Instead of using the exact same parameter sets as distributed 15220with other TLS packages, it is more secure to generate your own 15221set of parameters with something like the following commands: </p> 15222 15223<blockquote> 15224<pre> 15225openssl dhparam -out /etc/postfix/dh512.pem 512 15226openssl dhparam -out /etc/postfix/dh1024.pem 1024 15227openssl dhparam -out /etc/postfix/dh2048.pem 2048 15228</pre> 15229</blockquote> 15230 15231<p> It is safe to share the same DH parameters between multiple 15232Postfix instances. If you prefer, you can generate separate 15233parameters for each instance. </p> 15234 15235<p> If you want to take maximal advantage of ciphers that offer <a 15236href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see 15237the <a href="FORWARD_SECRECY_README.html#quick-start">Getting 15238started</a> section of <a 15239href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The 15240full document conveniently presents all information about Postfix 15241"perfect" forward secrecy support in one place: what forward secrecy 15242is, how to tweak settings, and what you can expect to see when 15243Postfix uses ciphers with forward secrecy. </p> 15244 15245<p> Example: </p> 15246 15247<pre> 15248<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> = /etc/postfix/dh2048.pem 15249</pre> 15250 15251<p>This feature is available with Postfix version 2.2.</p> 15252 15253 15254</DD> 15255 15256<DT><b><a name="smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> 15257(default: empty)</b></DT><DD> 15258 15259<p> File with DH parameters that the Postfix SMTP server should 15260use with export-grade EDH ciphers. </p> 15261 15262<p> See also the discussion under the <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> 15263configuration parameter. </p> 15264 15265<p> Example: </p> 15266 15267<pre> 15268<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> = /etc/postfix/dh_512.pem 15269</pre> 15270 15271<p>This feature is available with Postfix version 2.2.</p> 15272 15273 15274</DD> 15275 15276<DT><b><a name="smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> 15277(default: $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b></DT><DD> 15278 15279<p> File with the Postfix SMTP server DSA private key in PEM format. 15280This file may be combined with the Postfix SMTP server DSA certificate 15281file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. </p> 15282 15283<p> The private key must be accessible without a pass-phrase, i.e. it 15284must not be encrypted. File permissions should grant read-only 15285access to the system superuser account ("root"), and no access 15286to anyone else. </p> 15287 15288<p> This feature is available in Postfix 2.2 and later. </p> 15289 15290 15291</DD> 15292 15293<DT><b><a name="smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> 15294(default: empty)</b></DT><DD> 15295 15296<p> File with the Postfix SMTP server ECDSA certificate in PEM format. 15297This file may also contain the Postfix SMTP server private ECDSA key. </p> 15298 15299<p> See the discussion under <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for more details. </p> 15300 15301<p> Example: </p> 15302 15303<pre> 15304<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> = /etc/postfix/ecdsa-scert.pem 15305</pre> 15306 15307<p> This feature is available in Postfix 2.6 and later, when Postfix is 15308compiled and linked with OpenSSL 1.0.0 or later. </p> 15309 15310 15311</DD> 15312 15313<DT><b><a name="smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> 15314(default: $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b></DT><DD> 15315 15316<p> File with the Postfix SMTP server ECDSA private key in PEM format. 15317This file may be combined with the Postfix SMTP server ECDSA certificate 15318file specified with $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. </p> 15319 15320<p> The private key must be accessible without a pass-phrase, i.e. it 15321must not be encrypted. File permissions should grant read-only 15322access to the system superuser account ("root"), and no access 15323to anyone else. </p> 15324 15325<p> This feature is available in Postfix 2.6 and later, when Postfix is 15326compiled and linked with OpenSSL 1.0.0 or later. </p> 15327 15328 15329</DD> 15330 15331<DT><b><a name="smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> 15332(default: see "postconf -d" output)</b></DT><DD> 15333 15334<p> The Postfix SMTP server security grade for ephemeral elliptic-curve 15335Diffie-Hellman (EECDH) key exchange. </p> 15336 15337<p> The available choices are: </p> 15338 15339<dl> 15340 15341<dt><b>none</b></dt> <dd> Don't use EECDH. Ciphers based on EECDH key 15342exchange will be disabled. This is the default in Postfix versions 153432.6 and 2.7. </dd> 15344 15345<dt><b>strong</b></dt> <dd> Use EECDH with approximately 128 15346bits of security at a reasonable computational cost. This is the 15347current best-practice trade-off between security and computational 15348efficiency. This is the default in Postfix version 2.8 and later. 15349</dd> 15350 15351<dt><b>ultra</b></dt> <dd> Use EECDH with approximately 192 bits of 15352security at computational cost that is approximately twice as high 15353as 128 bit strength ECC. Barring significant progress in attacks on 15354elliptic curve crypto-systems, the "strong" curve is sufficient for most 15355users. </dd> 15356 15357</dl> 15358 15359<p> If you want to take maximal advantage of ciphers that offer <a 15360href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see 15361the <a href="FORWARD_SECRECY_README.html#quick-start">Getting 15362started</a> section of <a 15363href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The 15364full document conveniently presents all information about Postfix 15365"perfect" forward secrecy support in one place: what forward secrecy 15366is, how to tweak settings, and what you can expect to see when 15367Postfix uses ciphers with forward secrecy. </p> 15368 15369<p> This feature is available in Postfix 2.6 and later, when it is 15370compiled and linked with OpenSSL 1.0.0 or later on platforms 15371where EC algorithms have not been disabled by the vendor. </p> 15372 15373 15374</DD> 15375 15376<DT><b><a name="smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> 15377(default: empty)</b></DT><DD> 15378 15379<p> List of ciphers or cipher types to exclude from the SMTP server 15380cipher list at all TLS security levels. Excluding valid ciphers 15381can create interoperability problems. DO NOT exclude ciphers unless it 15382is essential to do so. This is not an OpenSSL cipherlist; it is a simple 15383list separated by whitespace and/or commas. The elements are a single 15384cipher, or one or more "+" separated cipher properties, in which case 15385only ciphers matching <b>all</b> the properties are excluded. </p> 15386 15387<p> Examples (some of these will cause problems): </p> 15388 15389<blockquote> 15390<pre> 15391<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL 15392<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = MD5, DES 15393<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = DES+MD5 15394<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = AES256-SHA, DES-CBC3-MD5 15395<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = kEDH+aRSA 15396</pre> 15397</blockquote> 15398 15399<p> The first setting disables anonymous ciphers. The next setting 15400disables ciphers that use the MD5 digest algorithm or the (single) DES 15401encryption algorithm. The next setting disables ciphers that use MD5 and 15402DES together. The next setting disables the two ciphers "AES256-SHA" 15403and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH" 15404key exchange with RSA authentication. </p> 15405 15406<p> This feature is available in Postfix 2.3 and later. </p> 15407 15408 15409</DD> 15410 15411<DT><b><a name="smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> 15412(default: md5)</b></DT><DD> 15413 15414<p> The message digest algorithm to construct remote SMTP 15415client-certificate 15416fingerprints or public key fingerprints (Postfix 2.9 and later) 15417for <b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a></b>. The 15418default algorithm is <b>md5</b>, for backwards compatibility with Postfix 15419releases prior to 2.5. </p> 15420 15421<p> Advances in hash 15422function cryptanalysis have led to md5 being deprecated in favor of sha1. 15423However, as long as there are no known "second pre-image" attacks 15424against md5, its use in this context can still be considered safe. 15425</p> 15426 15427<p> While additional digest algorithms are often available with OpenSSL's 15428libcrypto, only those used by libssl in SSL cipher suites are available to 15429Postfix. </p> 15430 15431<p> To find the fingerprint of a specific certificate file, with a 15432specific digest algorithm, run: </p> 15433 15434<blockquote> 15435<pre> 15436$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem 15437</pre> 15438</blockquote> 15439 15440<p> The text to the right of "=" sign is the desired fingerprint. 15441For example: </p> 15442 15443<blockquote> 15444<pre> 15445$ openssl x509 -noout -fingerprint -sha1 -in cert.pem 15446SHA1 Fingerprint=D4:6A:AB:19:24:79:F8:32:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A 15447</pre> 15448</blockquote> 15449 15450<p> To extract the public key fingerprint from an X.509 certificate, 15451you need to extract the public key from the certificate and compute 15452the appropriate digest of its DER (ASN.1) encoding. With OpenSSL 15453the "-pubkey" option of the "x509" command extracts the public 15454key always in "PEM" format. We pipe the result to another OpenSSL 15455command that converts the key to DER and then to the "dgst" command 15456to compute the fingerprint. </p> 15457 15458<p> The actual command to transform the key to DER format depends 15459on the version of OpenSSL used. With OpenSSL 1.0.0 and later, the 15460"pkey" command supports all key types. With OpenSSL 0.9.8 and 15461earlier, the key type is always RSA (nobody uses DSA, and EC 15462keys are not fully supported by 0.9.8), so the "rsa" command is 15463used. </p> 15464<blockquote> 15465<pre> 15466# OpenSSL 1.0 with all certificates and SHA-1 fingerprints. 15467$ openssl x509 -in cert.pem -noout -pubkey | 15468 openssl pkey -pubin -outform DER | 15469 openssl dgst -sha1 -c 15470(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58 15471</pre> 15472</blockquote> 15473 15474<blockquote> 15475<pre> 15476# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints. 15477$ openssl x509 -in cert.pem -noout -pubkey | 15478 openssl rsa -pubin -outform DER | 15479 openssl dgst -md5 -c 15480(stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50 15481</pre> 15482</blockquote> 15483 15484<p> The Postfix SMTP server and client log the peer (leaf) certificate 15485fingerprint and public key fingerprint when the TLS loglevel is 2 or 15486higher. </p> 15487 15488<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key 15489fingerprint incorrectly. To use public-key fingerprints, upgrade 15490to Postfix 2.9.6 or later. </p> 15491 15492<p> Example: client-certificate access table, with sha1 fingerprints: </p> 15493 15494<blockquote> 15495<pre> 15496/etc/postfix/<a href="postconf.5.html">main.cf</a>: 15497 <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> = sha1 15498 <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = 15499 <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/access, 15500 reject 15501</pre> 15502<pre> 15503/etc/postfix/access: 15504 # Action folded to next line... 15505 AF:88:7C:AD:51:95:6F:36:96:F6:01:FB:2E:48:CD:AB:49:25:A2:3B 15506 OK 15507 85:16:78:FD:73:6E:CE:70:E0:31:5F:0D:3C:C8:6D:C4:2C:24:59:E1 15508 <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> 15509</pre> 15510</blockquote> 15511 15512<p> This feature is available in Postfix 2.5 and later. </p> 15513 15514 15515</DD> 15516 15517<DT><b><a name="smtpd_tls_key_file">smtpd_tls_key_file</a> 15518(default: $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b></DT><DD> 15519 15520<p> File with the Postfix SMTP server RSA private key in PEM format. 15521This file may be combined with the Postfix SMTP server RSA certificate 15522file specified with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>. </p> 15523 15524<p> The private key must be accessible without a pass-phrase, i.e. it 15525must not be encrypted. File permissions should grant read-only 15526access to the system superuser account ("root"), and no access 15527to anyone else. </p> 15528 15529 15530</DD> 15531 15532<DT><b><a name="smtpd_tls_loglevel">smtpd_tls_loglevel</a> 15533(default: 0)</b></DT><DD> 15534 15535<p> Enable additional Postfix SMTP server logging of TLS activity. 15536Each logging level also includes the information that is logged at 15537a lower logging level. </p> 15538 15539<dl compact> 15540 15541<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd> 15542 15543<dt> </dt> <dd> 1 Log only a summary message on TLS handshake completion 15544— no logging of client certificate trust-chain verification errors 15545if client certificate verification is not required. With Postfix 2.8 and 15546earlier, log the summary message, peer certificate summary information 15547and unconditionally log trust-chain verification errors. </dd> 15548 15549<dt> </dt> <dd> 2 Also log levels during TLS negotiation. </dd> 15550 15551<dt> </dt> <dd> 3 Also log hexadecimal and ASCII dump of TLS negotiation 15552process. </dd> 15553 15554<dt> </dt> <dd> 4 Also log hexadecimal and ASCII dump of complete 15555transmission after STARTTLS. </dd> 15556 15557</dl> 15558 15559<p> Do not use "<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> = 2" or higher except in case 15560of problems. Use of loglevel 4 is strongly discouraged. </p> 15561 15562<p> This feature is available in Postfix 2.2 and later. </p> 15563 15564 15565</DD> 15566 15567<DT><b><a name="smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> 15568(default: medium)</b></DT><DD> 15569 15570<p> The minimum TLS cipher grade that the Postfix SMTP server will 15571use with mandatory TLS encryption. The default grade ("medium") is 15572sufficiently strong that any benefit from globally restricting TLS 15573sessions to a more stringent grade is likely negligible, especially 15574given the fact that many implementations still do not offer any stronger 15575("high" grade) ciphers, while those that do, will always use "high" 15576grade ciphers. So insisting on "high" grade ciphers is generally 15577counter-productive. Allowing "export" or "low" ciphers is typically 15578not a good idea, as systems limited to just these are limited to 15579obsolete browsers. No known SMTP clients fail to support at least 15580one "medium" or "high" grade cipher. </p> 15581 15582<p> The following cipher grades are supported: </p> 15583 15584<dl> 15585<dt><b>export</b></dt> 15586<dd> Enable "EXPORT" grade or stronger OpenSSL ciphers. The 15587underlying cipherlist is specified via the <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> 15588configuration parameter, which you are strongly encouraged to not 15589change. This choice is insecure and SHOULD NOT be used. </dd> 15590 15591<dt><b>low</b></dt> 15592<dd> Enable "LOW" grade or stronger OpenSSL ciphers. The underlying 15593cipherlist is specified via the <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> configuration 15594parameter, which you are strongly encouraged to not change. This 15595choice is insecure and SHOULD NOT be used. </dd> 15596 15597<dt><b>medium</b></dt> 15598<dd> Enable "MEDIUM" grade or stronger OpenSSL ciphers. These use 128-bit 15599or longer symmetric bulk-encryption keys. This is the default minimum 15600strength for mandatory TLS encryption. The underlying cipherlist is 15601specified via the <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> configuration parameter, which 15602you are strongly encouraged to not change. </dd> 15603 15604<dt><b>high</b></dt> 15605<dd> Enable only "HIGH" grade OpenSSL ciphers. The 15606underlying cipherlist is specified via the <a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> 15607configuration parameter, which you are strongly encouraged to 15608not change. </dd> 15609 15610<dt><b>null</b></dt> 15611<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication 15612without encryption. This setting is only appropriate in the rare 15613case that all clients are prepared to use NULL ciphers (not normally 15614enabled in TLS clients). The underlying cipherlist is specified via the 15615<a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> configuration parameter, which you are strongly 15616encouraged to not change. </dd> 15617 15618</dl> 15619 15620<p> Cipher types listed in 15621<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> or <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are 15622excluded from the base definition of the selected cipher grade. See 15623<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> for cipher controls that apply to opportunistic 15624TLS. </p> 15625 15626<p> The underlying cipherlists for grades other than "null" include 15627anonymous ciphers, but these are automatically filtered out if the 15628server is configured to ask for remote SMTP client certificates. You are very 15629unlikely to need to take any steps to exclude anonymous ciphers, they 15630are excluded automatically as required. If you must exclude anonymous 15631ciphers even when Postfix does not need or use peer certificates, set 15632"<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". To exclude anonymous ciphers only 15633when TLS is enforced, set "<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL". </p> 15634 15635<p> This feature is available in Postfix 2.3 and later. </p> 15636 15637 15638</DD> 15639 15640<DT><b><a name="smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> 15641(default: empty)</b></DT><DD> 15642 15643<p> Additional list of ciphers or cipher types to exclude from the 15644Postfix SMTP server cipher list at mandatory TLS security levels. 15645This list 15646works in addition to the exclusions listed with <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> 15647(see there for syntax details). </p> 15648 15649<p> This feature is available in Postfix 2.3 and later. </p> 15650 15651 15652</DD> 15653 15654<DT><b><a name="smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> 15655(default: !SSLv2, !SSLv3)</b></DT><DD> 15656 15657<p> The SSL/TLS protocols accepted by the Postfix SMTP server with 15658mandatory TLS encryption. If the list is empty, the server supports 15659all available SSL/TLS protocol versions. A non-empty value is a 15660list of protocol names separated by whitespace, commas or colons. 15661The supported protocol names are "SSLv2", "SSLv3" and "TLSv1", and 15662are not case sensitive. The default value is "!SSLv2, !SSLv3" for 15663Postfix releases after the middle of 2015, "!SSLv2" for older 15664releases. </p> 15665 15666<p> With Postfix ≥ 2.5 the parameter syntax was expanded to support 15667protocol exclusions. One can explicitly exclude "SSLv2" by setting 15668"<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2". To exclude both "SSLv2" and 15669"SSLv3" set "<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3". Listing 15670the protocols to include, rather than protocols to exclude, is 15671supported, but not recommended. The exclusion form more closely 15672matches the underlying OpenSSL interface semantics. </p> 15673 15674<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" 15675and "TLSv1.2". When Postfix ≤ 2.5 is linked against OpenSSL 1.0.1 15676or later, these, or any other new protocol versions, cannot be 15677disabled. The latest patch levels of Postfix ≥ 2.6, and all 15678versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or 15679"TLSv1.2". </p> 15680 15681<p> Example: </p> 15682 15683<pre> 15684# Preferred syntax with Postfix ≥ 2.5: 15685<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3 15686# Legacy syntax: 15687<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = TLSv1 15688</pre> 15689 15690<p> This feature is available in Postfix 2.3 and later. </p> 15691 15692 15693</DD> 15694 15695<DT><b><a name="smtpd_tls_protocols">smtpd_tls_protocols</a> 15696(default: !SSLv2, !SSLv3)</b></DT><DD> 15697 15698<p> List of TLS protocols that the Postfix SMTP server will exclude 15699or include with opportunistic TLS encryption. The default value is 15700"!SSLv2, !SSLv3" for Postfix releases after the middle of 2015, 15701empty for older releases allowing all protocols to be 15702used with opportunistic TLS. A non-empty value is a list of protocol 15703names separated by whitespace, commas or colons. The supported 15704protocol names are "SSLv2", "SSLv3" and "TLSv1", and are not case 15705sensitive. </p> 15706 15707<p> Note: As of OpenSSL 1.0.1 two new protocols are defined, "TLSv1.1" 15708and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all 15709versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or 15710"TLSv1.2". </p> 15711 15712<p> To include a protocol list its name, to exclude it, prefix the name 15713with a "!" character. To exclude SSLv2 for opportunistic TLS set 15714"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set 15715"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2, !SSLv3". Explicitly listing the protocols to 15716include, rather than protocols to exclude, is supported, but not 15717recommended. The exclusion form more closely matches the underlying 15718OpenSSL interface semantics. </p> 15719 15720<p> Example: </p> 15721<pre> 15722<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2, !SSLv3 15723</pre> 15724 15725<p> This feature is available in Postfix 2.6 and later. </p> 15726 15727 15728</DD> 15729 15730<DT><b><a name="smtpd_tls_received_header">smtpd_tls_received_header</a> 15731(default: no)</b></DT><DD> 15732 15733<p> Request that the Postfix SMTP server produces Received: message 15734headers that include information about the protocol and cipher used, 15735as well as the remote SMTP client CommonName and client certificate issuer 15736CommonName. This is disabled by default, as the information may 15737be modified in transit through other mail servers. Only information 15738that was recorded by the final destination can be trusted. </p> 15739 15740<p> This feature is available in Postfix 2.2 and later. </p> 15741 15742 15743</DD> 15744 15745<DT><b><a name="smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> 15746(default: no)</b></DT><DD> 15747 15748<p> With mandatory TLS encryption, require a trusted remote SMTP client 15749certificate in order to allow TLS connections to proceed. This 15750option implies "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes". </p> 15751 15752<p> When TLS encryption is optional, this setting is ignored with 15753a warning written to the mail log. </p> 15754 15755<p> This feature is available in Postfix 2.2 and later. </p> 15756 15757 15758</DD> 15759 15760<DT><b><a name="smtpd_tls_security_level">smtpd_tls_security_level</a> 15761(default: empty)</b></DT><DD> 15762 15763<p> The SMTP TLS security level for the Postfix SMTP server; when 15764a non-empty value is specified, this overrides the obsolete parameters 15765<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>. This parameter is ignored with 15766"<a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> = yes". </p> 15767 15768<p> Specify one of the following security levels: </p> 15769 15770<dl> 15771 15772<dt><b>none</b></dt> <dd> TLS will not be used. </dd> 15773 15774<dt><b>may</b></dt> <dd> Opportunistic TLS: announce STARTTLS support 15775to remote SMTP clients, but do not require that clients use TLS encryption. 15776</dd> 15777 15778<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce 15779STARTTLS support to remote SMTP clients, and require that clients use TLS 15780encryption. According to <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> this MUST NOT be applied in case 15781of a publicly-referenced SMTP server. Instead, this option should 15782be used only on dedicated servers. </dd> 15783 15784</dl> 15785 15786<p> Note 1: the "fingerprint", "verify" and "secure" levels are not 15787supported here. 15788The Postfix SMTP server logs a warning and uses "encrypt" instead. 15789To verify remote SMTP client certificates, see <a href="TLS_README.html">TLS_README</a> for a discussion 15790of the <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>, <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>, and <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> 15791features. </p> 15792 15793<p> Note 2: The parameter setting "<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = 15794encrypt" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes".</p> 15795 15796<p> Note 3: when invoked via "sendmail -bs", Postfix will never 15797offer STARTTLS due to insufficient privileges to access the server 15798private key. This is intended behavior.</p> 15799 15800<p> This feature is available in Postfix 2.3 and later. </p> 15801 15802 15803</DD> 15804 15805<DT><b><a name="smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> 15806(default: empty)</b></DT><DD> 15807 15808<p> Name of the file containing the optional Postfix SMTP server 15809TLS session cache. Specify a database type that supports enumeration, 15810such as <b>btree</b> or <b>sdbm</b>; there is no need to support 15811concurrent access. The file is created if it does not exist. The <a href="smtpd.8.html">smtpd(8)</a> 15812daemon does not use this parameter directly, rather the cache is 15813implemented indirectly in the <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon. This means that 15814per-smtpd-instance <a href="master.5.html">master.cf</a> overrides of this parameter are not 15815effective. Note, that each of the cache databases supported by <a href="tlsmgr.8.html">tlsmgr(8)</a> 15816daemon: $<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, $<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> 15817(and with Postfix 2.3 and later $<a href="postconf.5.html#lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a>), needs to be 15818stored separately. It is not at this time possible to store multiple 15819caches in a single database. </p> 15820 15821<p> Note: <b>dbm</b> databases are not suitable. TLS 15822session objects are too large. </p> 15823 15824<p> As of version 2.5, Postfix no longer uses root privileges when 15825opening this file. The file should now be stored under the Postfix-owned 15826<a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to open the file 15827under a non-Postfix directory is redirected to the Postfix-owned 15828<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p> 15829 15830<p> Example: </p> 15831 15832<pre> 15833<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:/var/db/postfix/smtpd_scache 15834</pre> 15835 15836<p> This feature is available in Postfix 2.2 and later. </p> 15837 15838 15839</DD> 15840 15841<DT><b><a name="smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> 15842(default: 3600s)</b></DT><DD> 15843 15844<p> The expiration time of Postfix SMTP server TLS session cache 15845information. A cache cleanup is performed periodically 15846every $<a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> seconds. As with 15847$<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, this parameter is implemented in the 15848<a href="tlsmgr.8.html">tlsmgr(8)</a> daemon and therefore per-smtpd-instance <a href="master.5.html">master.cf</a> overrides 15849are not possible. </p> 15850 15851<p> As of Postfix 2.11 this setting cannot exceed 100 days. If set 15852≤ 0, session caching is disabled, not just via the database, but 15853also via <a href="http://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session tickets, which don't require server-side 15854storage. If set to a positive value less than 2 minutes, the minimum 15855value of 2 minutes is used instead. TLS session tickets require 15856an OpenSSL library (at least version 0.9.8h) that provides full 15857support for this TLS extension. </p> 15858 15859<p> This feature is available in Postfix 2.2 and later, and updated 15860for TLS session ticket support in Postfix 2.11. </p> 15861 15862 15863</DD> 15864 15865<DT><b><a name="smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> 15866(default: no)</b></DT><DD> 15867 15868<p> Run the Postfix SMTP server in the non-standard "wrapper" mode, 15869instead of using the STARTTLS command. </p> 15870 15871<p> If you want to support this service, enable a special port in 15872<a href="master.5.html">master.cf</a>, and specify "-o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>=yes" on the SMTP 15873server's command line. Port 465 (smtps) was once chosen for this 15874purpose. </p> 15875 15876<p> This feature is available in Postfix 2.2 and later. </p> 15877 15878 15879</DD> 15880 15881<DT><b><a name="smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> 15882(default: empty)</b></DT><DD> 15883 15884<p> The name of the proxy protocol used by an optional before-smtpd 15885proxy agent. When a proxy agent is used, this protocol conveys local 15886and remote address and port information. Specify 15887"<a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> = haproxy" to enable the haproxy 15888protocol. </p> 15889 15890<p> NOTE: To use the nginx proxy with <a href="smtpd.8.html">smtpd(8)</a>, enable the XCLIENT 15891protocol with <a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a>. This supports SASL 15892authentication in the proxy agent (Postfix 2.9 and later). <p> 15893 15894<p> This feature is available in Postfix 2.10 and later. </p> 15895 15896 15897</DD> 15898 15899<DT><b><a name="smtpd_upstream_proxy_timeout">smtpd_upstream_proxy_timeout</a> 15900(default: 5s)</b></DT><DD> 15901 15902<p> The time limit for the proxy protocol specified with the 15903<a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> parameter. </p> 15904 15905<p> This feature is available in Postfix 2.10 and later. </p> 15906 15907 15908</DD> 15909 15910<DT><b><a name="smtpd_use_tls">smtpd_use_tls</a> 15911(default: no)</b></DT><DD> 15912 15913<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients, 15914but do not require that clients use TLS encryption. </p> 15915 15916<p> Note: when invoked via "<b>sendmail -bs</b>", Postfix will never offer 15917STARTTLS due to insufficient privileges to access the server private 15918key. This is intended behavior. </p> 15919 15920<p> This feature is available in Postfix 2.2 and later. With 15921Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p> 15922 15923 15924</DD> 15925 15926<DT><b><a name="soft_bounce">soft_bounce</a> 15927(default: no)</b></DT><DD> 15928 15929<p> 15930Safety net to keep mail queued that would otherwise be returned to 15931the sender. This parameter disables locally-generated bounces, 15932changes the handling of negative responses from remote servers, 15933content filters or plugins, 15934and prevents the Postfix SMTP server from rejecting mail permanently 15935by changing 5xx reply codes into 4xx. However, <a href="postconf.5.html#soft_bounce">soft_bounce</a> is no 15936cure for address rewriting mistakes or mail routing mistakes. 15937</p> 15938 15939<p> 15940Note: "<a href="postconf.5.html#soft_bounce">soft_bounce</a> = yes" is in some cases implemented by modifying 15941server responses. Therefore, the response that Postfix logs may 15942differ from the response that Postfix actually sends or receives. 15943</p> 15944 15945<p> 15946Example: 15947</p> 15948 15949<pre> 15950<a href="postconf.5.html#soft_bounce">soft_bounce</a> = yes 15951</pre> 15952 15953 15954</DD> 15955 15956<DT><b><a name="stale_lock_time">stale_lock_time</a> 15957(default: 500s)</b></DT><DD> 15958 15959<p> 15960The time after which a stale exclusive mailbox lockfile is removed. 15961This is used for delivery to file or mailbox. 15962</p> 15963 15964<p> 15965Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 15966The default time unit is s (seconds). 15967</p> 15968 15969 15970</DD> 15971 15972<DT><b><a name="stress">stress</a> 15973(default: empty)</b></DT><DD> 15974 15975<p> This feature is documented in the <a href="STRESS_README.html">STRESS_README</a> document. </p> 15976 15977<p> This feature is available in Postfix 2.5 and later. </p> 15978 15979 15980</DD> 15981 15982<DT><b><a name="strict_7bit_headers">strict_7bit_headers</a> 15983(default: no)</b></DT><DD> 15984 15985<p> 15986Reject mail with 8-bit text in message headers. This blocks mail 15987from poorly written applications. 15988</p> 15989 15990<p> 15991This feature should not be enabled on a general purpose mail server, 15992because it is likely to reject legitimate email. 15993</p> 15994 15995<p> 15996This feature is available in Postfix 2.0 and later. 15997</p> 15998 15999 16000</DD> 16001 16002<DT><b><a name="strict_8bitmime">strict_8bitmime</a> 16003(default: no)</b></DT><DD> 16004 16005<p> 16006Enable both <a href="postconf.5.html#strict_7bit_headers">strict_7bit_headers</a> and <a href="postconf.5.html#strict_8bitmime_body">strict_8bitmime_body</a>. 16007</p> 16008 16009<p> 16010This feature should not be enabled on a general purpose mail server, 16011because it is likely to reject legitimate email. 16012</p> 16013 16014<p> 16015This feature is available in Postfix 2.0 and later. 16016</p> 16017 16018 16019</DD> 16020 16021<DT><b><a name="strict_8bitmime_body">strict_8bitmime_body</a> 16022(default: no)</b></DT><DD> 16023 16024<p> 16025Reject 8-bit message body text without 8-bit MIME content encoding 16026information. This blocks mail from poorly written applications. 16027</p> 16028 16029<p> 16030Unfortunately, this also rejects majordomo approval requests when 16031the included request contains valid 8-bit MIME mail, and it rejects 16032bounces from mailers that do not MIME encapsulate 8-bit content 16033(for example, bounces from qmail or from old versions of Postfix). 16034</p> 16035 16036<p> 16037This feature should not be enabled on a general purpose mail server, 16038because it is likely to reject legitimate email. 16039</p> 16040 16041<p> 16042This feature is available in Postfix 2.0 and later. 16043</p> 16044 16045 16046</DD> 16047 16048<DT><b><a name="strict_mailbox_ownership">strict_mailbox_ownership</a> 16049(default: yes)</b></DT><DD> 16050 16051<p> Defer delivery when a mailbox file is not owned by its recipient. 16052The default setting is not backwards compatible. </p> 16053 16054<p> This feature is available in Postfix 2.5.3 and later. </p> 16055 16056 16057</DD> 16058 16059<DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a> 16060(default: no)</b></DT><DD> 16061 16062<p> 16063Reject mail with invalid Content-Transfer-Encoding: information 16064for the message/* or multipart/* MIME content types. This blocks 16065mail from poorly written software. 16066</p> 16067 16068<p> 16069This feature should not be enabled on a general purpose mail server, 16070because it will reject mail after a single violation. 16071</p> 16072 16073<p> 16074This feature is available in Postfix 2.0 and later. 16075</p> 16076 16077 16078</DD> 16079 16080<DT><b><a name="strict_rfc821_envelopes">strict_rfc821_envelopes</a> 16081(default: no)</b></DT><DD> 16082 16083<p> 16084Require that addresses received in SMTP MAIL FROM and RCPT TO 16085commands are enclosed with <>, and that those addresses do 16086not contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style comments or phrases. This stops mail 16087from poorly written software. 16088</p> 16089 16090<p> 16091By default, the Postfix SMTP server accepts <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> syntax in MAIL 16092FROM and RCPT TO addresses. 16093</p> 16094 16095 16096</DD> 16097 16098<DT><b><a name="sun_mailtool_compatibility">sun_mailtool_compatibility</a> 16099(default: no)</b></DT><DD> 16100 16101<p> 16102Obsolete SUN mailtool compatibility feature. Instead, use 16103"<a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> = dotlock". 16104</p> 16105 16106 16107</DD> 16108 16109<DT><b><a name="swap_bangpath">swap_bangpath</a> 16110(default: yes)</b></DT><DD> 16111 16112<p> 16113Enable the rewriting of "site!user" into "user@site". This is 16114necessary if your machine is connected to UUCP networks. It is 16115enabled by default. 16116</p> 16117 16118<p> Note: with Postfix version 2.2, message header address rewriting 16119happens only when one of the following conditions is true: </p> 16120 16121<ul> 16122 16123<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, 16124 16125<li> The message is received from a network client that matches 16126$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>, 16127 16128<li> The message is received from the network, and the 16129<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value. 16130 16131</ul> 16132 16133<p> To get the behavior before Postfix version 2.2, specify 16134"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> 16135 16136<p> 16137Example: 16138</p> 16139 16140<pre> 16141<a href="postconf.5.html#swap_bangpath">swap_bangpath</a> = no 16142</pre> 16143 16144 16145</DD> 16146 16147<DT><b><a name="syslog_facility">syslog_facility</a> 16148(default: mail)</b></DT><DD> 16149 16150<p> 16151The syslog facility of Postfix logging. Specify a facility as 16152defined in syslog.conf(5). The default facility is "mail". 16153</p> 16154 16155<p> 16156Warning: a non-default <a href="postconf.5.html#syslog_facility">syslog_facility</a> setting takes effect only 16157after a Postfix process has completed initialization. Errors during 16158process initialization will be logged with the default facility. 16159Examples are errors while parsing the command line arguments, and 16160errors while accessing the Postfix <a href="postconf.5.html">main.cf</a> configuration file. 16161</p> 16162 16163 16164</DD> 16165 16166<DT><b><a name="syslog_name">syslog_name</a> 16167(default: see "postconf -d" output)</b></DT><DD> 16168 16169<p> 16170The mail system name that is prepended to the process name in syslog 16171records, so that "smtpd" becomes, for example, "postfix/smtpd". 16172</p> 16173 16174<p> 16175Warning: a non-default <a href="postconf.5.html#syslog_name">syslog_name</a> setting takes effect only after 16176a Postfix process has completed initialization. Errors during 16177process initialization will be logged with the default name. Examples 16178are errors while parsing the command line arguments, and errors 16179while accessing the Postfix <a href="postconf.5.html">main.cf</a> configuration file. 16180</p> 16181 16182 16183</DD> 16184 16185<DT><b><a name="tcp_windowsize">tcp_windowsize</a> 16186(default: 0)</b></DT><DD> 16187 16188<p> An optional workaround for routers that break TCP window scaling. 16189Specify a value > 0 and < 65536 to enable this feature. With 16190Postfix TCP servers (<a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a>), this feature is implemented 16191by the Postfix <a href="master.8.html">master(8)</a> daemon. </p> 16192 16193<p> To change this parameter without stopping Postfix, you need to 16194first terminate all Postfix TCP servers: </p> 16195 16196<blockquote> 16197<pre> 16198# postconf -e <a href="postconf.5.html#master_service_disable">master_service_disable</a>=inet 16199# postfix reload 16200</pre> 16201</blockquote> 16202 16203<p> This immediately terminates all processes that accept network 16204connections. Next, you enable Postfix TCP servers with the updated 16205<a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> setting: </p> 16206 16207<blockquote> 16208<pre> 16209# postconf -e <a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a>=65535 <a href="postconf.5.html#master_service_disable">master_service_disable</a>= 16210# postfix reload 16211</pre> 16212</blockquote> 16213 16214<p> If you skip these steps with a running Postfix system, then the 16215<a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> change will work only for Postfix TCP clients (<a href="smtp.8.html">smtp(8)</a>, 16216<a href="lmtp.8.html">lmtp(8)</a>). </p> 16217 16218<p> This feature is available in Postfix 2.6 and later. </p> 16219 16220 16221</DD> 16222 16223<DT><b><a name="tls_append_default_CA">tls_append_default_CA</a> 16224(default: no)</b></DT><DD> 16225 16226<p> Append the system-supplied default certificate authority 16227certificates to the ones specified with *_tls_CApath or *_tls_CAfile. 16228The default is "no"; this prevents Postfix from trusting third-party 16229certificates and giving them relay permission with 16230<a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p> 16231 16232<p> This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8, 162332.7.2 and later versions. Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = yes" for 16234backwards compatibility, to avoid breaking certificate verification 16235with sites that don't use <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p> 16236 16237 16238</DD> 16239 16240<DT><b><a name="tls_daemon_random_bytes">tls_daemon_random_bytes</a> 16241(default: 32)</b></DT><DD> 16242 16243<p> The number of pseudo-random bytes that an <a href="smtp.8.html">smtp(8)</a> or <a href="smtpd.8.html">smtpd(8)</a> 16244process requests from the <a href="tlsmgr.8.html">tlsmgr(8)</a> server in order to seed its 16245internal pseudo random number generator (PRNG). The default of 32 16246bytes (equivalent to 256 bits) is sufficient to generate a 128bit 16247(or 168bit) session key. </p> 16248 16249<p> This feature is available in Postfix 2.2 and later. </p> 16250 16251 16252</DD> 16253 16254<DT><b><a name="tls_dane_digest_agility">tls_dane_digest_agility</a> 16255(default: on)</b></DT><DD> 16256 16257<p> Configure DANE TLSA digest algorithm agility. When digest 16258algorithm agility is enabled, and the server and client support a 16259common strong digest algorithm, TLSA records with weaker digest 16260algorithms are ignored. </p> 16261 16262<p> Specify one of the following: </p> 16263 16264<dl> 16265 16266<dt><b>off</b></dt> 16267<dd> DANE verification examines each well-formed record in the TLSA 16268RRset whose matching type is either "0" (no hash used) or is one of 16269the digest algorithms listed in $<a href="postconf.5.html#tls_dane_digests">tls_dane_digests</a>. This setting 16270is not recommended. </dd> 16271 16272<dt><b>on</b></dt> 16273<dd> From each group of well-formed TLSA RRs a non-zero digest 16274matching type with the same certificate usage and selector, DANE 16275verification examines only those records whose matching type has 16276the highest precedence (appear earliest in $<a href="postconf.5.html#tls_dane_digests">tls_dane_digests</a>). 16277</dd> 16278 16279<dt><b>maybe</b></dt> 16280<dd> For compatibility with digest algorithm agility, each certificate 16281or public key whose digest is included in a DANE TLSA RRset, SHOULD 16282be published with the same set of digest matching type values as 16283any other with the same usage and selector. Therefore, compatible 16284TLSA RRsets will contain an identical count of well-formed RRs with 16285each non-zero digest matching type for any fixed combination of 16286usage and selector. When this constraint is violated, or any of 16287the digest records are malformed, digest algorithm agility will 16288disabled. Otherwise, digest algorithm agility is enabled. </dd> 16289 16290</dl> 16291 16292<p> Digest algorithm agility ensures that the strongest digest 16293supported by both the Postfix SMTP client and the remote server is 16294used, and weaker digests are ignored. This supports non-disruptive 16295deprecation of outdated digest algorithms. </p> 16296 16297<p> To ensure compatibility with digest algorithm agility during 16298key rotation, when a certificate or public key is being replaced 16299with another, and both are published during the transition, both 16300the old and the new certificate MUST be specified with the same set 16301of digests. One can change the list of digest algorithms later, 16302once old keys are retired. At any given time, change either the 16303list of digests without changing the list of certificates or public 16304keys or the list of certificates or public keys without changing 16305the list of digests. Full value matching type "0" records are not 16306subject to this constraint, but are discouraged due to the size of 16307the resulting DNS records. </p> 16308 16309<p> It is expected that this algorithm agility mechanism will be 16310published in a standards track RFC for SMTP with DANE, and also in 16311an eventual update to <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a>. </p> 16312 16313<p> This feature is available in Postfix 2.11 and later. </p> 16314 16315 16316</DD> 16317 16318<DT><b><a name="tls_dane_digests">tls_dane_digests</a> 16319(default: sha512 sha256)</b></DT><DD> 16320 16321<p> <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> TLSA resource-record "matching type" digest algorithms 16322in descending preference order. All the specified algorithms must 16323be supported by the underlying OpenSSL library, otherwise the Postfix 16324SMTP client will not support DANE TLSA security. </p> 16325 16326<p> Specify a list of digest names separated by commas and/or 16327whitespace. Each digest name may be followed by an optional 16328"=<number>" suffix. For example, "sha512" may instead be specified 16329as "sha512=2" and "sha256" may instead be specified as "sha256=1". 16330The optional number must match the <a 16331href="https://www.iana.org/assignments/dane-parameters/dane-parameters.xhtml#matching-types" 16332>IANA</a> assigned TLSA matching type number the algorithm in question. 16333Postfix will check this constraint for the algorithms it knows about. 16334Additional matching type algorithms registered with IANA can be added 16335with explicit numbers provided they are supported by OpenSSL. </p> 16336 16337<p> Invalid list elements are logged with a warning and disable DANE 16338support. TLSA RRs that specify digests not included in the list are 16339ignored with a warning. </p> 16340 16341<p> Note: It is unwise to omit sha256 from the digest list. This 16342digest algorithm is the only mandatory to implement digest algorithm 16343in <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a>, and many servers are expected publish TLSA records 16344with just sha256 digests. Unless one of the standard digests is 16345seriously compromised and servers have had ample time to update their 16346TLSA records you should not omit any standard digests, just arrange 16347them in order from strongest to weakest. </p> 16348 16349<p> When for a particular combination of "certificate usage" and 16350"selector" the TLSA RRset contains records with more than one digest 16351matching type, the tls_dane_digest_agility parameter determines 16352whether all the RRs are used, or only those with the most preferred 16353digest matching type. </p> 16354 16355<p> The <a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> parameter controls 16356whether any digest TLSA records are acceptable in usage "2" (trust 16357anchor assertion) TLSA records. </p> 16358 16359<p> This feature is available in Postfix 2.11 and later. </p> 16360 16361 16362</DD> 16363 16364<DT><b><a name="tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> 16365(default: yes)</b></DT><DD> 16366 16367<p> <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> trust-anchor digest support in the Postfix TLS library. 16368Enable support for <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain 16369digests of trust-anchors with certificate usage "2". In this case 16370the certificate usage logically requires the server administrator 16371to configure the server to include the trust-anchor certificate in 16372the server's SSL certificate chain. If enough domains mess this 16373up, you can disable support for these TLSA records, but you'll no 16374longer have secure connections that get it right and only publish 16375trust anchor records. </p> 16376 16377<p> At the <a href="TLS_README.html#client_tls_dane">dane</a> 16378security level, when a TLSA RRset includes only unusable associations, 16379the Postfix SMTP client will automatically switch the connection 16380to the <a href="TLS_README.html#client_tls_encrypt">encrypt</a> 16381security level. At the <a 16382href="TLS_README.html#client_tls_dane">dane-only</a> security level, 16383the server in question is skipped and delivery is deferred if no 16384secure servers are found. </p> 16385 16386<p> The <a href="postconf.5.html#tls_dane_digests">tls_dane_digests</a> parameter controls the list of digest 16387algorithms that are supported in TLSA records. The tls_dane_digest_agility 16388parameter controls digest algorithm downgrade attack resistance. 16389</p> 16390 16391<p> This feature is available in Postfix 2.11 and later. </p> 16392 16393 16394</DD> 16395 16396<DT><b><a name="tls_disable_workarounds">tls_disable_workarounds</a> 16397(default: see "postconf -d" output)</b></DT><DD> 16398 16399<p> List or bit-mask of OpenSSL bug work-arounds to disable. </p> 16400 16401<p> The OpenSSL toolkit includes a set of work-arounds for buggy SSL/TLS 16402implementations. Applications, such as Postfix, that want to maximize 16403interoperability ask the OpenSSL library to enable the full set of 16404recommended work-arounds. </p> 16405 16406<p> From time to time, it is discovered that a work-around creates a 16407security issue, and should no longer be used. If upgrading OpenSSL 16408to a fixed version is not an option or an upgrade is not available 16409in a timely manner, or in closed environments where no buggy clients 16410or servers exist, it may be appropriate to disable some or all of the 16411OpenSSL interoperability work-arounds. This parameter specifies which 16412bug work-arounds to disable. </p> 16413 16414<p> If the value of the parameter is a hexadecimal long integer starting 16415with "0x", the bug work-arounds corresponding to the bits specified in 16416its value are removed from the <b>SSL_OP_ALL</b> work-around bit-mask 16417(see openssl/ssl.h and SSL_CTX_set_options(3)). You can specify more 16418bits than are present in SSL_OP_ALL, excess bits are ignored. Specifying 164190xFFFFFFFF disables all bug-workarounds on a 32-bit system. This should 16420also be sufficient on 64-bit systems, until OpenSSL abandons support 16421for 32-bit systems and starts using the high 32 bits of a 64-bit 16422bug-workaround mask. </p> 16423 16424<p> Otherwise, the parameter is a white-space or comma separated list 16425of specific named bug work-arounds chosen from the list below. It 16426is possible that your OpenSSL version includes new bug work-arounds 16427added after your Postfix source code was last updated, in that case 16428you can only disable one of these via the hexadecimal syntax above. </p> 16429 16430<dl> 16431 16432<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 16433 16434<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 16435 16436<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 16437 16438<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased 16439as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by 16440default with OpenSSL versions that may predate the fix. Fixed in 16441OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd> 16442 16443<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See 16444SSL_CTX_set_options(3)</dd> 16445 16446<dt><b>MICROSOFT_BIG_SSLV3_BUFFER</b></dt> <dd>See 16447SSL_CTX_set_options(3)</dd> 16448 16449<dt><b>MSIE_SSLV2_RSA_PADDING</b></dt> <dd> also aliased as 16450<b>CVE-2005-2969</b>. Postfix 2.8 disables this work-around by 16451default with OpenSSL versions that may predate the fix. Fixed in 16452OpenSSL 0.9.7h and OpenSSL 0.9.8a.</dd> 16453 16454<dt><b>SSLEAY_080_CLIENT_DH_BUG</b></dt> <dd>See 16455SSL_CTX_set_options(3)</dd> 16456 16457<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 16458 16459<dt><b>TLS_BLOCK_PADDING_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd> 16460 16461<dt><b>TLS_ROLLBACK_BUG</b></dt> <dd>See SSL_CTX_set_options(3). 16462This is disabled in OpenSSL 0.9.7 and later. Nobody should still 16463be using 0.9.6! </dd> 16464 16465<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See 16466SSL_CTX_set_options(3)</dd> 16467 16468<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in 16469OpenSSL 1.0.0.</dd> 16470 16471</dl> 16472 16473<p> This feature is available in Postfix 2.8 and later. </p> 16474 16475 16476</DD> 16477 16478<DT><b><a name="tls_eecdh_strong_curve">tls_eecdh_strong_curve</a> 16479(default: prime256v1)</b></DT><DD> 16480 16481<p> The elliptic curve used by the Postfix SMTP server for sensibly 16482strong 16483ephemeral ECDH key exchange. This curve is used by the Postfix SMTP 16484server when "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = strong". The phrase "sensibly 16485strong" means approximately 128-bit security based on best known 16486attacks. The selected curve must be implemented by OpenSSL (as 16487reported by ecparam(1) with the "-list_curves" option) and be one 16488of the curves listed in Section 5.1.1 of <a href="http://tools.ietf.org/html/rfc4492">RFC 4492</a>. You should not 16489generally change this setting. Remote SMTP client implementations 16490must support this curve for EECDH key exchange to take place. It 16491is unwise to choose an "exotic" curve supported by only a small subset 16492of clients. </p> 16493 16494<p> The default "strong" curve is rated in NSA <a 16495href="http://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite 16496B</a> for information classified up to SECRET. </p> 16497 16498<p> Note: elliptic curve names are poorly standardized; different 16499standards groups are assigning different names to the same underlying 16500curves. The curve with the X9.62 name "prime256v1" is also known 16501under the SECG name "secp256r1", but OpenSSL does not recognize the 16502latter name. </p> 16503 16504<p> If you want to take maximal advantage of ciphers that offer <a 16505href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see 16506the <a href="FORWARD_SECRECY_README.html#quick-start">Getting 16507started</a> section of <a 16508href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The 16509full document conveniently presents all information about Postfix 16510"perfect" forward secrecy support in one place: what forward secrecy 16511is, how to tweak settings, and what you can expect to see when 16512Postfix uses ciphers with forward secrecy. </p> 16513 16514<p> This feature is available in Postfix 2.6 and later, when it is 16515compiled and linked with OpenSSL 1.0.0 or later on platforms where 16516EC algorithms have not been disabled by the vendor. </p> 16517 16518 16519</DD> 16520 16521<DT><b><a name="tls_eecdh_ultra_curve">tls_eecdh_ultra_curve</a> 16522(default: secp384r1)</b></DT><DD> 16523 16524<p> The elliptic curve used by the Postfix SMTP server for maximally 16525strong 16526ephemeral ECDH key exchange. This curve is used by the Postfix SMTP 16527server when "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = ultra". The phrase "maximally 16528strong" means approximately 192-bit security based on best known attacks. 16529This additional strength comes at a significant computational cost, most 16530users should instead set "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = strong". The selected 16531curve must be implemented by OpenSSL (as reported by ecparam(1) with the 16532"-list_curves" option) and be one of the curves listed in Section 5.1.1 16533of <a href="http://tools.ietf.org/html/rfc4492">RFC 4492</a>. You should not generally change this setting. </p> 16534 16535<p> This default "ultra" curve is rated in NSA <a 16536href="http://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite 16537B</a> for information classified up to TOP SECRET. </p> 16538 16539<p> If you want to take maximal advantage of ciphers that offer <a 16540href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see 16541the <a href="FORWARD_SECRECY_README.html#quick-start">Getting 16542started</a> section of <a 16543href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The 16544full document conveniently presents all information about Postfix 16545"perfect" forward secrecy support in one place: what forward secrecy 16546is, how to tweak settings, and what you can expect to see when 16547Postfix uses ciphers with forward secrecy. </p> 16548 16549<p> This feature is available in Postfix 2.6 and later, when it is 16550compiled and linked with OpenSSL 1.0.0 or later on platforms where 16551EC algorithms have not been disabled by the vendor. </p> 16552 16553 16554</DD> 16555 16556<DT><b><a name="tls_export_cipherlist">tls_export_cipherlist</a> 16557(default: ALL:+RC4:@STRENGTH)</b></DT><DD> 16558 16559<p> The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This 16560defines the meaning of the "export" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>, 16561<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>, 16562<a href="postconf.5.html#lmtp_tls_ciphers">lmtp_tls_ciphers</a>, and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. With Postfix 16563releases before the middle of 2015 this is the default cipherlist 16564for the opportunistic ("may") TLS client security level and also 16565the default cipherlist for the SMTP server. You are strongly 16566encouraged to not change this setting. </p> 16567 16568<p> This feature is available in Postfix 2.3 and later. </p> 16569 16570 16571</DD> 16572 16573<DT><b><a name="tls_high_cipherlist">tls_high_cipherlist</a> 16574(default: ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)</b></DT><DD> 16575 16576<p> The OpenSSL cipherlist for "HIGH" grade ciphers. This defines 16577the meaning of the "high" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>, 16578<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>, 16579<a href="postconf.5.html#lmtp_tls_ciphers">lmtp_tls_ciphers</a>, and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are strongly 16580encouraged to not change this setting. </p> 16581 16582<p> This feature is available in Postfix 2.3 and later. </p> 16583 16584 16585</DD> 16586 16587<DT><b><a name="tls_legacy_public_key_fingerprints">tls_legacy_public_key_fingerprints</a> 16588(default: no)</b></DT><DD> 16589 16590<p> A temporary migration aid for sites that use certificate 16591<i>public-key</i> fingerprints with Postfix 2.9.0..2.9.5, which use 16592an incorrect algorithm. This parameter has no effect on the certificate 16593fingerprint support that is available since Postfix 2.2. </p> 16594 16595<p> Specify "<a href="postconf.5.html#tls_legacy_public_key_fingerprint">tls_legacy_public_key_fingerprints</a> = yes" temporarily, 16596pending a migration from configuration files with incorrect Postfix 165972.9.0..2.9.5 certificate public-key finger prints, to the correct 16598fingerprints used by Postfix 2.9.6 and later. To compute the correct 16599certificate public-key fingerprints, see <a href="TLS_README.html">TLS_README</a>. </p> 16600 16601<p> This feature is available in Postfix 2.9.6 and later. </p> 16602 16603 16604</DD> 16605 16606<DT><b><a name="tls_low_cipherlist">tls_low_cipherlist</a> 16607(default: ALL:!EXPORT:+RC4:@STRENGTH)</b></DT><DD> 16608 16609<p> The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines 16610the meaning of the "low" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>, 16611<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>, 16612<a href="postconf.5.html#lmtp_tls_ciphers">lmtp_tls_ciphers</a>, and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are strongly 16613encouraged to not change this setting. </p> 16614 16615<p> This feature is available in Postfix 2.3 and later. </p> 16616 16617 16618</DD> 16619 16620<DT><b><a name="tls_medium_cipherlist">tls_medium_cipherlist</a> 16621(default: ALL:!EXPORT:!LOW:+RC4:@STRENGTH)</b></DT><DD> 16622 16623<p> The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This 16624defines the meaning of the "medium" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>, 16625<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>, 16626<a href="postconf.5.html#lmtp_tls_ciphers">lmtp_tls_ciphers</a>, and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. This is the 16627default cipherlist for mandatory TLS encryption in the TLS client 16628(with anonymous ciphers disabled when verifying server certificates). 16629This is the default cipherlist for opportunistic TLS with Postfix 16630releases after the middle of 2015. You are strongly encouraged to 16631not change this setting. </p> 16632 16633<p> This feature is available in Postfix 2.3 and later. </p> 16634 16635 16636</DD> 16637 16638<DT><b><a name="tls_null_cipherlist">tls_null_cipherlist</a> 16639(default: eNULL:!aNULL)</b></DT><DD> 16640 16641<p> The OpenSSL cipherlist for "NULL" grade ciphers that provide 16642authentication without encryption. This defines the meaning of the "null" 16643setting in smtpd_mandatory_tls_ciphers, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and 16644<a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are strongly encouraged to not 16645change this setting. </p> 16646 16647<p> This feature is available in Postfix 2.3 and later. </p> 16648 16649 16650</DD> 16651 16652<DT><b><a name="tls_preempt_cipherlist">tls_preempt_cipherlist</a> 16653(default: no)</b></DT><DD> 16654 16655<p> With SSLv3 and later, use the Postfix SMTP server's cipher 16656preference order instead of the remote client's cipher preference 16657order. </p> 16658 16659<p> By default, the OpenSSL server selects the client's most preferred 16660cipher that the server supports. With SSLv3 and later, the server may 16661choose its own most preferred cipher that is supported (offered) by 16662the client. Setting "<a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> = yes" enables server cipher 16663preferences. </p> 16664 16665<p> While server cipher selection may in some cases lead to a more secure 16666or performant cipher choice, there is some risk of interoperability 16667issues. In the past, some SSL clients have listed lower priority ciphers 16668that they did not implement correctly. If the server chooses a cipher 16669that the client prefers less, it may select a cipher whose client 16670implementation is flawed. Most notably Windows 2003 Microsoft 16671Exchange servers have flawed implementations of DES-CBC3-SHA, which 16672OpenSSL considers stronger than RC4-SHA. Enabling server cipher-suite 16673selection may create interoperability issues with Windows 2003 16674Microsoft Exchange clients. </p> 16675 16676<p> This feature is available in Postfix 2.8 and later, in combination 16677with OpenSSL 0.9.7 and later. </p> 16678 16679 16680</DD> 16681 16682<DT><b><a name="tls_random_bytes">tls_random_bytes</a> 16683(default: 32)</b></DT><DD> 16684 16685<p> The number of bytes that <a href="tlsmgr.8.html">tlsmgr(8)</a> reads from $<a href="postconf.5.html#tls_random_source">tls_random_source</a> 16686when (re)seeding the in-memory pseudo random number generator (PRNG) 16687pool. The default of 32 bytes (256 bits) is good enough for 128bit 16688symmetric keys. If using EGD or a device file, a maximum of 255 16689bytes is read. </p> 16690 16691<p> This feature is available in Postfix 2.2 and later. </p> 16692 16693 16694</DD> 16695 16696<DT><b><a name="tls_random_exchange_name">tls_random_exchange_name</a> 16697(default: see "postconf -d" output)</b></DT><DD> 16698 16699<p> Name of the pseudo random number generator (PRNG) state file 16700that is maintained by <a href="tlsmgr.8.html">tlsmgr(8)</a>. The file is created when it does 16701not exist, and its length is fixed at 1024 bytes. </p> 16702 16703<p> As of version 2.5, Postfix no longer uses root privileges when 16704opening this file, and the default file location was changed from 16705${<a href="postconf.5.html#config_directory">config_directory</a>}/prng_exch to ${<a href="postconf.5.html#data_directory">data_directory</a>}/prng_exch. As 16706a migration aid, an attempt to open the file under a non-Postfix 16707directory is redirected to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a 16708warning is logged. </p> 16709 16710<p> This feature is available in Postfix 2.2 and later. </p> 16711 16712 16713</DD> 16714 16715<DT><b><a name="tls_random_prng_update_period">tls_random_prng_update_period</a> 16716(default: 3600s)</b></DT><DD> 16717 16718<p> The time between attempts by <a href="tlsmgr.8.html">tlsmgr(8)</a> to save the state of 16719the pseudo random number generator (PRNG) to the file specified 16720with $<a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a>. </p> 16721 16722<p> This feature is available in Postfix 2.2 and later. </p> 16723 16724 16725</DD> 16726 16727<DT><b><a name="tls_random_reseed_period">tls_random_reseed_period</a> 16728(default: 3600s)</b></DT><DD> 16729 16730<p> The maximal time between attempts by <a href="tlsmgr.8.html">tlsmgr(8)</a> to re-seed the 16731in-memory pseudo random number generator (PRNG) pool from external 16732sources. The actual time between re-seeding attempts is calculated 16733using the PRNG, and is between 0 and the time specified. </p> 16734 16735<p> This feature is available in Postfix 2.2 and later. </p> 16736 16737 16738</DD> 16739 16740<DT><b><a name="tls_random_source">tls_random_source</a> 16741(default: see "postconf -d" output)</b></DT><DD> 16742 16743<p> The external entropy source for the in-memory <a href="tlsmgr.8.html">tlsmgr(8)</a> pseudo 16744random number generator (PRNG) pool. Be sure to specify a non-blocking 16745source. If this source is not a regular file, the entropy source 16746type must be prepended: egd:/path/to/egd_socket for a source with 16747EGD compatible socket interface, or dev:/path/to/device for a 16748device file. </p> 16749 16750<p> Note: on OpenBSD systems specify /dev/arandom when /dev/urandom 16751gives timeout errors. </p> 16752 16753<p> This feature is available in Postfix 2.2 and later. </p> 16754 16755 16756</DD> 16757 16758<DT><b><a name="tls_ssl_options">tls_ssl_options</a> 16759(default: empty)</b></DT><DD> 16760 16761<p> List or bit-mask of OpenSSL options to enable. </p> 16762 16763<p> The OpenSSL toolkit provides a set of options that applications 16764can enable to tune the OpenSSL behavior. Some of these work around 16765bugs in other implementations and are on by default. You can use 16766the <a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> parameter to selectively disable some 16767or all of the bug work-arounds, making OpenSSL more strict at the 16768cost of non-interoperability with SSL clients or servers that exhibit 16769the bugs. </p> 16770 16771<p> Other options are off by default, and typically enable or disable 16772features rather than bug work-arounds. These may be turned on (with 16773care) via the tls_ssl_options parameter. The value is a white-space 16774or comma separated list of named options chosen from the list below. 16775The names are not case-sensitive, you can use lower-case if you 16776prefer. The upper case values below match the corresponding macro 16777name in the ssl.h header file with the SSL_OP_ prefix removed. It 16778is possible that your OpenSSL version includes new options added 16779after your Postfix source code was last updated, in that case you 16780can only enable one of these via the hexadecimal syntax below. </p> 16781 16782<p> You should only enable features via the hexadecimal mask when 16783the need to control the feature is critical (to deal with a new 16784vulnerability or a serious interoperability problem). Postfix DOES 16785NOT promise backwards compatible behavior with respect to the mask 16786bits. A feature enabled via the mask in one release may be enabled 16787by other means in a later release, and the mask bit will then be 16788ignored. Therefore, use of the hexadecimal mask is only a temporary 16789measure until a new Postfix or OpenSSL release provides a better 16790solution. </p> 16791 16792<p> If the value of the parameter is a hexadecimal long integer 16793starting with "0x", the options corresponding to the bits specified 16794in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)). 16795You can only enable options not already controlled by other Postfix 16796settings. For example, you cannot disable protocols or enable 16797server cipher preference. Do not attempt to turn all features by 16798specifying 0xFFFFFFFF, this is unlikely to be a good idea. </p> 16799 16800<dl> 16801 16802<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd> 16803 16804<dt><b>NO_TICKET</b></dt> <dd>See SSL_CTX_set_options(3).</dd> 16805 16806<dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if 16807supported by the OpenSSL library. Compression is CPU-intensive, 16808and compression before encryption does not always improve security. </dd> 16809 16810</dl> 16811 16812<p> This feature is available in Postfix 2.11 and later. </p> 16813 16814 16815</DD> 16816 16817<DT><b><a name="tls_wildcard_matches_multiple_labels">tls_wildcard_matches_multiple_labels</a> 16818(default: yes)</b></DT><DD> 16819 16820<p> Match multiple DNS labels with "*" in wildcard certificates. 16821</p> 16822 16823<p> Some mail service providers prepend the customer domain name 16824to a base domain for which they have a wildcard TLS certificate. 16825For example, the MX records for example.com hosted by example.net 16826may be: </p> 16827 16828<blockquote> 16829<pre> 16830example.com. IN MX 0 example.com.mx1.example.net. 16831example.com. IN MX 0 example.com.mx2.example.net. 16832</pre> 16833</blockquote> 16834 16835<p> and the TLS certificate may be for "*.example.net". The "*" 16836then corresponds with multiple labels in the mail server domain 16837name. While multi-label wildcards are not widely supported, and 16838are not blessed by any standard, there is little to be gained by 16839disallowing their use in this context. </p> 16840 16841<p> Notes: <p> 16842 16843<ul> 16844 16845<li> <p> In a certificate name, the "*" is special only when it is 16846used as the first label. </p> 16847 16848<li> <p> While Postfix (2.11 or later) can match "*" with multiple 16849domain name labels, other implementations likely will not. </p> 16850 16851<li> <p> Earlier Postfix implementations behave as if 16852"<a href="postconf.5.html#tls_wildcard_matches_multiple_labels">tls_wildcard_matches_multiple_labels</a> = no". </p> 16853 16854</ul> 16855 16856<p> This feature is available in Postfix 2.11 and later. </p> 16857 16858 16859</DD> 16860 16861<DT><b><a name="tlsmgr_service_name">tlsmgr_service_name</a> 16862(default: tlsmgr)</b></DT><DD> 16863 16864<p> The name of the <a href="tlsmgr.8.html">tlsmgr(8)</a> service entry in <a href="master.5.html">master.cf</a>. This 16865service maintains TLS session caches and other information in support 16866of TLS. </p> 16867 16868<p> This feature is available in Postfix 2.11 and later. </p> 16869 16870 16871</DD> 16872 16873<DT><b><a name="tlsproxy_enforce_tls">tlsproxy_enforce_tls</a> 16874(default: $<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b></DT><DD> 16875 16876<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, and 16877require that clients use TLS encryption. See <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> for 16878further details. </p> 16879 16880<p> This feature is available in Postfix 2.8 and later. </p> 16881 16882 16883</DD> 16884 16885<DT><b><a name="tlsproxy_service_name">tlsproxy_service_name</a> 16886(default: tlsproxy)</b></DT><DD> 16887 16888<p> The name of the <a href="tlsproxy.8.html">tlsproxy(8)</a> service entry in <a href="master.5.html">master.cf</a>. This 16889service performs plaintext <=> TLS ciphertext conversion. <p> 16890 16891<p> This feature is available in Postfix 2.8 and later. </p> 16892 16893 16894</DD> 16895 16896<DT><b><a name="tlsproxy_tls_CAfile">tlsproxy_tls_CAfile</a> 16897(default: $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>)</b></DT><DD> 16898 16899<p> A file containing (PEM format) CA certificates of root CAs 16900trusted to sign either remote SMTP client certificates or intermediate 16901CA certificates. See <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> for further details. </p> 16902 16903<p> This feature is available in Postfix 2.8 and later. </p> 16904 16905 16906</DD> 16907 16908<DT><b><a name="tlsproxy_tls_CApath">tlsproxy_tls_CApath</a> 16909(default: $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>)</b></DT><DD> 16910 16911<p> A directory containing (PEM format) CA certificates of root CAs 16912trusted to sign either remote SMTP client certificates or intermediate 16913CA certificates. See <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> for further details. </p> 16914 16915<p> This feature is available in Postfix 2.8 and later. </p> 16916 16917 16918</DD> 16919 16920<DT><b><a name="tlsproxy_tls_always_issue_session_ids">tlsproxy_tls_always_issue_session_ids</a> 16921(default: $<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a>)</b></DT><DD> 16922 16923<p> Force the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server to issue a TLS session id, 16924even when TLS session caching is turned off. See 16925<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> for further details. </p> 16926 16927<p> This feature is available in Postfix 2.8 and later. </p> 16928 16929 16930</DD> 16931 16932<DT><b><a name="tlsproxy_tls_ask_ccert">tlsproxy_tls_ask_ccert</a> 16933(default: $<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>)</b></DT><DD> 16934 16935<p> Ask a remote SMTP client for a client certificate. See 16936<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> for further details. </p> 16937 16938<p> This feature is available in Postfix 2.8 and later. </p> 16939 16940 16941</DD> 16942 16943<DT><b><a name="tlsproxy_tls_ccert_verifydepth">tlsproxy_tls_ccert_verifydepth</a> 16944(default: $<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a>)</b></DT><DD> 16945 16946<p> The verification depth for remote SMTP client certificates. A 16947depth of 1 is sufficient if the issuing CA is listed in a local CA 16948file. See <a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> for further details. </p> 16949 16950<p> This feature is available in Postfix 2.8 and later. </p> 16951 16952 16953</DD> 16954 16955<DT><b><a name="tlsproxy_tls_cert_file">tlsproxy_tls_cert_file</a> 16956(default: $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b></DT><DD> 16957 16958<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server RSA certificate in PEM 16959format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 16960private RSA key. See <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for further details. </p> 16961 16962<p> This feature is available in Postfix 2.8 and later. </p> 16963 16964 16965</DD> 16966 16967<DT><b><a name="tlsproxy_tls_ciphers">tlsproxy_tls_ciphers</a> 16968(default: $<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>)</b></DT><DD> 16969 16970<p> The minimum TLS cipher grade that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 16971will use with opportunistic TLS encryption. See <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> 16972for further details. </p> 16973 16974<p> This feature is available in Postfix 2.8 and later. </p> 16975 16976 16977</DD> 16978 16979<DT><b><a name="tlsproxy_tls_dcert_file">tlsproxy_tls_dcert_file</a> 16980(default: $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b></DT><DD> 16981 16982<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server DSA certificate in PEM 16983format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 16984private DSA key. See <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> for further details. 16985</p> 16986 16987<p> This feature is available in Postfix 2.8 and later. </p> 16988 16989 16990</DD> 16991 16992<DT><b><a name="tlsproxy_tls_dh1024_param_file">tlsproxy_tls_dh1024_param_file</a> 16993(default: $<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>)</b></DT><DD> 16994 16995<p> File with DH parameters that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 16996should use with non-export EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> 16997for further details. </p> 16998 16999<p> This feature is available in Postfix 2.8 and later. </p> 17000 17001 17002</DD> 17003 17004<DT><b><a name="tlsproxy_tls_dh512_param_file">tlsproxy_tls_dh512_param_file</a> 17005(default: $<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>)</b></DT><DD> 17006 17007<p> File with DH parameters that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 17008should use with export-grade EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> 17009for further details. </p> 17010 17011<p> This feature is available in Postfix 2.8 and later. </p> 17012 17013 17014</DD> 17015 17016<DT><b><a name="tlsproxy_tls_dkey_file">tlsproxy_tls_dkey_file</a> 17017(default: $<a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a>)</b></DT><DD> 17018 17019<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server DSA private key in PEM 17020format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> 17021server DSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. 17022See <a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> for further details. </p> 17023 17024<p> This feature is available in Postfix 2.8 and later. </p> 17025 17026 17027</DD> 17028 17029<DT><b><a name="tlsproxy_tls_eccert_file">tlsproxy_tls_eccert_file</a> 17030(default: $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b></DT><DD> 17031 17032<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server ECDSA certificate in 17033PEM format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> 17034server private ECDSA key. See <a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> for further 17035details. </p> 17036 17037<p> This feature is available in Postfix 2.8 and later. </p> 17038 17039 17040</DD> 17041 17042<DT><b><a name="tlsproxy_tls_eckey_file">tlsproxy_tls_eckey_file</a> 17043(default: $<a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a>)</b></DT><DD> 17044 17045<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server ECDSA private key in 17046PEM format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> 17047server ECDSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. 17048See <a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> for further details. </p> 17049 17050<p> This feature is available in Postfix 2.8 and later. </p> 17051 17052 17053</DD> 17054 17055<DT><b><a name="tlsproxy_tls_eecdh_grade">tlsproxy_tls_eecdh_grade</a> 17056(default: $<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a>)</b></DT><DD> 17057 17058<p> The Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server security grade for ephemeral 17059elliptic-curve Diffie-Hellman (EECDH) key exchange. See 17060<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> for further details. </p> 17061 17062<p> This feature is available in Postfix 2.8 and later. </p> 17063 17064 17065</DD> 17066 17067<DT><b><a name="tlsproxy_tls_exclude_ciphers">tlsproxy_tls_exclude_ciphers</a> 17068(default: $<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>)</b></DT><DD> 17069 17070<p> List of ciphers or cipher types to exclude from the <a href="tlsproxy.8.html">tlsproxy(8)</a> 17071server cipher list at all TLS security levels. See 17072<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> for further details. </p> 17073 17074<p> This feature is available in Postfix 2.8 and later. </p> 17075 17076 17077</DD> 17078 17079<DT><b><a name="tlsproxy_tls_fingerprint_digest">tlsproxy_tls_fingerprint_digest</a> 17080(default: $<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a>)</b></DT><DD> 17081 17082<p> The message digest algorithm to construct remote SMTP 17083client-certificate 17084fingerprints. See <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> for further details. 17085</p> 17086 17087<p> This feature is available in Postfix 2.8 and later. </p> 17088 17089 17090</DD> 17091 17092<DT><b><a name="tlsproxy_tls_key_file">tlsproxy_tls_key_file</a> 17093(default: $<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a>)</b></DT><DD> 17094 17095<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server RSA private key in PEM 17096format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> 17097server RSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>. 17098See <a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> for further details. </p> 17099 17100<p> This feature is available in Postfix 2.8 and later. </p> 17101 17102 17103</DD> 17104 17105<DT><b><a name="tlsproxy_tls_loglevel">tlsproxy_tls_loglevel</a> 17106(default: $<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a>)</b></DT><DD> 17107 17108<p> Enable additional Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server logging of TLS 17109activity. Each logging level also includes the information that 17110is logged at a lower logging level. See <a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> for 17111further details. </p> 17112 17113<p> This feature is available in Postfix 2.8 and later. </p> 17114 17115 17116</DD> 17117 17118<DT><b><a name="tlsproxy_tls_mandatory_ciphers">tlsproxy_tls_mandatory_ciphers</a> 17119(default: $<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>)</b></DT><DD> 17120 17121<p> The minimum TLS cipher grade that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 17122will use with mandatory TLS encryption. See <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> 17123for further details. </p> 17124 17125<p> This feature is available in Postfix 2.8 and later. </p> 17126 17127 17128</DD> 17129 17130<DT><b><a name="tlsproxy_tls_mandatory_exclude_ciphers">tlsproxy_tls_mandatory_exclude_ciphers</a> 17131(default: $<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a>)</b></DT><DD> 17132 17133<p> Additional list of ciphers or cipher types to exclude from the 17134<a href="tlsproxy.8.html">tlsproxy(8)</a> server cipher list at mandatory TLS security levels. 17135See <a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> for further details. </p> 17136 17137<p> This feature is available in Postfix 2.8 and later. </p> 17138 17139 17140</DD> 17141 17142<DT><b><a name="tlsproxy_tls_mandatory_protocols">tlsproxy_tls_mandatory_protocols</a> 17143(default: $<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>)</b></DT><DD> 17144 17145<p> The SSL/TLS protocols accepted by the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server 17146with mandatory TLS encryption. If the list is empty, the server 17147supports all available SSL/TLS protocol versions. See 17148<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> for further details. </p> 17149 17150<p> This feature is available in Postfix 2.8 and later. </p> 17151 17152 17153</DD> 17154 17155<DT><b><a name="tlsproxy_tls_protocols">tlsproxy_tls_protocols</a> 17156(default: $<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>)</b></DT><DD> 17157 17158<p> List of TLS protocols that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server will 17159exclude or include with opportunistic TLS encryption. See 17160<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> for further details. </p> 17161 17162<p> This feature is available in Postfix 2.8 and later. </p> 17163 17164 17165</DD> 17166 17167<DT><b><a name="tlsproxy_tls_req_ccert">tlsproxy_tls_req_ccert</a> 17168(default: $<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>)</b></DT><DD> 17169 17170<p> With mandatory TLS encryption, require a trusted remote SMTP 17171client certificate in order to allow TLS connections to proceed. 17172See <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> for further details. </p> 17173 17174<p> This feature is available in Postfix 2.8 and later. </p> 17175 17176 17177</DD> 17178 17179<DT><b><a name="tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> 17180(default: $<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b></DT><DD> 17181 17182<p> The SMTP TLS security level for the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server; 17183when a non-empty value is specified, this overrides the obsolete 17184parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>. See 17185<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> for further details. </p> 17186 17187<p> This feature is available in Postfix 2.8 and later. </p> 17188 17189 17190</DD> 17191 17192<DT><b><a name="tlsproxy_tls_session_cache_timeout">tlsproxy_tls_session_cache_timeout</a> 17193(default: $<a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>)</b></DT><DD> 17194 17195<p> Obsolete expiration time of Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server TLS session 17196cache information. Since the cache is shared with <a href="smtpd.8.html">smtpd(8)</a> and managed 17197by <a href="tlsmgr.8.html">tlsmgr(8)</a>, there is only one expiration time for the SMTP server cache 17198shared by all three services, namely <a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>. </p> 17199 17200<p> This feature is available in Postfix 2.8 and later. </p> 17201 17202 17203</DD> 17204 17205<DT><b><a name="tlsproxy_use_tls">tlsproxy_use_tls</a> 17206(default: $<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b></DT><DD> 17207 17208<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients, 17209but do not require that clients use TLS encryption. See <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> 17210for further details. </p> 17211 17212<p> This feature is available in Postfix 2.8 and later. </p> 17213 17214 17215</DD> 17216 17217<DT><b><a name="tlsproxy_watchdog_timeout">tlsproxy_watchdog_timeout</a> 17218(default: 10s)</b></DT><DD> 17219 17220<p> How much time a <a href="tlsproxy.8.html">tlsproxy(8)</a> process may take to process local 17221or remote I/O before it is terminated by a built-in watchdog timer. 17222This is a safety mechanism that prevents <a href="tlsproxy.8.html">tlsproxy(8)</a> from becoming 17223non-responsive due to a bug in Postfix itself or in system software. 17224To avoid false alarms and unnecessary cache corruption this limit 17225cannot be set under 10s. </p> 17226 17227<p> Specify a non-zero time value (an integral value plus an optional 17228one-letter suffix that specifies the time unit). Time units: s 17229(seconds), m (minutes), h (hours), d (days), w (weeks). </p> 17230 17231<p> This feature is available in Postfix 2.8. </p> 17232 17233 17234</DD> 17235 17236<DT><b><a name="trace_service_name">trace_service_name</a> 17237(default: trace)</b></DT><DD> 17238 17239<p> 17240The name of the trace service. This service is implemented by the 17241<a href="bounce.8.html">bounce(8)</a> daemon and maintains a record 17242of mail deliveries and produces a mail delivery report when verbose 17243delivery is requested with "<b>sendmail -v</b>". 17244</p> 17245 17246<p> 17247This feature is available in Postfix 2.1 and later. 17248</p> 17249 17250 17251</DD> 17252 17253<DT><b><a name="transport_delivery_slot_cost">transport_delivery_slot_cost</a> 17254(default: $<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>)</b></DT><DD> 17255 17256<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> 17257parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17258the message delivery transport. </p> 17259 17260<p> Note: <a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> parameters will not 17261show up in "postconf" command output before Postfix version 2.9. 17262This limitation applies to many parameters whose name is a combination 17263of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case: 17264"_delivery_slot_cost"). </p> 17265 17266 17267</DD> 17268 17269<DT><b><a name="transport_delivery_slot_discount">transport_delivery_slot_discount</a> 17270(default: $<a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a>)</b></DT><DD> 17271 17272<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a> 17273parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17274the message delivery transport. </p> 17275 17276<p> Note: <a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> parameters will 17277not show up in "postconf" command output before Postfix version 172782.9. This limitation applies to many parameters whose name is a 17279combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 17280this case: "_delivery_slot_discount"). </p> 17281 17282 17283</DD> 17284 17285<DT><b><a name="transport_delivery_slot_loan">transport_delivery_slot_loan</a> 17286(default: $<a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>)</b></DT><DD> 17287 17288<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a> 17289parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17290the message delivery transport. </p> 17291 17292<p> Note: <a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> parameters will not 17293show up in "postconf" command output before Postfix version 2.9. 17294This limitation applies to many parameters whose name is a combination 17295of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case: 17296"_delivery_slot_loan"). </p> 17297 17298 17299</DD> 17300 17301<DT><b><a name="transport_destination_concurrency_failed_cohort_limit">transport_destination_concurrency_failed_cohort_limit</a> 17302(default: $<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a>)</b></DT><DD> 17303 17304<p> A transport-specific override for the 17305<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> parameter value, 17306where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 17307transport. </p> 17308 17309<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> 17310parameters will not show up in "postconf" command output before 17311Postfix version 2.9. This limitation applies to many parameters 17312whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 17313built-in suffix (in this case: 17314"_destination_concurrency_failed_cohort_limit"). </p> 17315 17316<p> This feature is available in Postfix 2.5 and later. </p> 17317 17318 17319</DD> 17320 17321<DT><b><a name="transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> 17322(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 17323 17324<p> A transport-specific override for the 17325<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a> parameter value, where 17326<i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 17327transport. </p> 17328 17329<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> 17330parameters will not show up in "postconf" command output before 17331Postfix version 2.9. This limitation applies to many parameters 17332whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 17333built-in suffix (in this case: "_destination_concurrency_limit"). 17334</p> 17335 17336 17337</DD> 17338 17339<DT><b><a name="transport_destination_concurrency_negative_feedback">transport_destination_concurrency_negative_feedback</a> 17340(default: $<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a>)</b></DT><DD> 17341 17342<p> A transport-specific override for the 17343<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> parameter value, 17344where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 17345transport. </p> 17346 17347<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> 17348parameters will not show up in "postconf" command output before 17349Postfix version 2.9. This limitation applies to many parameters 17350whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 17351built-in suffix (in this case: 17352"_destination_concurrency_negative_feedback"). </p> 17353 17354<p> This feature is available in Postfix 2.5 and later. </p> 17355 17356 17357</DD> 17358 17359<DT><b><a name="transport_destination_concurrency_positive_feedback">transport_destination_concurrency_positive_feedback</a> 17360(default: $<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a>)</b></DT><DD> 17361 17362<p> A transport-specific override for the 17363<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> parameter value, 17364where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 17365transport. </p> 17366 17367<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a> 17368parameters will not show up in "postconf" command output before 17369Postfix version 2.9. This limitation applies to many parameters 17370whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 17371built-in suffix (in this case: 17372"_destination_concurrency_positive_feedback"). </p> 17373 17374<p> This feature is available in Postfix 2.5 and later. </p> 17375 17376 17377</DD> 17378 17379<DT><b><a name="transport_destination_rate_delay">transport_destination_rate_delay</a> 17380(default: $<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>)</b></DT><DD> 17381 17382<p> A transport-specific override for the <a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a> 17383parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17384the message delivery transport. </p> 17385 17386<p> Note: some <a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> parameters 17387will not show up in "postconf" command output before Postfix version 173882.9. This limitation applies to many parameters whose name is a 17389combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 17390this case: "_destination_rate_delay"). </p> 17391 17392<p> This feature is available in Postfix 2.5 and later. </p> 17393 17394 17395</DD> 17396 17397<DT><b><a name="transport_destination_recipient_limit">transport_destination_recipient_limit</a> 17398(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 17399 17400<p> A transport-specific override for the 17401<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a> parameter value, where 17402<i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery 17403transport. </p> 17404 17405<p> Note: some <a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> parameters 17406will not show up in "postconf" command output before Postfix version 174072.9. This limitation applies to many parameters whose name is a 17408combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 17409this case: "_destination_recipient_limit"). </p> 17410 17411 17412</DD> 17413 17414<DT><b><a name="transport_extra_recipient_limit">transport_extra_recipient_limit</a> 17415(default: $<a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a>)</b></DT><DD> 17416 17417<p> A transport-specific override for the <a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a> 17418parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17419the message delivery transport. </p> 17420 17421<p> Note: <a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> parameters will 17422not show up in "postconf" command output before Postfix version 174232.9. This limitation applies to many parameters whose name is a 17424combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 17425this case: "_extra_recipient_limit"). </p> 17426 17427 17428</DD> 17429 17430<DT><b><a name="transport_initial_destination_concurrency">transport_initial_destination_concurrency</a> 17431(default: $<a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a>)</b></DT><DD> 17432 17433<p> A transport-specific override for the <a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a> 17434parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17435the message delivery transport. </p> 17436 17437<p> Note: some <a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> 17438parameters will not show up in "postconf" command output before 17439Postfix version 2.9. This limitation applies to many parameters 17440whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a 17441built-in suffix (in this case: "_initial_destination_concurrency"). 17442</p> 17443 17444<p> This feature is available in Postfix 2.5 and later. </p> 17445 17446 17447</DD> 17448 17449<DT><b><a name="transport_maps">transport_maps</a> 17450(default: empty)</b></DT><DD> 17451 17452<p> 17453Optional lookup tables with mappings from recipient address to 17454(message delivery transport, next-hop destination). See <a href="transport.5.html">transport(5)</a> 17455for details. 17456</p> 17457 17458<p> 17459Specify zero or more "<a href="DATABASE_README.html">type:table</a>" lookup tables. If you use this 17460feature with local files, run "<b>postmap /etc/postfix/transport</b>" 17461after making a change. </p> 17462 17463<p> For safety reasons, as of Postfix 2.3 this feature does not 17464allow $number substitutions in regular expression maps. </p> 17465 17466<p> 17467Examples: 17468</p> 17469 17470<pre> 17471<a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/transport 17472<a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport 17473</pre> 17474 17475 17476</DD> 17477 17478<DT><b><a name="transport_minimum_delivery_slots">transport_minimum_delivery_slots</a> 17479(default: $<a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a>)</b></DT><DD> 17480 17481<p> A transport-specific override for the <a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a> 17482parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17483the message delivery transport. </p> 17484 17485<p> Note: <a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> parameters will 17486not show up in "postconf" command output before Postfix version 174872.9. This limitation applies to many parameters whose name is a 17488combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 17489this case: "_minimum_delivery_slots"). </p> 17490 17491 17492</DD> 17493 17494<DT><b><a name="transport_recipient_limit">transport_recipient_limit</a> 17495(default: $<a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a>)</b></DT><DD> 17496 17497<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a> 17498parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17499the message delivery transport. </p> 17500 17501<p> Note: some <a href="postconf.5.html#transport_recipient_limit"><i>transport</i>_recipient_limit</a> parameters will not 17502show up in "postconf" command output before Postfix version 2.9. 17503This limitation applies to many parameters whose name is a combination 17504of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case: 17505"_recipient_limit"). </p> 17506 17507 17508</DD> 17509 17510<DT><b><a name="transport_recipient_refill_delay">transport_recipient_refill_delay</a> 17511(default: $<a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>)</b></DT><DD> 17512 17513<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a> 17514parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17515the message delivery transport. </p> 17516 17517<p> Note: <a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a> parameters will 17518not show up in "postconf" command output before Postfix version 175192.9. This limitation applies to many parameters whose name is a 17520combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 17521this case: "_recipient_refill_delay"). </p> 17522 17523<p> This feature is available in Postfix 2.4 and later. </p> 17524 17525 17526</DD> 17527 17528<DT><b><a name="transport_recipient_refill_limit">transport_recipient_refill_limit</a> 17529(default: $<a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a>)</b></DT><DD> 17530 17531<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a> 17532parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of 17533the message delivery transport. </p> 17534 17535<p> Note: <a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a> parameters will 17536not show up in "postconf" command output before Postfix version 175372.9. This limitation applies to many parameters whose name is a 17538combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in 17539this case: "_recipient_refill_limit"). </p> 17540 17541<p> This feature is available in Postfix 2.4 and later. </p> 17542 17543 17544</DD> 17545 17546<DT><b><a name="transport_retry_time">transport_retry_time</a> 17547(default: 60s)</b></DT><DD> 17548 17549<p> 17550The time between attempts by the Postfix queue manager to contact 17551a malfunctioning message delivery transport. 17552</p> 17553 17554<p> 17555Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 17556The default time unit is s (seconds). 17557</p> 17558 17559 17560</DD> 17561 17562<DT><b><a name="transport_time_limit">transport_time_limit</a> 17563(default: $<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b></DT><DD> 17564 17565<p> A transport-specific override for the <a href="postconf.5.html#command_time_limit">command_time_limit</a> parameter 17566value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message 17567delivery transport. </p> 17568 17569<p> Note: <a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> parameters will not show up 17570in "postconf" command output before Postfix version 2.9. This 17571limitation applies to many parameters whose name is a combination 17572of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case: 17573"_time_limit"). </p> 17574 17575 17576</DD> 17577 17578<DT><b><a name="trigger_timeout">trigger_timeout</a> 17579(default: 10s)</b></DT><DD> 17580 17581<p> 17582The time limit for sending a trigger to a Postfix daemon (for 17583example, the <a href="pickup.8.html">pickup(8)</a> or <a href="qmgr.8.html">qmgr(8)</a> daemon). This time limit prevents 17584programs from getting stuck when the mail system is under heavy 17585load. 17586</p> 17587 17588<p> 17589Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 17590The default time unit is s (seconds). 17591</p> 17592 17593 17594</DD> 17595 17596<DT><b><a name="undisclosed_recipients_header">undisclosed_recipients_header</a> 17597(default: see "postconf -d" output)</b></DT><DD> 17598 17599<p> 17600Message header that the Postfix <a href="cleanup.8.html">cleanup(8)</a> server inserts when a 17601message contains no To: or Cc: message header. With Postfix 2.8 17602and later, the default value is empty. With Postfix 2.4-2.7, 17603specify an empty value to disable this feature. </p> 17604 17605<p> Example: </p> 17606 17607<pre> 17608# Default value before Postfix 2.8. 17609# Note: the ":" and ";" are both required. 17610<a href="postconf.5.html#undisclosed_recipients_header">undisclosed_recipients_header</a> = To: undisclosed-recipients:; 17611</pre> 17612 17613 17614</DD> 17615 17616<DT><b><a name="unknown_address_reject_code">unknown_address_reject_code</a> 17617(default: 450)</b></DT><DD> 17618 17619<p> 17620The numerical Postfix SMTP server response code when a sender or 17621recipient address is rejected by the <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> 17622or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction. The response is 17623always 450 in case of a temporary DNS error. 17624</p> 17625 17626<p> 17627Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 17628</p> 17629 17630 17631</DD> 17632 17633<DT><b><a name="unknown_address_tempfail_action">unknown_address_tempfail_action</a> 17634(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD> 17635 17636<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> 17637or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> fail due to a temporary error 17638condition. Specify "defer" to defer the remote SMTP client request 17639immediately. With the default "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix 17640SMTP server continues to look for opportunities to reject mail, and 17641defers the client request only if it would otherwise be accepted. 17642</p> 17643 17644<p> This feature is available in Postfix 2.6 and later. </p> 17645 17646 17647</DD> 17648 17649<DT><b><a name="unknown_client_reject_code">unknown_client_reject_code</a> 17650(default: 450)</b></DT><DD> 17651 17652<p> 17653The numerical Postfix SMTP server response code when a client 17654without valid address <=> name mapping is rejected by the 17655<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> restriction. The SMTP server always replies 17656with 450 when the mapping failed due to a temporary error condition. 17657</p> 17658 17659<p> 17660Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 17661</p> 17662 17663 17664</DD> 17665 17666<DT><b><a name="unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> 17667(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD> 17668 17669<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> 17670fails due to an temporary error condition. Specify "defer" to defer 17671the remote SMTP client request immediately. With the default 17672"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look 17673for opportunities to reject mail, and defers the client request 17674only if it would otherwise be accepted. </p> 17675 17676<p> This feature is available in Postfix 2.6 and later. </p> 17677 17678 17679</DD> 17680 17681<DT><b><a name="unknown_hostname_reject_code">unknown_hostname_reject_code</a> 17682(default: 450)</b></DT><DD> 17683 17684<p> 17685The numerical Postfix SMTP server response code when the hostname 17686specified with the HELO or EHLO command is rejected by the 17687<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction. 17688</p> 17689 17690<p> 17691Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 17692</p> 17693 17694 17695</DD> 17696 17697<DT><b><a name="unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> 17698(default: 550)</b></DT><DD> 17699 17700<p> 17701The numerical Postfix SMTP server response code when a recipient 17702address is local, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of 17703lookup tables that does not match the recipient. A recipient 17704address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, 17705$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> or $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. 17706</p> 17707 17708<p> 17709The default setting is 550 (reject mail) but it is safer to initially 17710use 450 (try again later) so you have time to find out if your 17711<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> settings are OK. 17712</p> 17713 17714<p> 17715Example: 17716</p> 17717 17718<pre> 17719<a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> = 450 17720</pre> 17721 17722<p> 17723This feature is available in Postfix 2.0 and later. 17724</p> 17725 17726 17727</DD> 17728 17729<DT><b><a name="unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> 17730(default: 550)</b></DT><DD> 17731 17732<p> 17733The numerical Postfix SMTP server reply code when a recipient 17734address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies 17735a list of lookup tables that does not match the recipient address. 17736</p> 17737 17738<p> 17739This feature is available in Postfix 2.0 and later. 17740</p> 17741 17742 17743</DD> 17744 17745<DT><b><a name="unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> 17746(default: 550)</b></DT><DD> 17747 17748<p> 17749The Postfix SMTP server reply code when a recipient address matches 17750$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> specifies a list 17751of lookup tables that does not match the recipient address. 17752</p> 17753 17754<p> 17755This feature is available in Postfix 2.0 and later. 17756</p> 17757 17758 17759</DD> 17760 17761<DT><b><a name="unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> 17762(default: 550)</b></DT><DD> 17763 17764<p> 17765The Postfix SMTP server reply code when a recipient address matches 17766$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> specifies a list 17767of lookup tables that does not match the recipient address. 17768</p> 17769 17770<p> 17771This feature is available in Postfix 2.0 and later. 17772</p> 17773 17774 17775</DD> 17776 17777<DT><b><a name="unverified_recipient_defer_code">unverified_recipient_defer_code</a> 17778(default: 450)</b></DT><DD> 17779 17780<p> 17781The numerical Postfix SMTP server response when a recipient address 17782probe fails due to a temporary error condition. 17783</p> 17784 17785<p> 17786Unlike elsewhere in Postfix, you can specify 250 in order to 17787accept the address anyway. 17788</p> 17789 17790<p> 17791Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 17792</p> 17793 17794<p> 17795This feature is available in Postfix 2.6 and later. 17796</p> 17797 17798 17799</DD> 17800 17801<DT><b><a name="unverified_recipient_reject_code">unverified_recipient_reject_code</a> 17802(default: 450)</b></DT><DD> 17803 17804<p> 17805The numerical Postfix SMTP server response when a recipient address 17806is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restriction. 17807</p> 17808 17809<p> 17810Unlike elsewhere in Postfix, you can specify 250 in order to 17811accept the address anyway. 17812</p> 17813 17814<p> 17815Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 17816</p> 17817 17818<p> 17819This feature is available in Postfix 2.1 and later. 17820</p> 17821 17822 17823</DD> 17824 17825<DT><b><a name="unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> 17826(default: empty)</b></DT><DD> 17827 17828<p> The Postfix SMTP server's reply when rejecting mail with 17829<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>. Do not include the numeric SMTP reply 17830code or the enhanced status code. By default, the response includes 17831actual address verification details. 17832 17833<p> Example: </p> 17834 17835<pre> 17836<a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> = Recipient address lookup failed 17837</pre> 17838 17839<p> This feature is available in Postfix 2.6 and later. </p> 17840 17841 17842</DD> 17843 17844<DT><b><a name="unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> 17845(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD> 17846 17847<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> 17848fails due to a temporary error condition. Specify "defer" to defer 17849the remote SMTP client request immediately. With the default 17850"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look 17851for opportunities to reject mail, and defers the client request 17852only if it would otherwise be accepted. </p> 17853 17854<p> This feature is available in Postfix 2.6 and later. </p> 17855 17856 17857</DD> 17858 17859<DT><b><a name="unverified_sender_defer_code">unverified_sender_defer_code</a> 17860(default: 450)</b></DT><DD> 17861 17862<p> 17863The numerical Postfix SMTP server response code when a sender address 17864probe fails due to a temporary error condition. 17865</p> 17866 17867<p> 17868Unlike elsewhere in Postfix, you can specify 250 in order to 17869accept the address anyway. 17870</p> 17871 17872<p> 17873Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 17874</p> 17875 17876<p> 17877This feature is available in Postfix 2.6 and later. 17878</p> 17879 17880 17881</DD> 17882 17883<DT><b><a name="unverified_sender_reject_code">unverified_sender_reject_code</a> 17884(default: 450)</b></DT><DD> 17885 17886<p> 17887The numerical Postfix SMTP server response code when a recipient 17888address is rejected by the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction. 17889</p> 17890 17891<p> 17892Unlike elsewhere in Postfix, you can specify 250 in order to 17893accept the address anyway. 17894</p> 17895 17896<p> 17897Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 17898</p> 17899 17900<p> 17901This feature is available in Postfix 2.1 and later. 17902</p> 17903 17904 17905</DD> 17906 17907<DT><b><a name="unverified_sender_reject_reason">unverified_sender_reject_reason</a> 17908(default: empty)</b></DT><DD> 17909 17910<p> The Postfix SMTP server's reply when rejecting mail with 17911<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>. Do not include the numeric SMTP reply 17912code or the enhanced status code. By default, the response includes 17913actual address verification details. 17914 17915<p> Example: </p> 17916 17917<pre> 17918<a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> = Sender address lookup failed 17919</pre> 17920 17921<p> This feature is available in Postfix 2.6 and later. </p> 17922 17923 17924</DD> 17925 17926<DT><b><a name="unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> 17927(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD> 17928 17929<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> 17930fails due to a temporary error condition. Specify "defer" to defer 17931the remote SMTP client request immediately. With the default 17932"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look 17933for opportunities to reject mail, and defers the client request 17934only if it would otherwise be accepted. </p> 17935 17936<p> This feature is available in Postfix 2.6 and later. </p> 17937 17938 17939</DD> 17940 17941<DT><b><a name="verp_delimiter_filter">verp_delimiter_filter</a> 17942(default: -=+)</b></DT><DD> 17943 17944<p> 17945The characters Postfix accepts as VERP delimiter characters on the 17946Postfix <a href="sendmail.1.html">sendmail(1)</a> command line and in SMTP commands. 17947</p> 17948 17949<p> 17950This feature is available in Postfix 1.1 and later. 17951</p> 17952 17953 17954</DD> 17955 17956<DT><b><a name="virtual_alias_domains">virtual_alias_domains</a> 17957(default: $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b></DT><DD> 17958 17959<p> Postfix is final destination for the specified list of virtual 17960alias domains, that is, domains for which all addresses are aliased 17961to addresses in other local or remote domains. The SMTP server 17962validates recipient addresses with $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> and rejects 17963non-existent recipients. See also the <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> class 17964in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file </p> 17965 17966<p> 17967This feature is available in Postfix 2.0 and later. The default 17968value is backwards compatible with Postfix version 1.1. 17969</p> 17970 17971<p> 17972The default value is $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> so that you can keep all 17973information about <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a> in one place. If you have 17974many users, it is better to separate information that changes more 17975frequently (virtual address -> local or remote address mapping) 17976from information that changes less frequently (the list of virtual 17977domain names). 17978</p> 17979 17980<p> Specify a list of host or domain names, "/file/name" or 17981"<a href="DATABASE_README.html">type:table</a>" patterns, separated by commas and/or whitespace. A 17982"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" 17983lookup table is matched when a table entry matches a lookup string 17984(the lookup result is ignored). Continue long lines by starting 17985the next line with whitespace. Specify "!pattern" to exclude a host 17986or domain name from the list. The form "!/file/name" is supported 17987only in Postfix version 2.4 and later. </p> 17988 17989<p> 17990See also the <a href="VIRTUAL_README.html">VIRTUAL_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents 17991for further information. 17992</p> 17993 17994<p> 17995Example: 17996</p> 17997 17998<pre> 17999<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> = virtual1.tld virtual2.tld 18000</pre> 18001 18002 18003</DD> 18004 18005<DT><b><a name="virtual_alias_expansion_limit">virtual_alias_expansion_limit</a> 18006(default: 1000)</b></DT><DD> 18007 18008<p> 18009The maximal number of addresses that virtual alias expansion produces 18010from each original recipient. 18011</p> 18012 18013<p> 18014This feature is available in Postfix 2.1 and later. 18015</p> 18016 18017 18018</DD> 18019 18020<DT><b><a name="virtual_alias_maps">virtual_alias_maps</a> 18021(default: $<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b></DT><DD> 18022 18023<p> 18024Optional lookup tables that alias specific mail addresses or domains 18025to other local or remote address. The table format and lookups 18026are documented in <a href="virtual.5.html">virtual(5)</a>. For an overview of Postfix address 18027manipulations see the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document. 18028</p> 18029 18030<p> 18031This feature is available in Postfix 2.0 and later. The default 18032value is backwards compatible with Postfix version 1.1. 18033</p> 18034 18035<p> 18036If you use this feature with indexed files, run "<b>postmap 18037/etc/postfix/virtual</b>" after changing the file. 18038</p> 18039 18040<p> 18041Examples: 18042</p> 18043 18044<pre> 18045<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/virtual 18046<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual 18047</pre> 18048 18049 18050</DD> 18051 18052<DT><b><a name="virtual_alias_recursion_limit">virtual_alias_recursion_limit</a> 18053(default: 1000)</b></DT><DD> 18054 18055<p> 18056The maximal nesting depth of virtual alias expansion. Currently 18057the recursion limit is applied only to the left branch of the 18058expansion graph, so the depth of the tree can in the worst case 18059reach the sum of the expansion and recursion limits. This may 18060change in the future. 18061</p> 18062 18063<p> 18064This feature is available in Postfix 2.1 and later. 18065</p> 18066 18067 18068</DD> 18069 18070<DT><b><a name="virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> 18071(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD> 18072 18073<p> The maximal number of parallel deliveries to the same destination 18074via the virtual message delivery transport. This limit is enforced 18075by the queue manager. The message delivery transport name is the 18076first field in the entry in the <a href="master.5.html">master.cf</a> file. </p> 18077 18078 18079</DD> 18080 18081<DT><b><a name="virtual_destination_recipient_limit">virtual_destination_recipient_limit</a> 18082(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD> 18083 18084<p> The maximal number of recipients per message for the virtual 18085message delivery transport. This limit is enforced by the queue 18086manager. The message delivery transport name is the first field in 18087the entry in the <a href="master.5.html">master.cf</a> file. </p> 18088 18089<p> Setting this parameter to a value of 1 changes the meaning of 18090<a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> from concurrency per domain 18091into concurrency per recipient. </p> 18092 18093 18094</DD> 18095 18096<DT><b><a name="virtual_gid_maps">virtual_gid_maps</a> 18097(default: empty)</b></DT><DD> 18098 18099<p> 18100Lookup tables with the per-recipient group ID for <a href="virtual.8.html">virtual(8)</a> mailbox 18101delivery. 18102</p> 18103 18104<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 18105It does not apply when mail is delivered with a different mail 18106delivery program. </p> 18107 18108<p> 18109In a lookup table, specify a left-hand side of "@domain.tld" to 18110match any user in the specified domain that does not have a specific 18111"user@domain.tld" entry. 18112</p> 18113 18114<p> 18115When a recipient address has an optional address extension 18116(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up 18117the full address first, and when the lookup fails, it looks up the 18118unextended address (user@domain.tld). 18119</p> 18120 18121<p> 18122Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows 18123regular expression substitution of $1 etc. in regular expression 18124lookup tables, because that would open a security hole. 18125</p> 18126 18127<p> 18128Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will 18129silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead 18130it will open the table directly. Before Postfix version 2.2, the 18131<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error. 18132</p> 18133 18134 18135</DD> 18136 18137<DT><b><a name="virtual_mailbox_base">virtual_mailbox_base</a> 18138(default: empty)</b></DT><DD> 18139 18140<p> 18141A prefix that the <a href="virtual.8.html">virtual(8)</a> delivery agent prepends to all pathname 18142results from $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> table lookups. This is a safety 18143measure to ensure that an out of control map doesn't litter the 18144file system with mailboxes. While <a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> could be 18145set to "/", this setting isn't recommended. 18146</p> 18147 18148<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 18149It does not apply when mail is delivered with a different mail 18150delivery program. </p> 18151 18152<p> 18153Example: 18154</p> 18155 18156<pre> 18157<a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> = /var/mail 18158</pre> 18159 18160 18161</DD> 18162 18163<DT><b><a name="virtual_mailbox_domains">virtual_mailbox_domains</a> 18164(default: $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b></DT><DD> 18165 18166<p> Postfix is final destination for the specified list of domains; 18167mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail delivery transport. 18168By default this is the Postfix <a href="virtual.8.html">virtual(8)</a> delivery agent. The SMTP 18169server validates recipient addresses with $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> 18170and rejects mail for non-existent recipients. See also the virtual 18171mailbox domain class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p> 18172 18173<p> This parameter expects the same syntax as the <a href="postconf.5.html#mydestination">mydestination</a> 18174configuration parameter. </p> 18175 18176<p> 18177This feature is available in Postfix 2.0 and later. The default 18178value is backwards compatible with Postfix version 1.1. 18179</p> 18180 18181 18182</DD> 18183 18184<DT><b><a name="virtual_mailbox_limit">virtual_mailbox_limit</a> 18185(default: 51200000)</b></DT><DD> 18186 18187<p> 18188The maximal size in bytes of an individual <a href="virtual.8.html">virtual(8)</a> mailbox or 18189maildir file, or zero (no limit). </p> 18190 18191<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 18192It does not apply when mail is delivered with a different mail 18193delivery program. </p> 18194 18195 18196</DD> 18197 18198<DT><b><a name="virtual_mailbox_lock">virtual_mailbox_lock</a> 18199(default: see "postconf -d" output)</b></DT><DD> 18200 18201<p> 18202How to lock a UNIX-style <a href="virtual.8.html">virtual(8)</a> mailbox before attempting 18203delivery. For a list of available file locking methods, use the 18204"<b>postconf -l</b>" command. 18205</p> 18206 18207<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 18208It does not apply when mail is delivered with a different mail 18209delivery program. </p> 18210 18211<p> 18212This setting is ignored with <b>maildir</b> style delivery, because 18213such deliveries are safe without application-level locks. 18214</p> 18215 18216<p> 18217Note 1: the <b>dotlock</b> method requires that the recipient UID 18218or GID has write access to the parent directory of the recipient's 18219mailbox file. 18220</p> 18221 18222<p> 18223Note 2: the default setting of this parameter is system dependent. 18224</p> 18225 18226 18227</DD> 18228 18229<DT><b><a name="virtual_mailbox_maps">virtual_mailbox_maps</a> 18230(default: empty)</b></DT><DD> 18231 18232<p> 18233Optional lookup tables with all valid addresses in the domains that 18234match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. 18235</p> 18236 18237<p> 18238In a lookup table, specify a left-hand side of "@domain.tld" to 18239match any user in the specified domain that does not have a specific 18240"user@domain.tld" entry. 18241</p> 18242 18243<p> The remainder of this text is specific to the <a href="virtual.8.html">virtual(8)</a> delivery 18244agent. It does not apply when mail is delivered with a different 18245mail delivery program. </p> 18246 18247<p> 18248The <a href="virtual.8.html">virtual(8)</a> delivery agent uses this table to look up the 18249per-recipient mailbox or maildir pathname. If the lookup result 18250ends in a slash ("/"), maildir-style delivery is carried out, 18251otherwise the path is assumed to specify a UNIX-style mailbox file. 18252Note that $<a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> is unconditionally prepended to 18253this path. 18254</p> 18255 18256<p> 18257When a recipient address has an optional address extension 18258(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up 18259the full address first, and when the lookup fails, it looks up the 18260unextended address (user@domain.tld). 18261</p> 18262 18263<p> 18264Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows 18265regular expression substitution of $1 etc. in regular expression 18266lookup tables, because that would open a security hole. 18267</p> 18268 18269<p> 18270Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will 18271silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead 18272it will open the table directly. Before Postfix version 2.2, the 18273<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error. 18274</p> 18275 18276 18277</DD> 18278 18279<DT><b><a name="virtual_maps">virtual_maps</a> 18280(default: empty)</b></DT><DD> 18281 18282<p> Optional lookup tables with a) names of domains for which all 18283addresses are aliased to addresses in other local or remote domains, 18284and b) addresses that are aliased to addresses in other local or 18285remote domains. Available before Postfix version 2.0. With Postfix 18286version 2.0 and later, this is replaced by separate controls: <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> 18287and <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. </p> 18288 18289 18290</DD> 18291 18292<DT><b><a name="virtual_minimum_uid">virtual_minimum_uid</a> 18293(default: 100)</b></DT><DD> 18294 18295<p> 18296The minimum user ID value that the <a href="virtual.8.html">virtual(8)</a> delivery agent accepts 18297as a result from $<a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> table lookup. Returned 18298values less than this will be rejected, and the message will be 18299deferred. 18300</p> 18301 18302<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 18303It does not apply when mail is delivered with a different mail 18304delivery program. </p> 18305 18306 18307</DD> 18308 18309<DT><b><a name="virtual_transport">virtual_transport</a> 18310(default: virtual)</b></DT><DD> 18311 18312<p> 18313The default mail delivery transport and next-hop destination for 18314final delivery to domains listed with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. 18315This information can be overruled with the <a href="transport.5.html">transport(5)</a> table. 18316</p> 18317 18318<p> 18319Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> 18320is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>. 18321The <i>:nexthop</i> destination is optional; its syntax is documented 18322in the manual page of the corresponding delivery agent. 18323</p> 18324 18325<p> 18326This feature is available in Postfix 2.0 and later. 18327</p> 18328 18329 18330</DD> 18331 18332<DT><b><a name="virtual_uid_maps">virtual_uid_maps</a> 18333(default: empty)</b></DT><DD> 18334 18335<p> 18336Lookup tables with the per-recipient user ID that the <a href="virtual.8.html">virtual(8)</a> 18337delivery agent uses while writing to the recipient's mailbox. 18338</p> 18339 18340<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent. 18341It does not apply when mail is delivered with a different mail 18342delivery program. </p> 18343 18344<p> 18345In a lookup table, specify a left-hand side of "@domain.tld" 18346to match any user in the specified domain that does not have a 18347specific "user@domain.tld" entry. 18348</p> 18349 18350<p> 18351When a recipient address has an optional address extension 18352(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up 18353the full address first, and when the lookup fails, it looks up the 18354unextended address (user@domain.tld). 18355</p> 18356 18357<p> 18358Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows 18359regular expression substitution of $1 etc. in regular expression 18360lookup tables, because that would open a security hole. 18361</p> 18362 18363<p> 18364Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will 18365silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead 18366it will open the table directly. Before Postfix version 2.2, the 18367<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error. 18368</p> 18369 18370 18371</DD> 18372 18373</dl> 18374 18375</body> 18376 18377</html> 18378
