1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3<html> <head> 4<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 5<title> Postfix manual - smtp(8) </title> 6</head> <body> <pre> 7SMTP(8) SMTP(8) 8 9<b>NAME</b> 10 smtp - Postfix SMTP+LMTP client 11 12<b>SYNOPSIS</b> 13 <b>smtp</b> [generic Postfix daemon options] [flags=DORX] 14 15<b>DESCRIPTION</b> 16 The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery 17 protocols. It processes message delivery requests from the queue man- 18 ager. Each request specifies a queue file, a sender address, a domain 19 or host to deliver to, and recipient information. This program expects 20 to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager. 21 22 The SMTP+LMTP client updates the queue file and marks recipients as 23 finished, or it informs the queue manager that delivery should be tried 24 again at a later time. Delivery status reports are sent to the 25 <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate. 26 27 The SMTP+LMTP client looks up a list of mail exchanger addresses for 28 the destination host, sorts the list by preference, and connects to 29 each listed address until it finds a server that responds. 30 31 When a server is not reachable, or when mail delivery fails due to a 32 recoverable error condition, the SMTP+LMTP client will try to deliver 33 the mail to an alternate host. 34 35 After a successful mail transaction, a connection may be saved to the 36 <a href="scache.8.html"><b>scache</b>(8)</a> connection cache server, so that it may be used by any 37 SMTP+LMTP client for a subsequent transaction. 38 39 By default, connection caching is enabled temporarily for destinations 40 that have a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. Connection caching 41 can be enabled permanently for specific destinations. 42 43<b>SMTP DESTINATION SYNTAX</b> 44 The Postfix SMTP+LMTP client supports multiple destinations separated 45 by comma or whitespace (Postfix 3.5 and later). SMTP destinations have 46 the following form: 47 48 <i>domainname</i> 49 50 <i>domainname</i>:<i>port</i> 51 Look up the mail exchangers for the specified domain, and con- 52 nect to the specified port (default: <b>smtp</b>). 53 54 [<i>hostname</i>] 55 56 [<i>hostname</i>]:<i>port</i> 57 Look up the address(es) of the specified host, and connect to 58 the specified port (default: <b>smtp</b>). 59 60 [<i>address</i>] 61 62 [<i>address</i>]:<i>port</i> 63 Connect to the host at the specified address, and connect to the 64 specified port (default: <b>smtp</b>). An IPv6 address must be format- 65 ted as [<b>ipv6</b>:<i>address</i>]. 66 67<b>LMTP DESTINATION SYNTAX</b> 68 The Postfix SMTP+LMTP client supports multiple destinations separated 69 by comma or whitespace (Postfix 3.5 and later). LMTP destinations have 70 the following form: 71 72 <b>unix</b>:<i>pathname</i> 73 Connect to the local UNIX-domain server that is bound to the 74 specified <i>pathname</i>. If the process runs chrooted, an absolute 75 pathname is interpreted relative to the Postfix queue directory. 76 77 <b>inet</b>:<i>hostname</i> 78 79 <b>inet</b>:<i>hostname</i>:<i>port</i> 80 81 <b>inet</b>:[<i>address</i>] 82 83 <b>inet</b>:[<i>address</i>]:<i>port</i> 84 Connect to the specified TCP port on the specified local or 85 remote host. If no port is specified, connect to the port 86 defined as <b>lmtp</b> in <b>services</b>(4). If no such service is found, 87 the <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a></b> configuration parameter (default value of 24) 88 will be used. An IPv6 address must be formatted as 89 [<b>ipv6</b>:<i>address</i>]. 90 91<b>SINGLE-RECIPIENT DELIVERY</b> 92 By default, the Postfix SMTP+LMTP client delivers mail to multiple 93 recipients per delivery request. This is undesirable when prepending a 94 <b>Delivered-to:</b> or <b>X-Original-To:</b> message header. To prevent Postfix from 95 sending multiple recipients per delivery request, specify 96 97 <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> = 1</b> 98 99 in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, where <i>transport</i> is the name in the first 100 column of the Postfix <a href="master.5.html"><b>master.cf</b></a> entry for this mail delivery service. 101 102<b>COMMAND ATTRIBUTE SYNTAX</b> 103 <b>flags=DORX</b> (optional) 104 Optional message processing flags. 105 106 <b>D</b> Prepend a "<b>Delivered-To:</b> <i>recipient</i>" message header with 107 the envelope recipient address. Note: for this to work, 108 the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must be 1 (see 109 SINGLE-RECIPIENT DELIVERY above for details). 110 111 The <b>D</b> flag also enforces loop detection: if a message 112 already contains a <b>Delivered-To:</b> header with the same 113 recipient address, then the message is returned as unde- 114 liverable. The address comparison is case insensitive. 115 116 This feature is available as of Postfix 3.5. 117 118 <b>O</b> Prepend an "<b>X-Original-To:</b> <i>recipient</i>" message header with 119 the recipient address as given to Postfix. Note: for this 120 to work, the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must 121 be 1 (see SINGLE-RECIPIENT DELIVERY above for details). 122 123 This feature is available as of Postfix 3.5. 124 125 <b>R</b> Prepend a "<b>Return-Path:</b> <<i>sender</i>>" message header with the 126 envelope sender address. 127 128 This feature is available as of Postfix 3.5. 129 130 <b>X</b> Indicates that the delivery is final. This flag affects 131 the status reported in "success" DSN (delivery status 132 notification) messages, and changes it from "relayed" 133 into "delivered". 134 135 This feature is available as of Postfix 3.5. 136 137<b>SECURITY</b> 138 The SMTP+LMTP client is moderately security-sensitive. It 139 talks to SMTP or LMTP servers and to DNS servers on the 140 network. The SMTP+LMTP client can be run chrooted at fixed 141 low privilege. 142 143<b>STANDARDS</b> 144 <a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol) 145 <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages) 146 <a href="http://tools.ietf.org/html/rfc1651">RFC 1651</a> (SMTP service extensions) 147 <a href="http://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport) 148 <a href="http://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration) 149 <a href="http://tools.ietf.org/html/rfc2033">RFC 2033</a> (LMTP protocol) 150 <a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Error Codes) 151 <a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies) 152 <a href="http://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types) 153 <a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command) 154 <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol) 155 <a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining) 156 <a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command) 157 <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension) 158 <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes) 159 <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command) 160 <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol) 161 <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP) 162 <a href="http://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications) 163 <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS) 164 165<b>DIAGNOSTICS</b> 166 Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. 167 Corrupted message files are marked so that the queue manager can move 168 them to the <b>corrupt</b> queue for further inspection. 169 170 Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas- 171 ter is notified of bounces, protocol problems, and of other trouble. 172 173<b>BUGS</b> 174 SMTP and LMTP connection reuse for TLS (without closing the SMTP or 175 LMTP connection) is not supported before Postfix 3.4. 176 177 SMTP and LMTP connection reuse assumes that SASL credentials are valid 178 for all destinations that map onto the same IP address and TCP port. 179 180<b>CONFIGURATION PARAMETERS</b> 181 Before Postfix version 2.3, the LMTP client is a separate program that 182 implements only a subset of the functionality available with SMTP: 183 there is no support for TLS, and connections are cached in-process, 184 making it ineffective when the client is used for multiple domains. 185 186 Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param- 187 eter for the equivalent LMTP feature. This document describes only 188 those LMTP-related parameters that aren't simply "mirror" parameters. 189 190 Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes 191 run for only a limited amount of time. Use the command "<b>postfix reload</b>" 192 to speed up a change. 193 194 The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for 195 more details including examples. 196 197<b>COMPATIBILITY CONTROLS</b> 198 <b><a href="postconf.5.html#ignore_mx_lookup_error">ignore_mx_lookup_error</a> (no)</b> 199 Ignore DNS MX lookups that produce no response. 200 201 <b><a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> (yes)</b> 202 Always send EHLO at the start of an SMTP session. 203 204 <b><a href="postconf.5.html#smtp_never_send_ehlo">smtp_never_send_ehlo</a> (no)</b> 205 Never send EHLO at the start of an SMTP session. 206 207 <b><a href="postconf.5.html#smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> (no)</b> 208 Defer mail delivery when no MX record resolves to an IP address. 209 210 <b><a href="postconf.5.html#smtp_line_length_limit">smtp_line_length_limit</a> (998)</b> 211 The maximal length of message header and body lines that Postfix 212 will send via SMTP. 213 214 <b><a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> (10s)</b> 215 How long the Postfix SMTP client pauses before sending 216 ".<CR><LF>" in order to work around the PIX firewall 217 "<CR><LF>.<CR><LF>" bug. 218 219 <b><a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> (500s)</b> 220 How long a message must be queued before the Postfix SMTP client 221 turns on the PIX firewall "<CR><LF>.<CR><LF>" bug workaround for 222 delivery through firewalls with "smtp fixup" mode turned on. 223 224 <b><a href="postconf.5.html#smtp_pix_workarounds">smtp_pix_workarounds</a> (disable_esmtp, delay_dotcrlf)</b> 225 A list that specifies zero or more workarounds for CISCO PIX 226 firewall bugs. 227 228 <b><a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> (empty)</b> 229 Lookup tables, indexed by the remote SMTP server address, with 230 per-destination workarounds for CISCO PIX firewall bugs. 231 232 <b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b> 233 Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO 234 commands as required by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. 235 236 <b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b> 237 A mechanism to transform replies from remote SMTP servers one 238 line at a time. 239 240 <b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b> 241 Skip remote SMTP servers that greet with a 5XX status code. 242 243 <b><a href="postconf.5.html#smtp_skip_quit_response">smtp_skip_quit_response</a> (yes)</b> 244 Do not wait for the response to the SMTP QUIT command. 245 246 Available in Postfix version 2.0 and earlier: 247 248 <b><a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> (yes)</b> 249 Skip SMTP servers that greet with a 4XX status code (go away, 250 try again later). 251 252 Available in Postfix version 2.2 and later: 253 254 <b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b> 255 Lookup tables, indexed by the remote SMTP server address, with 256 case insensitive lists of EHLO keywords (pipelining, starttls, 257 auth, etc.) that the Postfix SMTP client will ignore in the EHLO 258 response from a remote SMTP server. 259 260 <b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b> 261 A case insensitive list of EHLO keywords (pipelining, starttls, 262 auth, etc.) that the Postfix SMTP client will ignore in the EHLO 263 response from a remote SMTP server. 264 265 <b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b> 266 Optional lookup tables that perform address rewriting in the 267 Postfix SMTP client, typically to transform a locally valid 268 address into a globally valid address when sending mail across 269 the Internet. 270 271 Available in Postfix version 2.2.9 and later: 272 273 <b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b> 274 When the remote SMTP servername is a DNS CNAME, replace the 275 servername with the result from CNAME expansion for the purpose 276 of logging, SASL password lookup, TLS policy decisions, or TLS 277 certificate verification. 278 279 Available in Postfix version 2.3 and later: 280 281 <b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b> 282 Lookup tables, indexed by the remote LMTP server address, with 283 case insensitive lists of LHLO keywords (pipelining, starttls, 284 auth, etc.) that the Postfix LMTP client will ignore in the LHLO 285 response from a remote LMTP server. 286 287 <b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b> 288 A case insensitive list of LHLO keywords (pipelining, starttls, 289 auth, etc.) that the Postfix LMTP client will ignore in the LHLO 290 response from a remote LMTP server. 291 292 Available in Postfix version 2.4.4 and later: 293 294 <b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b> 295 When authenticating to a remote SMTP or LMTP server with the 296 default setting "no", send no SASL authoriZation ID (authzid); 297 send only the SASL authentiCation ID (authcid) plus the auth- 298 cid's password. 299 300 Available in Postfix version 2.5 and later: 301 302 <b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b> 303 Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client. 304 305 <b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b> 306 Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP 307 client. 308 309 <b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b> 310 Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP 311 client. 312 313 <b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b> 314 Restricted <a href="header_checks.5.html"><b>body_checks</b>(5)</a> tables for the Postfix SMTP client. 315 316 Available in Postfix version 2.6 and later: 317 318 <b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b> 319 An optional workaround for routers that break TCP window scal- 320 ing. 321 322 Available in Postfix version 2.8 and later: 323 324 <b><a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a> (empty)</b> 325 DNS Resolver options for the Postfix SMTP client. 326 327 Available in Postfix version 2.9 and later: 328 329 <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b> 330 Change the behavior of the smtp_*_timeout time limits, from a 331 time limit per read or write system call, to a time limit to 332 send or receive a complete record (an SMTP command line, SMTP 333 response line, SMTP message content line, or TLS protocol mes- 334 sage). 335 336 <b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b> 337 Whether or not to append the "AUTH=<>" option to the MAIL FROM 338 command in SASL-authenticated SMTP sessions. 339 340 Available in Postfix version 2.11 and later: 341 342 <b><a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> (empty)</b> 343 Level of DNS support in the Postfix SMTP client. 344 345 Available in Postfix version 3.0 and later: 346 347 <b><a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b> 348 Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the 349 delivery status code or explanatory text of successful or unsuc- 350 cessful deliveries. 351 352 <b><a href="postconf.5.html#smtp_dns_reply_filter">smtp_dns_reply_filter</a> (empty)</b> 353 Optional filter for Postfix SMTP client DNS lookup results. 354 355 Available in Postfix version 3.3 and later: 356 357 <b><a href="postconf.5.html#smtp_balance_inet_protocols">smtp_balance_inet_protocols</a> (yes)</b> 358 When a remote destination resolves to a combination of IPv4 and 359 IPv6 addresses, ensure that the Postfix SMTP client can try both 360 address types before it runs into the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a>. 361 362 Available in Postfix 3.5 and later: 363 364 <b>info_log_address_format (external)</b> 365 The email address form that will be used in non-debug logging 366 (info, warning, etc.). 367 368<b>MIME PROCESSING CONTROLS</b> 369 Available in Postfix version 2.0 and later: 370 371 <b><a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a> (no)</b> 372 Disable the conversion of 8BITMIME format to 7BIT format. 373 374 <b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b> 375 The maximal length of MIME multipart boundary strings. 376 377 <b><a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> (100)</b> 378 The maximal recursion level that the MIME processor will handle. 379 380<b>EXTERNAL CONTENT INSPECTION CONTROLS</b> 381 Available in Postfix version 2.1 and later: 382 383 <b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b> 384 Send the non-standard XFORWARD command when the Postfix SMTP 385 server EHLO response announces XFORWARD support. 386 387<b>SASL AUTHENTICATION CONTROLS</b> 388 <b><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> (no)</b> 389 Enable SASL authentication in the Postfix SMTP client. 390 391 <b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b> 392 Optional Postfix SMTP client lookup tables with one user- 393 name:password entry per sender, remote hostname or next-hop 394 domain. 395 396 <b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b> 397 Postfix SMTP client SASL security options; as of Postfix 2.3 the 398 list of available features depends on the SASL client implemen- 399 tation that is selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. 400 401 Available in Postfix version 2.2 and later: 402 403 <b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b> 404 If non-empty, a Postfix SMTP client filter for the remote SMTP 405 server's list of offered SASL mechanisms. 406 407 Available in Postfix version 2.3 and later: 408 409 <b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b> 410 Enable sender-dependent authentication in the Postfix SMTP 411 client; this is available only with SASL authentication, and 412 disables SMTP connection caching to ensure that mail from dif- 413 ferent senders will use the appropriate credentials. 414 415 <b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b> 416 Implementation-specific information that the Postfix SMTP client 417 passes through to the SASL plug-in implementation that is 418 selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. 419 420 <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b> 421 The SASL plug-in type that the Postfix SMTP client should use 422 for authentication. 423 424 Available in Postfix version 2.5 and later: 425 426 <b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b> 427 An optional table to prevent repeated SASL authentication fail- 428 ures with the same remote SMTP server hostname, username and 429 password. 430 431 <b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b> 432 The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it 433 is removed. 434 435 <b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b> 436 When a remote SMTP server rejects a SASL authentication request 437 with a 535 reply code, defer mail delivery instead of returning 438 mail as undeliverable. 439 440 Available in Postfix version 2.9 and later: 441 442 <b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b> 443 Whether or not to append the "AUTH=<>" option to the MAIL FROM 444 command in SASL-authenticated SMTP sessions. 445 446<b>STARTTLS SUPPORT CONTROLS</b> 447 Detailed information about STARTTLS configuration may be found in the 448 <a href="TLS_README.html">TLS_README</a> document. 449 450 <b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b> 451 The default SMTP TLS security level for the Postfix SMTP client; 452 when a non-empty value is specified, this overrides the obsolete 453 parameters <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and 454 <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>. 455 456 <b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b> 457 The SASL authentication security options that the Postfix SMTP 458 client uses for TLS encrypted SMTP sessions. 459 460 <b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b> 461 Time limit for Postfix SMTP client write and read operations 462 during TLS startup and shutdown handshake procedures. 463 464 <b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b> 465 A file containing CA certificates of root CAs trusted to sign 466 either remote SMTP server certificates or intermediate CA cer- 467 tificates. 468 469 <b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b> 470 Directory with PEM format Certification Authority certificates 471 that the Postfix SMTP client uses to verify a remote SMTP server 472 certificate. 473 474 <b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b> 475 File with the Postfix SMTP client RSA certificate in PEM format. 476 477 <b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b> 478 The minimum TLS cipher grade that the Postfix SMTP client will 479 use with mandatory TLS encryption. 480 481 <b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b> 482 List of ciphers or cipher types to exclude from the Postfix SMTP 483 client cipher list at all TLS security levels. 484 485 <b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b> 486 Additional list of ciphers or cipher types to exclude from the 487 Postfix SMTP client cipher list at mandatory TLS security lev- 488 els. 489 490 <b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b> 491 File with the Postfix SMTP client DSA certificate in PEM format. 492 493 <b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b> 494 File with the Postfix SMTP client DSA private key in PEM format. 495 496 <b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b> 497 File with the Postfix SMTP client RSA private key in PEM format. 498 499 <b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b> 500 Enable additional Postfix SMTP client logging of TLS activity. 501 502 <b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b> 503 Log the hostname of a remote SMTP server that offers STARTTLS, 504 when TLS is not already enabled for that server. 505 506 <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b> 507 Optional lookup tables with the Postfix SMTP client TLS security 508 policy by next-hop destination; when a non-empty value is speci- 509 fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter. 510 511 <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (!SSLv2, !SSLv3)</b> 512 List of SSL/TLS protocols that the Postfix SMTP client will use 513 with mandatory TLS encryption. 514 515 <b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b> 516 The verification depth for remote SMTP server certificates. 517 518 <b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b> 519 How the Postfix SMTP client verifies the server certificate 520 peername for the "secure" TLS security level. 521 522 <b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b> 523 Name of the file containing the optional Postfix SMTP client TLS 524 session cache. 525 526 <b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b> 527 The expiration time of Postfix SMTP client TLS session cache 528 information. 529 530 <b><a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> (hostname)</b> 531 How the Postfix SMTP client verifies the server certificate 532 peername for the "verify" TLS security level. 533 534 <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b> 535 The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> 536 process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its 537 internal pseudo random number generator (PRNG). 538 539 <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (see 'postconf -d' output)</b> 540 The OpenSSL cipherlist for "high" grade ciphers. 541 542 <b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (see 'postconf -d' output)</b> 543 The OpenSSL cipherlist for "medium" or higher grade ciphers. 544 545 <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (see 'postconf -d' output)</b> 546 The OpenSSL cipherlist for "low" or higher grade ciphers. 547 548 <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (see 'postconf -d' output)</b> 549 The OpenSSL cipherlist for "export" or higher grade ciphers. 550 551 <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b> 552 The OpenSSL cipherlist for "NULL" grade ciphers that provide 553 authentication without encryption. 554 555 Available in Postfix version 2.4 and later: 556 557 <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_secu</a>-</b> 558 <b><a href="postconf.5.html#smtp_sasl_tls_security_options">rity_options</a>)</b> 559 The SASL authentication security options that the Postfix SMTP 560 client uses for TLS encrypted SMTP sessions with a verified 561 server certificate. 562 563 Available in Postfix version 2.5 and later: 564 565 <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b> 566 List of acceptable remote SMTP server certificate fingerprints 567 for the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b> 568 <b><a href="postconf.5.html#smtp_tls_security_level">rity_level</a></b> = fingerprint). 569 570 <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (md5)</b> 571 The message digest algorithm used to construct remote SMTP 572 server certificate fingerprints. 573 574 Available in Postfix version 2.6 and later: 575 576 <b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (!SSLv2, !SSLv3)</b> 577 List of TLS protocols that the Postfix SMTP client will exclude 578 or include with opportunistic TLS encryption. 579 580 <b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (medium)</b> 581 The minimum TLS cipher grade that the Postfix SMTP client will 582 use with opportunistic TLS encryption. 583 584 <b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b> 585 File with the Postfix SMTP client ECDSA certificate in PEM for- 586 mat. 587 588 <b><a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b> 589 File with the Postfix SMTP client ECDSA private key in PEM for- 590 mat. 591 592 Available in Postfix version 2.7 and later: 593 594 <b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b> 595 Try to detect a mail hijacking attack based on a TLS protocol 596 vulnerability (CVE-2009-3555), where an attacker prepends mali- 597 cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client 598 TLS session. 599 600 Available in Postfix version 2.8 and later: 601 602 <b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b> 603 List or bit-mask of OpenSSL bug work-arounds to disable. 604 605 Available in Postfix version 2.11-3.1: 606 607 <b><a href="postconf.5.html#tls_dane_digest_agility">tls_dane_digest_agility</a> (on)</b> 608 Configure <a href="http://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility. 609 610 <b><a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> (yes)</b> 611 Enable support for <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain 612 digests of trust-anchors with certificate usage "2". 613 614 Available in Postfix version 2.11 and later: 615 616 <b><a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> (empty)</b> 617 Zero or more PEM-format files with trust-anchor certificates 618 and/or public keys. 619 620 <b><a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> (no)</b> 621 Lookup the associated DANE TLSA RRset even when a hostname is 622 not an alias and its address records lie in an unsigned zone. 623 624 <b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b> 625 The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>. 626 627 Available in Postfix version 3.0 and later: 628 629 <b><a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> (no)</b> 630 Request that the Postfix SMTP client connects using the legacy 631 SMTPS protocol instead of using the STARTTLS command. 632 633 Available in Postfix version 3.1 and later: 634 635 <b><a href="postconf.5.html#smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a> (dane)</b> 636 The TLS policy for MX hosts with "secure" TLSA records when the 637 nexthop destination security level is <b>dane</b>, but the MX record 638 was found via an "insecure" MX lookup. 639 640 Available in Postfix version 3.4 and later: 641 642 <b><a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> (no)</b> 643 Try to make multiple deliveries per TLS-encrypted connection. 644 645 <b><a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> (empty)</b> 646 List of one or more PEM files, each holding one or more private 647 keys directly followed by a corresponding certificate chain. 648 649 <b><a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> (empty)</b> 650 Optional name to send to the remote SMTP server in the TLS 651 Server Name Indication (SNI) extension. 652 653 Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later: 654 655 <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b> 656 A workaround for implementations that hang Postfix while shut- 657 ting down a TLS session, until Postfix times out. 658 659<b>OBSOLETE STARTTLS CONTROLS</b> 660 The following configuration parameters exist for compatibility with 661 Postfix versions before 2.3. Support for these will be removed in a 662 future release. 663 664 <b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b> 665 Opportunistic mode: use TLS when a remote SMTP server announces 666 STARTTLS support, otherwise send the mail in the clear. 667 668 <b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b> 669 Enforcement mode: require that remote SMTP servers use TLS 670 encryption, and never send mail in the clear. 671 672 <b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b> 673 With mandatory TLS encryption, require that the remote SMTP 674 server hostname matches the information in the remote SMTP 675 server certificate. 676 677 <b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b> 678 Optional lookup tables with the Postfix SMTP client TLS usage 679 policy by next-hop destination and by remote SMTP server host- 680 name. 681 682 <b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b> 683 Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS 684 cipher list. 685 686<b>RESOURCE AND RATE CONTROLS</b> 687 <b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b> 688 The Postfix SMTP client time limit for completing a TCP connec- 689 tion, or zero (use the operating system built-in time limit). 690 691 <b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b> 692 The Postfix SMTP client time limit for sending the HELO or EHLO 693 command, and for receiving the initial remote SMTP server 694 response. 695 696 <b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b> 697 The Postfix LMTP client time limit for sending the LHLO command, 698 and for receiving the initial remote LMTP server response. 699 700 <b><a href="postconf.5.html#smtp_xforward_timeout">smtp_xforward_timeout</a> (300s)</b> 701 The Postfix SMTP client time limit for sending the XFORWARD com- 702 mand, and for receiving the remote SMTP server response. 703 704 <b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b> 705 The Postfix SMTP client time limit for sending the MAIL FROM 706 command, and for receiving the remote SMTP server response. 707 708 <b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b> 709 The Postfix SMTP client time limit for sending the SMTP RCPT TO 710 command, and for receiving the remote SMTP server response. 711 712 <b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b> 713 The Postfix SMTP client time limit for sending the SMTP DATA 714 command, and for receiving the remote SMTP server response. 715 716 <b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b> 717 The Postfix SMTP client time limit for sending the SMTP message 718 content. 719 720 <b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b> 721 The Postfix SMTP client time limit for sending the SMTP ".", and 722 for receiving the remote SMTP server response. 723 724 <b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b> 725 The Postfix SMTP client time limit for sending the QUIT command, 726 and for receiving the remote SMTP server response. 727 728 Available in Postfix version 2.1 and later: 729 730 <b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b> 731 The maximal number of MX (mail exchanger) IP addresses that can 732 result from Postfix SMTP client mail exchanger lookups, or zero 733 (no limit). 734 735 <b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b> 736 The maximal number of SMTP sessions per delivery request before 737 the Postfix SMTP client gives up or delivers to a fall-back 738 <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit). 739 740 <b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b> 741 The Postfix SMTP client time limit for sending the RSET command, 742 and for receiving the remote SMTP server response. 743 744 Available in Postfix version 2.2 and earlier: 745 746 <b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b> 747 Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a> 748 seconds. 749 750 Available in Postfix version 2.2 and later: 751 752 <b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b> 753 Permanently enable SMTP connection caching for the specified 754 destinations. 755 756 <b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b> 757 Temporarily enable SMTP connection caching while a destination 758 has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. 759 760 <b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b> 761 The amount of time during which Postfix will use an SMTP connec- 762 tion repeatedly. 763 764 <b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b> 765 When SMTP connection caching is enabled, the amount of time that 766 an unused SMTP client socket is kept open before it is closed. 767 768 Available in Postfix version 2.3 and later: 769 770 <b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b> 771 Time limit for connection cache connect, send or receive opera- 772 tions. 773 774 Available in Postfix version 2.9 and later: 775 776 <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b> 777 Change the behavior of the smtp_*_timeout time limits, from a 778 time limit per read or write system call, to a time limit to 779 send or receive a complete record (an SMTP command line, SMTP 780 response line, SMTP message content line, or TLS protocol mes- 781 sage). 782 783 Available in Postfix version 2.11 and later: 784 785 <b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b> 786 When SMTP connection caching is enabled, the number of times 787 that an SMTP session may be reused before it is closed, or zero 788 (no limit). 789 790 Available in Postfix version 3.4 and later: 791 792 <b><a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> (no)</b> 793 Try to make multiple deliveries per TLS-encrypted connection. 794 795 Implemented in the <a href="qmgr.8.html">qmgr(8)</a> daemon: 796 797 <b>transport_destination_concurrency_limit ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b> 798 <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b> 799 A transport-specific override for the default_destination_con- 800 currency_limit parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 801 name of the message delivery transport. 802 803 <b>transport_destination_recipient_limit ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b> 804 <b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b> 805 A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>- 806 <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 807 name of the message delivery transport. 808 809<b>SMTPUTF8 CONTROLS</b> 810 Preliminary SMTPUTF8 support is introduced with Postfix 3.0. 811 812 <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b> 813 Enable preliminary SMTPUTF8 support for the protocols described 814 in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533. 815 816 <b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b> 817 Detect that a message requires SMTPUTF8 support for the speci- 818 fied mail origin classes. 819 820 Available in Postfix version 3.2 and later: 821 822 <b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b> 823 Enable 'transitional' compatibility between IDNA2003 and 824 IDNA2008, when converting UTF-8 domain names to/from the ASCII 825 form that is used for DNS lookups. 826 827<b>TROUBLE SHOOTING CONTROLS</b> 828 <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b> 829 The increment in verbose logging level when a remote client or 830 server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. 831 832 <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b> 833 Optional list of remote client or server hostname or network 834 address patterns that cause the verbose logging level to 835 increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>. 836 837 <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b> 838 The recipient of postmaster notifications about mail delivery 839 problems that are caused by policy, resource, software or proto- 840 col errors. 841 842 <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b> 843 What categories of Postfix-generated mail are subject to 844 before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, 845 <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>. 846 847 <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b> 848 The list of error classes that are reported to the postmaster. 849 850<b>MISCELLANEOUS CONTROLS</b> 851 <b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b> 852 Where the Postfix SMTP client should deliver mail when it 853 detects a "mail loops back to myself" error condition. 854 855 <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> 856 The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con- 857 figuration files. 858 859 <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b> 860 How much time a Postfix daemon process may take to handle a 861 request before it is terminated by a built-in watchdog timer. 862 863 <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b> 864 The maximal number of digits after the decimal point when log- 865 ging sub-second delay values. 866 867 <b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b> 868 Disable DNS lookups in the Postfix SMTP and LMTP clients. 869 870 <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b> 871 The network interface addresses that this mail system receives 872 mail on. 873 874 <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (all)</b> 875 The Internet protocols Postfix will attempt to use when making 876 or accepting connections. 877 878 <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b> 879 The time limit for sending or receiving information over an 880 internal communication channel. 881 882 <b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b> 883 When a remote LMTP server announces no DSN support, assume that 884 the server performs final delivery, and send "delivered" deliv- 885 ery status notifications instead of "relayed". 886 887 <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b> 888 The default TCP port that the Postfix LMTP client connects to. 889 890 <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b> 891 The maximum amount of time that an idle Postfix daemon process 892 waits for an incoming connection before terminating voluntarily. 893 894 <b><a href="postconf.5.html#max_use">max_use</a> (100)</b> 895 The maximal number of incoming connections that a Postfix daemon 896 process will service before terminating voluntarily. 897 898 <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b> 899 The process ID of a Postfix command or daemon process. 900 901 <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b> 902 The process name of a Postfix command or daemon process. 903 904 <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b> 905 The network interface addresses that this mail system receives 906 mail on by way of a proxy or network address translation unit. 907 908 <b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b> 909 The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP 910 client will try first, when a destination has IPv6 and IPv4 911 addresses with equal MX preference. 912 913 <b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b> 914 An optional numerical network address that the Postfix SMTP 915 client should bind to when making an IPv4 connection. 916 917 <b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b> 918 An optional numerical network address that the Postfix SMTP 919 client should bind to when making an IPv6 connection. 920 921 <b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> 922 The hostname to send in the SMTP HELO or EHLO command. 923 924 <b><a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> 925 The hostname to send in the LMTP LHLO command. 926 927 <b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b> 928 What mechanisms the Postfix SMTP client uses to look up a host's 929 IP address. 930 931 <b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b> 932 Randomize the order of equal-preference MX host addresses. 933 934 <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b> 935 The syslog facility of Postfix logging. 936 937 <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b> 938 A prefix that is prepended to the process name in syslog 939 records, so that, for example, "smtpd" becomes "prefix/smtpd". 940 941 Available with Postfix 2.2 and earlier: 942 943 <b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b> 944 Optional list of relay hosts for SMTP destinations that can't be 945 found or that are unreachable. 946 947 Available with Postfix 2.3 and later: 948 949 <b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b> 950 Optional list of relay hosts for SMTP destinations that can't be 951 found or that are unreachable. 952 953 Available with Postfix 3.0 and later: 954 955 <b><a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> (rcpt)</b> 956 In the context of email address verification, the SMTP protocol 957 stage that determines whether an email address is deliverable. 958 959 Available with Postfix 3.1 and later: 960 961 <b><a href="postconf.5.html#lmtp_fallback_relay">lmtp_fallback_relay</a> (empty)</b> 962 Optional list of relay hosts for LMTP destinations that can't be 963 found or that are unreachable. 964 965 Available with Postfix 3.2 and later: 966 967 <b><a href="postconf.5.html#smtp_tcp_port">smtp_tcp_port</a> (smtp)</b> 968 The default TCP port that the Postfix SMTP client connects to. 969 970 Available in Postfix 3.3 and later: 971 972 <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b> 973 The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process. 974 975<b>SEE ALSO</b> 976 <a href="generic.5.html">generic(5)</a>, output address rewriting 977 <a href="header_checks.5.html">header_checks(5)</a>, message header content inspection 978 <a href="header_checks.5.html">body_checks(5)</a>, body parts content inspection 979 <a href="qmgr.8.html">qmgr(8)</a>, queue manager 980 <a href="bounce.8.html">bounce(8)</a>, delivery status reports 981 <a href="scache.8.html">scache(8)</a>, connection cache server 982 <a href="postconf.5.html">postconf(5)</a>, configuration parameters 983 <a href="master.5.html">master(5)</a>, generic daemon options 984 <a href="master.8.html">master(8)</a>, process manager 985 <a href="tlsmgr.8.html">tlsmgr(8)</a>, TLS session and PRNG management 986 <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging 987 syslogd(8), system logging 988 989<b>README FILES</b> 990 <a href="SASL_README.html">SASL_README</a>, Postfix SASL howto 991 <a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto 992 993<b>LICENSE</b> 994 The Secure Mailer license must be distributed with this software. 995 996<b>AUTHOR(S)</b> 997 Wietse Venema 998 IBM T.J. Watson Research 999 P.O. Box 704 1000 Yorktown Heights, NY 10598, USA 1001 1002 Wietse Venema 1003 Google, Inc. 1004 111 8th Avenue 1005 New York, NY 10011, USA 1006 1007 Command pipelining in cooperation with: 1008 Jon Ribbens 1009 Oaktree Internet Solutions Ltd., 1010 Internet House, 1011 Canal Basin, 1012 Coventry, 1013 CV1 4LY, United Kingdom. 1014 1015 SASL support originally by: 1016 Till Franke 1017 SuSE Rhein/Main AG 1018 65760 Eschborn, Germany 1019 1020 TLS support originally by: 1021 Lutz Jaenicke 1022 BTU Cottbus 1023 Allgemeine Elektrotechnik 1024 Universitaetsplatz 3-4 1025 D-03044 Cottbus, Germany 1026 1027 Revised TLS and SMTP connection cache support by: 1028 Victor Duchovni 1029 Morgan Stanley 1030 1031 SMTP(8) 1032</pre> </body> </html> 1033