1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3<html> <head> 4<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 5<title> Postfix manual - smtp(8) </title> 6</head> <body> <pre> 7SMTP(8) SMTP(8) 8 9<b>NAME</b> 10 smtp - Postfix SMTP+LMTP client 11 12<b>SYNOPSIS</b> 13 <b>smtp</b> [generic Postfix daemon options] [flags=DORX] 14 15<b>DESCRIPTION</b> 16 The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery 17 protocols. It processes message delivery requests from the queue man- 18 ager. Each request specifies a queue file, a sender address, a domain 19 or host to deliver to, and recipient information. This program expects 20 to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager. 21 22 The SMTP+LMTP client updates the queue file and marks recipients as 23 finished, or it informs the queue manager that delivery should be tried 24 again at a later time. Delivery status reports are sent to the 25 <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate. 26 27 The SMTP+LMTP client looks up a list of mail exchanger addresses for 28 the destination host, sorts the list by preference, and connects to 29 each listed address until it finds a server that responds. 30 31 When a server is not reachable, or when mail delivery fails due to a 32 recoverable error condition, the SMTP+LMTP client will try to deliver 33 the mail to an alternate host. 34 35 After a successful mail transaction, a connection may be saved to the 36 <a href="scache.8.html"><b>scache</b>(8)</a> connection cache server, so that it may be used by any 37 SMTP+LMTP client for a subsequent transaction. 38 39 By default, connection caching is enabled temporarily for destinations 40 that have a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. Connection caching 41 can be enabled permanently for specific destinations. 42 43<b>SMTP DESTINATION SYNTAX</b> 44 The Postfix SMTP+LMTP client supports multiple destinations separated 45 by comma or whitespace (Postfix 3.5 and later). SMTP destinations have 46 the following form: 47 48 <i>domainname</i> 49 50 <i>domainname</i>:<i>port</i> 51 Look up the mail exchangers for the specified domain, and con- 52 nect to the specified port (default: <b>smtp</b>). 53 54 [<i>hostname</i>] 55 56 [<i>hostname</i>]:<i>port</i> 57 Look up the address(es) of the specified host, and connect to 58 the specified port (default: <b>smtp</b>). 59 60 [<i>address</i>] 61 62 [<i>address</i>]:<i>port</i> 63 Connect to the host at the specified address, and connect to the 64 specified port (default: <b>smtp</b>). An IPv6 address must be format- 65 ted as [<b>ipv6</b>:<i>address</i>]. 66 67<b>LMTP DESTINATION SYNTAX</b> 68 The Postfix SMTP+LMTP client supports multiple destinations separated 69 by comma or whitespace (Postfix 3.5 and later). LMTP destinations have 70 the following form: 71 72 <b>unix</b>:<i>pathname</i> 73 Connect to the local UNIX-domain server that is bound to the 74 specified <i>pathname</i>. If the process runs chrooted, an absolute 75 pathname is interpreted relative to the Postfix queue directory. 76 77 <b>inet</b>:<i>hostname</i> 78 79 <b>inet</b>:<i>hostname</i>:<i>port</i> 80 81 <b>inet</b>:[<i>address</i>] 82 83 <b>inet</b>:[<i>address</i>]:<i>port</i> 84 Connect to the specified TCP port on the specified local or 85 remote host. If no port is specified, connect to the port 86 defined as <b>lmtp</b> in <b>services</b>(4). If no such service is found, 87 the <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a></b> configuration parameter (default value of 24) 88 will be used. An IPv6 address must be formatted as 89 [<b>ipv6</b>:<i>address</i>]. 90 91<b>SINGLE-RECIPIENT DELIVERY</b> 92 By default, the Postfix SMTP+LMTP client delivers mail to multiple 93 recipients per delivery request. This is undesirable when prepending a 94 <b>Delivered-to:</b> or <b>X-Original-To:</b> message header. To prevent Postfix from 95 sending multiple recipients per delivery request, specify 96 97 <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> = 1</b> 98 99 in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, where <i>transport</i> is the name in the first 100 column of the Postfix <a href="master.5.html"><b>master.cf</b></a> entry for this mail delivery service. 101 102<b>COMMAND ATTRIBUTE SYNTAX</b> 103 <b>flags=DORX</b> (optional) 104 Optional message processing flags. 105 106 <b>D</b> Prepend a "<b>Delivered-To:</b> <i>recipient</i>" message header with 107 the envelope recipient address. Note: for this to work, 108 the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must be 1 (see 109 SINGLE-RECIPIENT DELIVERY above for details). 110 111 The <b>D</b> flag also enforces loop detection: if a message 112 already contains a <b>Delivered-To:</b> header with the same 113 recipient address, then the message is returned as unde- 114 liverable. The address comparison is case insensitive. 115 116 This feature is available as of Postfix 3.5. 117 118 <b>O</b> Prepend an "<b>X-Original-To:</b> <i>recipient</i>" message header with 119 the recipient address as given to Postfix. Note: for this 120 to work, the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must 121 be 1 (see SINGLE-RECIPIENT DELIVERY above for details). 122 123 This feature is available as of Postfix 3.5. 124 125 <b>R</b> Prepend a "<b>Return-Path:</b> <<i>sender</i>>" message header with the 126 envelope sender address. 127 128 This feature is available as of Postfix 3.5. 129 130 <b>X</b> Indicates that the delivery is final. This flag affects 131 the status reported in "success" DSN (delivery status 132 notification) messages, and changes it from "relayed" 133 into "delivered". 134 135 This feature is available as of Postfix 3.5. 136 137<b>SECURITY</b> 138 The SMTP+LMTP client is moderately security-sensitive. It 139 talks to SMTP or LMTP servers and to DNS servers on the 140 network. The SMTP+LMTP client can be run chrooted at fixed 141 low privilege. 142 143<b>STANDARDS</b> 144 <a href="https://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol) 145 <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages) 146 <a href="https://tools.ietf.org/html/rfc1651">RFC 1651</a> (SMTP service extensions) 147 <a href="https://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport) 148 <a href="https://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration) 149 <a href="https://tools.ietf.org/html/rfc2033">RFC 2033</a> (LMTP protocol) 150 <a href="https://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Error Codes) 151 <a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies) 152 <a href="https://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types) 153 <a href="https://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command) 154 <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol) 155 <a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining) 156 <a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command) 157 <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension) 158 <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes) 159 <a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command) 160 <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol) 161 <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP) 162 <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications) 163 <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS) 164 165<b>DIAGNOSTICS</b> 166 Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. 167 Corrupted message files are marked so that the queue manager can move 168 them to the <b>corrupt</b> queue for further inspection. 169 170 Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas- 171 ter is notified of bounces, protocol problems, and of other trouble. 172 173<b>BUGS</b> 174 SMTP and LMTP connection reuse for TLS (without closing the SMTP or 175 LMTP connection) is not supported before Postfix 3.4. 176 177 SMTP and LMTP connection reuse assumes that SASL credentials are valid 178 for all destinations that map onto the same IP address and TCP port. 179 180<b>CONFIGURATION PARAMETERS</b> 181 Before Postfix version 2.3, the LMTP client is a separate program that 182 implements only a subset of the functionality available with SMTP: 183 there is no support for TLS, and connections are cached in-process, 184 making it ineffective when the client is used for multiple domains. 185 186 Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param- 187 eter for the equivalent LMTP feature. This document describes only 188 those LMTP-related parameters that aren't simply "mirror" parameters. 189 190 Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes 191 run for only a limited amount of time. Use the command "<b>postfix reload</b>" 192 to speed up a change. 193 194 The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for 195 more details including examples. 196 197<b>COMPATIBILITY CONTROLS</b> 198 <b><a href="postconf.5.html#ignore_mx_lookup_error">ignore_mx_lookup_error</a> (no)</b> 199 Ignore DNS MX lookups that produce no response. 200 201 <b><a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> (yes)</b> 202 Always send EHLO at the start of an SMTP session. 203 204 <b><a href="postconf.5.html#smtp_never_send_ehlo">smtp_never_send_ehlo</a> (no)</b> 205 Never send EHLO at the start of an SMTP session. 206 207 <b><a href="postconf.5.html#smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> (no)</b> 208 Defer mail delivery when no MX record resolves to an IP address. 209 210 <b><a href="postconf.5.html#smtp_line_length_limit">smtp_line_length_limit</a> (998)</b> 211 The maximal length of message header and body lines that Postfix 212 will send via SMTP. 213 214 <b><a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> (10s)</b> 215 How long the Postfix SMTP client pauses before sending 216 ".<CR><LF>" in order to work around the PIX firewall 217 "<CR><LF>.<CR><LF>" bug. 218 219 <b><a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> (500s)</b> 220 How long a message must be queued before the Postfix SMTP client 221 turns on the PIX firewall "<CR><LF>.<CR><LF>" bug workaround for 222 delivery through firewalls with "smtp fixup" mode turned on. 223 224 <b><a href="postconf.5.html#smtp_pix_workarounds">smtp_pix_workarounds</a> (disable_esmtp, delay_dotcrlf)</b> 225 A list that specifies zero or more workarounds for CISCO PIX 226 firewall bugs. 227 228 <b><a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> (empty)</b> 229 Lookup tables, indexed by the remote SMTP server address, with 230 per-destination workarounds for CISCO PIX firewall bugs. 231 232 <b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b> 233 Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO 234 commands as required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. 235 236 <b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b> 237 A mechanism to transform replies from remote SMTP servers one 238 line at a time. 239 240 <b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b> 241 Skip remote SMTP servers that greet with a 5XX status code. 242 243 <b><a href="postconf.5.html#smtp_skip_quit_response">smtp_skip_quit_response</a> (yes)</b> 244 Do not wait for the response to the SMTP QUIT command. 245 246 Available in Postfix version 2.0 and earlier: 247 248 <b><a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> (yes)</b> 249 Skip SMTP servers that greet with a 4XX status code (go away, 250 try again later). 251 252 Available in Postfix version 2.2 and later: 253 254 <b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b> 255 Lookup tables, indexed by the remote SMTP server address, with 256 case insensitive lists of EHLO keywords (pipelining, starttls, 257 auth, etc.) that the Postfix SMTP client will ignore in the EHLO 258 response from a remote SMTP server. 259 260 <b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b> 261 A case insensitive list of EHLO keywords (pipelining, starttls, 262 auth, etc.) that the Postfix SMTP client will ignore in the EHLO 263 response from a remote SMTP server. 264 265 <b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b> 266 Optional lookup tables that perform address rewriting in the 267 Postfix SMTP client, typically to transform a locally valid 268 address into a globally valid address when sending mail across 269 the Internet. 270 271 Available in Postfix version 2.2.9 and later: 272 273 <b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b> 274 When the remote SMTP servername is a DNS CNAME, replace the 275 servername with the result from CNAME expansion for the purpose 276 of logging, SASL password lookup, TLS policy decisions, or TLS 277 certificate verification. 278 279 Available in Postfix version 2.3 and later: 280 281 <b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b> 282 Lookup tables, indexed by the remote LMTP server address, with 283 case insensitive lists of LHLO keywords (pipelining, starttls, 284 auth, etc.) that the Postfix LMTP client will ignore in the LHLO 285 response from a remote LMTP server. 286 287 <b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b> 288 A case insensitive list of LHLO keywords (pipelining, starttls, 289 auth, etc.) that the Postfix LMTP client will ignore in the LHLO 290 response from a remote LMTP server. 291 292 Available in Postfix version 2.4.4 and later: 293 294 <b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b> 295 When authenticating to a remote SMTP or LMTP server with the 296 default setting "no", send no SASL authoriZation ID (authzid); 297 send only the SASL authentiCation ID (authcid) plus the auth- 298 cid's password. 299 300 Available in Postfix version 2.5 and later: 301 302 <b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b> 303 Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client. 304 305 <b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b> 306 Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP 307 client. 308 309 <b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b> 310 Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP 311 client. 312 313 <b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b> 314 Restricted <a href="header_checks.5.html"><b>body_checks</b>(5)</a> tables for the Postfix SMTP client. 315 316 Available in Postfix version 2.6 and later: 317 318 <b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b> 319 An optional workaround for routers that break TCP window scal- 320 ing. 321 322 Available in Postfix version 2.8 and later: 323 324 <b><a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a> (empty)</b> 325 DNS Resolver options for the Postfix SMTP client. 326 327 Available in Postfix version 2.9 - 3.6: 328 329 <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b> 330 Change the behavior of the smtp_*_timeout time limits, from a 331 time limit per read or write system call, to a time limit to 332 send or receive a complete record (an SMTP command line, SMTP 333 response line, SMTP message content line, or TLS protocol mes- 334 sage). 335 336 Available in Postfix version 2.9 and later: 337 338 <b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b> 339 Whether or not to append the "AUTH=<>" option to the MAIL FROM 340 command in SASL-authenticated SMTP sessions. 341 342 Available in Postfix version 2.11 and later: 343 344 <b><a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> (empty)</b> 345 Level of DNS support in the Postfix SMTP client. 346 347 Available in Postfix version 3.0 and later: 348 349 <b><a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b> 350 Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the 351 delivery status code or explanatory text of successful or unsuc- 352 cessful deliveries. 353 354 <b><a href="postconf.5.html#smtp_dns_reply_filter">smtp_dns_reply_filter</a> (empty)</b> 355 Optional filter for Postfix SMTP client DNS lookup results. 356 357 Available in Postfix version 3.3 and later: 358 359 <b><a href="postconf.5.html#smtp_balance_inet_protocols">smtp_balance_inet_protocols</a> (yes)</b> 360 When a remote destination resolves to a combination of IPv4 and 361 IPv6 addresses, ensure that the Postfix SMTP client can try both 362 address types before it runs into the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a>. 363 364 Available in Postfix 3.5 and later: 365 366 <b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b> 367 The email address form that will be used in non-debug logging 368 (info, warning, etc.). 369 370 Available in Postfix 3.6 and later: 371 372 <b><a href="postconf.5.html#dnssec_probe">dnssec_probe</a> (ns:.)</b> 373 The DNS query type (default: "ns") and DNS query name (default: 374 ".") that Postfix may use to determine whether DNSSEC validation 375 is available. 376 377 <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b> 378 <b>sion=587)</b> 379 Optional setting that avoids lookups in the <b>services</b>(5) data- 380 base. 381 382 Available in Postfix version 3.7 and later: 383 384 <b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b> 385 Change the behavior of the smtp_*_timeout time limits, from a 386 time limit per plaintext or TLS read or write call, to a com- 387 bined time limit for sending a complete SMTP request and for 388 receiving a complete SMTP response. 389 390 <b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b> 391 The minimum plaintext data transfer rate in bytes/second for 392 DATA requests, when deadlines are enabled with 393 <a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>. 394 395 <b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b> 396 The format of the Postfix-generated <b>From:</b> header. 397 398<b>MIME PROCESSING CONTROLS</b> 399 Available in Postfix version 2.0 and later: 400 401 <b><a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a> (no)</b> 402 Disable the conversion of 8BITMIME format to 7BIT format. 403 404 <b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b> 405 The maximal length of MIME multipart boundary strings. 406 407 <b><a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> (100)</b> 408 The maximal recursion level that the MIME processor will handle. 409 410<b>EXTERNAL CONTENT INSPECTION CONTROLS</b> 411 Available in Postfix version 2.1 and later: 412 413 <b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b> 414 Send the non-standard XFORWARD command when the Postfix SMTP 415 server EHLO response announces XFORWARD support. 416 417<b>SASL AUTHENTICATION CONTROLS</b> 418 <b><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> (no)</b> 419 Enable SASL authentication in the Postfix SMTP client. 420 421 <b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b> 422 Optional Postfix SMTP client lookup tables with one user- 423 name:password entry per sender, remote hostname or next-hop 424 domain. 425 426 <b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b> 427 Postfix SMTP client SASL security options; as of Postfix 2.3 the 428 list of available features depends on the SASL client implemen- 429 tation that is selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. 430 431 Available in Postfix version 2.2 and later: 432 433 <b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b> 434 If non-empty, a Postfix SMTP client filter for the remote SMTP 435 server's list of offered SASL mechanisms. 436 437 Available in Postfix version 2.3 and later: 438 439 <b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b> 440 Enable sender-dependent authentication in the Postfix SMTP 441 client; this is available only with SASL authentication, and 442 disables SMTP connection caching to ensure that mail from dif- 443 ferent senders will use the appropriate credentials. 444 445 <b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b> 446 Implementation-specific information that the Postfix SMTP client 447 passes through to the SASL plug-in implementation that is 448 selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. 449 450 <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b> 451 The SASL plug-in type that the Postfix SMTP client should use 452 for authentication. 453 454 Available in Postfix version 2.5 and later: 455 456 <b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b> 457 An optional table to prevent repeated SASL authentication fail- 458 ures with the same remote SMTP server hostname, username and 459 password. 460 461 <b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b> 462 The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it 463 is removed. 464 465 <b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b> 466 When a remote SMTP server rejects a SASL authentication request 467 with a 535 reply code, defer mail delivery instead of returning 468 mail as undeliverable. 469 470 Available in Postfix version 2.9 and later: 471 472 <b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b> 473 Whether or not to append the "AUTH=<>" option to the MAIL FROM 474 command in SASL-authenticated SMTP sessions. 475 476<b>STARTTLS SUPPORT CONTROLS</b> 477 Detailed information about STARTTLS configuration may be found in the 478 <a href="TLS_README.html">TLS_README</a> document. 479 480 <b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b> 481 The default SMTP TLS security level for the Postfix SMTP client; 482 when a non-empty value is specified, this overrides the obsolete 483 parameters <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and 484 <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>. 485 486 <b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b> 487 The SASL authentication security options that the Postfix SMTP 488 client uses for TLS encrypted SMTP sessions. 489 490 <b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b> 491 Time limit for Postfix SMTP client write and read operations 492 during TLS startup and shutdown handshake procedures. 493 494 <b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b> 495 A file containing CA certificates of root CAs trusted to sign 496 either remote SMTP server certificates or intermediate CA cer- 497 tificates. 498 499 <b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b> 500 Directory with PEM format Certification Authority certificates 501 that the Postfix SMTP client uses to verify a remote SMTP server 502 certificate. 503 504 <b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b> 505 File with the Postfix SMTP client RSA certificate in PEM format. 506 507 <b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b> 508 The minimum TLS cipher grade that the Postfix SMTP client will 509 use with mandatory TLS encryption. 510 511 <b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b> 512 List of ciphers or cipher types to exclude from the Postfix SMTP 513 client cipher list at all TLS security levels. 514 515 <b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b> 516 Additional list of ciphers or cipher types to exclude from the 517 Postfix SMTP client cipher list at mandatory TLS security lev- 518 els. 519 520 <b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b> 521 File with the Postfix SMTP client DSA certificate in PEM format. 522 523 <b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b> 524 File with the Postfix SMTP client DSA private key in PEM format. 525 526 <b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b> 527 File with the Postfix SMTP client RSA private key in PEM format. 528 529 <b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b> 530 Enable additional Postfix SMTP client logging of TLS activity. 531 532 <b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b> 533 Log the hostname of a remote SMTP server that offers STARTTLS, 534 when TLS is not already enabled for that server. 535 536 <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b> 537 Optional lookup tables with the Postfix SMTP client TLS security 538 policy by next-hop destination; when a non-empty value is speci- 539 fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter. 540 541 <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (see 'postconf -d' output)</b> 542 TLS protocols that the Postfix SMTP client will use with manda- 543 tory TLS encryption. 544 545 <b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b> 546 The verification depth for remote SMTP server certificates. 547 548 <b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b> 549 How the Postfix SMTP client verifies the server certificate 550 peername for the "secure" TLS security level. 551 552 <b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b> 553 Name of the file containing the optional Postfix SMTP client TLS 554 session cache. 555 556 <b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b> 557 The expiration time of Postfix SMTP client TLS session cache 558 information. 559 560 <b><a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> (hostname)</b> 561 How the Postfix SMTP client verifies the server certificate 562 peername for the "verify" TLS security level. 563 564 <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b> 565 The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> 566 process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its 567 internal pseudo random number generator (PRNG). 568 569 <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (see 'postconf -d' output)</b> 570 The OpenSSL cipherlist for "high" grade ciphers. 571 572 <b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (see 'postconf -d' output)</b> 573 The OpenSSL cipherlist for "medium" or higher grade ciphers. 574 575 <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (see 'postconf -d' output)</b> 576 The OpenSSL cipherlist for "low" or higher grade ciphers. 577 578 <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (see 'postconf -d' output)</b> 579 The OpenSSL cipherlist for "export" or higher grade ciphers. 580 581 <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b> 582 The OpenSSL cipherlist for "NULL" grade ciphers that provide 583 authentication without encryption. 584 585 Available in Postfix version 2.4 and later: 586 587 <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_secu</a>-</b> 588 <b><a href="postconf.5.html#smtp_sasl_tls_security_options">rity_options</a>)</b> 589 The SASL authentication security options that the Postfix SMTP 590 client uses for TLS encrypted SMTP sessions with a verified 591 server certificate. 592 593 Available in Postfix version 2.5 and later: 594 595 <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b> 596 List of acceptable remote SMTP server certificate fingerprints 597 for the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b> 598 <b><a href="postconf.5.html#smtp_tls_security_level">rity_level</a></b> = fingerprint). 599 600 <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (see 'postconf -d' output)</b> 601 The message digest algorithm used to construct remote SMTP 602 server certificate fingerprints. 603 604 Available in Postfix version 2.6 and later: 605 606 <b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (see postconf -d output)</b> 607 TLS protocols that the Postfix SMTP client will use with oppor- 608 tunistic TLS encryption. 609 610 <b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (medium)</b> 611 The minimum TLS cipher grade that the Postfix SMTP client will 612 use with opportunistic TLS encryption. 613 614 <b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b> 615 File with the Postfix SMTP client ECDSA certificate in PEM for- 616 mat. 617 618 <b><a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b> 619 File with the Postfix SMTP client ECDSA private key in PEM for- 620 mat. 621 622 Available in Postfix version 2.7 and later: 623 624 <b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b> 625 Try to detect a mail hijacking attack based on a TLS protocol 626 vulnerability (CVE-2009-3555), where an attacker prepends mali- 627 cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client 628 TLS session. 629 630 Available in Postfix version 2.8 and later: 631 632 <b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b> 633 List or bit-mask of OpenSSL bug work-arounds to disable. 634 635 Available in Postfix version 2.11-3.1: 636 637 <b><a href="postconf.5.html#tls_dane_digest_agility">tls_dane_digest_agility</a> (on)</b> 638 Configure <a href="https://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility. 639 640 <b><a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> (yes)</b> 641 Enable support for <a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain 642 digests of trust-anchors with certificate usage "2". 643 644 Available in Postfix version 2.11 and later: 645 646 <b><a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> (empty)</b> 647 Zero or more PEM-format files with trust-anchor certificates 648 and/or public keys. 649 650 <b><a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> (no)</b> 651 Lookup the associated DANE TLSA RRset even when a hostname is 652 not an alias and its address records lie in an unsigned zone. 653 654 <b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b> 655 The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>. 656 657 Available in Postfix version 3.0 and later: 658 659 <b><a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> (no)</b> 660 Request that the Postfix SMTP client connects using the legacy 661 SMTPS protocol instead of using the STARTTLS command. 662 663 Available in Postfix version 3.1 and later: 664 665 <b><a href="postconf.5.html#smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a> (see 'postconf -d' output)</b> 666 The TLS policy for MX hosts with "secure" TLSA records when the 667 nexthop destination security level is <b>dane</b>, but the MX record 668 was found via an "insecure" MX lookup. 669 670 Available in Postfix version 3.4 and later: 671 672 <b><a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> (no)</b> 673 Try to make multiple deliveries per TLS-encrypted connection. 674 675 <b><a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> (empty)</b> 676 List of one or more PEM files, each holding one or more private 677 keys directly followed by a corresponding certificate chain. 678 679 <b><a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> (empty)</b> 680 Optional name to send to the remote SMTP server in the TLS 681 Server Name Indication (SNI) extension. 682 683 Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later: 684 685 <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b> 686 A workaround for implementations that hang Postfix while shut- 687 ting down a TLS session, until Postfix times out. 688 689<b>OBSOLETE STARTTLS CONTROLS</b> 690 The following configuration parameters exist for compatibility with 691 Postfix versions before 2.3. Support for these will be removed in a 692 future release. 693 694 <b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b> 695 Opportunistic mode: use TLS when a remote SMTP server announces 696 STARTTLS support, otherwise send the mail in the clear. 697 698 <b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b> 699 Enforcement mode: require that remote SMTP servers use TLS 700 encryption, and never send mail in the clear. 701 702 <b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b> 703 With mandatory TLS encryption, require that the remote SMTP 704 server hostname matches the information in the remote SMTP 705 server certificate. 706 707 <b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b> 708 Optional lookup tables with the Postfix SMTP client TLS usage 709 policy by next-hop destination and by remote SMTP server host- 710 name. 711 712 <b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b> 713 Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS 714 cipher list. 715 716<b>RESOURCE AND RATE CONTROLS</b> 717 <b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b> 718 The Postfix SMTP client time limit for completing a TCP connec- 719 tion, or zero (use the operating system built-in time limit). 720 721 <b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b> 722 The Postfix SMTP client time limit for sending the HELO or EHLO 723 command, and for receiving the initial remote SMTP server 724 response. 725 726 <b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b> 727 The Postfix LMTP client time limit for sending the LHLO command, 728 and for receiving the initial remote LMTP server response. 729 730 <b><a href="postconf.5.html#smtp_xforward_timeout">smtp_xforward_timeout</a> (300s)</b> 731 The Postfix SMTP client time limit for sending the XFORWARD com- 732 mand, and for receiving the remote SMTP server response. 733 734 <b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b> 735 The Postfix SMTP client time limit for sending the MAIL FROM 736 command, and for receiving the remote SMTP server response. 737 738 <b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b> 739 The Postfix SMTP client time limit for sending the SMTP RCPT TO 740 command, and for receiving the remote SMTP server response. 741 742 <b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b> 743 The Postfix SMTP client time limit for sending the SMTP DATA 744 command, and for receiving the remote SMTP server response. 745 746 <b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b> 747 The Postfix SMTP client time limit for sending the SMTP message 748 content. 749 750 <b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b> 751 The Postfix SMTP client time limit for sending the SMTP ".", and 752 for receiving the remote SMTP server response. 753 754 <b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b> 755 The Postfix SMTP client time limit for sending the QUIT command, 756 and for receiving the remote SMTP server response. 757 758 Available in Postfix version 2.1 and later: 759 760 <b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b> 761 The maximal number of MX (mail exchanger) IP addresses that can 762 result from Postfix SMTP client mail exchanger lookups, or zero 763 (no limit). 764 765 <b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b> 766 The maximal number of SMTP sessions per delivery request before 767 the Postfix SMTP client gives up or delivers to a fall-back 768 <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit). 769 770 <b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b> 771 The Postfix SMTP client time limit for sending the RSET command, 772 and for receiving the remote SMTP server response. 773 774 Available in Postfix version 2.2 and earlier: 775 776 <b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b> 777 Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a> 778 seconds. 779 780 Available in Postfix version 2.2 and later: 781 782 <b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b> 783 Permanently enable SMTP connection caching for the specified 784 destinations. 785 786 <b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b> 787 Temporarily enable SMTP connection caching while a destination 788 has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. 789 790 <b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b> 791 The amount of time during which Postfix will use an SMTP connec- 792 tion repeatedly. 793 794 <b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b> 795 When SMTP connection caching is enabled, the amount of time that 796 an unused SMTP client socket is kept open before it is closed. 797 798 Available in Postfix version 2.3 and later: 799 800 <b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b> 801 Time limit for connection cache connect, send or receive opera- 802 tions. 803 804 Available in Postfix version 2.9 - 3.6: 805 806 <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b> 807 Change the behavior of the smtp_*_timeout time limits, from a 808 time limit per read or write system call, to a time limit to 809 send or receive a complete record (an SMTP command line, SMTP 810 response line, SMTP message content line, or TLS protocol mes- 811 sage). 812 813 Available in Postfix version 2.11 and later: 814 815 <b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b> 816 When SMTP connection caching is enabled, the number of times 817 that an SMTP session may be reused before it is closed, or zero 818 (no limit). 819 820 Available in Postfix version 3.4 and later: 821 822 <b><a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> (no)</b> 823 Try to make multiple deliveries per TLS-encrypted connection. 824 825 Available in Postfix version 3.7 and later: 826 827 <b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b> 828 Change the behavior of the smtp_*_timeout time limits, from a 829 time limit per plaintext or TLS read or write call, to a com- 830 bined time limit for sending a complete SMTP request and for 831 receiving a complete SMTP response. 832 833 <b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b> 834 The minimum plaintext data transfer rate in bytes/second for 835 DATA requests, when deadlines are enabled with 836 <a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>. 837 838 Implemented in the <a href="qmgr.8.html">qmgr(8)</a> daemon: 839 840 <b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b> 841 <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b> 842 A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>- 843 <a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 844 name of the message delivery transport. 845 846 <b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b> 847 <b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b> 848 A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>- 849 <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> 850 name of the message delivery transport. 851 852<b>SMTPUTF8 CONTROLS</b> 853 Preliminary SMTPUTF8 support is introduced with Postfix 3.0. 854 855 <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b> 856 Enable preliminary SMTPUTF8 support for the protocols described 857 in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533. 858 859 <b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b> 860 Detect that a message requires SMTPUTF8 support for the speci- 861 fied mail origin classes. 862 863 Available in Postfix version 3.2 and later: 864 865 <b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b> 866 Enable 'transitional' compatibility between IDNA2003 and 867 IDNA2008, when converting UTF-8 domain names to/from the ASCII 868 form that is used for DNS lookups. 869 870<b>TROUBLE SHOOTING CONTROLS</b> 871 <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b> 872 The increment in verbose logging level when a nexthop destina- 873 tion, remote client or server name or network address matches a 874 pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. 875 876 <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b> 877 Optional list of nexthop destination, remote client or server 878 name or network address patterns that, if matched, cause the 879 verbose logging level to increase by the amount specified in 880 $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>. 881 882 <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b> 883 The recipient of postmaster notifications about mail delivery 884 problems that are caused by policy, resource, software or proto- 885 col errors. 886 887 <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b> 888 What categories of Postfix-generated mail are subject to 889 before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, 890 <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>. 891 892 <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b> 893 The list of error classes that are reported to the postmaster. 894 895<b>MISCELLANEOUS CONTROLS</b> 896 <b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b> 897 Where the Postfix SMTP client should deliver mail when it 898 detects a "mail loops back to myself" error condition. 899 900 <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> 901 The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con- 902 figuration files. 903 904 <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b> 905 How much time a Postfix daemon process may take to handle a 906 request before it is terminated by a built-in watchdog timer. 907 908 <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b> 909 The maximal number of digits after the decimal point when log- 910 ging sub-second delay values. 911 912 <b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b> 913 Disable DNS lookups in the Postfix SMTP and LMTP clients. 914 915 <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b> 916 The network interface addresses that this mail system receives 917 mail on. 918 919 <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d output')</b> 920 The Internet protocols Postfix will attempt to use when making 921 or accepting connections. 922 923 <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b> 924 The time limit for sending or receiving information over an 925 internal communication channel. 926 927 <b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b> 928 When a remote LMTP server announces no DSN support, assume that 929 the server performs final delivery, and send "delivered" deliv- 930 ery status notifications instead of "relayed". 931 932 <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b> 933 The default TCP port that the Postfix LMTP client connects to. 934 935 <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b> 936 The maximum amount of time that an idle Postfix daemon process 937 waits for an incoming connection before terminating voluntarily. 938 939 <b><a href="postconf.5.html#max_use">max_use</a> (100)</b> 940 The maximal number of incoming connections that a Postfix daemon 941 process will service before terminating voluntarily. 942 943 <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b> 944 The process ID of a Postfix command or daemon process. 945 946 <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b> 947 The process name of a Postfix command or daemon process. 948 949 <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b> 950 The network interface addresses that this mail system receives 951 mail on by way of a proxy or network address translation unit. 952 953 <b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b> 954 The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP 955 client will try first, when a destination has IPv6 and IPv4 956 addresses with equal MX preference. 957 958 <b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b> 959 An optional numerical network address that the Postfix SMTP 960 client should bind to when making an IPv4 connection. 961 962 <b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b> 963 An optional numerical network address that the Postfix SMTP 964 client should bind to when making an IPv6 connection. 965 966 <b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> 967 The hostname to send in the SMTP HELO or EHLO command. 968 969 <b><a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> 970 The hostname to send in the LMTP LHLO command. 971 972 <b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b> 973 What mechanisms the Postfix SMTP client uses to look up a host's 974 IP address. 975 976 <b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b> 977 Randomize the order of equal-preference MX host addresses. 978 979 <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b> 980 The syslog facility of Postfix logging. 981 982 <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b> 983 A prefix that is prepended to the process name in syslog 984 records, so that, for example, "smtpd" becomes "prefix/smtpd". 985 986 Available with Postfix 2.2 and earlier: 987 988 <b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b> 989 Optional list of relay hosts for SMTP destinations that can't be 990 found or that are unreachable. 991 992 Available with Postfix 2.3 and later: 993 994 <b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b> 995 Optional list of relay hosts for SMTP destinations that can't be 996 found or that are unreachable. 997 998 Available with Postfix 3.0 and later: 999 1000 <b><a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> (rcpt)</b> 1001 In the context of email address verification, the SMTP protocol 1002 stage that determines whether an email address is deliverable. 1003 1004 Available with Postfix 3.1 and later: 1005 1006 <b><a href="postconf.5.html#lmtp_fallback_relay">lmtp_fallback_relay</a> (empty)</b> 1007 Optional list of relay hosts for LMTP destinations that can't be 1008 found or that are unreachable. 1009 1010 Available with Postfix 3.2 and later: 1011 1012 <b><a href="postconf.5.html#smtp_tcp_port">smtp_tcp_port</a> (smtp)</b> 1013 The default TCP port that the Postfix SMTP client connects to. 1014 1015 Available in Postfix 3.3 and later: 1016 1017 <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b> 1018 The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process. 1019 1020 Available in Postfix 3.7 and later: 1021 1022 <b><a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> (no)</b> 1023 Defer delivery when the Postfix SMTP client cannot apply the 1024 <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> setting. 1025 1026<b>SEE ALSO</b> 1027 <a href="generic.5.html">generic(5)</a>, output address rewriting 1028 <a href="header_checks.5.html">header_checks(5)</a>, message header content inspection 1029 <a href="header_checks.5.html">body_checks(5)</a>, body parts content inspection 1030 <a href="qmgr.8.html">qmgr(8)</a>, queue manager 1031 <a href="bounce.8.html">bounce(8)</a>, delivery status reports 1032 <a href="scache.8.html">scache(8)</a>, connection cache server 1033 <a href="postconf.5.html">postconf(5)</a>, configuration parameters 1034 <a href="master.5.html">master(5)</a>, generic daemon options 1035 <a href="master.8.html">master(8)</a>, process manager 1036 <a href="tlsmgr.8.html">tlsmgr(8)</a>, TLS session and PRNG management 1037 <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging 1038 syslogd(8), system logging 1039 1040<b>README FILES</b> 1041 <a href="SASL_README.html">SASL_README</a>, Postfix SASL howto 1042 <a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto 1043 1044<b>LICENSE</b> 1045 The Secure Mailer license must be distributed with this software. 1046 1047<b>AUTHOR(S)</b> 1048 Wietse Venema 1049 IBM T.J. Watson Research 1050 P.O. Box 704 1051 Yorktown Heights, NY 10598, USA 1052 1053 Wietse Venema 1054 Google, Inc. 1055 111 8th Avenue 1056 New York, NY 10011, USA 1057 1058 Command pipelining in cooperation with: 1059 Jon Ribbens 1060 Oaktree Internet Solutions Ltd., 1061 Internet House, 1062 Canal Basin, 1063 Coventry, 1064 CV1 4LY, United Kingdom. 1065 1066 SASL support originally by: 1067 Till Franke 1068 SuSE Rhein/Main AG 1069 65760 Eschborn, Germany 1070 1071 TLS support originally by: 1072 Lutz Jaenicke 1073 BTU Cottbus 1074 Allgemeine Elektrotechnik 1075 Universitaetsplatz 3-4 1076 D-03044 Cottbus, Germany 1077 1078 Revised TLS and SMTP connection cache support by: 1079 Victor Duchovni 1080 Morgan Stanley 1081 1082 SMTP(8) 1083</pre> </body> </html> 1084