1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3<html> <head> 4<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 5<title> Postfix manual - smtpd(8) </title> 6</head> <body> <pre> 7SMTPD(8) SMTPD(8) 8 9<b>NAME</b> 10 smtpd - Postfix SMTP server 11 12<b>SYNOPSIS</b> 13 <b>smtpd</b> [generic Postfix daemon options] 14 15 <b>sendmail -bs</b> 16 17<b>DESCRIPTION</b> 18 The SMTP server accepts network connection requests and 19 performs zero or more SMTP transactions per connection. 20 Each received message is piped through the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> dae- 21 mon, and is placed into the <a href="QSHAPE_README.html#incoming_queue"><b>incoming</b> queue</a> as one single 22 queue file. For this mode of operation, the program 23 expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager. 24 25 Alternatively, the SMTP server be can run in stand-alone 26 mode; this is traditionally obtained with "<b>sendmail -bs</b>". 27 When the SMTP server runs stand-alone with non $<b><a href="postconf.5.html#mail_owner">mail_owner</a></b> 28 privileges, it receives mail even while the mail system is 29 not running, deposits messages directly into the <b>maildrop</b> 30 queue, and disables the SMTP server's access policies. As 31 of Postfix version 2.3, the SMTP server refuses to receive 32 mail from the network when it runs with non $<b><a href="postconf.5.html#mail_owner">mail_owner</a></b> 33 privileges. 34 35 The SMTP server implements a variety of policies for con- 36 nection requests, and for parameters given to <b>HELO, ETRN,</b> 37 <b>MAIL FROM, VRFY</b> and <b>RCPT TO</b> commands. They are detailed 38 below and in the <a href="postconf.5.html"><b>main.cf</b></a> configuration file. 39 40<b>SECURITY</b> 41 The SMTP server is moderately security-sensitive. It talks 42 to SMTP clients and to DNS servers on the network. The 43 SMTP server can be run chrooted at fixed low privilege. 44 45<b>STANDARDS</b> 46 <a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol) 47 <a href="http://tools.ietf.org/html/rfc1123">RFC 1123</a> (Host requirements) 48 <a href="http://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport) 49 <a href="http://tools.ietf.org/html/rfc1869">RFC 1869</a> (SMTP service extensions) 50 <a href="http://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message size declaration) 51 <a href="http://tools.ietf.org/html/rfc1985">RFC 1985</a> (ETRN command) 52 <a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP enhanced status codes) 53 <a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command) 54 <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol) 55 <a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP pipelining) 56 <a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command) 57 <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN extension) 58 <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes) 59 <a href="http://tools.ietf.org/html/rfc3848">RFC 3848</a> (ESMTP transmission types) 60 <a href="http://tools.ietf.org/html/rfc4409">RFC 4409</a> (Message submission) 61 <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command) 62 <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol) 63 64<b>DIAGNOSTICS</b> 65 Problems and transactions are logged to <b>syslogd</b>(8). 66 67 Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, 68 the postmaster is notified of bounces, protocol problems, 69 policy violations, and of other trouble. 70 71<b>CONFIGURATION PARAMETERS</b> 72 Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as 73 <a href="smtpd.8.html"><b>smtpd</b>(8)</a> processes run for only a limited amount of time. 74 Use the command "<b>postfix reload</b>" to speed up a change. 75 76 The text below provides only a parameter summary. See 77 <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples. 78 79<b>COMPATIBILITY CONTROLS</b> 80 The following parameters work around implementation errors 81 in other software, and/or allow you to override standards 82 in order to prevent undesirable use. 83 84 <b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b> 85 Enable inter-operability with remote SMTP clients 86 that implement an obsolete version of the AUTH com- 87 mand (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>). 88 89 <b><a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> (no)</b> 90 Disable the SMTP VRFY command. 91 92 <b><a href="postconf.5.html#smtpd_noop_commands">smtpd_noop_commands</a> (empty)</b> 93 List of commands that the Postfix SMTP server 94 replies to with "250 Ok", without doing any syntax 95 checks and without changing state. 96 97 <b><a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> (no)</b> 98 Require that addresses received in SMTP MAIL FROM 99 and RCPT TO commands are enclosed with <>, and that 100 those addresses do not contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style com- 101 ments or phrases. 102 103 Available in Postfix version 2.1 and later: 104 105 <b><a href="postconf.5.html#resolve_null_domain">resolve_null_domain</a> (no)</b> 106 Resolve an address that ends in the "@" null domain 107 as if the local hostname were specified, instead of 108 rejecting the address as invalid. 109 110 <b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b> 111 Request that the Postfix SMTP server rejects mail 112 from unknown sender addresses, even when no 113 explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction 114 is specified. 115 116 <b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b> 117 What remote SMTP clients the Postfix SMTP server 118 will not offer AUTH support to. 119 120 Available in Postfix version 2.2 and later: 121 122 <b><a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> (empty)</b> 123 Lookup tables, indexed by the remote SMTP client 124 address, with case insensitive lists of EHLO key- 125 words (pipelining, starttls, auth, etc.) that the 126 Postfix SMTP server will not send in the EHLO 127 response to a remote SMTP client. 128 129 <b><a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> (empty)</b> 130 A case insensitive list of EHLO keywords (pipelin- 131 ing, starttls, auth, etc.) that the Postfix SMTP 132 server will not send in the EHLO response to a 133 remote SMTP client. 134 135 <b><a href="postconf.5.html#smtpd_delay_open_until_valid_rcpt">smtpd_delay_open_until_valid_rcpt</a> (yes)</b> 136 Postpone the start of an SMTP mail transaction 137 until a valid RCPT TO command is received. 138 139 Available in Postfix version 2.3 and later: 140 141 <b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> (yes)</b> 142 Force the Postfix SMTP server to issue a TLS ses- 143 sion id, even when TLS session caching is turned 144 off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> is empty). 145 146 Available in Postfix version 2.6 and later: 147 148 <b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b> 149 An optional workaround for routers that break TCP 150 window scaling. 151 152 Available in Postfix version 2.7 and later: 153 154 <b><a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> (empty)</b> 155 A mechanism to transform commands from remote SMTP 156 clients. 157 158 Available in Postfix version 2.9 and later: 159 160 <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b> 161 Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> time 162 limit, from a time limit per read or write system 163 call, to a time limit to send or receive a complete 164 record (an SMTP command line, SMTP response line, 165 SMTP message content line, or TLS protocol mes- 166 sage). 167 168<b>ADDRESS REWRITING CONTROLS</b> 169 See the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for a detailed 170 discussion of Postfix address rewriting. 171 172 <b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b> 173 Enable or disable recipient validation, built-in 174 content filtering, or address mapping. 175 176 Available in Postfix version 2.2 and later: 177 178 <b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (<a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b> 179 Rewrite message header addresses in mail from these 180 clients and update incomplete addresses with the 181 domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a>; either don't 182 rewrite message headers from other clients at all, 183 or rewrite message headers and update incomplete 184 addresses with the domain specified in the 185 <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter. 186 187<b>BEFORE-SMTPD PROXY AGENT</b> 188 Available in Postfix version 2.10 and later: 189 190 <b><a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> (empty)</b> 191 The name of the proxy protocol used by an optional 192 before-smtpd proxy agent. 193 194 <b><a href="postconf.5.html#smtpd_upstream_proxy_timeout">smtpd_upstream_proxy_timeout</a> (5s)</b> 195 The time limit for the proxy protocol specified 196 with the <a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> parameter. 197 198<b>AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b> 199 As of version 1.0, Postfix can be configured to send new 200 mail to an external content filter AFTER the mail is 201 queued. This content filter is expected to inject mail 202 back into a (Postfix or other) MTA for further delivery. 203 See the <a href="FILTER_README.html">FILTER_README</a> document for details. 204 205 <b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b> 206 After the message is queued, send the entire mes- 207 sage to the specified <i>transport:destination</i>. 208 209<b>BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b> 210 As of version 2.1, the Postfix SMTP server can be config- 211 ured to send incoming mail to a real-time SMTP-based con- 212 tent filter BEFORE mail is queued. This content filter is 213 expected to inject mail back into Postfix. See the 214 <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config- 215 ure and operate this feature. 216 217 <b><a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> (empty)</b> 218 The hostname and TCP port of the mail filtering 219 proxy server. 220 221 <b><a href="postconf.5.html#smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> 222 How the Postfix SMTP server announces itself to the 223 proxy filter. 224 225 <b><a href="postconf.5.html#smtpd_proxy_options">smtpd_proxy_options</a> (empty)</b> 226 List of options that control how the Postfix SMTP 227 server communicates with a before-queue content 228 filter. 229 230 <b><a href="postconf.5.html#smtpd_proxy_timeout">smtpd_proxy_timeout</a> (100s)</b> 231 The time limit for connecting to a proxy filter and 232 for sending or receiving information. 233 234<b>BEFORE QUEUE MILTER CONTROLS</b> 235 As of version 2.3, Postfix supports the Sendmail version 8 236 Milter (mail filter) protocol. These content filters run 237 outside Postfix. They can inspect the SMTP command stream 238 and the message content, and can request modifications 239 before mail is queued. For details see the <a href="MILTER_README.html">MILTER_README</a> 240 document. 241 242 <b><a href="postconf.5.html#smtpd_milters">smtpd_milters</a> (empty)</b> 243 A list of Milter (mail filter) applications for new 244 mail that arrives via the Postfix <a href="smtpd.8.html"><b>smtpd</b>(8)</a> server. 245 246 <b><a href="postconf.5.html#milter_protocol">milter_protocol</a> (6)</b> 247 The mail filter protocol version and optional pro- 248 tocol extensions for communication with a Milter 249 application; prior to Postfix 2.6 the default pro- 250 tocol is 2. 251 252 <b><a href="postconf.5.html#milter_default_action">milter_default_action</a> (tempfail)</b> 253 The default action when a Milter (mail filter) 254 application is unavailable or mis-configured. 255 256 <b><a href="postconf.5.html#milter_macro_daemon_name">milter_macro_daemon_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> 257 The {daemon_name} macro value for Milter (mail fil- 258 ter) applications. 259 260 <b><a href="postconf.5.html#milter_macro_v">milter_macro_v</a> ($<a href="postconf.5.html#mail_name">mail_name</a> $<a href="postconf.5.html#mail_version">mail_version</a>)</b> 261 The {v} macro value for Milter (mail filter) appli- 262 cations. 263 264 <b><a href="postconf.5.html#milter_connect_timeout">milter_connect_timeout</a> (30s)</b> 265 The time limit for connecting to a Milter (mail 266 filter) application, and for negotiating protocol 267 options. 268 269 <b><a href="postconf.5.html#milter_command_timeout">milter_command_timeout</a> (30s)</b> 270 The time limit for sending an SMTP command to a 271 Milter (mail filter) application, and for receiving 272 the response. 273 274 <b><a href="postconf.5.html#milter_content_timeout">milter_content_timeout</a> (300s)</b> 275 The time limit for sending message content to a 276 Milter (mail filter) application, and for receiving 277 the response. 278 279 <b><a href="postconf.5.html#milter_connect_macros">milter_connect_macros</a> (see 'postconf -d' output)</b> 280 The macros that are sent to Milter (mail filter) 281 applications after completion of an SMTP connec- 282 tion. 283 284 <b><a href="postconf.5.html#milter_helo_macros">milter_helo_macros</a> (see 'postconf -d' output)</b> 285 The macros that are sent to Milter (mail filter) 286 applications after the SMTP HELO or EHLO command. 287 288 <b><a href="postconf.5.html#milter_mail_macros">milter_mail_macros</a> (see 'postconf -d' output)</b> 289 The macros that are sent to Milter (mail filter) 290 applications after the SMTP MAIL FROM command. 291 292 <b><a href="postconf.5.html#milter_rcpt_macros">milter_rcpt_macros</a> (see 'postconf -d' output)</b> 293 The macros that are sent to Milter (mail filter) 294 applications after the SMTP RCPT TO command. 295 296 <b><a href="postconf.5.html#milter_data_macros">milter_data_macros</a> (see 'postconf -d' output)</b> 297 The macros that are sent to version 4 or higher 298 Milter (mail filter) applications after the SMTP 299 DATA command. 300 301 <b><a href="postconf.5.html#milter_unknown_command_macros">milter_unknown_command_macros</a> (see 'postconf -d' output)</b> 302 The macros that are sent to version 3 or higher 303 Milter (mail filter) applications after an unknown 304 SMTP command. 305 306 <b><a href="postconf.5.html#milter_end_of_header_macros">milter_end_of_header_macros</a> (see 'postconf -d' output)</b> 307 The macros that are sent to Milter (mail filter) 308 applications after the end of the message header. 309 310 <b><a href="postconf.5.html#milter_end_of_data_macros">milter_end_of_data_macros</a> (see 'postconf -d' output)</b> 311 The macros that are sent to Milter (mail filter) 312 applications after the message end-of-data. 313 314<b>GENERAL CONTENT INSPECTION CONTROLS</b> 315 The following parameters are applicable for both built-in 316 and external content filters. 317 318 Available in Postfix version 2.1 and later: 319 320 <b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b> 321 Enable or disable recipient validation, built-in 322 content filtering, or address mapping. 323 324<b>EXTERNAL CONTENT INSPECTION CONTROLS</b> 325 The following parameters are applicable for both before- 326 queue and after-queue content filtering. 327 328 Available in Postfix version 2.1 and later: 329 330 <b><a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> (empty)</b> 331 What remote SMTP clients are allowed to use the 332 XFORWARD feature. 333 334<b>SASL AUTHENTICATION CONTROLS</b> 335 Postfix SASL support (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>) can be used to authenti- 336 cate remote SMTP clients to the Postfix SMTP server, and 337 to authenticate the Postfix SMTP client to a remote SMTP 338 server. See the <a href="SASL_README.html">SASL_README</a> document for details. 339 340 <b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b> 341 Enable inter-operability with remote SMTP clients 342 that implement an obsolete version of the AUTH com- 343 mand (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>). 344 345 <b><a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> (no)</b> 346 Enable SASL authentication in the Postfix SMTP 347 server. 348 349 <b><a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> (empty)</b> 350 The name of the Postfix SMTP server's local SASL 351 authentication realm. 352 353 <b><a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> (noanonymous)</b> 354 Postfix SMTP server SASL security options; as of 355 Postfix 2.3 the list of available features depends 356 on the SASL server implementation that is selected 357 with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. 358 359 <b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b> 360 Optional lookup table with the SASL login names 361 that own sender (MAIL FROM) addresses. 362 363 Available in Postfix version 2.1 and later: 364 365 <b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b> 366 What remote SMTP clients the Postfix SMTP server 367 will not offer AUTH support to. 368 369 Available in Postfix version 2.1 and 2.2: 370 371 <b><a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a> (smtpd)</b> 372 The application name that the Postfix SMTP server 373 uses for SASL server initialization. 374 375 Available in Postfix version 2.3 and later: 376 377 <b><a href="postconf.5.html#smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> (no)</b> 378 Report the SASL authenticated user name in the 379 <a href="smtpd.8.html"><b>smtpd</b>(8)</a> Received message header. 380 381 <b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> (smtpd)</b> 382 Implementation-specific information that the Post- 383 fix SMTP server passes through to the SASL plug-in 384 implementation that is selected with 385 <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. 386 387 <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a> (cyrus)</b> 388 The SASL plug-in type that the Postfix SMTP server 389 should use for authentication. 390 391 Available in Postfix version 2.5 and later: 392 393 <b><a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a> (empty)</b> 394 Search path for Cyrus SASL application configura- 395 tion files, currently used only to locate the 396 $<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file. 397 398<b>STARTTLS SUPPORT CONTROLS</b> 399 Detailed information about STARTTLS configuration may be 400 found in the <a href="TLS_README.html">TLS_README</a> document. 401 402 <b><a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> (empty)</b> 403 The SMTP TLS security level for the Postfix SMTP 404 server; when a non-empty value is specified, this 405 overrides the obsolete parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and 406 <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>. 407 408 <b><a href="postconf.5.html#smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_secu</a>-</b> 409 <b><a href="postconf.5.html#smtpd_sasl_security_options">rity_options</a>)</b> 410 The SASL authentication security options that the 411 Postfix SMTP server uses for TLS encrypted SMTP 412 sessions. 413 414 <b><a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> (see 'postconf -d' output)</b> 415 The time limit for Postfix SMTP server write and 416 read operations during TLS startup and shutdown 417 handshake procedures. 418 419 <b><a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> (empty)</b> 420 A file containing (PEM format) CA certificates of 421 root CAs trusted to sign either remote SMTP client 422 certificates or intermediate CA certificates. 423 424 <b><a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> (empty)</b> 425 A directory containing (PEM format) CA certificates 426 of root CAs trusted to sign either remote SMTP 427 client certificates or intermediate CA certifi- 428 cates. 429 430 <b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> (yes)</b> 431 Force the Postfix SMTP server to issue a TLS ses- 432 sion id, even when TLS session caching is turned 433 off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> is empty). 434 435 <b><a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> (no)</b> 436 Ask a remote SMTP client for a client certificate. 437 438 <b><a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> (no)</b> 439 When TLS encryption is optional in the Postfix SMTP 440 server, do not announce or accept SASL authentica- 441 tion over unencrypted connections. 442 443 <b><a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> (9)</b> 444 The verification depth for remote SMTP client cer- 445 tificates. 446 447 <b><a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> (empty)</b> 448 File with the Postfix SMTP server RSA certificate 449 in PEM format. 450 451 <b><a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> (empty)</b> 452 List of ciphers or cipher types to exclude from the 453 SMTP server cipher list at all TLS security levels. 454 455 <b><a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> (empty)</b> 456 File with the Postfix SMTP server DSA certificate 457 in PEM format. 458 459 <b><a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> (empty)</b> 460 File with DH parameters that the Postfix SMTP 461 server should use with EDH ciphers. 462 463 <b><a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> (empty)</b> 464 File with DH parameters that the Postfix SMTP 465 server should use with EDH ciphers. 466 467 <b><a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> ($<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b> 468 File with the Postfix SMTP server DSA private key 469 in PEM format. 470 471 <b><a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> ($<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b> 472 File with the Postfix SMTP server RSA private key 473 in PEM format. 474 475 <b><a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> (0)</b> 476 Enable additional Postfix SMTP server logging of 477 TLS activity. 478 479 <b><a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> (medium)</b> 480 The minimum TLS cipher grade that the Postfix SMTP 481 server will use with mandatory TLS encryption. 482 483 <b><a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> (empty)</b> 484 Additional list of ciphers or cipher types to 485 exclude from the Postfix SMTP server cipher list at 486 mandatory TLS security levels. 487 488 <b><a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> (!SSLv2)</b> 489 The SSL/TLS protocols accepted by the Postfix SMTP 490 server with mandatory TLS encryption. 491 492 <b><a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> (no)</b> 493 Request that the Postfix SMTP server produces 494 Received: message headers that include information 495 about the protocol and cipher used, as well as the 496 remote SMTP client CommonName and client certifi- 497 cate issuer CommonName. 498 499 <b><a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> (no)</b> 500 With mandatory TLS encryption, require a trusted 501 remote SMTP client certificate in order to allow 502 TLS connections to proceed. 503 504 <b><a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> (empty)</b> 505 Name of the file containing the optional Postfix 506 SMTP server TLS session cache. 507 508 <b><a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> (3600s)</b> 509 The expiration time of Postfix SMTP server TLS ses- 510 sion cache information. 511 512 <b><a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> (no)</b> 513 Run the Postfix SMTP server in the non-standard 514 "wrapper" mode, instead of using the STARTTLS com- 515 mand. 516 517 <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b> 518 The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> 519 or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> 520 server in order to seed its internal pseudo random 521 number generator (PRNG). 522 523 <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b> 524 <b>(ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)</b> 525 The OpenSSL cipherlist for "HIGH" grade ciphers. 526 527 <b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)</b> 528 The OpenSSL cipherlist for "MEDIUM" or higher grade 529 ciphers. 530 531 <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b> 532 The OpenSSL cipherlist for "LOW" or higher grade 533 ciphers. 534 535 <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b> 536 The OpenSSL cipherlist for "EXPORT" or higher grade 537 ciphers. 538 539 <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b> 540 The OpenSSL cipherlist for "NULL" grade ciphers 541 that provide authentication without encryption. 542 543 Available in Postfix version 2.5 and later: 544 545 <b><a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> (md5)</b> 546 The message digest algorithm to construct remote 547 SMTP client-certificate fingerprints or public key 548 fingerprints (Postfix 2.9 and later) for 549 <b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a></b>. 550 551 Available in Postfix version 2.6 and later: 552 553 <b><a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> (empty)</b> 554 List of TLS protocols that the Postfix SMTP server 555 will exclude or include with opportunistic TLS 556 encryption. 557 558 <b><a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> (export)</b> 559 The minimum TLS cipher grade that the Postfix SMTP 560 server will use with opportunistic TLS encryption. 561 562 <b><a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> (empty)</b> 563 File with the Postfix SMTP server ECDSA certificate 564 in PEM format. 565 566 <b><a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> ($<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b> 567 File with the Postfix SMTP server ECDSA private key 568 in PEM format. 569 570 <b><a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> (see 'postconf -d' output)</b> 571 The Postfix SMTP server security grade for 572 ephemeral elliptic-curve Diffie-Hellman (EECDH) key 573 exchange. 574 575 <b><a href="postconf.5.html#tls_eecdh_strong_curve">tls_eecdh_strong_curve</a> (prime256v1)</b> 576 The elliptic curve used by the Postfix SMTP server 577 for sensibly strong ephemeral ECDH key exchange. 578 579 <b><a href="postconf.5.html#tls_eecdh_ultra_curve">tls_eecdh_ultra_curve</a> (secp384r1)</b> 580 The elliptic curve used by the Postfix SMTP server 581 for maximally strong ephemeral ECDH key exchange. 582 583 Available in Postfix version 2.8 and later: 584 585 <b><a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> (no)</b> 586 With SSLv3 and later, use the Postfix SMTP server's 587 cipher preference order instead of the remote 588 client's cipher preference order. 589 590 <b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b> 591 List or bit-mask of OpenSSL bug work-arounds to 592 disable. 593 594<b>OBSOLETE STARTTLS CONTROLS</b> 595 The following configuration parameters exist for compati- 596 bility with Postfix versions before 2.3. Support for these 597 will be removed in a future release. 598 599 <b><a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> (no)</b> 600 Opportunistic TLS: announce STARTTLS support to 601 remote SMTP clients, but do not require that 602 clients use TLS encryption. 603 604 <b><a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> (no)</b> 605 Mandatory TLS: announce STARTTLS support to remote 606 SMTP clients, and require that clients use TLS 607 encryption. 608 609 <b><a href="postconf.5.html#smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> (empty)</b> 610 Obsolete Postfix < 2.3 control for the Postfix SMTP 611 server TLS cipher list. 612 613<b>VERP SUPPORT CONTROLS</b> 614 With VERP style delivery, each recipient of a message 615 receives a customized copy of the message with his/her own 616 recipient address encoded in the envelope sender address. 617 The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation 618 details of Postfix support for variable envelope return 619 path addresses. VERP style delivery is requested with the 620 SMTP XVERP command or with the "sendmail -V" command-line 621 option and is available in Postfix version 1.1 and later. 622 623 <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b> 624 The two default VERP delimiter characters. 625 626 <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b> 627 The characters Postfix accepts as VERP delimiter 628 characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line 629 and in SMTP commands. 630 631 Available in Postfix version 1.1 and 2.0: 632 633 <b><a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b> 634 What remote SMTP clients are allowed to specify the 635 XVERP command. 636 637 Available in Postfix version 2.1 and later: 638 639 <b><a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> ($<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b> 640 What remote SMTP clients are allowed to specify the 641 XVERP command. 642 643<b>TROUBLE SHOOTING CONTROLS</b> 644 The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of 645 the Postfix mail system. The methods vary from making the 646 software log a lot of detail, to running some daemon pro- 647 cesses under control of a call tracer or debugger. 648 649 <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b> 650 The increment in verbose logging level when a 651 remote client or server matches a pattern in the 652 <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. 653 654 <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b> 655 Optional list of remote client or server hostname 656 or network address patterns that cause the verbose 657 logging level to increase by the amount specified 658 in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>. 659 660 <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b> 661 The recipient of postmaster notifications about 662 mail delivery problems that are caused by policy, 663 resource, software or protocol errors. 664 665 <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b> 666 What categories of Postfix-generated mail are sub- 667 ject to before-queue content inspection by 668 <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>. 669 670 <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b> 671 The list of error classes that are reported to the 672 postmaster. 673 674 <b><a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> (empty)</b> 675 Optional information that is appended after each 676 Postfix SMTP server 4XX or 5XX response. 677 678 <b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b> 679 Safety net to keep mail queued that would otherwise 680 be returned to the sender. 681 682 Available in Postfix version 2.1 and later: 683 684 <b><a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> (empty)</b> 685 What remote SMTP clients are allowed to use the 686 XCLIENT feature. 687 688 Available in Postfix version 2.10 and later: 689 690 <b><a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> (empty)</b> 691 Enable logging of the named "permit" actions in 692 SMTP server access lists. 693 694<b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b> 695 As of Postfix version 2.0, the SMTP server rejects mail 696 for unknown recipients. This prevents the mail queue from 697 clogging up with undeliverable MAILER-DAEMON messages. 698 Additional information on this topic is in the 699 <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents. 700 701 <b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b> 702 Display the name of the recipient table in the 703 "User unknown" responses. 704 705 <b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b> 706 Optional address mapping lookup tables for message 707 headers and envelopes. 708 709 <b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b> 710 Optional address mapping lookup tables for envelope 711 and header recipient addresses. 712 713 Parameters concerning known/unknown local recipients: 714 715 <b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, local-</b> 716 <b>host)</b> 717 The list of domains that are delivered via the 718 $<a href="postconf.5.html#local_transport">local_transport</a> mail delivery transport. 719 720 <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b> 721 The network interface addresses that this mail sys- 722 tem receives mail on. 723 724 <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b> 725 The network interface addresses that this mail sys- 726 tem receives mail on by way of a proxy or network 727 address translation unit. 728 729 <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (all)</b> 730 The Internet protocols Postfix will attempt to use 731 when making or accepting connections. 732 733 <b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname</b> 734 <b>$<a href="postconf.5.html#alias_maps">alias_maps</a>)</b> 735 Lookup tables with all names or addresses of local 736 recipients: a recipient address is local when its 737 domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or 738 $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 739 740 <b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b> 741 The numerical Postfix SMTP server response code 742 when a recipient address is local, and 743 $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of lookup 744 tables that does not match the recipient. 745 746 Parameters concerning known/unknown recipients of relay 747 destinations: 748 749 <b><a href="postconf.5.html#relay_domains">relay_domains</a> ($<a href="postconf.5.html#mydestination">mydestination</a>)</b> 750 What destination domains (and subdomains thereof) 751 this system will relay mail to. 752 753 <b><a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> (empty)</b> 754 Optional lookup tables with all valid addresses in 755 the domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a>. 756 757 <b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b> 758 The numerical Postfix SMTP server reply code when a 759 recipient address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and 760 <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies a list of lookup 761 tables that does not match the recipient address. 762 763 Parameters concerning known/unknown recipients in virtual 764 alias domains: 765 766 <b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b> 767 Postfix is final destination for the specified list 768 of virtual alias domains, that is, domains for 769 which all addresses are aliased to addresses in 770 other local or remote domains. 771 772 <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b> 773 Optional lookup tables that alias specific mail 774 addresses or domains to other local or remote 775 address. 776 777 <b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b> 778 The Postfix SMTP server reply code when a recipient 779 address matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">vir</a>- 780 <a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of lookup tables 781 that does not match the recipient address. 782 783 Parameters concerning known/unknown recipients in virtual 784 mailbox domains: 785 786 <b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b> 787 Postfix is final destination for the specified list 788 of domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">vir</a>- 789 <a href="postconf.5.html#virtual_transport">tual_transport</a> mail delivery transport. 790 791 <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b> 792 Optional lookup tables with all valid addresses in 793 the domains that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. 794 795 <b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b> 796 The Postfix SMTP server reply code when a recipient 797 address matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>- 798 <a href="postconf.5.html#virtual_mailbox_maps">tual_mailbox_maps</a> specifies a list of lookup tables 799 that does not match the recipient address. 800 801<b>RESOURCE AND RATE CONTROLS</b> 802 The following parameters limit resource usage by the SMTP 803 server and/or control client request rates. 804 805 <b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b> 806 Upon input, long lines are chopped up into pieces 807 of at most this length; upon delivery, long lines 808 are reconstructed. 809 810 <b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b> 811 The minimal amount of free space in bytes in the 812 queue file system that is needed to receive mail. 813 814 <b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b> 815 The maximal size in bytes of a message, including 816 envelope information. 817 818 <b><a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> (1000)</b> 819 The maximal number of recipients that the Postfix 820 SMTP server accepts per message delivery request. 821 822 <b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (normal: 300s, overload: 10s)</b> 823 The time limit for sending a Postfix SMTP server 824 response and for receiving a remote SMTP client 825 request. 826 827 <b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b> 828 The maximal number of lines in the Postfix SMTP 829 server command history before it is flushed upon 830 receipt of EHLO, RSET, or end of DATA. 831 832 Available in Postfix version 2.3 and later: 833 834 <b><a href="postconf.5.html#smtpd_peername_lookup">smtpd_peername_lookup</a> (yes)</b> 835 Attempt to look up the remote SMTP client hostname, 836 and verify that the name matches the client IP 837 address. 838 839 The per SMTP client connection count and request rate lim- 840 its are implemented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> ser- 841 vice, and are available in Postfix version 2.2 and later. 842 843 <b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b> 844 How many simultaneous connections any client is 845 allowed to make to this service. 846 847 <b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b> 848 The maximal number of connection attempts any 849 client is allowed to make to this service per time 850 unit. 851 852 <b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b> 853 The maximal number of message delivery requests 854 that any client is allowed to make to this service 855 per time unit, regardless of whether or not Postfix 856 actually accepts those messages. 857 858 <b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b> 859 The maximal number of recipient addresses that any 860 client is allowed to send to this service per time 861 unit, regardless of whether or not Postfix actually 862 accepts those recipients. 863 864 <b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b> 865 Clients that are excluded from 866 smtpd_client_*_count/rate_limit restrictions. 867 868 Available in Postfix version 2.3 and later: 869 870 <b><a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> (0)</b> 871 The maximal number of new (i.e., uncached) TLS ses- 872 sions that a remote SMTP client is allowed to nego- 873 tiate with this service per time unit. 874 875 Available in Postfix version 2.9 and later: 876 877 <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b> 878 Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> time 879 limit, from a time limit per read or write system 880 call, to a time limit to send or receive a complete 881 record (an SMTP command line, SMTP response line, 882 SMTP message content line, or TLS protocol mes- 883 sage). 884 885<b>TARPIT CONTROLS</b> 886 When a remote SMTP client makes errors, the Postfix SMTP 887 server can insert delays before responding. This can help 888 to slow down run-away software. The behavior is con- 889 trolled by an error counter that counts the number of 890 errors within an SMTP session that a client makes without 891 delivering mail. 892 893 <b><a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> (1s)</b> 894 With Postfix version 2.1 and later: the SMTP server 895 response delay after a client has made more than 896 $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and fewer than 897 $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering 898 mail. 899 900 <b><a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> (10)</b> 901 The number of errors a remote SMTP client is 902 allowed to make without delivering mail before the 903 Postfix SMTP server slows down all its responses. 904 905 <b><a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (normal: 20, overload: 1)</b> 906 The maximal number of errors a remote SMTP client 907 is allowed to make without delivering mail. 908 909 <b><a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> (normal: 100, overload: 1)</b> 910 The number of junk commands (NOOP, VRFY, ETRN or 911 RSET) that a remote SMTP client can send before the 912 Postfix SMTP server starts to increment the error 913 counter with each junk command. 914 915 Available in Postfix version 2.1 and later: 916 917 <b><a href="postconf.5.html#smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> (1000)</b> 918 The number of recipients that a remote SMTP client 919 can send in excess of the limit specified with 920 $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>, before the Postfix SMTP 921 server increments the per-session error count for 922 each excess recipient. 923 924<b>ACCESS POLICY DELEGATION CONTROLS</b> 925 As of version 2.1, Postfix can be configured to delegate 926 access policy decisions to an external server that runs 927 outside Postfix. See the file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for 928 more information. 929 930 <b><a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (300s)</b> 931 The time after which an idle SMTPD policy service 932 connection is closed. 933 934 <b><a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (1000s)</b> 935 The time after which an active SMTPD policy service 936 connection is closed. 937 938 <b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b> 939 The time limit for connecting to, writing to or 940 receiving from a delegated SMTPD policy server. 941 942<b>ACCESS CONTROLS</b> 943 The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to 944 all the SMTP server access control features. 945 946 <b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b> 947 Wait until the RCPT TO command before evaluating 948 $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $smtpd_helo_restric- 949 tions and $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until 950 the ETRN command before evaluating 951 $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $smtpd_helo_restric- 952 tions. 953 954 <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b> 955 <b>put)</b> 956 What Postfix features match subdomains of 957 "domain.tld" automatically, instead of requiring an 958 explicit ".domain.tld" pattern. 959 960 <b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b> 961 Optional restrictions that the Postfix SMTP server 962 applies in the context of a client connection 963 request. 964 965 <b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b> 966 Require that a remote SMTP client introduces itself 967 with the HELO or EHLO command before sending the 968 MAIL command or other commands that require EHLO 969 negotiation. 970 971 <b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b> 972 Optional restrictions that the Postfix SMTP server 973 applies in the context of a client HELO command. 974 975 <b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b> 976 Optional restrictions that the Postfix SMTP server 977 applies in the context of a client MAIL FROM com- 978 mand. 979 980 <b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> (see 'postconf -d' output)</b> 981 Optional restrictions that the Postfix SMTP server 982 applies in the context of a client RCPT TO command, 983 after <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>. 984 985 <b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b> 986 Optional restrictions that the Postfix SMTP server 987 applies in the context of a client ETRN command. 988 989 <b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b> 990 Forward mail with sender-specified routing 991 (user[@%!]remote[@%!]site) from untrusted clients 992 to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>. 993 994 <b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b> 995 User-defined aliases for groups of access restric- 996 tions. 997 998 <b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b><><b>)</b> 999 The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables 1000 instead of the null sender address. 1001 1002 <b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b> 1003 Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP 1004 access feature to only domains whose primary MX 1005 hosts match the listed networks. 1006 1007 Available in Postfix version 2.0 and later: 1008 1009 <b><a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> (empty)</b> 1010 Optional access restrictions that the Postfix SMTP 1011 server applies in the context of the SMTP DATA com- 1012 mand. 1013 1014 <b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b> 1015 What characters are allowed in $name expansions of 1016 RBL reply templates. 1017 1018 Available in Postfix version 2.1 and later: 1019 1020 <b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b> 1021 Request that the Postfix SMTP server rejects mail 1022 from unknown sender addresses, even when no 1023 explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction 1024 is specified. 1025 1026 <b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b> 1027 Request that the Postfix SMTP server rejects mail 1028 for unknown recipient addresses, even when no 1029 explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric- 1030 tion is specified. 1031 1032 Available in Postfix version 2.2 and later: 1033 1034 <b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> (empty)</b> 1035 Optional access restrictions that the Postfix SMTP 1036 server applies in the context of the SMTP END-OF- 1037 DATA command. 1038 1039 Available in Postfix version 2.10 and later: 1040 1041 <b><a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,</b> 1042 <b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>)</b> 1043 Access restrictions for mail relay control that the 1044 Postfix SMTP server applies in the context of the 1045 RCPT TO command, before <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restric</a>- 1046 <a href="postconf.5.html#smtpd_recipient_restrictions">tions</a>. 1047 1048<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b> 1049 Postfix version 2.1 introduces sender and recipient 1050 address verification. This feature is implemented by 1051 sending probe email messages that are not actually deliv- 1052 ered. This feature is requested via the reject_unveri- 1053 fied_sender and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access 1054 restrictions. The status of verification probes is main- 1055 tained by the <a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VER</a>- 1056 <a href="ADDRESS_VERIFICATION_README.html">IFICATION_README</a> for information about how to configure 1057 and operate the Postfix sender/recipient address verifica- 1058 tion service. 1059 1060 <b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (normal: 3, overload: 1)</b> 1061 How many times to query the <a href="verify.8.html"><b>verify</b>(8)</a> service for 1062 the completion of an address verification request 1063 in progress. 1064 1065 <b><a href="postconf.5.html#address_verify_poll_delay">address_verify_poll_delay</a> (3s)</b> 1066 The delay between queries for the completion of an 1067 address verification request in progress. 1068 1069 <b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b> 1070 The sender address to use in address verification 1071 probes; prior to Postfix 2.5 the default was "post- 1072 master". 1073 1074 <b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b> 1075 The numerical Postfix SMTP server response code 1076 when a recipient address is rejected by the 1077 <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction. 1078 1079 <b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b> 1080 The numerical Postfix SMTP server response when a 1081 recipient address is rejected by the reject_unveri- 1082 fied_recipient restriction. 1083 1084 Available in Postfix version 2.6 and later: 1085 1086 <b><a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> (450)</b> 1087 The numerical Postfix SMTP server response code 1088 when a sender address probe fails due to a tempo- 1089 rary error condition. 1090 1091 <b><a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> (450)</b> 1092 The numerical Postfix SMTP server response when a 1093 recipient address probe fails due to a temporary 1094 error condition. 1095 1096 <b><a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> (empty)</b> 1097 The Postfix SMTP server's reply when rejecting mail 1098 with <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>. 1099 1100 <b><a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> (empty)</b> 1101 The Postfix SMTP server's reply when rejecting mail 1102 with <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>. 1103 1104 <b><a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_temp</a>-</b> 1105 <b><a href="postconf.5.html#reject_tempfail_action">fail_action</a>)</b> 1106 The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unver</a>- 1107 <a href="postconf.5.html#reject_unverified_sender">ified_sender</a> fails due to a temporary error condi- 1108 tion. 1109 1110 <b><a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_temp</a>-</b> 1111 <b><a href="postconf.5.html#reject_tempfail_action">fail_action</a>)</b> 1112 The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unver</a>- 1113 <a href="postconf.5.html#reject_unverified_recipient">ified_recipient</a> fails due to a temporary error con- 1114 dition. 1115 1116 Available with Postfix 2.9 and later: 1117 1118 <b><a href="postconf.5.html#address_verify_sender_ttl">address_verify_sender_ttl</a> (0s)</b> 1119 The time between changes in the time-dependent por- 1120 tion of address verification probe sender 1121 addresses. 1122 1123<b>ACCESS CONTROL RESPONSES</b> 1124 The following parameters control numerical SMTP reply 1125 codes and/or text responses. 1126 1127 <b><a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a> (554)</b> 1128 The numerical Postfix SMTP server response code for 1129 an <a href="access.5.html"><b>access</b>(5)</a> map "reject" action. 1130 1131 <b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b> 1132 The numerical Postfix SMTP server response code 1133 when a remote SMTP client request is rejected by 1134 the "defer" restriction. 1135 1136 <b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b> 1137 The numerical Postfix SMTP server response code 1138 when the client HELO or EHLO command parameter is 1139 rejected by the <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> 1140 restriction. 1141 1142 <b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b> 1143 The numerical Postfix SMTP server response code 1144 when a remote SMTP client request is blocked by the 1145 <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>, 1146 <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>, <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or 1147 <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction. 1148 1149 <b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b> 1150 The numerical Postfix SMTP server reply code when a 1151 client request is rejected by the 1152 <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>, 1153 <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> 1154 restriction. 1155 1156 <b><a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> (450)</b> 1157 The numerical Postfix SMTP server response code 1158 when a request is rejected by the <b>reject_plain-</b> 1159 <b>text_session</b> restriction. 1160 1161 <b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b> 1162 The numerical Postfix SMTP server response code 1163 when a remote SMTP client request is rejected by 1164 the "reject" restriction. 1165 1166 <b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b> 1167 The numerical Postfix SMTP server response code 1168 when a client request is rejected by the 1169 <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient restriction. 1170 1171 <b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b> 1172 The numerical Postfix SMTP server response code 1173 when a sender or recipient address is rejected by 1174 the <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or 1175 <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction. 1176 1177 <b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b> 1178 The numerical Postfix SMTP server response code 1179 when a client without valid address <=> name map- 1180 ping is rejected by the reject_unknown_client_host- 1181 name restriction. 1182 1183 <b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b> 1184 The numerical Postfix SMTP server response code 1185 when the hostname specified with the HELO or EHLO 1186 command is rejected by the 1187 <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction. 1188 1189 Available in Postfix version 2.0 and later: 1190 1191 <b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b> 1192 The default Postfix SMTP server response template 1193 for a request that is rejected by an RBL-based 1194 restriction. 1195 1196 <b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b> 1197 The numerical Postfix SMTP server response code 1198 when a remote SMTP client request is blocked by the 1199 <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> restriction. 1200 1201 <b><a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> (empty)</b> 1202 Optional lookup tables with RBL response templates. 1203 1204 Available in Postfix version 2.6 and later: 1205 1206 <b><a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> (450)</b> 1207 The numerical Postfix SMTP server response code for 1208 an <a href="access.5.html"><b>access</b>(5)</a> map "defer" action, including 1209 "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" or "<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>". 1210 1211 <b><a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a> (<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>)</b> 1212 The Postfix SMTP server's action when a reject-type 1213 restriction fails due to a temporary error condi- 1214 tion. 1215 1216 <b><a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_temp</a>-</b> 1217 <b><a href="postconf.5.html#reject_tempfail_action">fail_action</a>)</b> 1218 The Postfix SMTP server's action when 1219 <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> fails due to an tempo- 1220 rary error condition. 1221 1222 <b><a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b> 1223 The Postfix SMTP server's action when 1224 <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or 1225 <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> fail due to a tem- 1226 porary error condition. 1227 1228<b>MISCELLANEOUS CONTROLS</b> 1229 <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> 1230 The default location of the Postfix <a href="postconf.5.html">main.cf</a> and 1231 <a href="master.5.html">master.cf</a> configuration files. 1232 1233 <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b> 1234 How much time a Postfix daemon process may take to 1235 handle a request before it is terminated by a 1236 built-in watchdog timer. 1237 1238 <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b> 1239 The location of all postfix administrative com- 1240 mands. 1241 1242 <b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b> 1243 The sender address of postmaster notifications that 1244 are generated by the mail system. 1245 1246 <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b> 1247 The time limit for sending or receiving information 1248 over an internal communication channel. 1249 1250 <b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b> 1251 The mail system name that is displayed in Received: 1252 headers, in the SMTP greeting banner, and in 1253 bounced mail. 1254 1255 <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b> 1256 The UNIX system account that owns the Postfix queue 1257 and most Postfix daemon processes. 1258 1259 <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b> 1260 The maximum amount of time that an idle Postfix 1261 daemon process waits for an incoming connection 1262 before terminating voluntarily. 1263 1264 <b><a href="postconf.5.html#max_use">max_use</a> (100)</b> 1265 The maximal number of incoming connections that a 1266 Postfix daemon process will service before termi- 1267 nating voluntarily. 1268 1269 <b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b> 1270 The internet hostname of this mail system. 1271 1272 <b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b> 1273 The list of "trusted" remote SMTP clients that have 1274 more privileges than "strangers". 1275 1276 <b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> 1277 The domain name that locally-posted mail appears to 1278 come from, and that locally posted mail is deliv- 1279 ered to. 1280 1281 <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b> 1282 The process ID of a Postfix command or daemon 1283 process. 1284 1285 <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b> 1286 The process name of a Postfix command or daemon 1287 process. 1288 1289 <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b> 1290 The location of the Postfix top-level queue direc- 1291 tory. 1292 1293 <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b> 1294 The separator between user names and address exten- 1295 sions (user+foo). 1296 1297 <b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b> 1298 The text that follows the 220 status code in the 1299 SMTP greeting banner. 1300 1301 <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b> 1302 The syslog facility of Postfix logging. 1303 1304 <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b> 1305 The mail system name that is prepended to the 1306 process name in syslog records, so that "smtpd" 1307 becomes, for example, "postfix/smtpd". 1308 1309 Available in Postfix version 2.2 and later: 1310 1311 <b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT, GET, POST)</b> 1312 List of commands that cause the Postfix SMTP server 1313 to immediately terminate the session with a 221 1314 code. 1315 1316 Available in Postfix version 2.5 and later: 1317 1318 <b><a href="postconf.5.html#smtpd_client_port_logging">smtpd_client_port_logging</a> (no)</b> 1319 Enable logging of the remote SMTP client port in 1320 addition to the hostname and IP address. 1321 1322<b>SEE ALSO</b> 1323 <a href="anvil.8.html">anvil(8)</a>, connection/rate limiting 1324 <a href="cleanup.8.html">cleanup(8)</a>, message canonicalization 1325 <a href="tlsmgr.8.html">tlsmgr(8)</a>, TLS session and PRNG management 1326 <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address resolver 1327 <a href="verify.8.html">verify(8)</a>, address verification service 1328 <a href="postconf.5.html">postconf(5)</a>, configuration parameters 1329 <a href="master.5.html">master(5)</a>, generic daemon options 1330 <a href="master.8.html">master(8)</a>, process manager 1331 syslogd(8), system logging 1332 1333<b>README FILES</b> 1334 <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a>, blocking unknown hosted or relay recipients 1335 <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> Postfix address manipulation 1336 <a href="FILTER_README.html">FILTER_README</a>, external after-queue content filter 1337 <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a>, blocking unknown local recipients 1338 <a href="MILTER_README.html">MILTER_README</a>, before-queue mail filter applications 1339 <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, built-in access policies 1340 <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a>, external policy server 1341 <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a>, external before-queue content filter 1342 <a href="SASL_README.html">SASL_README</a>, Postfix SASL howto 1343 <a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto 1344 <a href="VERP_README.html">VERP_README</a>, Postfix XVERP extension 1345 <a href="XCLIENT_README.html">XCLIENT_README</a>, Postfix XCLIENT extension 1346 <a href="XFORWARD_README.html">XFORWARD_README</a>, Postfix XFORWARD extension 1347 1348<b>LICENSE</b> 1349 The Secure Mailer license must be distributed with this 1350 software. 1351 1352<b>AUTHOR(S)</b> 1353 Wietse Venema 1354 IBM T.J. Watson Research 1355 P.O. Box 704 1356 Yorktown Heights, NY 10598, USA 1357 1358 SASL support originally by: 1359 Till Franke 1360 SuSE Rhein/Main AG 1361 65760 Eschborn, Germany 1362 1363 TLS support originally by: 1364 Lutz Jaenicke 1365 BTU Cottbus 1366 Allgemeine Elektrotechnik 1367 Universitaetsplatz 3-4 1368 D-03044 Cottbus, Germany 1369 1370 Revised TLS support by: 1371 Victor Duchovni 1372 Morgan Stanley 1373 1374 SMTPD(8) 1375</pre> </body> </html> 1376