1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3<html> <head> 4<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 5<title> Postfix manual - smtpd(8) </title> 6</head> <body> <pre> 7SMTPD(8) SMTPD(8) 8 9<b>NAME</b> 10 smtpd - Postfix SMTP server 11 12<b>SYNOPSIS</b> 13 <b>smtpd</b> [generic Postfix daemon options] 14 15 <b>sendmail -bs</b> 16 17<b>DESCRIPTION</b> 18 The SMTP server accepts network connection requests and performs zero 19 or more SMTP transactions per connection. Each received message is 20 piped through the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon, and is placed into the <b>incoming</b> 21 queue as one single queue file. For this mode of operation, the pro- 22 gram expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager. 23 24 Alternatively, the SMTP server be can run in stand-alone mode; this is 25 traditionally obtained with "<b>sendmail -bs</b>". When the SMTP server runs 26 stand-alone with non $<b><a href="postconf.5.html#mail_owner">mail_owner</a></b> privileges, it receives mail even 27 while the mail system is not running, deposits messages directly into 28 the <b>maildrop</b> queue, and disables the SMTP server's access policies. As 29 of Postfix version 2.3, the SMTP server refuses to receive mail from 30 the network when it runs with non $<b><a href="postconf.5.html#mail_owner">mail_owner</a></b> privileges. 31 32 The SMTP server implements a variety of policies for connection 33 requests, and for parameters given to <b>HELO, ETRN, MAIL FROM, VRFY</b> and 34 <b>RCPT TO</b> commands. They are detailed below and in the <a href="postconf.5.html"><b>main.cf</b></a> configura- 35 tion file. 36 37<b>SECURITY</b> 38 The SMTP server is moderately security-sensitive. It talks to SMTP 39 clients and to DNS servers on the network. The SMTP server can be run 40 chrooted at fixed low privilege. 41 42<b>STANDARDS</b> 43 <a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol) 44 <a href="http://tools.ietf.org/html/rfc1123">RFC 1123</a> (Host requirements) 45 <a href="http://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport) 46 <a href="http://tools.ietf.org/html/rfc1869">RFC 1869</a> (SMTP service extensions) 47 <a href="http://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message size declaration) 48 <a href="http://tools.ietf.org/html/rfc1985">RFC 1985</a> (ETRN command) 49 <a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP enhanced status codes) 50 <a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command) 51 <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol) 52 <a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP pipelining) 53 <a href="http://tools.ietf.org/html/rfc3030">RFC 3030</a> (CHUNKING without BINARYMIME) 54 <a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command) 55 <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN extension) 56 <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes) 57 <a href="http://tools.ietf.org/html/rfc3848">RFC 3848</a> (ESMTP transmission types) 58 <a href="http://tools.ietf.org/html/rfc4409">RFC 4409</a> (Message submission) 59 <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command) 60 <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol) 61 <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP) 62 <a href="http://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications) 63 <a href="http://tools.ietf.org/html/rfc7505">RFC 7505</a> ("Null MX" No Service Resource Record) 64 65<b>DIAGNOSTICS</b> 66 Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. 67 68 Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas- 69 ter is notified of bounces, protocol problems, policy violations, and 70 of other trouble. 71 72<b>CONFIGURATION PARAMETERS</b> 73 Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtpd.8.html"><b>smtpd</b>(8)</a> processes 74 run for only a limited amount of time. Use the command "<b>postfix reload</b>" 75 to speed up a change. 76 77 The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for 78 more details including examples. 79 80<b>COMPATIBILITY CONTROLS</b> 81 The following parameters work around implementation errors in other 82 software, and/or allow you to override standards in order to prevent 83 undesirable use. 84 85 <b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b> 86 Enable interoperability with remote SMTP clients that implement 87 an obsolete version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>). 88 89 <b><a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> (no)</b> 90 Disable the SMTP VRFY command. 91 92 <b><a href="postconf.5.html#smtpd_noop_commands">smtpd_noop_commands</a> (empty)</b> 93 List of commands that the Postfix SMTP server replies to with 94 "250 Ok", without doing any syntax checks and without changing 95 state. 96 97 <b><a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> (no)</b> 98 Require that addresses received in SMTP MAIL FROM and RCPT TO 99 commands are enclosed with <>, and that those addresses do not 100 contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style comments or phrases. 101 102 Available in Postfix version 2.1 and later: 103 104 <b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b> 105 Request that the Postfix SMTP server rejects mail from unknown 106 sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> 107 access restriction is specified. 108 109 <b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b> 110 What remote SMTP clients the Postfix SMTP server will not offer 111 AUTH support to. 112 113 Available in Postfix version 2.2 and later: 114 115 <b><a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> (empty)</b> 116 Lookup tables, indexed by the remote SMTP client address, with 117 case insensitive lists of EHLO keywords (pipelining, starttls, 118 auth, etc.) that the Postfix SMTP server will not send in the 119 EHLO response to a remote SMTP client. 120 121 <b><a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> (empty)</b> 122 A case insensitive list of EHLO keywords (pipelining, starttls, 123 auth, etc.) that the Postfix SMTP server will not send in the 124 EHLO response to a remote SMTP client. 125 126 <b><a href="postconf.5.html#smtpd_delay_open_until_valid_rcpt">smtpd_delay_open_until_valid_rcpt</a> (yes)</b> 127 Postpone the start of an SMTP mail transaction until a valid 128 RCPT TO command is received. 129 130 Available in Postfix version 2.3 and later: 131 132 <b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> (yes)</b> 133 Force the Postfix SMTP server to issue a TLS session id, even 134 when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_ses</a>- 135 <a href="postconf.5.html#smtpd_tls_session_cache_database">sion_cache_database</a> is empty). 136 137 Available in Postfix version 2.6 and later: 138 139 <b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b> 140 An optional workaround for routers that break TCP window scal- 141 ing. 142 143 Available in Postfix version 2.7 and later: 144 145 <b><a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> (empty)</b> 146 A mechanism to transform commands from remote SMTP clients. 147 148 Available in Postfix version 2.9 and later: 149 150 <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b> 151 Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>- 152 <a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write 153 system call, to a time limit to send or receive a complete 154 record (an SMTP command line, SMTP response line, SMTP message 155 content line, or TLS protocol message). 156 157 Available in Postfix version 3.0 and later: 158 159 <b><a href="postconf.5.html#smtpd_dns_reply_filter">smtpd_dns_reply_filter</a> (empty)</b> 160 Optional filter for Postfix SMTP server DNS lookup results. 161 162<b>ADDRESS REWRITING CONTROLS</b> 163 See the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for a detailed discussion of 164 Postfix address rewriting. 165 166 <b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b> 167 Enable or disable recipient validation, built-in content filter- 168 ing, or address mapping. 169 170 Available in Postfix version 2.2 and later: 171 172 <b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (<a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b> 173 Rewrite message header addresses in mail from these clients and 174 update incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or 175 $<a href="postconf.5.html#mydomain">mydomain</a>; either don't rewrite message headers from other 176 clients at all, or rewrite message headers and update incomplete 177 addresses with the domain specified in the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_re</a>- 178 <a href="postconf.5.html#remote_header_rewrite_domain">write_domain</a> parameter. 179 180<b>BEFORE-SMTPD PROXY AGENT</b> 181 Available in Postfix version 2.10 and later: 182 183 <b><a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> (empty)</b> 184 The name of the proxy protocol used by an optional before-smtpd 185 proxy agent. 186 187 <b><a href="postconf.5.html#smtpd_upstream_proxy_timeout">smtpd_upstream_proxy_timeout</a> (5s)</b> 188 The time limit for the proxy protocol specified with the 189 <a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> parameter. 190 191<b>AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b> 192 As of version 1.0, Postfix can be configured to send new mail to an 193 external content filter AFTER the mail is queued. This content filter 194 is expected to inject mail back into a (Postfix or other) MTA for fur- 195 ther delivery. See the <a href="FILTER_README.html">FILTER_README</a> document for details. 196 197 <b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b> 198 After the message is queued, send the entire message to the 199 specified <i>transport:destination</i>. 200 201<b>BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b> 202 As of version 2.1, the Postfix SMTP server can be configured to send 203 incoming mail to a real-time SMTP-based content filter BEFORE mail is 204 queued. This content filter is expected to inject mail back into Post- 205 fix. See the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config- 206 ure and operate this feature. 207 208 <b><a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> (empty)</b> 209 The hostname and TCP port of the mail filtering proxy server. 210 211 <b><a href="postconf.5.html#smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> 212 How the Postfix SMTP server announces itself to the proxy fil- 213 ter. 214 215 <b><a href="postconf.5.html#smtpd_proxy_options">smtpd_proxy_options</a> (empty)</b> 216 List of options that control how the Postfix SMTP server commu- 217 nicates with a before-queue content filter. 218 219 <b><a href="postconf.5.html#smtpd_proxy_timeout">smtpd_proxy_timeout</a> (100s)</b> 220 The time limit for connecting to a proxy filter and for sending 221 or receiving information. 222 223<b>BEFORE QUEUE MILTER CONTROLS</b> 224 As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail 225 filter) protocol. These content filters run outside Postfix. They can 226 inspect the SMTP command stream and the message content, and can 227 request modifications before mail is queued. For details see the <a href="MILTER_README.html">MIL</a>- 228 <a href="MILTER_README.html">TER_README</a> document. 229 230 <b><a href="postconf.5.html#smtpd_milters">smtpd_milters</a> (empty)</b> 231 A list of Milter (mail filter) applications for new mail that 232 arrives via the Postfix <a href="smtpd.8.html"><b>smtpd</b>(8)</a> server. 233 234 <b><a href="postconf.5.html#milter_protocol">milter_protocol</a> (6)</b> 235 The mail filter protocol version and optional protocol exten- 236 sions for communication with a Milter application; prior to 237 Postfix 2.6 the default protocol is 2. 238 239 <b><a href="postconf.5.html#milter_default_action">milter_default_action</a> (tempfail)</b> 240 The default action when a Milter (mail filter) response is 241 unavailable (for example, bad Postfix configuration or Milter 242 failure). 243 244 <b><a href="postconf.5.html#milter_macro_daemon_name">milter_macro_daemon_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> 245 The {daemon_name} macro value for Milter (mail filter) applica- 246 tions. 247 248 <b><a href="postconf.5.html#milter_macro_v">milter_macro_v</a> ($<a href="postconf.5.html#mail_name">mail_name</a> $<a href="postconf.5.html#mail_version">mail_version</a>)</b> 249 The {v} macro value for Milter (mail filter) applications. 250 251 <b><a href="postconf.5.html#milter_connect_timeout">milter_connect_timeout</a> (30s)</b> 252 The time limit for connecting to a Milter (mail filter) applica- 253 tion, and for negotiating protocol options. 254 255 <b><a href="postconf.5.html#milter_command_timeout">milter_command_timeout</a> (30s)</b> 256 The time limit for sending an SMTP command to a Milter (mail 257 filter) application, and for receiving the response. 258 259 <b><a href="postconf.5.html#milter_content_timeout">milter_content_timeout</a> (300s)</b> 260 The time limit for sending message content to a Milter (mail 261 filter) application, and for receiving the response. 262 263 <b><a href="postconf.5.html#milter_connect_macros">milter_connect_macros</a> (see 'postconf -d' output)</b> 264 The macros that are sent to Milter (mail filter) applications 265 after completion of an SMTP connection. 266 267 <b><a href="postconf.5.html#milter_helo_macros">milter_helo_macros</a> (see 'postconf -d' output)</b> 268 The macros that are sent to Milter (mail filter) applications 269 after the SMTP HELO or EHLO command. 270 271 <b><a href="postconf.5.html#milter_mail_macros">milter_mail_macros</a> (see 'postconf -d' output)</b> 272 The macros that are sent to Milter (mail filter) applications 273 after the SMTP MAIL FROM command. 274 275 <b><a href="postconf.5.html#milter_rcpt_macros">milter_rcpt_macros</a> (see 'postconf -d' output)</b> 276 The macros that are sent to Milter (mail filter) applications 277 after the SMTP RCPT TO command. 278 279 <b><a href="postconf.5.html#milter_data_macros">milter_data_macros</a> (see 'postconf -d' output)</b> 280 The macros that are sent to version 4 or higher Milter (mail 281 filter) applications after the SMTP DATA command. 282 283 <b><a href="postconf.5.html#milter_unknown_command_macros">milter_unknown_command_macros</a> (see 'postconf -d' output)</b> 284 The macros that are sent to version 3 or higher Milter (mail 285 filter) applications after an unknown SMTP command. 286 287 <b><a href="postconf.5.html#milter_end_of_header_macros">milter_end_of_header_macros</a> (see 'postconf -d' output)</b> 288 The macros that are sent to Milter (mail filter) applications 289 after the end of the message header. 290 291 <b><a href="postconf.5.html#milter_end_of_data_macros">milter_end_of_data_macros</a> (see 'postconf -d' output)</b> 292 The macros that are sent to Milter (mail filter) applications 293 after the message end-of-data. 294 295 Available in Postfix version 3.1 and later: 296 297 <b><a href="postconf.5.html#milter_macro_defaults">milter_macro_defaults</a> (empty)</b> 298 Optional list of <i>name=value</i> pairs that specify default values 299 for arbitrary macros that Postfix may send to Milter applica- 300 tions. 301 302 Available in Postfix version 3.2 and later: 303 304 <b><a href="postconf.5.html#smtpd_milter_maps">smtpd_milter_maps</a> (empty)</b> 305 Lookup tables with Milter settings per remote SMTP client IP 306 address. 307 308<b>GENERAL CONTENT INSPECTION CONTROLS</b> 309 The following parameters are applicable for both built-in and external 310 content filters. 311 312 Available in Postfix version 2.1 and later: 313 314 <b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b> 315 Enable or disable recipient validation, built-in content filter- 316 ing, or address mapping. 317 318<b>EXTERNAL CONTENT INSPECTION CONTROLS</b> 319 The following parameters are applicable for both before-queue and 320 after-queue content filtering. 321 322 Available in Postfix version 2.1 and later: 323 324 <b><a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> (empty)</b> 325 What remote SMTP clients are allowed to use the XFORWARD fea- 326 ture. 327 328<b>SASL AUTHENTICATION CONTROLS</b> 329 Postfix SASL support (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>) can be used to authenticate remote SMTP 330 clients to the Postfix SMTP server, and to authenticate the Postfix 331 SMTP client to a remote SMTP server. See the <a href="SASL_README.html">SASL_README</a> document for 332 details. 333 334 <b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b> 335 Enable interoperability with remote SMTP clients that implement 336 an obsolete version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>). 337 338 <b><a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> (no)</b> 339 Enable SASL authentication in the Postfix SMTP server. 340 341 <b><a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> (empty)</b> 342 The name of the Postfix SMTP server's local SASL authentication 343 realm. 344 345 <b><a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> (noanonymous)</b> 346 Postfix SMTP server SASL security options; as of Postfix 2.3 the 347 list of available features depends on the SASL server implemen- 348 tation that is selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. 349 350 <b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b> 351 Optional lookup table with the SASL login names that own the 352 sender (MAIL FROM) addresses. 353 354 Available in Postfix version 2.1 and later: 355 356 <b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b> 357 What remote SMTP clients the Postfix SMTP server will not offer 358 AUTH support to. 359 360 Available in Postfix version 2.1 and 2.2: 361 362 <b><a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a> (smtpd)</b> 363 The application name that the Postfix SMTP server uses for SASL 364 server initialization. 365 366 Available in Postfix version 2.3 and later: 367 368 <b><a href="postconf.5.html#smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> (no)</b> 369 Report the SASL authenticated user name in the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> Received 370 message header. 371 372 <b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> (smtpd)</b> 373 Implementation-specific information that the Postfix SMTP server 374 passes through to the SASL plug-in implementation that is 375 selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. 376 377 <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a> (cyrus)</b> 378 The SASL plug-in type that the Postfix SMTP server should use 379 for authentication. 380 381 Available in Postfix version 2.5 and later: 382 383 <b><a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a> (empty)</b> 384 Search path for Cyrus SASL application configuration files, cur- 385 rently used only to locate the $<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file. 386 387 Available in Postfix version 2.11 and later: 388 389 <b>smtpd_sasl_service (smtp)</b> 390 The service name that is passed to the SASL plug-in that is 391 selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b> and <b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a></b>. 392 393 Available in Postfix version 3.4 and later: 394 395 <b><a href="postconf.5.html#smtpd_sasl_response_limit">smtpd_sasl_response_limit</a> (12288)</b> 396 The maximum length of a SASL client's response to a server chal- 397 lenge. 398 399<b>STARTTLS SUPPORT CONTROLS</b> 400 Detailed information about STARTTLS configuration may be found in the 401 <a href="TLS_README.html">TLS_README</a> document. 402 403 <b><a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> (empty)</b> 404 The SMTP TLS security level for the Postfix SMTP server; when a 405 non-empty value is specified, this overrides the obsolete param- 406 eters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>. 407 408 <b><a href="postconf.5.html#smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a>)</b> 409 The SASL authentication security options that the Postfix SMTP 410 server uses for TLS encrypted SMTP sessions. 411 412 <b><a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> (see 'postconf -d' output)</b> 413 The time limit for Postfix SMTP server write and read operations 414 during TLS startup and shutdown handshake procedures. 415 416 <b><a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> (empty)</b> 417 A file containing (PEM format) CA certificates of root CAs 418 trusted to sign either remote SMTP client certificates or inter- 419 mediate CA certificates. 420 421 <b><a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> (empty)</b> 422 A directory containing (PEM format) CA certificates of root CAs 423 trusted to sign either remote SMTP client certificates or inter- 424 mediate CA certificates. 425 426 <b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> (yes)</b> 427 Force the Postfix SMTP server to issue a TLS session id, even 428 when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_ses</a>- 429 <a href="postconf.5.html#smtpd_tls_session_cache_database">sion_cache_database</a> is empty). 430 431 <b><a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> (no)</b> 432 Ask a remote SMTP client for a client certificate. 433 434 <b><a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> (no)</b> 435 When TLS encryption is optional in the Postfix SMTP server, do 436 not announce or accept SASL authentication over unencrypted con- 437 nections. 438 439 <b><a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> (9)</b> 440 The verification depth for remote SMTP client certificates. 441 442 <b><a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> (empty)</b> 443 File with the Postfix SMTP server RSA certificate in PEM format. 444 445 <b><a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> (empty)</b> 446 List of ciphers or cipher types to exclude from the SMTP server 447 cipher list at all TLS security levels. 448 449 <b><a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> (empty)</b> 450 File with the Postfix SMTP server DSA certificate in PEM format. 451 452 <b><a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> (empty)</b> 453 File with DH parameters that the Postfix SMTP server should use 454 with non-export EDH ciphers. 455 456 <b><a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> (empty)</b> 457 File with DH parameters that the Postfix SMTP server should use 458 with export-grade EDH ciphers. 459 460 <b><a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> ($<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b> 461 File with the Postfix SMTP server DSA private key in PEM format. 462 463 <b><a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> ($<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b> 464 File with the Postfix SMTP server RSA private key in PEM format. 465 466 <b><a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> (0)</b> 467 Enable additional Postfix SMTP server logging of TLS activity. 468 469 <b><a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> (medium)</b> 470 The minimum TLS cipher grade that the Postfix SMTP server will 471 use with mandatory TLS encryption. 472 473 <b><a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> (empty)</b> 474 Additional list of ciphers or cipher types to exclude from the 475 Postfix SMTP server cipher list at mandatory TLS security lev- 476 els. 477 478 <b><a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> (!SSLv2, !SSLv3)</b> 479 The SSL/TLS protocols accepted by the Postfix SMTP server with 480 mandatory TLS encryption. 481 482 <b><a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> (no)</b> 483 Request that the Postfix SMTP server produces Received: message 484 headers that include information about the protocol and cipher 485 used, as well as the remote SMTP client CommonName and client 486 certificate issuer CommonName. 487 488 <b><a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> (no)</b> 489 With mandatory TLS encryption, require a trusted remote SMTP 490 client certificate in order to allow TLS connections to proceed. 491 492 <b><a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> (no)</b> 493 Run the Postfix SMTP server in the non-standard "wrapper" mode, 494 instead of using the STARTTLS command. 495 496 <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b> 497 The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> 498 process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its 499 internal pseudo random number generator (PRNG). 500 501 <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (see 'postconf -d' output)</b> 502 The OpenSSL cipherlist for "high" grade ciphers. 503 504 <b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (see 'postconf -d' output)</b> 505 The OpenSSL cipherlist for "medium" or higher grade ciphers. 506 507 <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (see 'postconf -d' output)</b> 508 The OpenSSL cipherlist for "low" or higher grade ciphers. 509 510 <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (see 'postconf -d' output)</b> 511 The OpenSSL cipherlist for "export" or higher grade ciphers. 512 513 <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b> 514 The OpenSSL cipherlist for "NULL" grade ciphers that provide 515 authentication without encryption. 516 517 Available in Postfix version 2.5 and later: 518 519 <b><a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> (md5)</b> 520 The message digest algorithm to construct remote SMTP 521 client-certificate fingerprints or public key fingerprints 522 (Postfix 2.9 and later) for <b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b>per-</b> 523 <b>mit_tls_clientcerts</b>. 524 525 Available in Postfix version 2.6 and later: 526 527 <b><a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> (!SSLv2, !SSLv3)</b> 528 List of TLS protocols that the Postfix SMTP server will exclude 529 or include with opportunistic TLS encryption. 530 531 <b><a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> (medium)</b> 532 The minimum TLS cipher grade that the Postfix SMTP server will 533 use with opportunistic TLS encryption. 534 535 <b><a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> (empty)</b> 536 File with the Postfix SMTP server ECDSA certificate in PEM for- 537 mat. 538 539 <b><a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> ($<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b> 540 File with the Postfix SMTP server ECDSA private key in PEM for- 541 mat. 542 543 <b><a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> (see 'postconf -d' output)</b> 544 The Postfix SMTP server security grade for ephemeral ellip- 545 tic-curve Diffie-Hellman (EECDH) key exchange. 546 547 <b><a href="postconf.5.html#tls_eecdh_strong_curve">tls_eecdh_strong_curve</a> (prime256v1)</b> 548 The elliptic curve used by the Postfix SMTP server for sensibly 549 strong ephemeral ECDH key exchange. 550 551 <b><a href="postconf.5.html#tls_eecdh_ultra_curve">tls_eecdh_ultra_curve</a> (secp384r1)</b> 552 The elliptic curve used by the Postfix SMTP server for maximally 553 strong ephemeral ECDH key exchange. 554 555 Available in Postfix version 2.8 and later: 556 557 <b><a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> (no)</b> 558 With SSLv3 and later, use the Postfix SMTP server's cipher pref- 559 erence order instead of the remote client's cipher preference 560 order. 561 562 <b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b> 563 List or bit-mask of OpenSSL bug work-arounds to disable. 564 565 Available in Postfix version 2.11 and later: 566 567 <b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b> 568 The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>. 569 570 Available in Postfix version 3.0 and later: 571 572 <b><a href="postconf.5.html#tls_session_ticket_cipher">tls_session_ticket_cipher</a> (Postfix</b> ><b>= 3.0: aes-256-cbc, Postfix</b> < <b>3.0:</b> 573 <b>aes-128-cbc)</b> 574 Algorithm used to encrypt <a href="http://tools.ietf.org/html/rfc5077">RFC5077</a> TLS session tickets. 575 576 Available in Postfix version 3.2 and later: 577 578 <b><a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a> (see 'postconf -d' output)</b> 579 The prioritized list of elliptic curves supported by the Postfix 580 SMTP client and server. 581 582 Available in Postfix version 3.4 and later: 583 584 <b><a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> (empty)</b> 585 List of one or more PEM files, each holding one or more private 586 keys directly followed by a corresponding certificate chain. 587 588 <b><a href="postconf.5.html#tls_server_sni_maps">tls_server_sni_maps</a> (empty)</b> 589 Optional lookup tables that map names received from remote SMTP 590 clients via the TLS Server Name Indication (SNI) extension to 591 the appropriate keys and certificate chains. 592 593 Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later: 594 595 <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b> 596 A workaround for implementations that hang Postfix while shut- 597 ting down a TLS session, until Postfix times out. 598 599 Available in Postfix 3.5 and later: 600 601 <b>info_log_address_format (external)</b> 602 The email address form that will be used in non-debug logging 603 (info, warning, etc.). 604 605<b>OBSOLETE STARTTLS CONTROLS</b> 606 The following configuration parameters exist for compatibility with 607 Postfix versions before 2.3. Support for these will be removed in a 608 future release. 609 610 <b><a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> (no)</b> 611 Opportunistic TLS: announce STARTTLS support to remote SMTP 612 clients, but do not require that clients use TLS encryption. 613 614 <b><a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> (no)</b> 615 Mandatory TLS: announce STARTTLS support to remote SMTP clients, 616 and require that clients use TLS encryption. 617 618 <b><a href="postconf.5.html#smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> (empty)</b> 619 Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS 620 cipher list. 621 622<b>SMTPUTF8 CONTROLS</b> 623 Preliminary SMTPUTF8 support is introduced with Postfix 3.0. 624 625 <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b> 626 Enable preliminary SMTPUTF8 support for the protocols described 627 in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533. 628 629 <b><a href="postconf.5.html#strict_smtputf8">strict_smtputf8</a> (no)</b> 630 Enable stricter enforcement of the SMTPUTF8 protocol. 631 632 <b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b> 633 Detect that a message requires SMTPUTF8 support for the speci- 634 fied mail origin classes. 635 636 Available in Postfix version 3.2 and later: 637 638 <b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b> 639 Enable 'transitional' compatibility between IDNA2003 and 640 IDNA2008, when converting UTF-8 domain names to/from the ASCII 641 form that is used for DNS lookups. 642 643<b>VERP SUPPORT CONTROLS</b> 644 With VERP style delivery, each recipient of a message receives a cus- 645 tomized copy of the message with his/her own recipient address encoded 646 in the envelope sender address. The <a href="VERP_README.html">VERP_README</a> file describes config- 647 uration and operation details of Postfix support for variable envelope 648 return path addresses. VERP style delivery is requested with the SMTP 649 XVERP command or with the "sendmail -V" command-line option and is 650 available in Postfix version 1.1 and later. 651 652 <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b> 653 The two default VERP delimiter characters. 654 655 <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b> 656 The characters Postfix accepts as VERP delimiter characters on 657 the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands. 658 659 Available in Postfix version 1.1 and 2.0: 660 661 <b><a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b> 662 What remote SMTP clients are allowed to specify the XVERP com- 663 mand. 664 665 Available in Postfix version 2.1 and later: 666 667 <b><a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> ($<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b> 668 What remote SMTP clients are allowed to specify the XVERP com- 669 mand. 670 671<b>TROUBLE SHOOTING CONTROLS</b> 672 The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of the Postfix 673 mail system. The methods vary from making the software log a lot of 674 detail, to running some daemon processes under control of a call tracer 675 or debugger. 676 677 <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b> 678 The increment in verbose logging level when a remote client or 679 server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. 680 681 <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b> 682 Optional list of remote client or server hostname or network 683 address patterns that cause the verbose logging level to 684 increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>. 685 686 <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b> 687 The recipient of postmaster notifications about mail delivery 688 problems that are caused by policy, resource, software or proto- 689 col errors. 690 691 <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b> 692 What categories of Postfix-generated mail are subject to 693 before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, 694 <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>. 695 696 <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b> 697 The list of error classes that are reported to the postmaster. 698 699 <b><a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> (empty)</b> 700 Optional information that is appended after each Postfix SMTP 701 server 4XX or 5XX response. 702 703 <b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b> 704 Safety net to keep mail queued that would otherwise be returned 705 to the sender. 706 707 Available in Postfix version 2.1 and later: 708 709 <b><a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> (empty)</b> 710 What remote SMTP clients are allowed to use the XCLIENT feature. 711 712 Available in Postfix version 2.10 and later: 713 714 <b><a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> (empty)</b> 715 Enable logging of the named "permit" actions in SMTP server 716 access lists (by default, the SMTP server logs "reject" actions 717 but not "permit" actions). 718 719<b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b> 720 As of Postfix version 2.0, the SMTP server rejects mail for unknown 721 recipients. This prevents the mail queue from clogging up with undeliv- 722 erable MAILER-DAEMON messages. Additional information on this topic is 723 in the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents. 724 725 <b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b> 726 Display the name of the recipient table in the "User unknown" 727 responses. 728 729 <b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b> 730 Optional address mapping lookup tables for message headers and 731 envelopes. 732 733 <b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b> 734 Optional address mapping lookup tables for envelope and header 735 recipient addresses. 736 737 <b><a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> (empty)</b> 738 Optional address mapping lookup tables for envelope and header 739 sender addresses. 740 741 Parameters concerning known/unknown local recipients: 742 743 <b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b> 744 The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a> 745 mail delivery transport. 746 747 <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b> 748 The network interface addresses that this mail system receives 749 mail on. 750 751 <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b> 752 The network interface addresses that this mail system receives 753 mail on by way of a proxy or network address translation unit. 754 755 <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (all)</b> 756 The Internet protocols Postfix will attempt to use when making 757 or accepting connections. 758 759 <b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b> 760 Lookup tables with all names or addresses of local recipients: a 761 recipient address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestina</a>- 762 <a href="postconf.5.html#mydestination">tion</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. 763 764 <b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b> 765 The numerical Postfix SMTP server response code when a recipient 766 address is local, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of 767 lookup tables that does not match the recipient. 768 769 Parameters concerning known/unknown recipients of relay destinations: 770 771 <b><a href="postconf.5.html#relay_domains">relay_domains</a> (Postfix</b> ><b>= 3.0: empty, Postfix</b> < <b>3.0: $<a href="postconf.5.html#mydestination">mydestination</a>)</b> 772 What destination domains (and subdomains thereof) this system 773 will relay mail to. 774 775 <b><a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> (empty)</b> 776 Optional lookup tables with all valid addresses in the domains 777 that match $<a href="postconf.5.html#relay_domains">relay_domains</a>. 778 779 <b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b> 780 The numerical Postfix SMTP server reply code when a recipient 781 address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> speci- 782 fies a list of lookup tables that does not match the recipient 783 address. 784 785 Parameters concerning known/unknown recipients in virtual alias 786 domains: 787 788 <b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b> 789 Postfix is final destination for the specified list of virtual 790 alias domains, that is, domains for which all addresses are 791 aliased to addresses in other local or remote domains. 792 793 <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b> 794 Optional lookup tables that alias specific mail addresses or 795 domains to other local or remote address. 796 797 <b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b> 798 The Postfix SMTP server reply code when a recipient address 799 matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> speci- 800 fies a list of lookup tables that does not match the recipient 801 address. 802 803 Parameters concerning known/unknown recipients in virtual mailbox 804 domains: 805 806 <b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b> 807 Postfix is final destination for the specified list of domains; 808 mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail delivery 809 transport. 810 811 <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b> 812 Optional lookup tables with all valid addresses in the domains 813 that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. 814 815 <b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b> 816 The Postfix SMTP server reply code when a recipient address 817 matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> 818 specifies a list of lookup tables that does not match the recip- 819 ient address. 820 821<b>RESOURCE AND RATE CONTROLS</b> 822 The following parameters limit resource usage by the SMTP server and/or 823 control client request rates. 824 825 <b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b> 826 Upon input, long lines are chopped up into pieces of at most 827 this length; upon delivery, long lines are reconstructed. 828 829 <b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b> 830 The minimal amount of free space in bytes in the queue file sys- 831 tem that is needed to receive mail. 832 833 <b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b> 834 The maximal size in bytes of a message, including envelope 835 information. 836 837 <b><a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> (1000)</b> 838 The maximal number of recipients that the Postfix SMTP server 839 accepts per message delivery request. 840 841 <b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (normal: 300s, overload: 10s)</b> 842 The time limit for sending a Postfix SMTP server response and 843 for receiving a remote SMTP client request. 844 845 <b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b> 846 The maximal number of lines in the Postfix SMTP server command 847 history before it is flushed upon receipt of EHLO, RSET, or end 848 of DATA. 849 850 Available in Postfix version 2.3 and later: 851 852 <b><a href="postconf.5.html#smtpd_peername_lookup">smtpd_peername_lookup</a> (yes)</b> 853 Attempt to look up the remote SMTP client hostname, and verify 854 that the name matches the client IP address. 855 856 The per SMTP client connection count and request rate limits are imple- 857 mented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> service, and are available in 858 Postfix version 2.2 and later. 859 860 <b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b> 861 How many simultaneous connections any client is allowed to make 862 to this service. 863 864 <b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b> 865 The maximal number of connection attempts any client is allowed 866 to make to this service per time unit. 867 868 <b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b> 869 The maximal number of message delivery requests that any client 870 is allowed to make to this service per time unit, regardless of 871 whether or not Postfix actually accepts those messages. 872 873 <b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b> 874 The maximal number of recipient addresses that any client is 875 allowed to send to this service per time unit, regardless of 876 whether or not Postfix actually accepts those recipients. 877 878 <b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b> 879 Clients that are excluded from smtpd_client_*_count/rate_limit 880 restrictions. 881 882 Available in Postfix version 2.3 and later: 883 884 <b><a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> (0)</b> 885 The maximal number of new (i.e., uncached) TLS sessions that a 886 remote SMTP client is allowed to negotiate with this service per 887 time unit. 888 889 Available in Postfix version 2.9 and later: 890 891 <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b> 892 Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>- 893 <a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write 894 system call, to a time limit to send or receive a complete 895 record (an SMTP command line, SMTP response line, SMTP message 896 content line, or TLS protocol message). 897 898 Available in Postfix version 3.1 and later: 899 900 <b><a href="postconf.5.html#smtpd_client_auth_rate_limit">smtpd_client_auth_rate_limit</a> (0)</b> 901 The maximal number of AUTH commands that any client is allowed 902 to send to this service per time unit, regardless of whether or 903 not Postfix actually accepts those commands. 904 905<b>TARPIT CONTROLS</b> 906 When a remote SMTP client makes errors, the Postfix SMTP server can 907 insert delays before responding. This can help to slow down run-away 908 software. The behavior is controlled by an error counter that counts 909 the number of errors within an SMTP session that a client makes without 910 delivering mail. 911 912 <b><a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> (1s)</b> 913 With Postfix version 2.1 and later: the SMTP server response 914 delay after a client has made more than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> 915 errors, and fewer than $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without 916 delivering mail. 917 918 <b><a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> (10)</b> 919 The number of errors a remote SMTP client is allowed to make 920 without delivering mail before the Postfix SMTP server slows 921 down all its responses. 922 923 <b><a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (normal: 20, overload: 1)</b> 924 The maximal number of errors a remote SMTP client is allowed to 925 make without delivering mail. 926 927 <b><a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> (normal: 100, overload: 1)</b> 928 The number of junk commands (NOOP, VRFY, ETRN or RSET) that a 929 remote SMTP client can send before the Postfix SMTP server 930 starts to increment the error counter with each junk command. 931 932 Available in Postfix version 2.1 and later: 933 934 <b><a href="postconf.5.html#smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> (1000)</b> 935 The number of recipients that a remote SMTP client can send in 936 excess of the limit specified with $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>, 937 before the Postfix SMTP server increments the per-session error 938 count for each excess recipient. 939 940<b>ACCESS POLICY DELEGATION CONTROLS</b> 941 As of version 2.1, Postfix can be configured to delegate access policy 942 decisions to an external server that runs outside Postfix. See the 943 file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for more information. 944 945 <b><a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (300s)</b> 946 The time after which an idle SMTPD policy service connection is 947 closed. 948 949 <b><a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (1000s)</b> 950 The time after which an active SMTPD policy service connection 951 is closed. 952 953 <b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b> 954 The time limit for connecting to, writing to, or receiving from 955 a delegated SMTPD policy server. 956 957 Available in Postfix version 3.0 and later: 958 959 <b><a href="postconf.5.html#smtpd_policy_service_default_action">smtpd_policy_service_default_action</a> (451 4.3.5 Server configuration</b> 960 <b>problem)</b> 961 The default action when an SMTPD policy service request fails. 962 963 <b><a href="postconf.5.html#smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a> (0)</b> 964 The maximal number of requests per SMTPD policy service connec- 965 tion, or zero (no limit). 966 967 <b><a href="postconf.5.html#smtpd_policy_service_try_limit">smtpd_policy_service_try_limit</a> (2)</b> 968 The maximal number of attempts to send an SMTPD policy service 969 request before giving up. 970 971 <b><a href="postconf.5.html#smtpd_policy_service_retry_delay">smtpd_policy_service_retry_delay</a> (1s)</b> 972 The delay between attempts to resend a failed SMTPD policy ser- 973 vice request. 974 975 Available in Postfix version 3.1 and later: 976 977 <b><a href="postconf.5.html#smtpd_policy_service_policy_context">smtpd_policy_service_policy_context</a> (empty)</b> 978 Optional information that the Postfix SMTP server specifies in 979 the "policy_context" attribute of a policy service request 980 (originally, to share the same service endpoint among multiple 981 <a href="postconf.5.html#check_policy_service">check_policy_service</a> clients). 982 983<b>ACCESS CONTROLS</b> 984 The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to all the SMTP 985 server access control features. 986 987 <b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b> 988 Wait until the RCPT TO command before evaluating 989 $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and 990 $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until the ETRN command 991 before evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and 992 $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>. 993 994 <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' output)</b> 995 A list of Postfix features where the pattern "example.com" also 996 matches subdomains of example.com, instead of requiring an 997 explicit ".example.com" pattern. 998 999 <b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b> 1000 Optional restrictions that the Postfix SMTP server applies in 1001 the context of a client connection request. 1002 1003 <b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b> 1004 Require that a remote SMTP client introduces itself with the 1005 HELO or EHLO command before sending the MAIL command or other 1006 commands that require EHLO negotiation. 1007 1008 <b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b> 1009 Optional restrictions that the Postfix SMTP server applies in 1010 the context of a client HELO command. 1011 1012 <b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b> 1013 Optional restrictions that the Postfix SMTP server applies in 1014 the context of a client MAIL FROM command. 1015 1016 <b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> (see 'postconf -d' output)</b> 1017 Optional restrictions that the Postfix SMTP server applies in 1018 the context of a client RCPT TO command, after 1019 <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>. 1020 1021 <b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b> 1022 Optional restrictions that the Postfix SMTP server applies in 1023 the context of a client ETRN command. 1024 1025 <b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b> 1026 Forward mail with sender-specified routing 1027 (user[@%!]remote[@%!]site) from untrusted clients to destina- 1028 tions matching $<a href="postconf.5.html#relay_domains">relay_domains</a>. 1029 1030 <b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b> 1031 User-defined aliases for groups of access restrictions. 1032 1033 <b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b><><b>)</b> 1034 The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables instead of 1035 the null sender address. 1036 1037 <b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b> 1038 Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to 1039 only domains whose primary MX hosts match the listed networks. 1040 1041 Available in Postfix version 2.0 and later: 1042 1043 <b><a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> (empty)</b> 1044 Optional access restrictions that the Postfix SMTP server 1045 applies in the context of the SMTP DATA command. 1046 1047 <b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b> 1048 What characters are allowed in $name expansions of RBL reply 1049 templates. 1050 1051 Available in Postfix version 2.1 and later: 1052 1053 <b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b> 1054 Request that the Postfix SMTP server rejects mail from unknown 1055 sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> 1056 access restriction is specified. 1057 1058 <b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b> 1059 Request that the Postfix SMTP server rejects mail for unknown 1060 recipient addresses, even when no explicit 1061 <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restriction is specified. 1062 1063 Available in Postfix version 2.2 and later: 1064 1065 <b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> (empty)</b> 1066 Optional access restrictions that the Postfix SMTP server 1067 applies in the context of the SMTP END-OF-DATA command. 1068 1069 Available in Postfix version 2.10 and later: 1070 1071 <b><a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,</b> 1072 <b><a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>)</b> 1073 Access restrictions for mail relay control that the Postfix SMTP 1074 server applies in the context of the RCPT TO command, before 1075 <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. 1076 1077<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b> 1078 Postfix version 2.1 introduces sender and recipient address verifica- 1079 tion. This feature is implemented by sending probe email messages that 1080 are not actually delivered. This feature is requested via the 1081 <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access 1082 restrictions. The status of verification probes is maintained by the 1083 <a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> for infor- 1084 mation about how to configure and operate the Postfix sender/recipient 1085 address verification service. 1086 1087 <b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (normal: 3, overload: 1)</b> 1088 How many times to query the <a href="verify.8.html"><b>verify</b>(8)</a> service for the completion 1089 of an address verification request in progress. 1090 1091 <b><a href="postconf.5.html#address_verify_poll_delay">address_verify_poll_delay</a> (3s)</b> 1092 The delay between queries for the completion of an address veri- 1093 fication request in progress. 1094 1095 <b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b> 1096 The sender address to use in address verification probes; prior 1097 to Postfix 2.5 the default was "postmaster". 1098 1099 <b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b> 1100 The numerical Postfix SMTP server response code when a recipient 1101 address is rejected by the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction. 1102 1103 <b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b> 1104 The numerical Postfix SMTP server response when a recipient 1105 address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restric- 1106 tion. 1107 1108 Available in Postfix version 2.6 and later: 1109 1110 <b><a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> (450)</b> 1111 The numerical Postfix SMTP server response code when a sender 1112 address probe fails due to a temporary error condition. 1113 1114 <b><a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> (450)</b> 1115 The numerical Postfix SMTP server response when a recipient 1116 address probe fails due to a temporary error condition. 1117 1118 <b><a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> (empty)</b> 1119 The Postfix SMTP server's reply when rejecting mail with 1120 <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>. 1121 1122 <b><a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> (empty)</b> 1123 The Postfix SMTP server's reply when rejecting mail with 1124 <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>. 1125 1126 <b><a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b> 1127 The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> 1128 fails due to a temporary error condition. 1129 1130 <b><a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b> 1131 The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipi</a>- 1132 <a href="postconf.5.html#reject_unverified_recipient">ent</a> fails due to a temporary error condition. 1133 1134 Available with Postfix 2.9 and later: 1135 1136 <b><a href="postconf.5.html#address_verify_sender_ttl">address_verify_sender_ttl</a> (0s)</b> 1137 The time between changes in the time-dependent portion of 1138 address verification probe sender addresses. 1139 1140<b>ACCESS CONTROL RESPONSES</b> 1141 The following parameters control numerical SMTP reply codes and/or text 1142 responses. 1143 1144 <b><a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a> (554)</b> 1145 The numerical Postfix SMTP server response code for an <a href="access.5.html"><b>access</b>(5)</a> 1146 map "reject" action. 1147 1148 <b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b> 1149 The numerical Postfix SMTP server response code when a remote 1150 SMTP client request is rejected by the "defer" restriction. 1151 1152 <b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b> 1153 The numerical Postfix SMTP server response code when the client 1154 HELO or EHLO command parameter is rejected by the 1155 <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> restriction. 1156 1157 <b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b> 1158 The numerical Postfix SMTP server response code when a remote 1159 SMTP client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, 1160 <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>, 1161 <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction. 1162 1163 <b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b> 1164 The numerical Postfix SMTP server reply code when a client 1165 request is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>, 1166 <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction. 1167 1168 <b><a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> (450)</b> 1169 The numerical Postfix SMTP server response code when a request 1170 is rejected by the <b><a href="postconf.5.html#reject_plaintext_session">reject_plaintext_session</a></b> restriction. 1171 1172 <b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b> 1173 The numerical Postfix SMTP server response code when a remote 1174 SMTP client request is rejected by the "reject" restriction. 1175 1176 <b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b> 1177 The numerical Postfix SMTP server response code when a client 1178 request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient 1179 restriction. 1180 1181 <b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b> 1182 The numerical response code when the Postfix SMTP server rejects 1183 a sender or recipient address because its domain is unknown. 1184 1185 <b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b> 1186 The numerical Postfix SMTP server response code when a client 1187 without valid address <=> name mapping is rejected by the 1188 <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> restriction. 1189 1190 <b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b> 1191 The numerical Postfix SMTP server response code when the host- 1192 name specified with the HELO or EHLO command is rejected by the 1193 <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction. 1194 1195 Available in Postfix version 2.0 and later: 1196 1197 <b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b> 1198 The default Postfix SMTP server response template for a request 1199 that is rejected by an RBL-based restriction. 1200 1201 <b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b> 1202 The numerical Postfix SMTP server response code when a remote 1203 SMTP client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipi</a>- 1204 <a href="postconf.5.html#reject_multi_recipient_bounce">ent_bounce</a> restriction. 1205 1206 <b><a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> (empty)</b> 1207 Optional lookup tables with RBL response templates. 1208 1209 Available in Postfix version 2.6 and later: 1210 1211 <b><a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> (450)</b> 1212 The numerical Postfix SMTP server response code for an <a href="access.5.html"><b>access</b>(5)</a> 1213 map "defer" action, including "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" or 1214 "<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>". 1215 1216 <b><a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a> (<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>)</b> 1217 The Postfix SMTP server's action when a reject-type restriction 1218 fails due to a temporary error condition. 1219 1220 <b><a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b> 1221 The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_host</a>- 1222 <a href="postconf.5.html#reject_unknown_helo_hostname">name</a> fails due to a temporary error condition. 1223 1224 <b><a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b> 1225 The Postfix SMTP server's action when 1226 <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> 1227 fail due to a temporary error condition. 1228 1229<b>MISCELLANEOUS CONTROLS</b> 1230 <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> 1231 The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con- 1232 figuration files. 1233 1234 <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b> 1235 How much time a Postfix daemon process may take to handle a 1236 request before it is terminated by a built-in watchdog timer. 1237 1238 <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b> 1239 The location of all postfix administrative commands. 1240 1241 <b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b> 1242 The sender address of postmaster notifications that are gener- 1243 ated by the mail system. 1244 1245 <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b> 1246 The time limit for sending or receiving information over an 1247 internal communication channel. 1248 1249 <b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b> 1250 The mail system name that is displayed in Received: headers, in 1251 the SMTP greeting banner, and in bounced mail. 1252 1253 <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b> 1254 The UNIX system account that owns the Postfix queue and most 1255 Postfix daemon processes. 1256 1257 <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b> 1258 The maximum amount of time that an idle Postfix daemon process 1259 waits for an incoming connection before terminating voluntarily. 1260 1261 <b><a href="postconf.5.html#max_use">max_use</a> (100)</b> 1262 The maximal number of incoming connections that a Postfix daemon 1263 process will service before terminating voluntarily. 1264 1265 <b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b> 1266 The internet hostname of this mail system. 1267 1268 <b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b> 1269 The list of "trusted" remote SMTP clients that have more privi- 1270 leges than "strangers". 1271 1272 <b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> 1273 The domain name that locally-posted mail appears to come from, 1274 and that locally posted mail is delivered to. 1275 1276 <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b> 1277 The process ID of a Postfix command or daemon process. 1278 1279 <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b> 1280 The process name of a Postfix command or daemon process. 1281 1282 <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b> 1283 The location of the Postfix top-level queue directory. 1284 1285 <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b> 1286 The set of characters that can separate a user name from its 1287 extension (example: user+foo), or a .forward file name from its 1288 extension (example: .forward+foo). 1289 1290 <b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b> 1291 The text that follows the 220 status code in the SMTP greeting 1292 banner. 1293 1294 <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b> 1295 The syslog facility of Postfix logging. 1296 1297 <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b> 1298 A prefix that is prepended to the process name in syslog 1299 records, so that, for example, "smtpd" becomes "prefix/smtpd". 1300 1301 Available in Postfix version 2.2 and later: 1302 1303 <b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT, GET, POST)</b> 1304 List of commands that cause the Postfix SMTP server to immedi- 1305 ately terminate the session with a 221 code. 1306 1307 Available in Postfix version 2.5 and later: 1308 1309 <b><a href="postconf.5.html#smtpd_client_port_logging">smtpd_client_port_logging</a> (no)</b> 1310 Enable logging of the remote SMTP client port in addition to the 1311 hostname and IP address. 1312 1313 Available in Postfix 3.3 and later: 1314 1315 <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b> 1316 The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process. 1317 1318 Available in Postfix 3.4 and later: 1319 1320 <b><a href="postconf.5.html#smtpd_reject_footer_maps">smtpd_reject_footer_maps</a> (empty)</b> 1321 Lookup tables, indexed by the complete Postfix SMTP server 4xx 1322 or 5xx response, with reject footer templates. 1323 1324<b>SEE ALSO</b> 1325 <a href="anvil.8.html">anvil(8)</a>, connection/rate limiting 1326 <a href="cleanup.8.html">cleanup(8)</a>, message canonicalization 1327 <a href="tlsmgr.8.html">tlsmgr(8)</a>, TLS session and PRNG management 1328 <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address resolver 1329 <a href="verify.8.html">verify(8)</a>, address verification service 1330 <a href="postconf.5.html">postconf(5)</a>, configuration parameters 1331 <a href="master.5.html">master(5)</a>, generic daemon options 1332 <a href="master.8.html">master(8)</a>, process manager 1333 <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging 1334 syslogd(8), system logging 1335 1336<b>README FILES</b> 1337 <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a>, blocking unknown hosted or relay recipients 1338 <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, Postfix address manipulation 1339 <a href="BDAT_README.html">BDAT_README</a>, Postfix CHUNKING support 1340 <a href="FILTER_README.html">FILTER_README</a>, external after-queue content filter 1341 <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a>, blocking unknown local recipients 1342 <a href="MILTER_README.html">MILTER_README</a>, before-queue mail filter applications 1343 <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, built-in access policies 1344 <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a>, external policy server 1345 <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a>, external before-queue content filter 1346 <a href="SASL_README.html">SASL_README</a>, Postfix SASL howto 1347 <a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto 1348 <a href="VERP_README.html">VERP_README</a>, Postfix XVERP extension 1349 <a href="XCLIENT_README.html">XCLIENT_README</a>, Postfix XCLIENT extension 1350 <a href="XFORWARD_README.html">XFORWARD_README</a>, Postfix XFORWARD extension 1351 1352<b>LICENSE</b> 1353 The Secure Mailer license must be distributed with this software. 1354 1355<b>AUTHOR(S)</b> 1356 Wietse Venema 1357 IBM T.J. Watson Research 1358 P.O. Box 704 1359 Yorktown Heights, NY 10598, USA 1360 1361 Wietse Venema 1362 Google, Inc. 1363 111 8th Avenue 1364 New York, NY 10011, USA 1365 1366 SASL support originally by: 1367 Till Franke 1368 SuSE Rhein/Main AG 1369 65760 Eschborn, Germany 1370 1371 TLS support originally by: 1372 Lutz Jaenicke 1373 BTU Cottbus 1374 Allgemeine Elektrotechnik 1375 Universitaetsplatz 3-4 1376 D-03044 Cottbus, Germany 1377 1378 Revised TLS support by: 1379 Victor Duchovni 1380 Morgan Stanley 1381 1382 SMTPD(8) 1383</pre> </body> </html> 1384