Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import 2.5.2, requested by perry, approved by releng.

This commit is contained in:
christos 2008-06-22 14:00:13 +00:00
parent be0b2f64b3
commit 0eea94d78f
195 changed files with 13564 additions and 2481 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
gnu/dist/postfix/html/OVERVIEW.html vendored
View File

@ -340,7 +340,7 @@ delayed mail delivery attempts is described in the <a href="QSHAPE_README.html">
and <a href="TUNING_README.html">TUNING_README</a> documents. </p>
<li> <p> The <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> server resolves each recipient
address according to its local and remote address class, as defined
address according to its local or remote address class, as defined
in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> document. Additional routing information
can be specified with the optional <a href="transport.5.html">transport(5)</a> table. The
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> server optionally queries the <a href="relocated.5.html">relocated(5)</a> table
@ -532,10 +532,12 @@ ination<br> logs </td> </tr>
</table>
<li> <p> The <a href="proxymap.8.html">proxymap(8)</a> servers provide read-only table lookup
<li> <p> The <a href="proxymap.8.html">proxymap(8)</a> servers provide read-only and read-write
table lookup
service to Postfix processes. This overcomes chroot restrictions,
and reduces the number of open lookup tables by sharing one open
table among multiple processes. </p>
reduces the number of open lookup tables by sharing one open
table among multiple processes, and implements single-updater
tables. </p>
<li> <p> The <a href="scache.8.html">scache(8)</a> server maintains the connection cache for
the Postfix <a href="smtp.8.html">smtp(8)</a> client. When connection caching is enabled for

5
gnu/dist/postfix/html/PCRE_README.html vendored
View File

@ -32,6 +32,11 @@ itself can be found at <a href="http://www.pcre.org/">http://www.pcre.org/</a>.
<h2>Building Postfix with PCRE support</h2>
<p> These instructions assume that you build Postfix from source
code as described in the <a href="INSTALL.html">INSTALL</a> document. Some modification may
be required if you build Postfix from a vendor-specific source
package. </p>
<p> Note: to use pcre with Debian GNU/Linux's Postfix, all you
need is to install the postfix-pcre package and you're done. There
is no need to recompile Postfix. </p>

5
gnu/dist/postfix/html/PGSQL_README.html vendored
View File

@ -33,6 +33,11 @@ clients by using the Postfix <a href="proxymap.8.html">proxymap(8)</a> service.
<h2>Building Postfix with PostgreSQL support</h2>
<p> These instructions assume that you build Postfix from source
code as described in the <a href="INSTALL.html">INSTALL</a> document. Some modification may
be required if you build Postfix from a vendor-specific source
package. </p>
<p> Note: to use pgsql with Debian GNU/Linux's Postfix, all you
need to do is to install the postfix-pgsql package and you're done.
There is no need to recompile Postfix. </p>

110
gnu/dist/postfix/html/QSHAPE_README.html vendored
View File

@ -409,8 +409,47 @@ caching does not solve the problem, there is a subtle workaround. </p>
<ul>
<li> <p> Postfix version 2.5 and later: </p>
<ul>
<li> <p> In <a href="master.5.html">master.cf</a> set up a dedicated clone of the "smtp" transport
for the destination in question. In the example below we will call
it "fragile". </p>
<li> <p> In <a href="master.5.html">master.cf</a> configure a reasonable process limit for the
cloned smtp transport (a number in the 10-20 range is typical). </p>
<li> <p> IMPORTANT!!! In <a href="postconf.5.html">main.cf</a> configure a large per-destination
pseudo-cohort failure limit for the cloned smtp transport. </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#transport_maps">transport_maps</a> = hash:/etc/postfix/transport
fragile_destination_concurrency_failed_cohort_limit = 100
fragile_destination_concurrency_limit = 20
/etc/postfix/transport:
example.com fragile:
/etc/postfix/<a href="master.5.html">master.cf</a>:
# service type private unpriv chroot wakeup maxproc command
fragile unix - - n - 20 smtp
</pre>
<p> See also the documentation for
<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> and
<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>. </p>
</ul>
<li> <p> Earlier Postfix versions: </p>
<ul>
<li> <p> In <a href="master.5.html">master.cf</a> set up a dedicated clone of the "smtp"
transport for the destination in question. </p>
transport for the destination in question. In the example below
we will call it "fragile". </p>
<li> <p> In <a href="master.5.html">master.cf</a> configure a reasonable process limit for the
transport (a number in the 10-20 range is typical). </p>
@ -420,16 +459,26 @@ and destination concurrency limit for this transport (say 2000). </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#transport_maps">transport_maps</a> = hash:/etc/postfix/transport
<a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a> = 2000
<i>transportname</i>_destination_concurrency_limit = 2000
fragile_destination_concurrency_limit = 2000
/etc/postfix/transport:
example.com fragile:
/etc/postfix/<a href="master.5.html">master.cf</a>:
# service type private unpriv chroot wakeup maxproc command
fragile unix - - n - 20 smtp
</pre>
<p> Where <i>transportname</i> is the name of the <a href="master.5.html">master.cf</a> entry
in question. </p>
<p> See also the documentation for <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>.
</p>
</ul>
<p> The effect of this surprising configuration is that up to 2000
</ul>
<p> The effect of this configuration is that up to 2000
consecutive errors are tolerated without marking the destination
dead, while the total concurrency remains reasonable (10-20
processes). This trick is only for a very specialized situation:
@ -443,6 +492,42 @@ insert brief delays between delivery attempts. </p>
<ul>
<li> <p> Postfix version 2.5 and later: </p>
<ul>
<li> <p> In <a href="master.5.html">master.cf</a> set up a dedicated clone of the "smtp" transport
for the problem destination. In the example below we call it "slow".
</p>
<li> <p> In <a href="postconf.5.html">main.cf</a> configure a short delay between deliveries to
the same destination. </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#transport_maps">transport_maps</a> = hash:/etc/postfix/transport
slow_destination_rate_delay = 1
/etc/postfix/transport:
example.com slow:
/etc/postfix/<a href="master.5.html">master.cf</a>:
# service type private unpriv chroot wakeup maxproc command
slow unix - - n - - smtp
</pre>
</ul>
<p> See also the documentation for <a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>. </p>
<p> This solution forces the Postfix <a href="smtp.8.html">smtp(8)</a> client to wait for
$slow_destination_rate_delay seconds between deliveries to the same
destination. </p>
<li> <p> Earlier Postfix versions: </p>
<ul>
<li> <p> In the transport map entry for the problem destination,
specify a dead host as the primary nexthop. </p>
@ -451,25 +536,28 @@ problem destination as the <a href="postconf.5.html#fallback_relay">fallback_rel
<a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> value. </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#transport_maps">transport_maps</a> = hash:/etc/postfix/transport
/etc/postfix/transport:
problem.example.com slow:[dead.host]
example.com slow:[dead.host]
/etc/postfix/<a href="master.5.html">master.cf</a>:
# service type private unpriv chroot wakeup maxproc command
slow unix - - n - 1 smtp
-o <a href="postconf.5.html#fallback_relay">fallback_relay</a>=problem.example.com
-o <a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a>=1
-o <a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a>=no
</pre>
</ul>
<p> This solution forces the Postfix <a href="smtp.8.html">smtp(8)</a> client to wait for
$<a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> seconds between deliveries. The solution
depends on Postfix connection management details, and needs to be
updated when SMTP connection caching is introduced. </p>
$<a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> seconds between deliveries. The connection
caching feature is disabled to prevent the client from skipping
over the dead host. </p>
<p> Hopefully a more elegant solution to these problems will be
found in the future. </p>
</ul>
<h2><a name="queues">Postfix queue directories</a></h2>

220
gnu/dist/postfix/html/SASL_README.html vendored
View File

@ -28,19 +28,23 @@ Dovecot provides an alternative that may be worth considering.
<h2><a name="intro">How Postfix uses SASL authentication information</a></h2>
<p> Postfix SASL support (<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>) can be used to authenticate
<p> Postfix SASL support (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>, formerly RFC 2554) can be used
to authenticate
remote SMTP clients to the Postfix SMTP server, and to authenticate
the Postfix SMTP client to a remote SMTP server. </p>
<p> When receiving mail, Postfix logs the client-provided username,
<p> When receiving mail, the Postfix SMTP server logs the client-provided
username,
authentication method, and sender address to the maillog file, and
optionally grants mail access via the <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
UCE restriction. </p>
<p> When sending mail, Postfix can look up the server hostname or
destination domain (the address right-hand part) in a Postfix SASL password
<p> When sending mail, the Postfix SMTP client can look up the
remote SMTP server hostname or
destination domain (the address right-hand part) in a SASL password
table, and if a username/password is found, it will use that username
and password to authenticate to the server. And as of version 2.3,
and password to authenticate to the remote SMTP server. And as of
version 2.3,
Postfix can be configured to search its SASL password table by the
sender email address. </p>
@ -75,6 +79,9 @@ Postfix SMTP server</a></li>
<li><a href="#client_sasl">Enabling SASL authentication in the
Postfix SMTP client</a></li>
<li><a href="#client_sasl_sender">Supporting multiple ISP accounts
in the Postfix SMTP client</a></li>
<li><a href="#credits">Credits</a>
</ul>
@ -113,6 +120,11 @@ Postfix versions. </p>
<h2><a name="build_dovecot">Building Postfix with Dovecot SASL
support</a></h2>
<p> These instructions assume that you build Postfix from source
code as described in the <a href="INSTALL.html">INSTALL</a> document. Some modification may
be required if you build Postfix from a vendor-specific source
package. </p>
<p> Support for the Dovecot version 1 SASL protocol is available
in Postfix 2.3 and later. At the time
of writing, only server-side SASL support is available, so you can't
@ -169,6 +181,11 @@ authentication method, specify ``./configure --enable-login''. </p>
<h2><a name="build_postfix">Building Postfix with Cyrus SASL support</a></h2>
<p> These instructions assume that you build Postfix from source
code as described in the <a href="INSTALL.html">INSTALL</a> document. Some modification may
be required if you build Postfix from a vendor-specific source
package. </p>
<p> The following
assumes that the Cyrus SASL include files are in /usr/local/include,
and that the Cyrus SASL libraries are in /usr/local/lib. </p>
@ -224,7 +241,7 @@ otherwise ld.so will not find the SASL shared library: </p>
<h2><a name="server_sasl">Enabling SASL authentication in the Postfix
SMTP server</a></h2>
<p> In order to enable SASL support in the SMTP server: </p>
<p> In order to enable SASL support in the Postfix SMTP server: </p>
<blockquote>
<pre>
@ -233,13 +250,16 @@ SMTP server</a></h2>
</pre>
</blockquote>
<p> In order to allow mail relaying by authenticated clients: </p>
<p> In order to allow mail relaying by authenticated remote SMTP
clients: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> ...
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
</pre>
</blockquote>
@ -277,7 +297,7 @@ Postfix SMTP server</a></h2>
the Postfix side you need to specify the location of the
Dovecot authentication daemon socket. We use a pathname relative
to the Postfix queue directory, so that it will work whether or not
Postfix runs chrooted: </p>
the Postfix SMTP server runs chrooted: </p>
<blockquote>
<pre>
@ -320,11 +340,13 @@ the Dovecot authentication server. </p>
SMTP server</a></h2>
<p> You need to configure how the Cyrus SASL library should
authenticate a client's username and password. These settings must
authenticate a remote SMTP client's username and password. These
settings must
be stored in a separate configuration file. </p>
<p> The name of the configuration file (default: smtpd.conf) will
be constructed from a value sent by Postfix to the Cyrus SASL
be constructed from a value that the Postfix SMTP server sends to
the Cyrus SASL
library, which adds the suffix .conf. The value is configured using
one of the following variables: </p>
@ -362,7 +384,7 @@ file in /etc/sasl2. </p>
</pre>
<p> IMPORTANT: pwcheck establishes a UNIX domain socket in /var/pwcheck
and waits for authentication requests. Postfix processes must have
and waits for authentication requests. The Postfix SMTP server must have
read+execute permission to this directory or authentication attempts
will fail. </p>
@ -391,8 +413,8 @@ can authenticate against PAM and various other sources. To use PAM,
start saslauthd with "-a pam". </p>
<p> IMPORTANT: saslauthd usually establishes a UNIX domain socket
in /var/run/saslauthd and waits for authentication requests. Postfix
processes must have read+execute permission to this directory or
in /var/run/saslauthd and waits for authentication requests. The Postfix
SMTP server must have read+execute permission to this directory or
authentication attempts will fail. </p>
<p> Note: The directory where saslauthd puts the socket is configurable.
@ -427,7 +449,8 @@ software). On some poorly-supported systems the saslpasswd command needs
to be run multiple times before it stops complaining. The Postfix SMTP
server needs read access to the sasldb file - you may have to play games
with group access permissions. With the OTP authentication mechanism,
the SMTP server also needs WRITE access to /etc/sasldb2 or /etc/sasldb
the Postfix SMTP server also needs WRITE access to /etc/sasldb2 or
/etc/sasldb
(or the back end SQL database, if used). </p>
<p> IMPORTANT: To get sasldb running, make sure that you set the SASL
@ -454,10 +477,10 @@ domain (realm) to a fully qualified domain name. </p>
in sasldb with <i>sasldblistusers</i> (Cyrus SASL version 1.5.x) or
<i>sasldblistusers2</i> (Cyrus SASL version 2.1.x). </p>
<p> On the Postfix side, you can have only one realm per smtpd
<p> On the Postfix side, you can have only one realm per <a href="smtpd.8.html">smtpd(8)</a>
instance, and only the users belonging to that realm would be able to
authenticate. The Postfix variable <a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> controls the
realm used by smtpd: </p>
realm used by <a href="smtpd.8.html">smtpd(8)</a>: </p>
<blockquote>
<pre>
@ -472,10 +495,11 @@ realm used by smtpd: </p>
and saslauthd can only support the plaintext mechanisms PLAIN or
LOGIN. However, the Cyrus SASL library doesn't know this, and will
happily advertise other authentication mechanisms that the SASL
library implements, such as DIGEST-MD5. As a result, if an SMTP
library implements, such as DIGEST-MD5. As a result, if a remote SMTP
client chooses any mechanism other than PLAIN or LOGIN while pwcheck
or saslauthd are used, authentication will fail. Thus you may need
to limit the list of mechanisms advertised by Postfix. </p>
to limit the list of mechanisms advertised by the Postfix SMTP
server. </p>
<ul>
@ -523,12 +547,15 @@ exercise. It probably is not worth the trouble. </p>
<h2><a name="server_test">Testing SASL authentication in the Postfix
SMTP server</a></h2>
<p> To test the server side, connect to the SMTP server, and you should
<p> To test the server side, connect (for example, with telnet) to the
Postfix SMTP server port and you should
be able to have a conversation as shown below. Information sent by the
client is shown in bold font. </p>
client (that is, you) is shown in bold font. </p>
<blockquote>
<pre>
$ <b>telnet server.example.com 25</b>
. . .
220 server.example.com ESMTP Postfix
<b>EHLO client.example.com</b>
250-server.example.com
@ -585,20 +612,22 @@ directive is set to): </p>
</pre>
</blockquote>
<p> then run the resulting sample server and client in separate
terminals. The sample applications send log messages to the syslog
<p> then run the resulting sample Cyrus SASL server and client in
separate terminals. The sample applications send log messages to
the syslog
facility auth. Check the log to fix the problem or run strace /
ktrace / truss on the server to see what makes it unhappy. Repeat
the previous step until you can successfully authenticate with the
sample client. Only then get back to Postfix. </p>
sample Cyrus SASL client. Only then get back to Postfix. </p>
<h2><a name="client_sasl">Enabling SASL authentication in the
Postfix SMTP client</a></h2>
<p> Turn on client-side SASL authentication, and specify a table
with per-host or per-destination username and password information.
Postfix first searches the table for an entry with the server
hostname; if no entry is found, then Postfix searches the table for
The Postfix SMTP client first searches the table for an entry with
the remote SMTP server hostname; if no entry is found, then the
Postfix SMTP client searches the table for
an entry with the next-hop destination. Usually, that is the
right-hand part of an email address, but it can also be the information
that is specified with the <a href="postconf.5.html#relayhost">relayhost</a> parameter or with a <a href="transport.5.html">transport(5)</a>
@ -610,41 +639,57 @@ table. </p>
<a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> = yes
<a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> = hash:/etc/postfix/sasl_passwd
<a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> = cyrus
<a href="postconf.5.html#relayhost">relayhost</a> = [mail.myisp.net]
# Alternative form:
# <a href="postconf.5.html#relayhost">relayhost</a> = [mail.myisp.net]:submission
/etc/postfix/sasl_passwd:
foo.com username:password
bar.com username
[mail.myisp.net] username:password
[mail.myisp.net]:submission username:password
</pre>
</blockquote>
<p> The Postfix SASL client password file is opened before the SMTP
server enters the optional chroot jail, so you can keep the file
in /etc/postfix and set permissions read / write only for root to
keep the username:password combinations away from other system
<p> Notes: </p>
<ul>
<li> <p> The "submission" destination port tells Postfix to send
mail via TCP network port 587, which is normally reserved for email
clients. The default is to send mail to the "smtp" destination port
(TCP port 25), which is used for receiving mail across the internet.
If you use an explicit destination port in <a href="postconf.5.html">main.cf</a>, then you must
use the same form also in the <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> file. </p>
<li> <p> Postfix does not deliver mail via TCP port 465 (the obsolete
"wrappermode" protocol). See <a href="TLS_README.html">TLS_README</a> for a solution that uses the
"stunnel" command. </p>
<li> <p> The "[" and "]" prevent Postfix from looking up the MX
(mail exchanger) records for the enclosed name. If you use this
form in <a href="postconf.5.html">main.cf</a>, then you must use the same form also in the
<a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> file. </p>
<li> <p> The Postfix SMTP client opens the SASL client password
file before entering the optional chroot jail, so you can keep the
file in /etc/postfix and set permissions read / write only for root
to keep the username:password combinations away from other system
users. </p>
<p> Postfix version 2.3 supports-per-sender SASL password
information. To search the Postfix SASL password by sender
before it searches by destination, specify: </p>
<li> <p> Specify <b>dbm</b> instead of <b>hash</b> if your system
uses <b>dbm</b> files instead of <b>db</b> files. To find out what
lookup tables Postfix supports, use the command "<b>postconf -m</b>".
</p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> = yes
<a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> = yes
<a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> = hash:/etc/postfix/sasl_passwd
<li> <p> Execute the command "<b>postmap /etc/postfix/sasl_passwd</b>"
whenever you change the sasl_passwd table. </p>
/etc/postfix/sasl_passwd:
user@example.com username:password
bar.com username
[mail.myisp.net] username:password
[mail.myisp.net]:submission username:password
</pre>
</blockquote>
</ul>
<p> Note: some SMTP servers support PLAIN or LOGIN authentication only.
<p> Workarounds: </p>
<ul>
<li> <p> Some remote SMTP servers support PLAIN or LOGIN authentication only.
By default, the Postfix SMTP client does not use authentication
methods that send plaintext passwords, and defers delivery with
the following error message: "Authentication failed: cannot SASL
@ -658,12 +703,10 @@ for example: </p>
</pre>
</blockquote>
<p> Note: Some SMTP servers support authentication mechanisms that,
although available on the client system, may not in practice work or
possess the appropriate credentials to authenticate to the server. It
is possible via the <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> parameter to further
restrict the list of server mechanisms that the <a href="smtp.8.html">smtp(8)</a> client will take
into consideration: </p>
<li> <p> Some remote SMTP servers announce authentication mechanisms
that don't actually work. It is possible via the <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a>
parameter to restrict the list of server mechanisms that the Postfix
SMTP client will take into consideration: </p>
<blockquote>
<pre>
@ -672,14 +715,77 @@ into consideration: </p>
</pre>
</blockquote>
<p> In the above example, Postfix will decline to use mechanisms
<p> In the above example, the Postfix SMTP client will decline to
use mechanisms
that require special infrastructure such as Kerberos or TLS. </p>
<p> The Postfix SMTP client is backwards compatible with SMTP
<li> <p> The Postfix SMTP client is backwards compatible with SMTP
servers that use the non-standard "AUTH=method..." syntax in response
to the EHLO command; there is no Postfix client configuration needed
to work around it. </p>
</ul>
<h2><a name="client_sasl_sender">Supporting multiple ISP accounts
in the Postfix SMTP client</a></h2>
<p> Postfix version 2.3 supports multiple ISP accounts. This can
be useful when one person uses the same machine for work and for
personal use, or when people with different ISP accounts share the
same Postfix server. To make this possible, Postfix 2.3 supports
per-sender SASL passwords and per-sender relay hosts. In the example
below, Postfix will search the SASL password file by sender before
it searches that same file by destination. Likewise, Postfix will
search the per-sender <a href="postconf.5.html#relayhost">relayhost</a> file, and use the default <a href="postconf.5.html#relayhost">relayhost</a>
only as a final resort. </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> = yes
<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> = hash:/etc/postfix/sender_relay
<a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> = yes
<a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> = hash:/etc/postfix/sasl_passwd
<a href="postconf.5.html#relayhost">relayhost</a> = [mail.myisp.net]
# Alternative form:
# <a href="postconf.5.html#relayhost">relayhost</a> = [mail.myisp.net]:submission
/etc/postfix/sasl_passwd:
# Per-sender authentication; see also /etc/postfix/sender_relay.
user1@example.com username2:password2
user2@example.net username2:password2
# Login information for the default <a href="postconf.5.html#relayhost">relayhost</a>.
[mail.myisp.net] username:password
[mail.myisp.net]:submission username:password
/etc/postfix/sender_relay:
# Per-sender provider; see also /etc/postfix/sasl_passwd.
user1@example.com [mail.example.com]:submission
user2@example.net [mail.example.net]
</pre>
</blockquote>
<p> Notes: </p>
<ul>
<li> <p> If you are creative, then you can try to combine the two
tables into one single MySQL database, and configure different
Postfix queries to extract the appropriate information. </p>
<li> <p> Specify <b>dbm</b> instead of <b>hash</b> if your system
uses <b>dbm</b> files instead of <b>db</b> files. To find out what
lookup tables Postfix supports, use the command "<b>postconf -m</b>".
</p>
<li> <p> Execute the command "<b>postmap /etc/postfix/sasl_passwd</b>"
whenever you change the sasl_passwd table. </p>
<li> <p> Execute the command "<b>postmap /etc/postfix/sender_relay</b>"
whenever you change the sender_relay table. </p>
</ul>
<h2><a name="credits">Credits</a></h2>
<ul>

1873
gnu/dist/postfix/html/SCHEDULER_README.html vendored
View File

File diff suppressed because it is too large Load Diff

5
gnu/dist/postfix/html/SMTPD_POLICY_README.html vendored
View File

@ -100,6 +100,8 @@ encryption_protocol=TLSv1/SSLv3
encryption_cipher=DHE-RSA-AES256-SHA
encryption_keysize=256
etrn_domain=
<b>Postfix version 2.5 and later:</b>
stress=
[empty line]
</pre>
</blockquote>
@ -178,6 +180,9 @@ etrn_domain=
context of the ETRN command, and specifies the ETRN command
parameter. </p>
<li> <p> The "stress" attribute is either empty or "yes". See
the <a href="STRESS_README.html">STRESS_README</a> document for further information. </p>
</ul>
<p> The following is specific to SMTPD delegated policy requests:

385
gnu/dist/postfix/html/SOHO_README.html vendored Normal file
View File

@ -0,0 +1,385 @@
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Postfix Small/Home Office Hints and Tips</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Small/Home Office Hints and Tips</h1>
<hr>
<h2>Overview</h2>
<p> This document combines hints and tips for "small office/home
office" applications into one document so that they are easier to
find. The text describes the mail sending side only. If your machine
does not receive mail directly (i.e. it does not have its own
Internet domain name and its own fixed IP address), then you will
need a solution such as "fetchmail", which is outside the scope of
the Postfix documentation. </p>
<ul>
<li> <p> Selected topics from the <a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> document: </p>
<ul>
<li><a href="#stand_alone">Postfix on a stand-alone Internet host</a>
<li><a href="#fantasy">Postfix on hosts without a real
Internet hostname</a>
</ul>
<p> Selected topics from the <a href="SASL_README.html">SASL_README</a> document: </p>
<ul>
<li><a href="#client_sasl">Enabling SASL authentication in the
Postfix SMTP client</a></li>
<li><a href="#client_sasl_sender">Supporting multiple ISP accounts
in the Postfix SMTP client</a></li>
</ul>
</ul>
<p> See the <a href="SASL_README.html">SASL_README</a> and <a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> documents for
further information on these topics. </p>
<h2><a name="stand_alone">Postfix on a stand-alone Internet host</a></h2>
<p> Postfix should work out of the box without change on a stand-alone
machine that has direct Internet access. At least, that is how
Postfix installs when you download the Postfix source code via
<a href="http://www.postfix.org/">http://www.postfix.org/</a>. </p>
<p> You can use the command "<b>postconf -n</b>" to find out what
settings are overruled by your <a href="postconf.5.html">main.cf</a>. Besides a few pathname
settings, few parameters should be set on a stand-alone box, beyond
what is covered in the <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> document: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
# Optional: send mail as user@domainname instead of user@hostname.
#<a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
# Optional: specify NAT/proxy external address.
#<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4
# Alternative 1: don't relay mail from other hosts.
<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host
<a href="postconf.5.html#relay_domains">relay_domains</a> =
# Alternative 2: relay mail from local clients only.
# <a href="postconf.5.html#mynetworks">mynetworks</a> = 192.168.1.0/28
# <a href="postconf.5.html#relay_domains">relay_domains</a> =
</pre>
</blockquote>
<p> See also the section "<a href="#fantasy">Postfix on hosts without
a real Internet hostname</a>" if this is applicable to your configuration.
</p>
<h2><a name="fantasy">Postfix on hosts without a real Internet
hostname</a></h2>
<p> This section is for hosts that don't have their own Internet
hostname. Typically these are systems that get a dynamic IP address
via DHCP or via dialup. Postfix will let you send and receive mail
just fine between accounts on a machine with a fantasy name. However,
you cannot use a fantasy hostname in your email address when sending
mail into the Internet, because no-one would be able to reply to
your mail. In fact, more and more sites refuse mail addresses with
non-existent domain names. </p>
<p> Note: the following information is Postfix version dependent.
To find out what Postfix version you have, execute the command
"<b>postconf <a href="postconf.5.html#mail_version">mail_version</a></b>". </p>
<h3>Solution 1: Postfix version 2.2 and later </h3>
<p> Postfix 2.2 uses the <a href="generic.5.html">generic(5)</a> address mapping to replace
local fantasy email addresses by valid Internet addresses. This
mapping happens ONLY when mail leaves the machine; not when you
send mail between users on the same machine. </p>
<p> The following example presents additional configuration. You
need to combine this with basic configuration information as
discussed the first half of this document. </p>
<blockquote>
<pre>
1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
2 <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> = hash:/etc/postfix/generic
3
4 /etc/postfix/generic:
5 his@localdomain.local hisaccount@hisisp.example
6 her@localdomain.local heraccount@herisp.example
7 @localdomain.local hisaccount+local@hisisp.example
</pre>
</blockquote>
<p> When mail is sent to a remote host via SMTP: </p>
<ul>
<li> <p> Line 5 replaces <i>his@localdomain.local</i> by his ISP
mail address, </p>
<li> <p> Line 6 replaces <i>her@localdomain.local</i> by her ISP
mail address, and </p>
<li> <p> Line 7 replaces other local addresses by his ISP account,
with an address extension of +<i>local</i> (this example assumes
that the ISP supports "+" style address extensions). </p>
</ul>
<p>Specify <b>dbm</b> instead of <b>hash</b> if your system uses
<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
tables Postfix supports, use the command "<b>postconf -m</b>". </p>
<p> Execute the command "<b>postmap /etc/postfix/generic</b>"
whenever you change the generic table. </p>
<h3>Solution 2: Postfix version 2.1 and earlier </h3>
<p> The solution with older Postfix systems is to use valid
Internet addresses where possible, and to let Postfix map valid
Internet addresses to local fantasy addresses. With this, you can
send mail to the Internet and to local fantasy addresses, including
mail to local fantasy addresses that don't have a valid Internet
address of their own.</p>
<p> The following example presents additional configuration. You
need to combine this with basic configuration information as
discussed the first half of this document. </p>
<blockquote>
<pre>
1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
2 <a href="postconf.5.html#myhostname">myhostname</a> = hostname.localdomain
3 <a href="postconf.5.html#mydomain">mydomain</a> = localdomain
4
5 <a href="postconf.5.html#canonical_maps">canonical_maps</a> = hash:/etc/postfix/canonical
6
7 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
8
9 /etc/postfix/canonical:
10 your-login-name your-account@your-isp.com
11
12 /etc/postfix/<a href="virtual.8.html">virtual</a>:
13 your-account@your-isp.com your-login-name
</pre>
</blockquote>
<p> Translation: </p>
<ul>
<li> <p> Lines 2-3: Substitute your fantasy hostname here. Do not
use a domain name that is already in use by real organizations
on the Internet. See <a href="http://tools.ietf.org/html/rfc2606">RFC 2606</a> for examples of domain
names that are guaranteed not to be owned by anyone. </p>
<li> <p> Lines 5, 9, 10: This provides the mapping from
"your-login-name@hostname.localdomain" to "your-account@your-isp.com".
This part is required. </p>
<li> <p> Lines 7, 12, 13: Deliver mail for "your-account@your-isp.com"
locally, instead of sending it to the ISP. This part is not required
but is convenient.
</ul>
<p>Specify <b>dbm</b> instead of <b>hash</b> if your system uses
<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
tables Postfix supports, use the command "<b>postconf -m</b>". </p>
<p> Execute the command "<b>postmap /etc/postfix/canonical</b>"
whenever you change the canonical table. </p>
<p> Execute the command "<b>postmap /etc/postfix/virtual</b>"
whenever you change the virtual table. </p>
<h2><a name="client_sasl">Enabling SASL authentication in the
Postfix SMTP client</a></h2>
<p> Turn on client-side SASL authentication, and specify a table
with per-host or per-destination username and password information.
The Postfix SMTP client first searches the table for an entry with
the remote SMTP server hostname; if no entry is found, then the
Postfix SMTP client searches the table for
an entry with the next-hop destination. Usually, that is the
right-hand part of an email address, but it can also be the information
that is specified with the <a href="postconf.5.html#relayhost">relayhost</a> parameter or with a <a href="transport.5.html">transport(5)</a>
table. </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> = yes
<a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> = hash:/etc/postfix/sasl_passwd
<a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> = cyrus
<a href="postconf.5.html#relayhost">relayhost</a> = [mail.myisp.net]
# Alternative form:
# <a href="postconf.5.html#relayhost">relayhost</a> = [mail.myisp.net]:submission
/etc/postfix/sasl_passwd:
[mail.myisp.net] username:password
[mail.myisp.net]:submission username:password
</pre>
</blockquote>
<p> Notes: </p>
<ul>
<li> <p> The "submission" destination port tells Postfix to send
mail via TCP network port 587, which is normally reserved for email
clients. The default is to send mail to the "smtp" destination port
(TCP port 25), which is used for receiving mail across the internet.
If you use an explicit destination port in <a href="postconf.5.html">main.cf</a>, then you must
use the same form also in the <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> file. </p>
<li> <p> Postfix does not deliver mail via TCP port 465 (the obsolete
"wrappermode" protocol). See <a href="TLS_README.html">TLS_README</a> for a solution that uses the
"stunnel" command. </p>
<li> <p> The "[" and "]" prevent Postfix from looking up the MX
(mail exchanger) records for the enclosed name. If you use this
form in <a href="postconf.5.html">main.cf</a>, then you must use the same form also in the
<a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> file. </p>
<li> <p> The Postfix SMTP client opens the SASL client password
file before entering the optional chroot jail, so you can keep the
file in /etc/postfix and set permissions read / write only for root
to keep the username:password combinations away from other system
users. </p>
<li> <p> Specify <b>dbm</b> instead of <b>hash</b> if your system
uses <b>dbm</b> files instead of <b>db</b> files. To find out what
lookup tables Postfix supports, use the command "<b>postconf -m</b>".
</p>
<li> <p> Execute the command "<b>postmap /etc/postfix/sasl_passwd</b>"
whenever you change the sasl_passwd table. </p>
</ul>
<p> Workarounds: </p>
<ul>
<li> <p> Some remote SMTP servers support PLAIN or LOGIN authentication only.
By default, the Postfix SMTP client does not use authentication
methods that send plaintext passwords, and defers delivery with
the following error message: "Authentication failed: cannot SASL
authenticate to server". To enable plaintext authentication specify,
for example: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> = noanonymous
</pre>
</blockquote>
<li> <p> Some remote SMTP servers announce authentication mechanisms
that don't actually work. It is possible via the <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a>
parameter to restrict the list of server mechanisms that the Postfix
SMTP client will take into consideration: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = !gssapi, !external, static:all
</pre>
</blockquote>
<p> In the above example, the Postfix SMTP client will decline to
use mechanisms
that require special infrastructure such as Kerberos or TLS. </p>
<li> <p> The Postfix SMTP client is backwards compatible with SMTP
servers that use the non-standard "AUTH=method..." syntax in response
to the EHLO command; there is no Postfix client configuration needed
to work around it. </p>
</ul>
<h2><a name="client_sasl_sender">Supporting multiple ISP accounts
in the Postfix SMTP client</a></h2>
<p> Postfix version 2.3 supports multiple ISP accounts. This can
be useful when one person uses the same machine for work and for
personal use, or when people with different ISP accounts share the
same Postfix server. To make this possible, Postfix 2.3 supports
per-sender SASL passwords and per-sender relay hosts. In the example
below, Postfix will search the SASL password file by sender before
it searches that same file by destination. Likewise, Postfix will
search the per-sender <a href="postconf.5.html#relayhost">relayhost</a> file, and use the default <a href="postconf.5.html#relayhost">relayhost</a>
only as a final resort. </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> = yes
<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> = hash:/etc/postfix/sender_relay
<a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> = yes
<a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> = hash:/etc/postfix/sasl_passwd
<a href="postconf.5.html#relayhost">relayhost</a> = [mail.myisp.net]
# Alternative form:
# <a href="postconf.5.html#relayhost">relayhost</a> = [mail.myisp.net]:submission
/etc/postfix/sasl_passwd:
# Per-sender authentication; see also /etc/postfix/sender_relay.
user1@example.com username2:password2
user2@example.net username2:password2
# Login information for the default <a href="postconf.5.html#relayhost">relayhost</a>.
[mail.myisp.net] username:password
[mail.myisp.net]:submission username:password
/etc/postfix/sender_relay:
# Per-sender provider; see also /etc/postfix/sasl_passwd.
user1@example.com [mail.example.com]:submission
user2@example.net [mail.example.net]
</pre>
</blockquote>
<p> Notes: </p>
<ul>
<li> <p> If you are creative, then you can try to combine the two
tables into one single MySQL database, and configure different
Postfix queries to extract the appropriate information. </p>
<li> <p> Specify <b>dbm</b> instead of <b>hash</b> if your system
uses <b>dbm</b> files instead of <b>db</b> files. To find out what
lookup tables Postfix supports, use the command "<b>postconf -m</b>".
</p>
<li> <p> Execute the command "<b>postmap /etc/postfix/sasl_passwd</b>"
whenever you change the sasl_passwd table. </p>
<li> <p> Execute the command "<b>postmap /etc/postfix/sender_relay</b>"
whenever you change the sender_relay table. </p>
</ul>
</body>
</html>

8
gnu/dist/postfix/html/STANDARD_CONFIGURATION_README.html vendored
View File

@ -81,9 +81,13 @@ what is covered in the <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURA
# Optional: specify NAT/proxy external address.
#<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4
# Don't relay mail from other hosts.
# Alternative 1: don't relay mail from other hosts.
<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host
<a href="postconf.5.html#relay_domains">relay_domains</a> =
# Alternative 2: relay mail from local clients only.
# <a href="postconf.5.html#mynetworks">mynetworks</a> = 192.168.1.0/28
# <a href="postconf.5.html#relay_domains">relay_domains</a> =
</pre>
</blockquote>
@ -789,7 +793,7 @@ discussed the first half of this document. </p>
<li> <p> Lines 2-3: Substitute your fantasy hostname here. Do not
use a domain name that is already in use by real organizations
on the Internet. See <a href="http://www.faqs.org/rfcs/rfc2606.html">RFC 2606</a> for examples of domain
on the Internet. See <a href="http://tools.ietf.org/html/rfc2606">RFC 2606</a> for examples of domain
names that are guaranteed not to be owned by anyone. </p>
<li> <p> Lines 5, 9, 10: This provides the mapping from

477
gnu/dist/postfix/html/STRESS_README.html vendored Normal file
View File

@ -0,0 +1,477 @@
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Postfix Stress-Dependent Configuration</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
Stress-Dependent Configuration</h1>
<hr>
<h2>Overview </h2>
<p> This document describes the symptoms of Postfix SMTP server
overload, and how to avoid the condition under normal conditions.
When the condition is caused by botnets or other malware, the
document suggests configuration settings that help to minimize the
impact on legitimate mail. Finally, the document introduces
stress-adaptive behavior, introduced with Postfix 2.5, and how it
can be used to automatically switch configuration settings under
overload. </p>
<p> Topics covered in this document: </p>
<ul>
<li><a href="#overload"> Symptoms of Postfix SMTP server overload </a>
<li><a href="#concurrency"> Service more SMTP clients at the same time </a>
<li><a href="#time"> Spend less time per SMTP client </a>
<li><a href="#hangup"> Disconnect suspicious SMTP clients </a>
<li><a href="#desperate"> Take desperate measures </a>
<li><a href="#adapt"> Make Postfix behavior stress-adaptive </a>
<li><a href="#feature"> Detecting support for stress-adaptive behavior </a>
<li><a href="#forcing"> Forcing stress-adaptive behavior on or off </a>
<li><a href="#credits"> Credits </a>
</ul>
<h2><a name="overload"> Symptoms of Postfix SMTP server overload </a></h2>
<p> Under normal conditions, Postfix responds immediately when a
remote SMTP client connects. The time needed to deliver mail should
be noticeable only with very large messages. Performance degrades
more dramatically when the number of remote SMTP clients exceeds
the number of Postfix SMTP server processes. When a client connects
while all server processes are busy, the client must wait until a
server process becomes available. </p>
<p> Overload may be caused by a legitimate mail (example: a DNS
registrar opens a new zone for registrations), by mistake (mail
explosion caused by a forwarding loop) or by illegitimate mail (worm
outbreak, botnet, or other malware activity). Symptoms of Postfix
SMTP mail server overload are: </p>
<ul>
<li> <p> Remote SMTP clients experience a long delay before Postfix
sends the "220 hostname.example.com ESMTP Postfix" greeting. If
this affects end-user mail clients, enable the "submission" service
entry in <a href="master.5.html">master.cf</a> (present since Postfix 2.1), and tell users to
connect to this instead of the public SMTP service. </p>
<li> <p> The Postfix SMTP server logs an increased number of "lost
connection after CONNECT" events. This happens because remote SMTP
clients disconnect before Postfix answers the connection. </p>
<li> <p> Postfix 2.3 and later logs a warning that all server ports
are busy: </p>
<pre>
Oct 3 20:39:27 spike postfix/master[28905]: warning: service "smtp"
(25) has reached its process limit "30": new clients may experience
noticeable delays
Oct 3 20:39:27 spike postfix/master[28905]: warning: to avoid this
condition, increase the process count in <a href="master.5.html">master.cf</a> or reduce the
service time per client
</pre>
</ul>
<p> NOTE: The first two symptoms may also happen without overload,
for example: </p>
<ul>
<li> <p> Broken DNS also causes lengthy delays before "220
hostname.example.com
..." while the Postfix SMTP server tries to look up the client's
hostname. </p>
<li> <p> A portscan for open SMTP ports also results in "lost
connection ..." logfile messages. </p>
</ul>
<p> Legitimate mail that doesn't get through during an episode of
overload is not necessarily lost. It should still arrive once the
situation returns to normal, as long as the overload condition is
temporary. </p>
<h2><a name="concurrency"> Service more SMTP clients at the same time </a> </h2>
<p> To service more SMTP clients simultaneously, you need to increase
the number of SMTP server processes. This will improve the
responsiveness for remote SMTP clients, as long as the server machine
has enough hardware and software resources to run the additional
processes, and as long as the file system can keep up with the
additional load. </p>
<ul>
<li> <p> You increase the number of SMTP server processes either
by increasing the <a href="postconf.5.html#default_process_limit">default_process_limit</a> in <a href="postconf.5.html">main.cf</a> (line 3 below),
or by increasing the SMTP server's "maxproc" field in <a href="master.5.html">master.cf</a>
(line 10 below). Either way, you need to issue a "postfix reload"
command to make the change effective. </p>
<li> <p> Process limits above 1000 require Postfix version 2.4 or
later, and an operating system that supports kernel-based event
filters (BSD kqueue(2), Linux epoll(4), or Solaris /dev/poll).
</p>
<li> <p> You can reduce the Postfix memory footprint by using <a href="CDB_README.html">cdb</a>:
lookup tables instead of Berkeley DB. </p>
<pre>
1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
2 # Raise the global process limit, 100 since Postfix 2.0.
3 <a href="postconf.5.html#default_process_limit">default_process_limit</a> = 200
4
5 /etc/postfix/<a href="master.5.html">master.cf</a>:
6 # =============================================================
7 # service type private unpriv chroot wakeup maxproc command
8 # =============================================================
9 # Raise the SMTP service process limit only.
10 smtp inet n - n - 200 smtpd
</pre>
<li> <p> NOTE: older versions of the <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> document
contain a mistake: they configure a fixed number of policy daemon
processes. When you raise the SMTP server's "maxproc" field in
<a href="master.5.html">master.cf</a>, SMTP server processes will report problems when connecting
to policy server processes, because there aren't enough of them.
Examples of errors are "connection refused" or "operation timed
out". To fix, edit <a href="master.5.html">master.cf</a> and specify a zero "maxproc" field
in all policy server entries; see line 6 in the example below.
Issue a "postfix reload" command to make the change effective. </p>
<pre>
1 /etc/postfix/<a href="master.5.html">master.cf</a>:
2 # =============================================================
3 # service type private unpriv chroot wakeup maxproc command
4 # =============================================================
5 # Disable the policy service process limit.
6 policy unix - n n - 0 spawn
7 user=nobody argv=/some/where/policy-server
</pre>
</ul>
<h2><a name="time"> Spend less time per SMTP client </a></h2>
<p> When increasing the number of SMTP server processes is not
practical, you can improve Postfix server responsiveness by eliminating
unnecessary work. When Postfix spends less time per SMTP session, the
same number of SMTP server processes can service more clients in
the same amount of time. </p>
<ul>
<li> <p> Eliminate non-functional RBL lookups (blocklists that are
no longer in operation). These lookups can degrade performance.
Postfix logs a warning when an RBL server does not respond. </p>
<li> <p> Eliminate redundant RBL lookups (people often use multiple
Spamhaus RBLs that include each other). To find out whether RBLs
include other RBLs, look up the websites that document the RBL's
policies. </p>
<li> <p> Eliminate <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>, and keep just a few
emergency patterns to block the latest worm explosion or backscatter
mail. See <a href="BACKSCATTER_README.html">BACKSCATTER_README</a> for examples of the latter.
<li> <p> Group your <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a> patterns to avoid
unnecessary pattern matching operations.
<pre>
1 /etc/postfix/header_checks:
2 if /^Subject:/
3 /^Subject: virus found in mail from you/ reject
4 /^Subject: ..../ ....
5 endif
6
7 if /^Received:/
8 /^Received: from (postfix\.org) / reject forged client name in received header: $1
9 /^Received: from .../ ....
10 endif
</pre>
</ul>
<h2><a name="hangup"> Disconnect suspicious SMTP clients </a></h2>
<p> Under conditions of overload you can improve Postfix SMTP server
responsiveness by hanging up on suspicious clients, so that other
clients get a chance to talk to Postfix. </p>
<ul>
<li> <p> Use "421" reply codes for botnet-related RBLs or for
selected non-RBL restrictions. This causes Postfix 2.3 and later
to disconnect immediately without waiting for the remote SMTP
client to send a QUIT command. </p>
<p> You can set individual reject codes for RBLs, and for individual
responses from a specific RBL. We'll use zen.spamhaus.org as an
example; by the time you read this document, details may have
changed. Right now, their documents say that a response of 127.0.0.10
or 127.0.0.11 indicates a dynamic client IP address, which means
that the machine is probably running a bot of some kind. To give
a 421 response instead of the default 554 response, use something
like: </p>
<pre>
1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
2 <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> =
3 <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
4 <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> zen.spamhaus.org=127.0.0.10
5 <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> zen.spamhaus.org=127.0.0.11
6 <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> zen.spamhaus.org
7
8 <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> = hash:/etc/postfix/rbl_reply_maps
9
10 /etc/postfix/rbl_reply_maps:
11 zen.spamhaus.org=127.0.0.10 421 4.7.1 Service unavailable;
12 $rbl_class [$rbl_what] blocked using
13 $rbl_domain${rbl_reason?; $rbl_reason}
14
15 zen.spamhaus.org=127.0.0.11 421 4.7.1 Service unavailable;
16 $rbl_class [$rbl_what] blocked using
17 $rbl_domain${rbl_reason?; $rbl_reason}
</pre>
<p> Although the above shows three RBL lookups (lines 4-6), Postfix
will still only do a single DNS query, so the performance difference
is negligible. </p>
<p> The down-side of sending 421 instead of the default 554 is that
it works only for zombies and other malware. If the client is running
a real MTA, then it may connect again several times until the mail
expires in its queue. When this is a problem, stick with the default
554 reply, and use "<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> = 1" as described below.
</p>
<p> With Postfix 2.5, or with earlier releases that contain the
stress-adaptive behavior patch, you can turn on the above under
overload by replacing line 8 with: </p>
<pre>
8 <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> = ${stress?hash:/etc/postfix/rbl_reply_maps}
</pre>
<p> More information about automatic stress-adaptive behavior is
at the end of this document. </p>
</ul>
<h2><a name="desperate"> Take desperate measures </a></h2>
<p> The following measures will still allow <b>most</b> legitimate
clients to connect and send mail, but may affect some legitimate
clients. </p>
<ul>
<li> <p> Reduce <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (default: 300s). Experience on the
postfix-users list from a variety of sysadmins shows that reducing
the "normal" <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> to 60s is unlikely to affect legitimate
clients. However, it is unlikely to become the Postfix default
because it's not RFC compliant. Setting <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> to 10s (line
2 below) or even 5s under stress will still allow <b>most</b>
legitimate clients to connect and send mail, but may delay mail
from some clients. No mail should be lost, as long as this measure
is used only temporarily. </p>
<li> <p> Reduce <a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (default: 20). Setting this
to 1 under stress (line 3 below) helps by disconnecting clients
after a single error, giving other clients a chance to connect.
However, this may cause significant delays with legitimate mail,
such as a mailing list that contains a few no-longer-active user
names that didn't bother to unsubscribe. No mail should be lost,
as long as this measure is used only temporarily. </p>
<li> <p> Disable remote SMTP client hostname lookups, so that all
SMTP client hostnames become "unknown" (line 5 below). This feature
was introduced with Postfix 2.3. Unfortunately, this measure is
more problematic than the other ones proposed sofar. First, this
will result in loss of mail when you use hostname-based access rules
that reject mail from "unknown" SMTP clients (examples:
<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a>, <a href="postconf.5.html#reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a>).
Second, this may result in loss of mail when you subject "unknown"
SMTP clients to additional restrictions such as <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>.
</p>
</ul>
<blockquote>
<pre>
1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
2 <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> = 10
3 <a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> = 1
4 # Caution: line 5 may trigger REJECTs by hostname-based access rules
5 <a href="postconf.5.html#smtpd_peername_lookup">smtpd_peername_lookup</a> = no
</pre>
</blockquote>
<p> Except with the last measure, no mail should be lost, as long
as these measures are used only temporarily. The next section of
this document introduces a way to automate this process. </p>
<h2><a name="adapt"> Make Postfix behavior stress-adaptive </a></h2>
<p> Postfix version 2.5 introduces automatic stress-adaptive behavior.
This is also available as an add-on patch for Postfix versions 2.4
and 2.3 from the mirrors listed at <a href="http://www.postfix.org/download.html">http://www.postfix.org/download.html</a>.
</p>
<p> It works as follows. When a "public" network service runs into
an "all server ports are busy" condition, the <a href="master.8.html">master(8)</a> daemon logs
a warning, restarts the service (without interrupting existing
network sessions), and runs the service with "-o stress=yes" on the
command line. Normally, it runs a stress-adaptive service with "-o
stress=" on the command line (i.e. with an empty parameter value).
Other services never have "-o stress" parameters on the command
line, including services that listen on a loopback interface only.
</p>
<p> The stress pseudo-parameter value is the key to making <a href="postconf.5.html">main.cf</a>
parameter settings stress adaptive: </p>
<blockquote>
<pre>
1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
2 <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> = ${stress?10}${stress:300}
3 <a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> = ${stress?1}${stress:20}
</pre>
</blockquote>
<p> Translation: <p>
<ul>
<li> <p> Line 2: under conditions of stress, use an <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a>
value of 10 seconds instead of the default 300 seconds,
<li> <p> Line 3: under conditions of stress, use an <a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a>
of 1 instead of the default 20. </p>
</ul>
<p> The syntax of ${name?value} and ${name:value} is explained at
the beginning of the <a href="postconf.5.html">postconf(5)</a> manual page. </p>
<p> NOTE: Please keep in mind that the stress-adaptive feature is
a fairly desperate measure to keep <b>some</b> legitimate mail
flowing under overload conditions. If a site is reaching the SMTP
server process limit when there isn't an attack or bot flood
occurring, then either the process limit needs to be raised or more
hardware needs to be added. </p>
<h2><a name="feature"> Detecting support for stress-adaptive behavior </a></h2>
<p> To find out if your Postfix installation supports stress-adaptive
behavior, use the "ps" command, and look for the smtpd processes.
Postfix has stress-adaptive support when you see "-o stress=" or
"-o stress=yes" command-line options. Remember that Postfix never
enables stress-adaptive behavior on servers that listen on local
addresses only. </p>
<p> The following example is for FreeBSD or Linux. On Solaris, HP-UX
and other System-V flavors, use "ps -ef" instead of "ps ax". </p>
<blockquote>
<pre>
$ ps ax|grep smtpd
83326 ?? S 0:00.28 smtpd -n smtp -t inet -u -c -o stress=
84345 ?? Ss 0:00.11 /usr/bin/perl /usr/libexec/postfix/smtpd-policy.pl
</pre>
</blockquote>
<p> You can't use <a href="postconf.1.html">postconf(1)</a> to detect stress-adaptive support.
The <a href="postconf.1.html">postconf(1)</a> command ignores the existence of the stress parameter
in <a href="postconf.5.html">main.cf</a>, because the parameter has no effect there. Command-line
"-o parameter" settings always take precedence over <a href="postconf.5.html">main.cf</a> parameter
settings. <p>
<p> If you configure stress-adaptive behavior in <a href="postconf.5.html">main.cf</a> when it
isn't supported, nothing bad will happen. The processes will run
as if the stress parameter always has an empty value. </p>
<h2><a name="forcing"> Forcing stress-adaptive behavior on or off </a></h2>
<p> You can manually force stress-adaptive behavior on, by adding
a "-o stress=yes" command-line option in <a href="master.5.html">master.cf</a>. This can be
useful for testing overrides on the SMTP service. Issue "postfix
reload" to make the change effective. </p>
<p> Note: setting the stress parameter in <a href="postconf.5.html">main.cf</a> has no effect for
services that accept remote connections. </p>
<blockquote>
<pre>
1 /etc/postfix/<a href="master.5.html">master.cf</a>:
2 # =============================================================
3 # service type private unpriv chroot wakeup maxproc command
4 # =============================================================
5 #
6 smtp inet n - n - - smtpd
7 -o stress=yes
8 -o . . .
</pre>
</blockquote>
<p> To permanently force stress-adaptive behavior off with a specific
service, specify "-o stress=" on its <a href="master.5.html">master.cf</a> command line. This
may be desirable for the "submission" service. Issue "postfix reload"
to make the change effective. </p>
<p> Note: setting the stress parameter in <a href="postconf.5.html">main.cf</a> has no effect for
services that accept remote connections. </p>
<blockquote>
<pre>
1 /etc/postfix/<a href="master.5.html">master.cf</a>:
2 # =============================================================
3 # service type private unpriv chroot wakeup maxproc command
4 # =============================================================
5 #
6 submission inet n - n - - smtpd
7 -o stress=
8 -o . . .
</pre>
</blockquote>
<h2><a name="credits"> Credits </a></h2>
<ul>
<li> Thanks to the postfix-users mailing list members for sharing
early experiences with the stress-adaptive feature.
<li> The RBL example and several other paragraphs of text were
adapted from postfix-users postings by Noel Jones.
<li> Wietse implemented stress-adaptive behavior as the smallest
possible patch while he should be working on other things.
</ul>
</body> </html>

26
gnu/dist/postfix/html/TLS_LEGACY_README.html vendored
View File

@ -33,7 +33,7 @@ encrypted session protects the information that is transmitted with
SMTP mail or with SASL authentication.
<p> Postfix version 2.2 introduces support for TLS as described in
<a href="http://www.faqs.org/rfcs/rfc3207.html">RFC 3207</a>. TLS Support for older Postfix versions was available as
<a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a>. TLS Support for older Postfix versions was available as
an add-on patch. The section "<a href="#compat">Compatibility with
Postfix < 2.2 TLS support</a>" below discusses the differences
between these implementations. </p>
@ -425,7 +425,7 @@ private key. This is intended behavior. </p>
<p> You can ENFORCE the use of TLS, so that the Postfix SMTP server
announces STARTTLS and accepts no mail without TLS encryption, by
setting "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes". According to <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> this MUST
setting "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes". According to <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> this MUST
NOT be applied in case of a publicly-referenced Postfix SMTP server.
This option is off by default and should only seldom be used. </p>
@ -564,13 +564,18 @@ the cost of repeatedly negotiating TLS session keys is high.</p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> = btree:/etc/postfix/smtpd_scache
<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> = btree:/var/lib/postfix/smtpd_scache
</pre>
</blockquote>
<p> As of version 2.5, Postfix will no longer maintain this file
in a directory with non-Postfix ownership. As a migration aid,
attempts to open such files are redirected to the Postfix-owned
$<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
<p> Cached Postfix SMTP server session information expires after
a certain amount of time. Postfix/TLS does not use the OpenSSL
default of 300s, but a longer time of 3600sec (=1 hour). <a href="http://www.faqs.org/rfcs/rfc2246.html">RFC 2246</a>
default of 300s, but a longer time of 3600sec (=1 hour). <a href="http://tools.ietf.org/html/rfc2246">RFC 2246</a>
recommends a maximum of 24 hours. </p>
<p> Example: </p>
@ -933,13 +938,18 @@ is allowed to negotiate per unit time.</p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = btree:/etc/postfix/smtp_scache
<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = btree:/var/lib/postfix/smtp_scache
</pre>
</blockquote>
<p> As of version 2.5, Postfix will no longer maintain this file
in a directory with non-Postfix ownership. As a migration aid,
attempts to open such files are redirected to the Postfix-owned
$<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
<p> Cached Postfix SMTP client session information expires after
a certain amount of time. Postfix/TLS does not use the OpenSSL
default of 300s, but a longer time of 3600s (=1 hour). <a href="http://www.faqs.org/rfcs/rfc2246.html">RFC 2246</a>
default of 300s, but a longer time of 3600s (=1 hour). <a href="http://tools.ietf.org/html/rfc2246">RFC 2246</a>
recommends a maximum of 24 hours. </p>
<p> Example: </p>
@ -994,7 +1004,7 @@ CommonName is checked. Verification may be turned off with the
<p> Enforcing the use of TLS is useful if you know that you will
only
connect to servers that support <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> _and_ that present server
connect to servers that support <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> _and_ that present server
certificates that meet the above requirements. An example would
be a client only sends email to one specific mailhub that offers
the necessary STARTTLS support. </p>
@ -1011,7 +1021,7 @@ the necessary STARTTLS support. </p>
<h3> <a name="client_tls_nopeer"> Disabling server certificate
verification </a> </h3>
<p> As of <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> the requirements for hostname checking for MTA
<p> As of <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> the requirements for hostname checking for MTA
clients are not set. When TLS is required (<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes),
the option <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> can be set to "no" to disable
strict remote SMTP server hostname checking. In this case, the mail

527
gnu/dist/postfix/html/TLS_README.html vendored
View File

@ -21,7 +21,7 @@
<h2> WARNING </h2>
<p> By turning on TLS support in Postfix, you not only get the
ability to encrypt mail and to authenticate clients or servers.
ability to encrypt mail and to authenticate remote SMTP clients or servers.
You also turn on thousands and thousands of lines of OpenSSL library
code. Assuming that OpenSSL is written as carefully as Wietse's
own code, every 1000 lines introduce one additional bug into
@ -95,9 +95,9 @@ cache files. </p>
<tr> <td>Network<tt>-&gt; </tt> </td> <td align="center"
bgcolor="#f0f0ff"> <br> <a href="smtpd.8.html">smtpd(8)</a> <br> &nbsp; </td> <td colspan="2">
<tt> &lt;---seed---<br><br>&lt;-session-&gt; </tt> </td> <td
<tt> &lt;---seed----<br><br>&lt;-key/cert-&gt; </tt> </td> <td
align="center" bgcolor="#f0f0ff"> <br> <a href="tlsmgr.8.html">tlsmgr(8)</a> <br> &nbsp; </td>
<td colspan="3"> <tt> ---seed---&gt;<br> <br>&lt;-session-&gt;
<td colspan="3"> <tt> ----seed---&gt;<br> <br>&lt;-key/cert-&gt;
</tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> <a href="smtp.8.html">smtp(8)</a> <br>
&nbsp; </td> <td> <tt> -&gt;</tt>Network </td> </tr>
@ -122,6 +122,11 @@ align="center" bgcolor="#f0f0ff"> smtp<br> session<br> key cache
<h2><a name="build_tls">Building Postfix with TLS support</a></h2>
<p> These instructions assume that you build Postfix from source
code as described in the <a href="INSTALL.html">INSTALL</a> document. Some modification may
be required if you build Postfix from a vendor-specific source
package. </p>
<p> To build Postfix with TLS support, first we need to generate
the <tt>make(1)</tt> files with the necessary definitions. This is
done by invoking the command "<tt>make makefiles</tt>" in the Postfix
@ -225,7 +230,7 @@ key configuration </a> </h3>
<p> In order to use TLS, the Postfix SMTP server generally needs
a certificate and a private key. Both must be in "PEM" format. The
private key must not be encrypted, meaning: the key must be accessible
without password. Both certificate and private key may be in the same
without a password. The certificate and private key may be in the same
file, in which case the certificate file should be owned by "root" and
not be readable by any other user. If the key is stored separately,
this applies to the key file only, and the certificate file may be
@ -233,20 +238,24 @@ this applies to the key file only, and the certificate file may be
<p> Public Internet MX hosts without certificates signed by a "reputable"
CA must generate, and be prepared to present to most clients, a
self-signed or private-CA signed certificate. The client will not be
able to authenticate the server, but unless it is running Postfix 2.3 or
self-signed or private-CA signed certificate. The remote SMTP client
will generally not be
able to authenticate the self-signed certificate, but unless the
client is running Postfix 2.3 or
similar software, it will still insist on a server certificate. </p>
<p> For servers that are <b>not</b> public Internet MX hosts, Postfix
2.3 supports configurations with no certificates. This entails the
supports configurations with no certificates. This entails the
use of just the anonymous TLS ciphers, which are not supported by
typical SMTP clients. Since such clients will not, as a rule, fall
back to plain text after a TLS handshake failure, the server will
back to plain text after a TLS handshake failure, a certificate-less
Postfix SMTP server will
be unable to receive email from most TLS enabled clients. To avoid
accidental configurations with no certificates, Postfix 2.3 enables
accidental configurations with no certificates, Postfix enables
certificate-less operation only when the administrator explicitly sets
"<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix
configurations will not accidentally run with no certificates. </p>
SMTP server configurations will not accidentally run with no
certificates. </p>
<p> Both RSA and DSA certificates are supported. Typically you will
only have RSA certificates issued by a commercial CA. In addition,
@ -262,7 +271,7 @@ chain, all CA certificates) must be available. You should add any
intermediate CA certificates to the server certificate: the server
certificate first, then the intermediate CA(s). </p>
<p> Example: the certificate for "server.dom.ain" was issued by
<p> Example: the certificate for "server.example.com" was issued by
"intermediate CA" which itself has a certificate issued by "root
CA". Create the server.pem file with: </p>
@ -283,15 +292,7 @@ the overhead of the TLS exchange. </p>
<p> If you want the Postfix SMTP server to accept remote SMTP client
certificates issued by these CAs, append the root certificate to
$<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> or install it in the $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> directory. When
you configure trust in a root CA, it is not necessary to explicitly trust
intermediary CAs signed by the root CA, unless $<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a>
is less than the number of CAs in the certificate chain for the clients
of interest. With a verify depth of 1 you can only verify certificates
directly signed by a trusted CA, and all trusted intermediary CAs need to
be configured explicitly. With a verify depth of 2 you can verify clients
signed by a root CA or a direct intermediary CA (so long as the client
is correctly configured to supply its intermediate CA certificate). </p>
$<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> or install it in the $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> directory. </p>
<p> RSA key and certificate examples: </p>
@ -347,7 +348,7 @@ privileges) from the files in the directory when the information
is needed. Thus, the $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> directory needs to be
accessible inside the optional chroot jail. </p>
<p> When you configure Postfix to request <a
<p> When you configure the Postfix SMTP server to request <a
href="#server_vrfy_client">client certificates</a>, any CA certificates
in $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> are sent to the client, in order to allow it to
choose an identity signed by a CA you trust. If no $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>
@ -450,12 +451,13 @@ supported). </p>
</pre>
</blockquote>
<p> With this, Postfix SMTP server announces STARTTLS support to
SMTP clients, but does not require that clients use TLS encryption.
<p> With this, the Postfix SMTP server announces STARTTLS support to
remote SMTP clients, but does not require that clients use TLS encryption.
</p>
<p> Note: when an unprivileged user invokes "sendmail -bs", STARTTLS
is never offered due to insufficient privileges to access the server
is never offered due to insufficient privileges to access the Postfix
SMTP server
private key. This is intended behavior. </p>
<p> <a name="server_enforce">You can ENFORCE the use of TLS</a>,
@ -463,7 +465,7 @@ so that the Postfix SMTP server announces STARTTLS and accepts no
mail without TLS encryption, by setting
"<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt" (Postfix 2.3 and
later) or "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes" (obsolete but still
supported). According to <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> this MUST NOT be applied in case
supported). According to <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> this MUST NOT be applied in case
of a publicly-referenced Postfix SMTP server. This option is off
by default and should only seldom be used. </p>
@ -481,7 +483,8 @@ by default and should only seldom be used. </p>
<p> TLS is sometimes used in the non-standard "wrapper" mode where
a server always uses TLS, instead of announcing STARTTLS support
and waiting for clients to request TLS service. Some clients, namely
and waiting for remote SMTP clients to request TLS service. Some
clients, namely
Outlook [Express] prefer the "wrapper" mode. This is true for OE
(Win32 &lt; 5.0 and Win32 &gt;=5.0 when run on a port&lt;&gt;25
and OE (5.01 Mac on all ports). </p>
@ -517,8 +520,10 @@ this option is "off" by default. You will however need the certificate
if you want to use certificate based relaying with, for example, the
<a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> feature. A server that wants client certificates
must first present its own certificate. While Postfix 2.3 by default
offers anonymous ciphers to clients, these are automatically suppressed
when the server is configured to ask for client certificates. </p>
offers anonymous ciphers to remote SMTP clients, these are automatically
suppressed
when the Postfix SMTP server is configured to ask for client
certificates. </p>
<p> Example: </p>
@ -553,18 +558,26 @@ logged. </p>
</pre>
</blockquote>
<p> A client certificate verification depth of 1 is sufficient if
the certificate is directly issued by a CA listed in the CA file.
The default value (5) should also suffice for longer chains (root
CA issues special CA which then issues the actual certificate...)
</p>
<p> The client certificate verification depth is specified with the
<a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> parameter. The default verification
depth is 9 (the OpenSSL default), for compatibility with Postfix
versions before 2.5 where <a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> was ignored.
When you configure trust in a
root CA, it is not necessary to explicitly trust intermediary CAs signed
by the root CA, unless $<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> is less than the
number of CAs in the certificate chain for the clients of interest. With
a verify depth of 1 you can only verify certificates directly signed
by a trusted CA, and all trusted intermediary CAs need to be configured
explicitly. With a verify depth of 2 you can verify clients signed by a
root CA or a direct intermediary CA (so long as the client is correctly
configured to supply its intermediate CA certificate). </p>
<p> Example: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> = 5
<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> = 2
</pre>
</blockquote>
@ -612,13 +625,19 @@ the cost of repeatedly negotiating TLS session keys is high.</p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> = btree:/etc/postfix/smtpd_scache
<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> = btree:/var/lib/postfix/smtpd_scache
</pre>
</blockquote>
<p> Note: as of version 2.5, Postfix no longer uses root privileges
when opening this file. The file should now be stored under the
Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to
open the file under a non-Postfix directory is redirected to the
Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
<p> Cached Postfix SMTP server session information expires after
a certain amount of time. Postfix/TLS does not use the OpenSSL
default of 300s, but a longer time of 3600sec (=1 hour). <a href="http://www.faqs.org/rfcs/rfc2246.html">RFC 2246</a>
default of 300s, but a longer time of 3600sec (=1 hour). <a href="http://tools.ietf.org/html/rfc2246">RFC 2246</a>
recommends a maximum of 24 hours. </p>
<p> Example: </p>
@ -655,23 +674,30 @@ Postfix SMTP server access control: </p>
<dl>
<dt> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> </dt> <dd> <p> Allow the remote SMTP
client SMTP request if the client certificate passes verification,
and if its fingerprint is listed in the list of client certificates
(see <a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a> discussion below). </p> </dd>
<dt> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> </dt> <dd> <p> Allow the remote SMTP client
request if the client certificate fingerprint is listed in the
client certificate table (see <a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a> discussion below). </p>
</dd>
<dt> <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> </dt> <dd> <p> Allow the remote
client SMTP request if the client certificate passes verification.
</p> </dd>
<dt> <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> </dt> <dd> <p> Allow the remote SMTP
client request if the client certificate passes trust chain verification.
Useful with private-label CAs that only issue certificates to trusted
clients (and not otherwise). </p> </dd>
<dt> <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> <a href="DATABASE_README.html">type:table</a></dt> <dd>
<p> If the client certificate passes verification, use its fingerprint
as a key for the specified <a href="access.5.html">access(5)</a> table. </p> </dd>
<dt> <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> <a href="DATABASE_README.html">type:table</a></dt> <dd> <p> Use the remote SMTP
client
certificate fingerprint as the lookup key for the specified <a href="access.5.html">access(5)</a>
table. </p> </dd>
</dl>
</blockquote>
<p> The digest algorithm used to construct the client certificate
fingerprints is specified with the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a>
parameter. The default is "md5", for compatibility with Postfix
versions &lt; 2.5. </p>
<p> The <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> feature must be used with caution,
because it can result in too many access permissions. Use this
feature only if a special CA issues the client certificates, and
@ -698,16 +724,10 @@ certificate must no longer be used (e.g. an employee leaving). </p>
</pre>
</blockquote>
<p> The Postfix list manipulation routines give special treatment
to whitespace and some other characters, making the use of certificate
names impractical. Instead we use the certificate fingerprints as
they are difficult to fake but easy to use for lookup. Postfix
lookup tables are in the form of (key, value) pairs. Since we only
need the key, the value can be chosen freely, e.g. the name of
the user or host.</p>
<p> Example: Postfix lookup tables are in the form of (key, value)
pairs. Since we only need the key, the value can be chosen freely, e.g.
the name of the user or host:</p>
<p> Example: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
@ -760,27 +780,29 @@ and not specifying an <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_d
<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/key.pem
<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> = high
<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL, MD5
# Postfix 2.3 and later
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt
# Obsolete, but still supported
<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = TLSv1
# Also available with Postfix &ge; 2.5:
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3
</pre>
</blockquote>
<p> If you want to take advantage of ciphers with EDH, DH parameters
are needed. Instead of using the built-in DH parameters for both
1024bit and 512bit, it is better to generate your own parameters,
since otherwise it would "pay" for a possible attacker to start a
brute force attack against parameters that are used by everybody.
For this reason, the default parameters chosen by OpenSSL are already
different from those distributed with other TLS packages. </p>
<p> If you want to take advantage of ciphers with ephemeral Diffie-Hellman
(EDH) key exchange (this offers "forward-secrecy"), DH parameters are
needed. Instead of using the built-in DH parameters for both 1024-bit
(non-export ciphers) and 512-bit (export ciphers), it is better to
generate your own parameters, since otherwise it would "pay" for a
possible attacker to start a brute force attack against parameters that
are used by everybody. Postfix defaults to compiled-in parameters
that are shared by all Postfix users who don't generate their own
settings. </p>
<p> To generate your own set of DH parameters, use: </p>
<blockquote>
<pre>
% <b>openssl gendh -out /etc/postfix/dh_1024.pem -2 -rand /var/run/egd-pool 1024</b>
% <b>openssl gendh -out /etc/postfix/dh_512.pem -2 -rand /var/run/egd-pool 512</b>
% <b>openssl gendh -out /etc/postfix/dh_512.pem -2 512</b>
% <b>openssl gendh -out /etc/postfix/dh_1024.pem -2 1024</b>
</pre>
</blockquote>
@ -835,6 +857,8 @@ key configuration </a>
<li><a href="#client_tls_encrypt"> Mandating TLS encryption </a>
<li><a href="#client_tls_fprint"> Certificate fingerprint verification </a>
<li><a href="#client_tls_verify"> Mandating server certificate verification </a>
<li><a href="#client_tls_secure"> Secure server certificate verification </a>
@ -851,6 +875,8 @@ key configuration </a>
<li> <a href="#client_cipher">Client-side cipher controls </a>
<li> <a href="#client_smtps">Client-side SMTPS support </a>
<li> <a href="#client_misc"> Miscellaneous client controls </a>
</ul>
@ -858,14 +884,14 @@ key configuration </a>
<h3><a name="client_lmtp_tls"> TLS support in the LMTP delivery agent </a>
</h3>
<p> In Postfix 2.3, the <a href="smtp.8.html">smtp(8)</a> and <a href="lmtp.8.html">lmtp(8)</a> delivery agents have been
merged into a single dual-purpose program. As a result the <a href="lmtp.8.html">lmtp(8)</a>
delivery agent is no longer the poor cousin of the more extensively used
<a href="smtp.8.html">smtp(8)</a>. Specifically, as of Postfix 2.3, all the TLS features described
below apply equally to SMTP and LMTP, after replacing the "smtp_"
prefix of the each parameter name with "lmtp_".
<p> The <a href="smtp.8.html">smtp(8)</a> and <a href="lmtp.8.html">lmtp(8)</a> delivery agents are implemented by a
single dual-purpose program. Specifically, all the TLS features
described below apply
equally to SMTP and LMTP, after replacing the "smtp_" prefix of the each
parameter name with "lmtp_".
<p> The LMTP delivery agent can communicate with LMTP servers listening
<p> The Postfix LMTP delivery agent can communicate with LMTP servers
listening
on UNIX-domain sockets. When server certificate verification is enabled
and the server is listening on a UNIX-domain socket, the $<a href="postconf.5.html#myhostname">myhostname</a>
parameter is used to set the TLS verification <i>nexthop</i> and
@ -879,7 +905,8 @@ The "null" ciphers provide authentication without encryption. </p>
<h3><a name="client_cert_key">Client-side certificate and private
key configuration </a> </h3>
<p> Do not configure client certificates unless you <b>must</b> present
<p> Do not configure Postfix SMTP client certificates unless you <b>must</b>
present
client TLS certificates to one or more servers. Client certificates are
not usually needed, and can cause problems in configurations that work
well without them. The recommended setting is to let the defaults stand: </p>
@ -943,15 +970,7 @@ the overhead of the TLS exchange. </p>
<p> If you want the Postfix SMTP client to accept remote SMTP server
certificates issued by these CAs, append the root certificate to
$<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> or install it in the $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> directory. When
you configure trust in a root CA, it is not necessary to explicitly trust
intermediary CAs signed by the root CA, unless $<a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a>
is less than the number of CAs in the certificate chain for the servers
of interest. With a verify depth of 1 you can only verify certificates
directly signed by a trusted CA, and all trusted intermediary CAs need to
be configured explicitly. With a verify depth of 2 you can verify servers
signed by a root CA or a direct intermediary CA (so long as the server
is correctly configured to supply its intermediate CA certificate). </p>
$<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> or install it in the $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> directory. </p>
<p> RSA key and certificate examples: </p>
@ -1073,13 +1092,19 @@ is allowed to negotiate per unit time.</p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = btree:/etc/postfix/smtp_scache
<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = btree:/var/lib/postfix/smtp_scache
</pre>
</blockquote>
<p> Note: as of version 2.5, Postfix no longer uses root privileges
when opening this file. The file should now be stored under the
Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to
open the file under a non-Postfix directory is redirected to the
Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
<p> Cached Postfix SMTP client session information expires after
a certain amount of time. Postfix/TLS does not use the OpenSSL
default of 300s, but a longer time of 3600s (=1 hour). <a href="http://www.faqs.org/rfcs/rfc2246.html">RFC 2246</a>
default of 300s, but a longer time of 3600s (=1 hour). <a href="http://tools.ietf.org/html/rfc2246">RFC 2246</a>
recommends a maximum of 24 hours. </p>
<p> Example: </p>
@ -1198,6 +1223,8 @@ in the sections that follow.</p>
<dd><a href="#client_tls_may">Opportunistic TLS.</a></dd>
<dt><b>encrypt</b></dt>
<dd><a href="#client_tls_encrypt">Mandatory TLS encryption.</a>
<dt><b>fingerprint</b></dt>
<dd><a href="#client_tls_fprint">Certificate fingerprint verification.</a>
<dt><b>verify</b></dt>
<dd><a href="#client_tls_verify">Mandatory server certificate verification.</a>
<dt><b>secure</b></dt>
@ -1300,11 +1327,12 @@ on TLS <a href="#client_tls_limits">limitations</a> above. </p>
<p> At the "encrypt" TLS security level, messages are sent only
over TLS encrypted sessions. The SMTP transaction is aborted unless
the STARTTLS ESMTP feature is supported by the server. If no suitable
the STARTTLS ESMTP feature is supported by the remote SMTP server.
If no suitable
servers are found, the message will be deferred. With Postfix 2.3
and later, mandatory TLS encryption can be configured by setting
"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt". Even though TLS
encryption is always used, mail delivery continues if the server
encryption is always used, mail delivery continues even if the server
certificate is untrusted or bears the wrong name. </p>
<p> At this security level and higher, the <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
@ -1423,13 +1451,82 @@ use the new <a href="#client_tls_policy">policy table</a> instead. </p>
</pre>
</blockquote>
<h3><a name="client_tls_fprint"> Certificate fingerprint verification </a>
</h3>
<p> Certificate fingerprint verification is available with Postfix 2.5 and
later. At this security level ("<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint"),
no trusted certificate authorities are used or required. The certificate
trust chain, expiration date, ... are not checked. Instead, the
<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> parameter or the "match" attribute
in the <a href="#client_tls_policy">policy</a> table lists the valid
"fingerprints" of the remote SMTP server certificate. </p>
<p> If certificate fingerprints are exchanged securely, this is the
strongest, and least scalable security level. The administrator needs to
securely collect the fingerprints of the X.509 certificates of each peer
server, store them into a local file, and update this local file
whenever the peer server's public certificate
changes. This may be feasible for an SMTP "VPN" connecting a small
number of branch offices over the Internet, or for secure connections
to a central mail hub. It works poorly if the remote SMTP server is
managed by a
third party, and its public certificate changes periodically without
prior coordination with the verifying site. </p>
<p> The digest algorithm used to calculate the fingerprint is
selected by the <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> parameter. In the <a
href="#client_tls_policy">policy</a> table multiple fingerprints can be
combined with a "|" delimiter in a single match attribute, or multiple
match attributes can be employed. The ":" character is not used as a
delimiter as it occurs between each pair of fingerprint (hexadecimal)
digits. </p>
<p> Example: fingerprint TLS security with an internal mailhub.
Two matching fingerprints are listed. The <a href="postconf.5.html#relayhost">relayhost</a> may be multiple
physical hosts behind a load-balancer, each with its own private/public
key and self-signed certificate. Alternatively, a single <a href="postconf.5.html#relayhost">relayhost</a> may
be in the process of switching from one set of private/public keys to
another, and both keys are trusted just prior to the transition. </p>
<blockquote>
<pre>
<a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com]
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint
<a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = md5
<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> =
3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
</pre>
</blockquote>
<p> Example: Certificate fingerprint verification with selected destinations.
As in the example above, we show two matching fingerprints: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = hash:/etc/postfix/tls_policy
<a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = md5
</pre>
</blockquote>
<blockquote>
<pre>
/etc/postfix/tls_policy:
example.com fingerprint
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
</pre>
</blockquote>
<h3><a name="client_tls_verify"> Mandatory server certificate verification </a>
</h3>
<p> At the "verify" TLS security level, messages are sent only over
TLS encrypted sessions if the server certificate is valid (not
TLS encrypted sessions if the remote SMTP server certificate is
valid (not
expired or revoked, and signed by a trusted certificate authority)
and if the server certificate name matches a known pattern. Mandatory
and where the server certificate name matches a known pattern.
Mandatory
server certificate verification can be configured by setting
"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = verify". The
<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter can override the default
@ -1445,7 +1542,8 @@ appropriate configuration settings are "<a href="postconf.5.html#smtp_enforce_tl
<p> If the server certificate chain is trusted (see <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>
and <a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a>), any DNS names in the SubjectAlternativeName
certificate extension are used to verify the server name. If no
certificate extension are used to verify the remote SMTP server name.
If no
DNS names are specified, the certificate CommonName is checked.
If you want mandatory encryption without server certificate
verification, see <a href="#client_tls_encrypt">above</a>. </p>
@ -1461,7 +1559,7 @@ verification as a default policy. </p>
<p> Mandatory server certificate verification as a default security
level may be appropriate if you know that you will only connect to
servers that support <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> <i>and</i> that present verifiable
servers that support <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> <i>and</i> that present verifiable
server certificates. An example would be a client that sends all
email to a central mailhub that offers the necessary STARTTLS
support. In such cases, you can often use a <a
@ -1478,7 +1576,7 @@ Postfix 2.3 and later should use the new TLS policy settings. </p>
<p> Example: </p>
<p> In this example, the client encrypts all traffic to the
<p> In this example, the Postfix SMTP client encrypts all traffic to the
<i>example.com</i> domain. The peer hostname is verified, but
verification is vulnerable to DNS response forgery. Mail transmission
to <i>example.com</i> recipients uses "high" grade ciphers. </p>
@ -1529,7 +1627,8 @@ parameters. </p>
<p> If the server certificate chain is trusted (see <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> and
<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a>), any DNS names in the SubjectAlternativeName certificate
extension are used to verify the server name. If no DNS names are
extension are used to verify the remote SMTP server name. If no DNS names
are
specified, the CommonName is checked. If you want mandatory encryption
without server certificate verification, see <a
href="#client_tls_encrypt">above</a>. </p>
@ -1545,7 +1644,7 @@ as a default policy. </p>
<p> Mandatory secure server certificate verification as a default
security level may be appropriate if you know that you will only
connect to servers that support <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> <i>and</i> that present
connect to servers that support <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> <i>and</i> that present
verifiable server certificates. An example would be a client that
sends all email to a central mailhub that offers the necessary
STARTTLS support. </p>
@ -1564,9 +1663,11 @@ should use the new TLS policy settings. </p>
<p> Secure-channel TLS without <a href="transport.5.html">transport(5)</a> table overrides: </p>
<p> The client will encrypt all traffic and verify the destination name
<p> The Postfix SMTP client will encrypt all traffic and verify the
destination name
immune from forged DNS responses. MX lookups are still used to find
the SMTP servers for <i>example.com</i>, but these are not used when
the hostnames of the SMTP servers for <i>example.com</i>, but these
hostnames are not used when
checking the names in the server certificate(s). Rather, the requirement
is that the MX hosts for <i>example.com</i> have trusted certificates
with a subject name of <i>example.com</i> or a sub-domain, see the
@ -1715,35 +1816,50 @@ describe the corresponding table syntax: </p>
<dl>
<dt><b>none</b></dt>
<dd>No TLS. No additional attributes are supported at this level. </dd>
<dt><b>none</b></dt> <dd><a href="#client_tls_none">No TLS</a>. No
additional attributes are supported at this level. </dd>
<dt><b>may</b></dt>
<dd>Opportunistic TLS. No additional attributes are supported at this
level. </dd>
<dt><b>may</b></dt> <dd><a href="#client_tls_may">Opportunistic TLS</a>.
No additional attributes are supported at this level. </dd>
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. Mail is
delivered only if remote SMTP server offers STARTTLS and the TLS
handshake succeeds. At this level and higher the optional "ciphers"
attribute overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter
and the optional "protocols" keyword overrides the <a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter. </dd>
<dt><b>encrypt</b></dt> <dd><a href="#client_tls_encrypt">Mandatory
encryption</a>. Mail is delivered only if the remote SMTP
server offers STARTTLS and the TLS handshake succeeds. At this
level and higher the optional "ciphers" attribute overrides the
<a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter, and the optional
"protocols" attribute
overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter. </dd>
<dt><b>verify</b></dt> <dd>Mandatory server certificate verification.
Mail is delivered only if the TLS handshake succeeds, if the server
certificate can be validated (not expired or revoked, and signed
by a trusted certificate authority), and if the server certificate
name matches the optional "match" attribute (or the <a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter value when no optional "match"
attribute is specified). </dd>
<dt><b>fingerprint</b></dt> <dd><a href="#client_tls_fprint">Certificate
fingerprint verification.</a> Available with Postfix 2.5 and
later. At this security level, there are no trusted certificate
authorities. The certificate trust chain, expiration date, ... are
not checked. Instead, the optional <b>match</b> attribute, or else
the <a href="postconf.5.html">main.cf</a> <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a></b> parameter,
lists the valid fingerprints of the server certificate. The
digest algorithm used to calculate fingerprints is selected by the
<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> parameter. Multiple fingerprints can
be combined with a "|" delimiter in a single match attribute, or multiple
match attributes can be employed. The ":" character is not used as a
delimiter as it occurs between each pair of fingerprint (hexadecimal)
digits. </dd>
<dt><b>secure</b></dt> <dd>Secure-channel TLS. Mail is delivered
only if the TLS handshake succeeds, if the server certificate can
be validated (not expired or revoked, and signed by a trusted
certificate authority), and if the server certificate name matches
the optional "match" attribute (or the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a>
parameter value when no optional "match" attribute is specified).
</dd>
<dt><b>verify</b></dt> <dd><a href="#client_tls_verify">Mandatory
server certificate verification</a>. Mail is delivered only if the
TLS handshake
succeeds, if the remote SMTP server certificate can be validated (not
expired or revoked, and signed by a trusted certificate authority), and
if the server certificate name matches the optional "match" attribute (or
the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter value when no optional
"match" attribute is specified). </dd>
<dt><b>secure</b></dt> <dd><a href="#client_tls_secure">Secure certificate
verification.</a> Mail is delivered only if the TLS handshake succeeds,
if the remote SMTP server certificate can be validated (not expired
or revoked, and signed by a trusted certificate authority), and if the
server certificate name matches the optional "match" attribute (or the
<a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> parameter value when no optional
"match" attribute is specified). </dd>
</dl>
@ -1775,6 +1891,8 @@ Example:
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = hash:/etc/postfix/tls_policy
# Postfix 2.5 and later
<a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = md5
/etc/postfix/tls_policy:
example.edu none
example.mil may
@ -1784,6 +1902,10 @@ Example:
example.net secure
.example.net secure match=.example.net:example.net
[mail.example.org]:587 secure match=nexthop
# Postfix 2.5 and later
[thumb.example.org] fingerprint
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
</pre>
</blockquote>
@ -2026,18 +2148,26 @@ postfix/smtp[pid]: Host offered STARTTLS: [hostname.example.com]
<h3><a name="client_vrfy_server">Server certificate verification depth</a> </h3>
<p> When verifying a remote SMTP server certificate, a verification
depth of 1 is sufficient if the certificate is directly issued by
a CA specified with <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> or <a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a>. The default
value of 5 should also suffice for longer chains (where the root CA issues
a special CA certificate which then issues the actual certificate). </p>
<p> Example: </p>
<p> The server certificate verification depth is specified with the
<a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> parameter. The default verification
depth is 9 (the OpenSSL default), for compatibility with Postfix
versions before 2.5 where <a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> was ignored.
When you configure trust
in a root CA, it is not necessary to explicitly trust intermediary CAs
signed by the root CA, unless $<a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> is less than the
number of CAs in the certificate chain for the servers of interest. With
a verify depth of 1 you can only verify certificates directly signed
by a trusted CA, and all trusted intermediary CAs need to be configured
explicitly. With a verify depth of 2 you can verify servers signed by a
root CA or a direct intermediary CA (so long as the server is correctly
configured to supply its intermediate CA certificate). </p>
<p> Example: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> = 5
<a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> = 2
</pre>
</blockquote>
@ -2053,7 +2183,8 @@ methods. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps
ciphers on a per-destination basis. </p>
<p> By default anonymous ciphers are allowed, and automatically
disabled when server certificates are verified. If you want to
disabled when remote SMTP server certificates are verified. If you
want to
disable anonymous ciphers even at the "encrypt" security level, set
"<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> = aNULL"; and to
disable anonymous ciphers even with opportunistic TLS, set
@ -2070,9 +2201,86 @@ little point in requesting them. </p>
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = medium
<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> = RC4, MD5
<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = SSLv3, TLSv1
# Also available with Postfix &ge; 2.5:
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2
</pre>
</blockquote>
<h3> <a name="client_smtps">Client-side SMTPS support </a> </h3>
<p> Although the Postfix SMTP client by itself doesn't support TLS
wrapper mode, it is relatively easy to forward a connection through
the stunnel program if Postfix needs to deliver mail to some legacy
system that doesn't support STARTTLS. Use one of the following two
examples, to send only some remote mail, or to send all remote mail,
to an SMTPS server. </p>
<h4> Sending all remote mail to an SMTPS server </h4>
<p> The first example uses SMTPS to send all remote mail to a
provider's mail server called "mail.example.com". </p>
<p> A minimal stunnel.conf file is sufficient to set up a tunnel
from local port 11125 to the remote destination "mail.example.com"
and port "smtps". Postfix will later use this tunnel to connect to
the remote server. </p>
<blockquote>
<pre>
/path/to/stunnel.conf:
[smtp-tls-wrapper]
accept = 11125
client = yes
connect = mail.example.com:smtps
</pre>
</blockquote>
<p> To test this tunnel, use: </p>
<blockquote>
<pre>
$ telnet localhost 11125
</pre>
</blockquote>
<p> This should produce the greeting from the remote SMTP server
at mail.example.com. </p>
<p> On the Postfix side, the <a href="postconf.5.html#relayhost">relayhost</a> feature sends all remote
mail through the local stunnel listener on port 11125: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#relayhost">relayhost</a> = [127.0.0.1]:11125
</pre>
</blockquote>
<p> Use "postfix reload" to make the change effective. </p>
<h4> Sending only mail for a specific destination via SMTPS </h4>
<p> The second example will use SMTPS to send only mail for
"example.com" via SMTPS. It uses the same stunnel configuration
file as the first example, so it won't be repeated here. </p>
<p> This time, the Postfix side uses a transport map to direct only
mail for "example.com" through the tunnel: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#transport_maps">transport_maps</a> = hash:/etc/postfix/transport
/etc/postfix/transport:
example.com relay:[127.0.0.1]:11125
</pre>
</blockquote>
<p> Use "postmap hash:/etc/postfix/transport" and "postfix reload"
to make the change effective. </p>
<h3> <a name="client_misc"> Miscellaneous client controls </a> </h3>
<p> The <a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> parameter limits the time of Postfix
@ -2164,22 +2372,31 @@ The default maximal time interval is 1 hour. </p>
<p> The <a href="tlsmgr.8.html">tlsmgr(8)</a> process saves the PRNG state to a persistent
exchange file at regular times and when the process terminates, so
that it can recover the PRNG state the next time it starts up.
This file is created when it does not exist. Its default location
is under the Postfix configuration directory, which is not the
proper place for information that is modified by Postfix. Instead,
the file location should probably be on the /var partition (but
<b>not</b> inside the chroot jail). </p>
This file is created when it does not exist. </p>
<p> Examples: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a> = /etc/postfix/prng_exch
<a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a> = /var/lib/postfix/prng_exch
<a href="postconf.5.html#tls_random_prng_update_period">tls_random_prng_update_period</a> = 3600s
</pre>
</blockquote>
<p> As of version 2.5, Postfix no longer uses root privileges when
opening this file. The file should now be stored under the Postfix-owned
<a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to open the file
under a non-Postfix directory is redirected to the Postfix-owned
<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. If you wish to continue
using a pre-existing PRNG state file, move it to the <a href="postconf.5.html#data_directory">data_directory</a>
and change the ownership to the account specified with the <a href="postconf.5.html#mail_owner">mail_owner</a>
parameter. </p>
<p> With earlier Postfix versions the default file location
is under the Postfix configuration directory, which is not the
proper place for information that is modified by Postfix. </p>
<h2><a name="quick-start">Getting started, quick and dirty</a></h2>
<p> The following steps will get you started quickly. Because you
@ -2219,17 +2436,17 @@ Enter PEM pass phrase:<b>whatever</b>
</pre>
</blockquote>
<li> <p> Create an unpassworded private key for host FOO and create
<li> <p> Create an unpassworded private key for host foo.porcupine.org and create
an unsigned public key certificate. </p>
<blockquote>
<pre>
% <b>openssl req -new -nodes -keyout FOO-key.pem -out FOO-req.pem -days 365</b>
% <b>openssl req -new -nodes -keyout foo-key.pem -out foo-req.pem -days 365</b>
Using configuration from /etc/ssl/openssl.cnf
Generating a 1024 bit RSA private key
........................................++++++
....++++++
writing new private key to 'FOO-key.pem'
writing new private key to 'foo-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
@ -2243,7 +2460,7 @@ State or Province Name (full name) [Some-State]:<b>New York</b>
Locality Name (eg, city) []:<b>Westchester</b>
Organization Name (eg, company) [Internet Widgits Pty Ltd]:<b>Porcupine</b>
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:<b>FOO</b>
Common Name (eg, YOUR name) []:<b>foo.porcupine.org</b>
Email Address []:<b>wietse@porcupine.org</b>
Please enter the following 'extra' attributes
@ -2253,13 +2470,13 @@ An optional company name []:
</pre>
</blockquote>
<li> <p> Sign the public key certificate for host FOO with the
<li> <p> Sign the public key certificate for host foo.porcupine.org with the
Certification Authority private key that we created a few
steps ago. </p>
<blockquote>
<pre>
% <b>openssl ca -out FOO-cert.pem -infiles FOO-req.pem</b>
% <b>openssl ca -out foo-cert.pem -infiles foo-req.pem</b>
Using configuration from /etc/ssl/openssl.cnf
Enter PEM pass phrase:<b>whatever</b>
Check that the request matches the signature
@ -2269,7 +2486,7 @@ countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'New York'
localityName :PRINTABLE:'Westchester'
organizationName :PRINTABLE:'Porcupine'
commonName :PRINTABLE:'FOO'
commonName :PRINTABLE:'foo.porcupine.org'
emailAddress :IA5STRING:'wietse@porcupine.org'
Certificate is to be certified until Nov 21 19:40:56 2005 GMT (365 days)
Sign the certificate? [y/n]:<b>y</b>
@ -2287,9 +2504,9 @@ super-user privileges. </p>
<blockquote>
<pre>
# <b>cp demoCA/cacert.pem FOO-key.pem FOO-cert.pem /etc/postfix</b>
# <b>chmod 644 /etc/postfix/FOO-cert.pem /etc/postfix/cacert.pem</b>
# <b>chmod 400 /etc/postfix/FOO-key.pem</b>
# <b>cp demoCA/cacert.pem foo-key.pem foo-cert.pem /etc/postfix</b>
# <b>chmod 644 /etc/postfix/foo-cert.pem /etc/postfix/cacert.pem</b>
# <b>chmod 400 /etc/postfix/foo-key.pem</b>
</pre>
</blockquote>
@ -2307,14 +2524,14 @@ but don't require them from all clients. </p>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/cacert.pem
<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> =
btree:/var/spool/postfix/smtp_tls_session_cache
<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = yes
btree:/var/lib/postfix/smtp_tls_session_cache
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may
<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/cacert.pem
<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/FOO-cert.pem
<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/FOO-key.pem
<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/foo-cert.pem
<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/foo-key.pem
<a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> = yes
<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> =
btree:/var/spool/postfix/smtpd_tls_session_cache
btree:/var/lib/postfix/smtpd_tls_session_cache
<a href="postconf.5.html#tls_random_source">tls_random_source</a> = dev:/dev/urandom
# Postfix 2.3 and later
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may
@ -2347,6 +2564,12 @@ compiled this part of the documentation from Lutz's documents.
of the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> code in terms of enforcement levels, which
simplified the implementation greatly.
<li> Victor Duchovni implemented the fingerprint security level,
added more sanity checks, and separated TLS connection management
from security policy enforcement. The latter change simplified the
code that verifies certificate signatures, certificate names, and
certificate fingerprints.
</ul>
</body>

2
gnu/dist/postfix/html/TUNING_README.html vendored
View File

@ -243,7 +243,7 @@ out-of-control clients. </p>
<dl>
<dt> <a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (default: 50) </dt> <dd>
The maximum number of connections than an SMTP client may make
The maximum number of connections that an SMTP client may make
simultaneously. </dd>
<dt> <a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (default: no limit) </dt>

18
gnu/dist/postfix/html/XCLIENT_README.html vendored
View File

@ -19,7 +19,10 @@
<h2>Purpose of the XCLIENT extension to SMTP</h2>
<p> The XCLIENT command targets the following problems: </p>
<p> When an SMTP server announces support for the XCLIENT command,
an SMTP client may send information that overrides one or more
client-related session attributes. The XCLIENT command targets the
following problems: </p>
<ol>
@ -77,7 +80,7 @@ names are shown in upper case, they are in fact case insensitive.
xclient-command = XCLIENT 1*( SP attribute-name"="attribute-value )
</p>
<p>
attribute-name = ( NAME | ADDR | PROTO | HELO )
attribute-name = ( NAME | ADDR | PORT | PROTO | HELO )
</p>
<p>
attribute-value = xtext
@ -86,7 +89,7 @@ names are shown in upper case, they are in fact case insensitive.
<ul>
<li> <p> Attribute values are xtext encoded as per <a href="http://www.faqs.org/rfcs/rfc1891.html">RFC 1891</a>.
<li> <p> Attribute values are xtext encoded as per <a href="http://tools.ietf.org/html/rfc1891">RFC 1891</a>.
</p>
<li> <p> The NAME attribute specifies an SMTP client hostname
@ -99,6 +102,10 @@ names are shown in upper case, they are in fact case insensitive.
[UNAVAILABLE] when the address information is unavailable.
Address information is not enclosed with []. </p>
<li> <p> The PORT attribute specifies the SMTP client TCP port
number as a decimal number, or [UNAVAILABLE] when the information
is unavailable. </p>
<li> <p> The PROTO attribute specifies either SMTP or ESMTP.
</p>
@ -123,6 +130,9 @@ xtext encode attribute values. Servers that wish to interoperate
with these older implementations should be prepared to receive
unencoded information. </p>
<p> Note 4: Postfix implementations prior to version 2.5 do not
implement the PORT attribute. </p>
<h2>XCLIENT Server response</h2>
<p> Upon receipt of a correctly formatted XCLIENT command, the
@ -236,7 +246,7 @@ before each MAIL FROM command. </p>
<h2> References </h2>
<p> Moore, K, "SMTP Service Extension for Delivery Status Notifications",
<a href="http://www.faqs.org/rfcs/rfc1891.html">RFC 1891</a>, January 1996. </p>
<a href="http://tools.ietf.org/html/rfc1891">RFC 1891</a>, January 1996. </p>
</body>

28
gnu/dist/postfix/html/XFORWARD_README.html vendored
View File

@ -19,7 +19,10 @@
<h2>Purpose of the XFORWARD extension to SMTP</h2>
<p> The XFORWARD command targets the following problem: </p>
<p> When an SMTP server announces support for the XFORWARD command,
an SMTP client may send information that overrides one or more
client-related logging attributes. The XFORWARD command targets
the following problem: </p>
<ul>
@ -41,7 +44,7 @@ It is not implemented by passing additional parameters via the MAIL
FROM command, because doing so would require extending the MAIL
FROM command length limit by another 600 or more characters beyond
the space that is already needed to support other extensions such
as AUTH. </p>
as AUTH and DSN. </p>
<h2>XFORWARD Command syntax</h2>
@ -54,9 +57,8 @@ attributes that the XFORWARD implementation supports. </p>
<p> The client may send the XFORWARD request at any time except in
the middle of a mail delivery transaction (i.e. between MAIL and
DOT). The command may be pipelined when the server supports
ESMTP command pipelining.
</p>
RSET or DOT). The command may be pipelined when the server supports
ESMTP command pipelining. </p>
<p> The syntax of XFORWARD requests is described below. Upper case
and quoted strings specify terminals, lowercase strings specify
@ -69,7 +71,7 @@ names are shown in upper case, they are in fact case insensitive.
xforward-command = XFORWARD 1*( SP attribute-name"="attribute-value )
</p>
<p>
attribute-name = ( NAME | ADDR | PROTO | HELO | SOURCE )
attribute-name = ( NAME | ADDR | PORT | PROTO | HELO | SOURCE )
</p>
<p>
attribute-value = xtext
@ -78,7 +80,7 @@ names are shown in upper case, they are in fact case insensitive.
<ul>
<li> <p> Attribute values are xtext encoded as per <a href="http://www.faqs.org/rfcs/rfc1891.html">RFC 1891</a>.
<li> <p> Attribute values are xtext encoded as per <a href="http://tools.ietf.org/html/rfc1891">RFC 1891</a>.
</p>
<li> <p> The NAME attribute specifies the up-stream hostname,
@ -90,6 +92,10 @@ names are shown in upper case, they are in fact case insensitive.
Address information is not enclosed with []. The address may
be a non-IP address. </p>
<li> <p> The PORT attribute specifies an up-stream client TCP
port number in decimal, or [UNAVAILABLE] when the information
is unavailable. </p>
<li> <p> The PROTO attribute specifies the mail protocol for
receiving mail from the up-stream host. This may be an SMTP or
non-SMTP protocol name of up to 64 characters, or [UNAVAILABLE]
@ -139,7 +145,7 @@ unencoded information. </p>
server stores the specified attribute values, and erases the
attributes whose value was specified as [UNAVAILABLE]. All XFORWARD
attributes are reset to the real client information after the MAIL
FROM command completes. </p>
FROM transaction completes (i.e. after RSET or DOT). </p>
<h2> XFORWARD Server reply codes </h2>
@ -206,13 +212,13 @@ must be restricted to authorized clients. </p>
<p> SMTP connection caching makes it possible to deliver multiple
messages within the same SMTP session. The XFORWARD attributes are
reset after the MAIL FROM command completes, so there is no risk
of information leakage. </p>
reset after the MAIL FROM transaction completes (after RSET or DOT),
so there is no risk of information leakage. </p>
<h2> References </h2>
<p> Moore, K, "SMTP Service Extension for Delivery Status Notifications",
<a href="http://www.faqs.org/rfcs/rfc1891.html">RFC 1891</a>, January 1996. </p>
<a href="http://tools.ietf.org/html/rfc1891">RFC 1891</a>, January 1996. </p>
</body>

15
gnu/dist/postfix/html/access.5.html vendored
View File

@ -179,7 +179,7 @@ ACCESS(5) ACCESS(5)
<b>REJECT ACTIONS</b>
Postfix version 2.3 and later support enhanced status
codes as defined in <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>. When no code is specified
codes as defined in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>. When no code is specified
at the beginning of the <i>text</i> below, Postfix inserts a
default enhanced status code of "5.7.1" in the case of
reject actions, and "4.7.1" in the case of defer actions.
@ -225,6 +225,17 @@ ACCESS(5) ACCESS(5)
Apply the named UCE restriction(s) (<b>permit</b>, <b>reject</b>,
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a></b>, and so on).
<b>BCC</b> <i>user@domain</i>
Send one copy of the message to the specified
recipient.
If multiple BCC actions are specified within the
same SMTP MAIL transaction, only the last action
will be used.
This feature is not part of the stable Postfix
release.
<b>DISCARD</b> <i>optional text...</i>
Claim successful delivery and silently discard the
message. Log the optional text if specified, oth-
@ -311,7 +322,7 @@ ACCESS(5) ACCESS(5)
<b>ENHANCED STATUS CODES</b>
Postfix version 2.3 and later support enhanced status
codes as defined in <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>. When an enhanced status
codes as defined in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>. When an enhanced status
code is specified in an access table, it is subject to
modification. The following transformations are needed
when the same access table is used for client, helo,

4
gnu/dist/postfix/html/aliases.5.html vendored
View File

@ -65,7 +65,7 @@ ALIASES(5) ALIASES(5)
<i>address</i>
Mail is forwarded to <i>address</i>, which is compatible
with the <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> standard.
with the <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> standard.
<i>/file/name</i>
Mail is appended to <i>/file/name</i>. See <a href="local.8.html"><b>local</b>(8)</a> for
@ -174,7 +174,7 @@ ALIASES(5) ALIASES(5)
.forward files.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<b>SEE ALSO</b>
<a href="local.8.html">local(8)</a>, local delivery agent

41
gnu/dist/postfix/html/bounce.5.html vendored
View File

@ -139,49 +139,50 @@ BOUNCE(5) BOUNCE(5)
<b>o</b> Template message header names can be specified in
upper case, lower case or mixed case. Postfix
always uses the spelling as shown in the example
above.
always produces bounce message header labels of the
form "<b>From:</b>" and "<b>Subject:</b>".
<b>o</b> Template message headers must not span multiple
lines.
<b>o</b> Template message headers must not contain <a href="postconf.5.html">main.cf</a>
$parameters.
<b>o</b> Template message headers do not support $parameter
expansions.
<b>o</b> Template message headers must contain ASCII charac-
ters only.
ters only, and must not contain ASCII null charac-
ters.
<b>TEMPLATE MESSAGE TEXT FORMAT</b>
The second portion of a bounce template consists of mes-
sage text. As the above example shows, template message
text may contain <a href="postconf.5.html">main.cf</a> $parameters. Besides the parame-
The second portion of a bounce template consists of mes-
sage text. As the above example shows, template message
text may contain <a href="postconf.5.html">main.cf</a> $parameters. Besides the parame-
ters that are defined in <a href="postconf.5.html">main.cf</a>, the following parameters
are treated specially depending on the suffix that is
are treated specially depending on the suffix that is
appended to their name.
<b>delay_warning_time_</b><i>suffix</i>
Expands into the value of the <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a></b>
parameter, expressed in the time unit specified by
<i>suffix</i>, which is one of <b>seconds</b>, <b>minutes</b>, <b>hours,</b>
Expands into the value of the <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a></b>
parameter, expressed in the time unit specified by
<i>suffix</i>, which is one of <b>seconds</b>, <b>minutes</b>, <b>hours,</b>
<b>days</b>, or <b>weeks</b>.
<b>maximal_queue_lifetime_</b><i>suffix</i>
Expands into the value of the <b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_life</a>-</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">time</a></b> parameter, expressed in the time unit speci-
Expands into the value of the <b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_life</a>-</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">time</a></b> parameter, expressed in the time unit speci-
fied by <i>suffix</i>. See above under <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a></b>
for possible <i>suffix</i> values.
The usage and specification of template message text is
The usage and specification of template message text is
subject to the following restrictions:
<b>o</b> The template message text is not sent in Postmaster
copies of delivery status notifications.
<b>o</b> If the template message text contains non-ASCII
<b>o</b> If the template message text contains non-ASCII
characters, Postfix requires that the <b>Charset:</b> tem-
plate header is updated. Specify an appropriate
plate header is updated. Specify an appropriate
superset of US-ASCII. A superset is needed because
Postfix appends ASCII text after the message tem-
Postfix appends ASCII text after the message tem-
plate when it sends a delivery status notification.
<b>SEE ALSO</b>
@ -189,11 +190,11 @@ BOUNCE(5) BOUNCE(5)
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
The Postfix bounce template format was originally devel-
The Postfix bounce template format was originally devel-
oped by Nicolas Riendeau.
<b>AUTHOR(S)</b>

12
gnu/dist/postfix/html/bounce.8.html vendored
View File

@ -43,12 +43,12 @@ BOUNCE(8) BOUNCE(8)
on retry logic in their own client.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (Format of Internet Message Bodies)
<a href="http://www.faqs.org/rfcs/rfc2822.html">RFC 2822</a> (ARPA Internet Text Messages)
<a href="http://www.faqs.org/rfcs/rfc3462.html">RFC 3462</a> (Delivery Status Notifications)
<a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a> (Delivery Status Notifications)
<a href="http://www.faqs.org/rfcs/rfc3834.html">RFC 3834</a> (Auto-Submitted: message header)
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (Format of Internet Message Bodies)
<a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc3462">RFC 3462</a> (Delivery Status Notifications)
<a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery Status Notifications)
<a href="http://tools.ietf.org/html/rfc3834">RFC 3834</a> (Auto-Submitted: message header)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).

3
gnu/dist/postfix/html/cidr_table.5.html vendored
View File

@ -90,6 +90,9 @@ CIDR_TABLE(5) CIDR_TABLE(5)
<b>README FILES</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>HISTORY</b>
CIDR table support was introduced with Postfix version 2.1.
<b>AUTHOR(S)</b>
The CIDR table lookup code was originally written by:
Jozsef Kadlecsik

30
gnu/dist/postfix/html/cleanup.8.html vendored
View File

@ -55,11 +55,11 @@ CLEANUP(8) CLEANUP(8)
bounce the message back to the sender in case of trouble.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (MIME: Format of Internet Message Bodies)
<a href="http://www.faqs.org/rfcs/rfc2046.html">RFC 2046</a> (MIME: Media Types)
<a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced Status Codes)
<a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a> (Delivery status notifications)
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
<a href="http://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
@ -211,6 +211,12 @@ CLEANUP(8) CLEANUP(8)
The macros that are sent to Milter (mail filter)
applications after the message end-of-data.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#milter_end_of_header_macros">milter_end_of_header_macros</a> (see postconf -n output)</b>
The macros that are sent to Milter (mail filter)
applications after the end of the message header.
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.0 and later:
@ -226,21 +232,29 @@ CLEANUP(8) CLEANUP(8)
will handle.
<b><a href="postconf.5.html#strict_8bitmime">strict_8bitmime</a> (no)</b>
Enable both <a href="postconf.5.html#strict_7bit_headers">strict_7bit_headers</a> and strict_8bit-
Enable both <a href="postconf.5.html#strict_7bit_headers">strict_7bit_headers</a> and strict_8bit-
mime_body.
<b><a href="postconf.5.html#strict_7bit_headers">strict_7bit_headers</a> (no)</b>
Reject mail with 8-bit text in message headers.
<b><a href="postconf.5.html#strict_8bitmime_body">strict_8bitmime_body</a> (no)</b>
Reject 8-bit message body text without 8-bit MIME
Reject 8-bit message body text without 8-bit MIME
content encoding information.
<b><a href="postconf.5.html#strict_mime_encoding_domain">strict_mime_encoding_domain</a> (no)</b>
Reject mail with invalid Content-Transfer-Encoding:
information for the message/* or multipart/* MIME
information for the message/* or multipart/* MIME
content types.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#detect_8bit_encoding_header">detect_8bit_encoding_header</a> (yes)</b>
Automatically detect 8BITMIME body content by look-
ing at Content-Transfer-Encoding: message headers;
historically, this behavior was hard-coded to be
"always on".
<b>AUTOMATIC BCC RECIPIENT CONTROLS</b>
Postfix can automatically add BCC (blind carbon copy) when
mail enters the mail system:

12
gnu/dist/postfix/html/defer.8.html vendored
View File

@ -43,12 +43,12 @@ BOUNCE(8) BOUNCE(8)
on retry logic in their own client.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (Format of Internet Message Bodies)
<a href="http://www.faqs.org/rfcs/rfc2822.html">RFC 2822</a> (ARPA Internet Text Messages)
<a href="http://www.faqs.org/rfcs/rfc3462.html">RFC 3462</a> (Delivery Status Notifications)
<a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a> (Delivery Status Notifications)
<a href="http://www.faqs.org/rfcs/rfc3834.html">RFC 3834</a> (Auto-Submitted: message header)
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (Format of Internet Message Bodies)
<a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc3462">RFC 3462</a> (Delivery Status Notifications)
<a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery Status Notifications)
<a href="http://tools.ietf.org/html/rfc3834">RFC 3834</a> (Auto-Submitted: message header)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).

2
gnu/dist/postfix/html/discard.8.html vendored
View File

@ -18,7 +18,7 @@ DISCARD(8) DISCARD(8)
queue file, a sender address, a domain or host name that
is treated as the reason for discarding the mail, and
recipient information. The reason may be prefixed with an
<a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>-compatible detail code. This program expects to
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>-compatible detail code. This program expects to
be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
The <a href="discard.8.html"><b>discard</b>(8)</a> delivery agent pretends to deliver all

65
gnu/dist/postfix/html/error.8.html vendored
View File

@ -17,63 +17,64 @@ ERROR(8) ERROR(8)
requests from the queue manager. Each request specifies a
queue file, a sender address, the reason for non-delivery
(specified as the next-hop destination), and recipient
information. The reason may be prefixed with an <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC</a>
<a href="http://www.faqs.org/rfcs/rfc3463.html">3463</a>-compatible detail code. This program expects to be
run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
information. The reason may be prefixed with an <a href="http://tools.ietf.org/html/rfc3463">RFC</a>
<a href="http://tools.ietf.org/html/rfc3463">3463</a>-compatible detail code; if none is specified a
default 4.0.0 or 5.0.0 code is used instead. This program
expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
Depending on the service name in <a href="master.5.html">master.cf</a>, <b>error</b> or
<b>retry</b>, the server bounces or defers all recipients in the
delivery request using the "next-hop" information as the
reason for non-delivery. The <b>retry</b> service name is sup-
Depending on the service name in <a href="master.5.html">master.cf</a>, <b>error</b> or
<b>retry</b>, the server bounces or defers all recipients in the
delivery request using the "next-hop" information as the
reason for non-delivery. The <b>retry</b> service name is sup-
ported as of Postfix 2.4.
Delivery status reports are sent to the <a href="bounce.8.html"><b>bounce</b>(8)</a>,
Delivery status reports are sent to the <a href="bounce.8.html"><b>bounce</b>(8)</a>,
<a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
<b>SECURITY</b>
The <a href="error.8.html"><b>error</b>(8)</a> mailer is not security-sensitive. It does not
talk to the network, and can be run chrooted at fixed low
talk to the network, and can be run chrooted at fixed low
privilege.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
the postmaster is notified of bounces and of other trou-
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
the postmaster is notified of bounces and of other trou-
ble.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="error.8.html"><b>error</b>(8)</a>
processes run for only a limited amount of time. Use the
processes run for only a limited amount of time. Use the
command "<b>postfix reload</b>" to speed up a change.
The text below provides only a parameter summary. See
The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> (postmaster)</b>
The recipient of undeliverable mail that cannot be
The recipient of undeliverable mail that cannot be
returned to the sender.
<b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications with the
The recipient of postmaster notifications with the
message headers of mail that Postfix did not
deliver and of SMTP conversation transcripts of
deliver and of SMTP conversation transcripts of
mail that Postfix did not receive.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal
The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
@ -85,37 +86,37 @@ ERROR(8) ERROR(8)
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
The list of error classes that are reported to the
The list of error classes that are reported to the
postmaster.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
@ -128,7 +129,7 @@ ERROR(8) ERROR(8)
syslogd(8), system logging
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

71
gnu/dist/postfix/html/header_checks.5.html vendored
View File

@ -93,19 +93,19 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
respectively.
<b>/</b><i>pattern</i><b>/</b><i>flags action</i>
When <i>pattern</i> matches the input string, execute the
corresponding <i>action</i>. See below for a list of pos-
sible actions.
When /<i>pattern</i>/ matches the input string, execute
the corresponding <i>action</i>. See below for a list of
possible actions.
<b>!/</b><i>pattern</i><b>/</b><i>flags action</i>
When <i>pattern</i> does <b>not</b> match the input string, exe-
cute the corresponding <i>action</i>.
When /<i>pattern</i>/ does <b>not</b> match the input string,
execute the corresponding <i>action</i>.
<b>if /</b><i>pattern</i><b>/</b><i>flags</i>
<b>endif</b> Match the input string against the patterns between
<b>if</b> and <b>endif</b>, if and only if the same input string
also matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
also matches /<i>pattern</i>/. The <b>if</b>..<b>endif</b> can nest.
Note: do not prepend whitespace to patterns inside
<b>if</b>..<b>endif</b>.
@ -114,7 +114,7 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
<b>endif</b> Match the input string against the patterns between
<b>if</b> and <b>endif</b>, if and only if the same input string
does <b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
does <b>not</b> match /<i>pattern</i>/. The <b>if</b>..<b>endif</b> can nest.
blank lines and comments
Empty lines and whitespace-only lines are ignored,
@ -292,26 +292,31 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
a pattern before applying more drastic actions.
<b>BUGS</b>
Many people overlook the main limitations of header and
Empty lines never match, because some map types mis-behave
when given a zero-length search string. This limitation
may be removed for regular expression tables in a future
release.
Many people overlook the main limitations of header and
<a href="postconf.5.html#body_checks">body_checks</a> rules.
<b>o</b> These rules operate on one logical message header
<b>o</b> These rules operate on one logical message header
or one body line at a time. A decision made for one
line is not carried over to the next line.
<b>o</b> If text in the message body is encoded (<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a>)
<b>o</b> If text in the message body is encoded (<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>)
then the rules need to be specified for the encoded
form.
<b>o</b> Likewise, when message headers are encoded (<a href="http://www.faqs.org/rfcs/rfc2047.html">RFC</a>
<a href="http://www.faqs.org/rfcs/rfc2047.html">2047</a>) then the rules need to be specified for the
<b>o</b> Likewise, when message headers are encoded (<a href="http://tools.ietf.org/html/rfc2047">RFC</a>
<a href="http://tools.ietf.org/html/rfc2047">2047</a>) then the rules need to be specified for the
encoded form.
Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
excluded from inspection. Examples of such message headers
are <b>From:</b>, <b>To:</b>, <b>Message-ID:</b>, <b>Date:</b>.
Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be
Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be
examined before they are deleted. Examples are: <b>Bcc:, Con-</b>
<b>tent-Length:</b>, <b>Return-Path:</b>.
@ -319,11 +324,11 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
<b><a href="postconf.5.html#body_checks">body_checks</a></b>
Lookup tables with content filter rules for message
body lines. These filters see one physical line at
a time, in chunks of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b>
a time, in chunks of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b>
bytes.
<b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a></b>
The amount of content per message body segment
The amount of content per message body segment
(attachment) that is subjected to <b>$<a href="postconf.5.html#body_checks">body_checks</a></b> fil-
tering.
@ -333,32 +338,32 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
<b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
Lookup tables with content filter rules for message
header lines: respectively, these are applied to
the initial message headers (not including MIME
headers), to the MIME headers anywhere in the mes-
sage, and to the initial headers of attached mes-
header lines: respectively, these are applied to
the initial message headers (not including MIME
headers), to the MIME headers anywhere in the mes-
sage, and to the initial headers of attached mes-
sages.
Note: these filters see one logical message header
at a time, even when a message header spans multi-
ple lines. Message headers that are longer than
Note: these filters see one logical message header
at a time, even when a message header spans multi-
ple lines. Message headers that are longer than
<b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are truncated.
<b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a></b>
While receiving mail, give no special treatment to
MIME related message headers; all text after the
While receiving mail, give no special treatment to
MIME related message headers; all text after the
initial message headers is considered to be part of
the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is
applied to all the initial message headers, and
the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is
applied to all the initial message headers, and
that <b><a href="postconf.5.html#body_checks">body_checks</a></b> is applied to the remainder of the
message.
Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will
process a multi-line message header one line at a
Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will
process a multi-line message header one line at a
time.
<b>EXAMPLES</b>
Header pattern to block attachments with bad file name
Header pattern to block attachments with bad file name
extensions.
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
@ -386,8 +391,8 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table management
<a href="postsuper.1.html">postsuper(1)</a>, Postfix janitor
<a href="postcat.1.html">postcat(1)</a>, show Postfix queue file contents
<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a>, base64 and quoted-printable encoding rules
<a href="http://www.faqs.org/rfcs/rfc2047.html">RFC 2047</a>, message header encoding for non-ASCII text
<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>, base64 and quoted-printable encoding rules
<a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a>, message header encoding for non-ASCII text
<b>README FILES</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
@ -396,7 +401,7 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
<a href="BACKSCATTER_README.html">BACKSCATTER_README</a>, blocking returned forged mail
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

16
gnu/dist/postfix/html/index.html vendored
View File

@ -28,6 +28,8 @@
<li> <a href="BASIC_CONFIGURATION_README.html"> Basic configuration
</a>
<li> <a href="SOHO_README.html"> Small/home office hints and tips </a>
<li> <a href="STANDARD_CONFIGURATION_README.html"> Standard
configuration examples </a>
@ -54,6 +56,8 @@ configuration examples </a>
<li> <a href="QSHAPE_README.html"> Bottleneck analysis </a>
<li> <a href="STRESS_README.html"> Stress-dependent configuration </a>
<li> <a href="TUNING_README.html"> Performance tuning </a>
<li> <a href="DEBUG_README.html"> Debugging strategies </a>
@ -72,6 +76,14 @@ overview </a>
<li> <a href="BUILTIN_FILTER_README.html"> Built-in content inspection </a>
</ul>
</td>
<td width="30%" align="left" valign="top">
<ul>
<li> <a href="FILTER_README.html"> After-queue content filter </a>
<li> <a href="SMTPD_PROXY_README.html"> Before-queue content
@ -82,10 +94,6 @@ filter </a>
</ul>
</td>
<td width="30%" align="left" valign="top">
<p><strong>SMTP Relay and access control </strong></p>
<ul>

88
gnu/dist/postfix/html/ldap_table.5.html vendored
View File

@ -143,7 +143,7 @@ LDAP_TABLE(5) LDAP_TABLE(5)
timeout = 5
<b>search_base (No default; you must configure this)</b>
The <a href="http://www.faqs.org/rfcs/rfc2253.html">RFC2253</a> base DN at which to conduct the search,
The <a href="http://tools.ietf.org/html/rfc2253">RFC2253</a> base DN at which to conduct the search,
e.g.
search_base = dc=your, dc=com
@ -153,21 +153,21 @@ LDAP_TABLE(5) LDAP_TABLE(5)
<b>%%</b> This is replaced by a literal '%' character.
<b>%s</b> This is replaced by the input key. <a href="http://www.faqs.org/rfcs/rfc2253.html">RFC 2253</a>
<b>%s</b> This is replaced by the input key. <a href="http://tools.ietf.org/html/rfc2253">RFC 2253</a>
quoting is used to make sure that the input
key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form
user@domain, <b>%u</b> is replaced by the (<a href="http://www.faqs.org/rfcs/rfc2253.html">RFC</a>
<a href="http://www.faqs.org/rfcs/rfc2253.html">2253</a>) quoted local part of the address.
user@domain, <b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC</a>
<a href="http://tools.ietf.org/html/rfc2253">2253</a>) quoted local part of the address.
Otherwise, <b>%u</b> is replaced by the entire
search string. If the localpart is empty,
the search is suppressed and returns no
results.
<b>%d</b> When the input key is an address of the form
user@domain, <b>%d</b> is replaced by the (<a href="http://www.faqs.org/rfcs/rfc2253.html">RFC</a>
<a href="http://www.faqs.org/rfcs/rfc2253.html">2253</a>) quoted domain part of the address.
user@domain, <b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC</a>
<a href="http://tools.ietf.org/html/rfc2253">2253</a>) quoted domain part of the address.
Otherwise, the search is suppressed and
returns no results.
@ -191,7 +191,7 @@ LDAP_TABLE(5) LDAP_TABLE(5)
returns no results.
<b>query_filter (default: mailacceptinggeneralid=%s)</b>
The <a href="http://www.faqs.org/rfcs/rfc2254.html">RFC2254</a> filter used to search the directory,
The <a href="http://tools.ietf.org/html/rfc2254">RFC2254</a> filter used to search the directory,
where <b>%s</b> is a substitute for the address Postfix is
trying to resolve, e.g.
@ -203,21 +203,21 @@ LDAP_TABLE(5) LDAP_TABLE(5)
<b>%%</b> This is replaced by a literal '%' character.
(Postfix 2.2 and later).
<b>%s</b> This is replaced by the input key. <a href="http://www.faqs.org/rfcs/rfc2254.html">RFC 2254</a>
<b>%s</b> This is replaced by the input key. <a href="http://tools.ietf.org/html/rfc2254">RFC 2254</a>
quoting is used to make sure that the input
key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form
user@domain, <b>%u</b> is replaced by the (<a href="http://www.faqs.org/rfcs/rfc2254.html">RFC</a>
<a href="http://www.faqs.org/rfcs/rfc2254.html">2254</a>) quoted local part of the address.
user@domain, <b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC</a>
<a href="http://tools.ietf.org/html/rfc2254">2254</a>) quoted local part of the address.
Otherwise, <b>%u</b> is replaced by the entire
search string. If the localpart is empty,
the search is suppressed and returns no
results.
<b>%d</b> When the input key is an address of the form
user@domain, <b>%d</b> is replaced by the (<a href="http://www.faqs.org/rfcs/rfc2254.html">RFC</a>
<a href="http://www.faqs.org/rfcs/rfc2254.html">2254</a>) quoted domain part of the address.
user@domain, <b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC</a>
<a href="http://tools.ietf.org/html/rfc2254">2254</a>) quoted domain part of the address.
Otherwise, the search is suppressed and
returns no results.
@ -583,18 +583,56 @@ LDAP_TABLE(5) LDAP_TABLE(5)
<b>tls_require_cert (default: no)</b>
Whether or not to request server's X509 certificate
and check its validity when establishing SSL/TLS
connections.
connections. The supported values are <b>no</b> and <b>yes</b>.
With <b>no</b>, the server certificate trust chain is not
checked, but with OpenLDAP prior to 2.1.13, the
name in the server certificate must still match the
LDAP server name. With OpenLDAP 2.0.0 to 2.0.11 the
server name is not necessarily what you specified,
rather it is determined (by reverse lookup) from
the IP address of the LDAP server connection. With
OpenLDAP prior to 2.0.13, subjectAlternativeName
extensions in the LDAP server certificate are
ignored: the server name must match the subject
CommonName. The <b>no</b> setting corresponds to the <b>never</b>
value of <b>TLS_REQCERT</b> in LDAP client configuration
files.
Don't use TLS with OpenLDAP 2.0.x (and especially
with x &lt;= 11) if you can avoid it.
With <b>yes</b>, the server certificate must be issued by
a trusted CA, and not be expired. The LDAP server
name must match one of the name(s) found in the
certificate (see above for OpenLDAP library version
dependent behavior). The <b>yes</b> setting corresponds to
the <b>demand</b> value of <b>TLS_REQCERT</b> in LDAP client con-
figuration files.
The "try" and "never" values of <b>TLS_REQCERT</b> have no
equivalents here. They are not available with
OpenLDAP 2.0, and in any case have questionable
security properties. Either you want TLS verified
LDAP connections, or you don't.
The <b>yes</b> value only works correctly with Postfix 2.5
and later, or with OpenLDAP 2.0. Earlier Postfix
releases or later OpenLDAP releases don't work
together with this setting. Support for LDAP over
TLS was added to Postfix based on the OpenLDAP 2.0
API.
<b>tls_random_file (No default)</b>
Path of a file to obtain random bits from when
/dev/[u]random is not available, to be used by the
Path of a file to obtain random bits from when
/dev/[u]random is not available, to be used by the
client in SSL/TLS connections.
<b>tls_cipher_suite (No default)</b>
Cipher suite to use in SSL/TLS negotiations.
<b>EXAMPLE</b>
Here's a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
Here's a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
aliases. Assume that in <a href="postconf.5.html">main.cf</a>, you have:
<a href="postconf.5.html#alias_maps">alias_maps</a> = hash:/etc/aliases,
@ -605,14 +643,14 @@ LDAP_TABLE(5) LDAP_TABLE(5)
server_host = ldap.example.com
search_base = dc=example, dc=com
Upon receiving mail for a local address "ldapuser" that
isn't found in the /etc/aliases database, Postfix will
Upon receiving mail for a local address "ldapuser" that
isn't found in the /etc/aliases database, Postfix will
search the LDAP server listening at port 389 on ldap.exam-
ple.com. It will bind anonymously, search for any direc-
tory entries whose mailacceptinggeneralid attribute is
ple.com. It will bind anonymously, search for any direc-
tory entries whose mailacceptinggeneralid attribute is
"ldapuser", read the "maildrop" attributes of those found,
and build a list of their maildrops, which will be treated
as <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a> addresses to which the message will be deliv-
as <a href="http://tools.ietf.org/html/rfc822">RFC822</a> addresses to which the message will be deliv-
ered.
<b>SEE ALSO</b>
@ -626,13 +664,13 @@ LDAP_TABLE(5) LDAP_TABLE(5)
<a href="LDAP_README.html">LDAP_README</a>, Postfix LDAP client guide
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith
Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike
Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu,
Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith
Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike
Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu,
Victor Duchovni, and many others.
LDAP_TABLE(5)

175
gnu/dist/postfix/html/lmtp.8.html vendored
View File

@ -99,21 +99,22 @@ SMTP(8) SMTP(8)
low privilege.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> (SMTP protocol)
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://www.faqs.org/rfcs/rfc1651.html">RFC 1651</a> (SMTP service extensions)
<a href="http://www.faqs.org/rfcs/rfc1652.html">RFC 1652</a> (8bit-MIME transport)
<a href="http://www.faqs.org/rfcs/rfc1870.html">RFC 1870</a> (Message Size Declaration)
<a href="http://www.faqs.org/rfcs/rfc2033.html">RFC 2033</a> (LMTP protocol)
<a href="http://www.faqs.org/rfcs/rfc2034.html">RFC 2034</a> (SMTP Enhanced Error Codes)
<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (MIME: Format of Internet Message Bodies)
<a href="http://www.faqs.org/rfcs/rfc2046.html">RFC 2046</a> (MIME: Media Types)
<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (AUTH command)
<a href="http://www.faqs.org/rfcs/rfc2821.html">RFC 2821</a> (SMTP protocol)
<a href="http://www.faqs.org/rfcs/rfc2920.html">RFC 2920</a> (SMTP Pipelining)
<a href="http://www.faqs.org/rfcs/rfc3207.html">RFC 3207</a> (STARTTLS command)
<a href="http://www.faqs.org/rfcs/rfc3461.html">RFC 3461</a> (SMTP DSN Extension)
<a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc1651">RFC 1651</a> (SMTP service extensions)
<a href="http://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
<a href="http://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
<a href="http://tools.ietf.org/html/rfc2033">RFC 2033</a> (LMTP protocol)
<a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Error Codes)
<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
<a href="http://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
<a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command)
<a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
<a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
<a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8). Cor-
@ -193,7 +194,7 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
Quote addresses in SMTP MAIL FROM and RCPT TO com-
mands as required by <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
mands as required by <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
<b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
Skip SMTP servers that greet with a 5XX status code
@ -261,6 +262,24 @@ SMTP(8) SMTP(8)
riZation ID (authzid); send only the SASL authenti-
Cation ID (authcid) plus the authcid's password.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b>
Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix
SMTP client.
<b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b>
Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the
Postfix SMTP client.
<b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b>
Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the
Postfix SMTP client.
<b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b>
Restricted <a href="header_checks.5.html"><b>body_checks</b>(5)</a> tables for the Postfix
SMTP client.
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.0 and later:
@ -296,10 +315,10 @@ SMTP(8) SMTP(8)
tion is enabled.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
SASL security options; as of Postfix 2.3 the list
of available features depends on the SASL client
implementation that is selected with
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Postfix SMTP client SASL security options; as of
Postfix 2.3 the list of available features depends
on the SASL client implementation that is selected
with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Available in Postfix version 2.2 and later:
@ -318,52 +337,70 @@ SMTP(8) SMTP(8)
will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
Implementation-specific information that is passed
through to the SASL plug-in implementation that is
selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Implementation-specific information that the Post-
fix SMTP client passes through to the SASL plug-in
implementation that is selected with
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
The SASL plug-in type that the Postfix SMTP client
The SASL plug-in type that the Postfix SMTP client
should use for authentication.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
An optional table to prevent repeated SASL authen-
tication failures with the same remote SMTP server
hostname, username and password.
<b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b>
The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
entry before it is removed.
<b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b>
When a remote SMTP server rejects a SASL authenti-
cation request with a 535 reply code, defer mail
delivery instead of returning mail as undeliver-
able.
<b>STARTTLS SUPPORT CONTROLS</b>
Detailed information about STARTTLS configuration may be
Detailed information about STARTTLS configuration may be
found in the <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
The default SMTP TLS security level for the Postfix
SMTP client; when a non-empty value is specified,
this overrides the obsolete parameters
SMTP client; when a non-empty value is specified,
this overrides the obsolete parameters
<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and
<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
Time limit for Postfix SMTP client write and read
operations during TLS startup and shutdown hand-
Time limit for Postfix SMTP client write and read
operations during TLS startup and shutdown hand-
shake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP client
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP client
certificate.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
Directory with PEM format certificate authority
certificates that the Postfix SMTP client uses to
Directory with PEM format certificate authority
certificates that the Postfix SMTP client uses to
verify a remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
File with the Postfix SMTP client RSA certificate
File with the Postfix SMTP client RSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
The minimum TLS cipher grade that the Postfix SMTP
The minimum TLS cipher grade that the Postfix SMTP
client will use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
@ -372,43 +409,43 @@ SMTP(8) SMTP(8)
levels.
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
Additional list of ciphers or cipher types to
exclude from the SMTP client cipher list at manda-
Additional list of ciphers or cipher types to
exclude from the SMTP client cipher list at manda-
tory TLS security levels.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
File with the Postfix SMTP client DSA certificate
File with the Postfix SMTP client DSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
File with the Postfix SMTP client DSA private key
File with the Postfix SMTP client DSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
File with the Postfix SMTP client RSA private key
File with the Postfix SMTP client RSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
Enable additional Postfix SMTP client logging of
Enable additional Postfix SMTP client logging of
TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
Log the hostname of a remote SMTP server that
offers STARTTLS, when TLS is not already enabled
Log the hostname of a remote SMTP server that
offers STARTTLS, when TLS is not already enabled
for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
TLS security policy by next-hop destination; when a
non-empty value is specified, this overrides the
non-empty value is specified, this overrides the
obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
List of TLS protocols that the Postfix SMTP client
will use with mandatory TLS encryption.
List of SSL/TLS protocols that the Postfix SMTP
client will use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (5)</b>
The verification depth for remote SMTP server cer-
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
The verification depth for remote SMTP server cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
@ -416,7 +453,7 @@ SMTP(8) SMTP(8)
for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
Name of the file containing the optional Postfix
Name of the file containing the optional Postfix
SMTP client TLS session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
@ -428,9 +465,9 @@ SMTP(8) SMTP(8)
for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
server in order to seed its internal pseudo random
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
server in order to seed its internal pseudo random
number generator (PRNG).
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
@ -442,7 +479,7 @@ SMTP(8) SMTP(8)
ciphers.
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
The OpenSSL cipherlist for "LOW" or higher grade
The OpenSSL cipherlist for "LOW" or higher grade
ciphers.
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
@ -450,17 +487,28 @@ SMTP(8) SMTP(8)
ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
The OpenSSL cipherlist for "NULL" grade ciphers
The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
Available in Postfix version 2.4 and later:
<b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
<b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
sessions with a verified server certificate.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
List of acceptable remote SMTP server certificate
fingerprints for the "fingerprint" TLS security
level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = fingerprint).
<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (md5)</b>
The message digest algorithm used to construct
remote SMTP server certificate fingerprints.
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
@ -730,6 +778,9 @@ SMTP(8) SMTP(8)
that can't be found or that are unreachable.
<b>SEE ALSO</b>
<a href="generic.5.html">generic(5)</a>, output address rewriting
<a href="header_checks.5.html">header_checks(5)</a>, message header content inspection
<a href="header_checks.5.html">body_checks(5)</a>, body parts content inspection
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="scache.8.html">scache(8)</a>, connection cache server
@ -766,10 +817,6 @@ SMTP(8) SMTP(8)
SuSE Rhein/Main AG
65760 Eschborn, Germany
Connection caching in cooperation with:
Victor Duchovni
Morgan Stanley
TLS support originally by:
Lutz Jaenicke
BTU Cottbus
@ -777,5 +824,9 @@ SMTP(8) SMTP(8)
Universitaetsplatz 3-4
D-03044 Cottbus, Germany
Revised TLS and SMTP connection cache support by:
Victor Duchovni
Morgan Stanley
SMTP(8)
</pre> </body> </html>

266
gnu/dist/postfix/html/local.8.html vendored
View File

@ -183,7 +183,7 @@ LOCAL(8) LOCAL(8)
ventions defined in &lt;<b>sysexits.h</b>&gt;. Exit status 0 means
normal successful completion.
Postfix version 2.3 and later support <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>-style
Postfix version 2.3 and later support <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>-style
enhanced status codes. If a command terminates with a
non-zero exit status, and the command output begins with
an enhanced status code, this status code takes precedence
@ -212,6 +212,10 @@ LOCAL(8) LOCAL(8)
<b>LOCAL</b> The entire recipient address localpart (text to the
left of the rightmost @ character).
<b>ORIGINAL_RECIPIENT</b>
The entire recipient address, before any address
rewriting or aliasing (Postfix 2.5 and later).
<b>RECIPIENT</b>
The entire recipient address.
@ -221,149 +225,149 @@ LOCAL(8) LOCAL(8)
the following environment variables:
<b>CLIENT_ADDRESS</b>
Remote client network address. Available as of
Remote client network address. Available as of
Postfix 2.2.
<b>CLIENT_HELO</b>
Remote client EHLO command parameter. Available as
Remote client EHLO command parameter. Available as
of Postfix 2.2.
<b>CLIENT_HOSTNAME</b>
Remote client hostname. Available as of Postfix
Remote client hostname. Available as of Postfix
2.2.
<b>CLIENT_PROTOCOL</b>
Remote client protocol. Available as of Postfix
Remote client protocol. Available as of Postfix
2.2.
<b>SASL_METHOD</b>
SASL authentication method specified in the remote
SASL authentication method specified in the remote
client AUTH command. Available as of Postfix 2.2.
<b>SASL_SENDER</b>
SASL sender address specified in the remote client
SASL sender address specified in the remote client
MAIL FROM command. Available as of Postfix 2.2.
<b>SASL_USERNAME</b>
SASL username specified in the remote client AUTH
SASL username specified in the remote client AUTH
command. Available as of Postfix 2.2.
The <b>PATH</b> environment variable is always reset to a system-
dependent default path, and environment variables whose
names are blessed by the <b><a href="postconf.5.html#export_environment">export_environment</a></b> configuration
dependent default path, and environment variables whose
names are blessed by the <b><a href="postconf.5.html#export_environment">export_environment</a></b> configuration
parameter are exported unchanged.
The current working directory is the mail queue directory.
The <a href="local.8.html"><b>local</b>(8)</a> daemon prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>"
envelope header to each message, prepends an <b>X-Original-</b>
The <a href="local.8.html"><b>local</b>(8)</a> daemon prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>"
envelope header to each message, prepends an <b>X-Original-</b>
<b>To:</b> header with the recipient address as given to Postfix,
prepends an optional <b>Delivered-To:</b> header with the final
prepends an optional <b>Delivered-To:</b> header with the final
recipient envelope address, prepends a <b>Return-Path:</b> header
with the sender envelope address, and appends no empty
with the sender envelope address, and appends no empty
line.
<b>EXTERNAL FILE DELIVERY</b>
The delivery format depends on the destination filename
syntax. The default is to use UNIX-style mailbox format.
Specify a name ending in <b>/</b> for <b>qmail</b>-compatible <b>maildir</b>
The delivery format depends on the destination filename
syntax. The default is to use UNIX-style mailbox format.
Specify a name ending in <b>/</b> for <b>qmail</b>-compatible <b>maildir</b>
delivery.
The <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a></b> configuration parameter restricts
delivery to external files. The default setting (<b>alias,</b>
The <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a></b> configuration parameter restricts
delivery to external files. The default setting (<b>alias,</b>
<b>forward</b>) forbids file destinations in <b>:include:</b> files.
In the case of UNIX-style mailbox delivery, the <a href="local.8.html"><b>local</b>(8)</a>
In the case of UNIX-style mailbox delivery, the <a href="local.8.html"><b>local</b>(8)</a>
daemon prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header
to each message, prepends an <b>X-Original-To:</b> header with
the recipient address as given to Postfix, prepends an
optional <b>Delivered-To:</b> header with the final recipient
envelope address, prepends a &gt; character to lines begin-
ning with "<b>From</b> ", and appends an empty line. The enve-
lope sender address is available in the <b>Return-Path:</b>
header. When the destination is a regular file, it is
to each message, prepends an <b>X-Original-To:</b> header with
the recipient address as given to Postfix, prepends an
optional <b>Delivered-To:</b> header with the final recipient
envelope address, prepends a &gt; character to lines begin-
ning with "<b>From</b> ", and appends an empty line. The enve-
lope sender address is available in the <b>Return-Path:</b>
header. When the destination is a regular file, it is
locked for exclusive access while delivery is in progress.
In case of problems, an attempt is made to truncate a reg-
ular file to its original length.
In the case of <b>maildir</b> delivery, the local daemon prepends
an optional <b>Delivered-To:</b> header with the final envelope
recipient address, and prepends an <b>X-Original-To:</b> header
an optional <b>Delivered-To:</b> header with the final envelope
recipient address, and prepends an <b>X-Original-To:</b> header
with the recipient address as given to Postfix. The enve-
lope sender address is available in the <b>Return-Path:</b>
lope sender address is available in the <b>Return-Path:</b>
header.
<b>ADDRESS EXTENSION</b>
The optional <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b> configuration parameter
specifies how to separate address extensions from local
The optional <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b> configuration parameter
specifies how to separate address extensions from local
recipient names.
For example, with "<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +</b>", mail for
<i>name</i>+<i>foo</i> is delivered to the alias <i>name</i>+<i>foo</i> or to the
alias <i>name</i>, to the destinations listed in ~<i>name</i>/.<b>for-</b>
For example, with "<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +</b>", mail for
<i>name</i>+<i>foo</i> is delivered to the alias <i>name</i>+<i>foo</i> or to the
alias <i>name</i>, to the destinations listed in ~<i>name</i>/.<b>for-</b>
<b>ward</b>+<i>foo</i> or in ~<i>name</i>/.<b>forward</b>, to the mailbox owned by the
user <i>name</i>, or it is sent back as undeliverable.
In all cases the <a href="local.8.html"><b>local</b>(8)</a> daemon prepends an optional
`<b>Delivered-To:</b> header line with the final recipient
In all cases the <a href="local.8.html"><b>local</b>(8)</a> daemon prepends an optional
`<b>Delivered-To:</b> header line with the final recipient
address.
<b>DELIVERY RIGHTS</b>
Deliveries to external files and external commands are
Deliveries to external files and external commands are
made with the rights of the receiving user on whose behalf
the delivery is made. In the absence of a user context,
the delivery is made. In the absence of a user context,
the <a href="local.8.html"><b>local</b>(8)</a> daemon uses the owner rights of the <b>:include:</b>
file or alias database. When those files are owned by the
superuser, delivery is made with the rights specified with
the <b><a href="postconf.5.html#default_privs">default_privs</a></b> configuration parameter.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced status codes)
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8). Cor-
rupted message files are marked so that the queue manager
Problems and transactions are logged to <b>syslogd</b>(8). Cor-
rupted message files are marked so that the queue manager
can move them to the <b>corrupt</b> queue afterwards.
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
the postmaster is notified of bounces and of other trou-
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
the postmaster is notified of bounces and of other trou-
ble.
<b>SECURITY</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent needs a dual personality 1) to
access the private Postfix queue and IPC mechanisms, 2) to
impersonate the recipient and deliver to recipient-speci-
fied files or commands. It is therefore security sensi-
impersonate the recipient and deliver to recipient-speci-
fied files or commands. It is therefore security sensi-
tive.
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent disallows regular expression
substitution of $1 etc. in <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>, because that would
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent disallows regular expression
substitution of $1 etc. in <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>, because that would
open a security hole.
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent will silently ignore requests
to use the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server within <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>. Instead
it will open the table directly. Before Postfix version
2.2, the <a href="local.8.html"><b>local</b>(8)</a> delivery agent will terminate with a
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent will silently ignore requests
to use the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server within <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>. Instead
it will open the table directly. Before Postfix version
2.2, the <a href="local.8.html"><b>local</b>(8)</a> delivery agent will terminate with a
fatal error.
<b>BUGS</b>
For security reasons, the message delivery status of
external commands or of external files is never check-
For security reasons, the message delivery status of
external commands or of external files is never check-
pointed to file. As a result, the program may occasionally
deliver more than once to a command or external file. Bet-
ter safe than sorry.
Mutually-recursive aliases or ~/.<b>forward</b> files are not
detected early. The resulting mail forwarding loop is
Mutually-recursive aliases or ~/.<b>forward</b> files are not
detected early. The resulting mail forwarding loop is
broken by the use of the <b>Delivered-To:</b> message header.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as
<a href="local.8.html"><b>local</b>(8)</a> processes run for only a limited amount of time.
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as
<a href="local.8.html"><b>local</b>(8)</a> processes run for only a limited amount of time.
Use the command "<b>postfix reload</b>" to speed up a change.
The text below provides only a parameter summary. See
The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b>COMPATIBILITY CONTROLS</b>
@ -373,13 +377,13 @@ LOCAL(8) LOCAL(8)
<b><a href="postconf.5.html#expand_owner_alias">expand_owner_alias</a> (no)</b>
When delivering to an alias "aliasname" that has an
"owner-aliasname" companion alias, set the envelope
sender address to the expansion of the "owner-
sender address to the expansion of the "owner-
aliasname" alias.
<b><a href="postconf.5.html#owner_request_special">owner_request_special</a> (yes)</b>
Give special treatment to owner-listname and list-
name-request address localparts: don't split such
addresses when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is set to
Give special treatment to owner-listname and list-
name-request address localparts: don't split such
addresses when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is set to
"-".
<b><a href="postconf.5.html#sun_mailtool_compatibility">sun_mailtool_compatibility</a> (no)</b>
@ -388,66 +392,66 @@ LOCAL(8) LOCAL(8)
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#frozen_delivered_to">frozen_delivered_to</a> (yes)</b>
Update the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the
Delivered-To: address (see prepend_deliv-
ered_header) only once, at the start of a delivery
attempt; do not update the Delivered-To: address
Update the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the
Delivered-To: address (see prepend_deliv-
ered_header) only once, at the start of a delivery
attempt; do not update the Delivered-To: address
while expanding aliases or .forward files.
<b>DELIVERY METHOD CONTROLS</b>
The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to
low is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>,
<a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>,
<a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, fallback_trans-
The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to
low is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>,
<a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>,
<a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, fallback_trans-
port_maps, <a href="postconf.5.html#fallback_transport">fallback_transport</a>, and <a href="postconf.5.html#luser_relay">luser_relay</a>.
<b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b>
The alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a>
The alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a>
delivery.
<b><a href="postconf.5.html#forward_path">forward_path</a> (see 'postconf -d' output)</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent search list for finding
a .forward file with user-specified delivery meth-
a .forward file with user-specified delivery meth-
ods.
<b><a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a> (empty)</b>
Optional lookup tables with per-recipient message
delivery transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox
delivery, whether or not the recipients are found
Optional lookup tables with per-recipient message
delivery transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox
delivery, whether or not the recipients are found
in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_transport">mailbox_transport</a> (empty)</b>
Optional message delivery transport that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for mailbox
delivery to all local recipients, whether or not
Optional message delivery transport that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for mailbox
delivery to all local recipients, whether or not
they are found in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a> (empty)</b>
Optional lookup tables with per-recipient external
Optional lookup tables with per-recipient external
commands to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery.
<b><a href="postconf.5.html#mailbox_command">mailbox_command</a> (empty)</b>
Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> deliv-
Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> deliv-
ery agent should use for mailbox delivery.
<b><a href="postconf.5.html#home_mailbox">home_mailbox</a> (empty)</b>
Optional pathname of a mailbox file relative to a
Optional pathname of a mailbox file relative to a
<a href="local.8.html"><b>local</b>(8)</a> user's home directory.
<b><a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> (see 'postconf -d' output)</b>
The directory where <a href="local.8.html"><b>local</b>(8)</a> UNIX-style mailboxes
The directory where <a href="local.8.html"><b>local</b>(8)</a> UNIX-style mailboxes
are kept.
<b><a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a> (empty)</b>
Optional lookup tables with per-recipient message
delivery transports for recipients that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent could not find in the
Optional lookup tables with per-recipient message
delivery transports for recipients that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent could not find in the
<a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password database.
<b><a href="postconf.5.html#fallback_transport">fallback_transport</a> (empty)</b>
Optional message delivery transport that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for names that
are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password
Optional message delivery transport that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for names that
are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password
database.
<b><a href="postconf.5.html#luser_relay">luser_relay</a> (empty)</b>
@ -457,7 +461,7 @@ LOCAL(8) LOCAL(8)
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a> (empty)</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for
delivery to external command.
<b>MAILBOX LOCKING CONTROLS</b>
@ -466,15 +470,15 @@ LOCAL(8) LOCAL(8)
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
The time between attempts to acquire an exclusive
The time between attempts to acquire an exclusive
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
The time after which a stale exclusive mailbox
The time after which a stale exclusive mailbox
lockfile is removed.
<b><a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> (see 'postconf -d' output)</b>
How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before
How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before
attempting delivery.
<b>RESOURCE AND RATE CONTROLS</b>
@ -482,17 +486,17 @@ LOCAL(8) LOCAL(8)
Time limit for delivery to external commands.
<b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
The maximal number of addresses remembered by the
address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
The maximal number of addresses remembered by the
address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
<a href="virtual.5.html"><b>tual</b>(5)</a> alias expansion, or for <a href="showq.8.html"><b>showq</b>(8)</a> queue dis-
plays.
<b><a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> (2)</b>
The maximal number of parallel deliveries via the
The maximal number of parallel deliveries via the
local mail delivery transport to the same recipient
(when "<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or
the maximal number of parallel deliveries to the
same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when "local_destination_recipi-
(when "<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or
the maximal number of parallel deliveries to the
same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when "local_destination_recipi-
ent_limit &gt; 1").
<b><a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> (1)</b>
@ -505,49 +509,49 @@ LOCAL(8) LOCAL(8)
<b>SECURITY CONTROLS</b>
<b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> (alias, forward)</b>
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external com-
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external com-
mands.
<b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a> (alias, forward)</b>
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
<b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a> (see 'postconf -d' output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_com</a>-
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_com</a>-
<a href="postconf.5.html#mailbox_command">mand</a>.
<b><a href="postconf.5.html#default_privs">default_privs</a> (nobody)</b>
The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery
The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent for delivery to external file or command.
<b><a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> (see 'postconf -d' output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>.
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> (see 'postconf -d'</b>
<b>output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execu</a>-
<a href="postconf.5.html#command_execution_directory">tion_directory</a>.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal
The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
The list of environment variables that a Postfix
The list of environment variables that a Postfix
process will export to non-Postfix processes.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@ -555,39 +559,39 @@ LOCAL(8) LOCAL(8)
over an internal communication channel.
<b><a href="postconf.5.html#local_command_shell">local_command_shell</a> (empty)</b>
Optional shell program for <a href="local.8.html"><b>local</b>(8)</a> delivery to
Optional shell program for <a href="local.8.html"><b>local</b>(8)</a> delivery to
non-Postfix command.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a> (command, file, forward)</b>
The message delivery contexts where the Postfix
<a href="local.8.html"><b>local</b>(8)</a> delivery agent prepends a Delivered-To:
message header with the address that the mail was
The message delivery contexts where the Postfix
<a href="local.8.html"><b>local</b>(8)</a> delivery agent prepends a Delivered-To:
message header with the address that the mail was
delivered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
What address lookup tables copy an address exten-
What address lookup tables copy an address exten-
sion from the lookup key to the lookup result.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
@ -595,15 +599,15 @@ LOCAL(8) LOCAL(8)
sions (user+foo).
<b><a href="postconf.5.html#require_home_directory">require_home_directory</a> (no)</b>
Whether or not a <a href="local.8.html"><b>local</b>(8)</a> recipient's home direc-
tory must exist before mail delivery is attempted.
Whether or not a <a href="local.8.html"><b>local</b>(8)</a> recipient's home direc-
tory must exist before mail delivery is attempted.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>FILES</b>
@ -623,14 +627,14 @@ LOCAL(8) LOCAL(8)
syslogd(8), system logging
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
The <b>Delivered-To:</b> message header appears in the <b>qmail</b> sys-
tem by Daniel Bernstein.
The <i>maildir</i> structure appears in the <b>qmail</b> system by
The <i>maildir</i> structure appears in the <b>qmail</b> system by
Daniel Bernstein.
<b>AUTHOR(S)</b>

47
gnu/dist/postfix/html/mailq.1.html vendored
View File

@ -363,9 +363,10 @@ SENDMAIL(1) SENDMAIL(1)
The maximal number of Received: message headers
that is allowed in the primary message headers.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (version dependent)</b>
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
manager.
manager; prior to Postfix 2.4 the default value was
1000s.
<b>FAST FLUSH CONTROLS</b>
The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation
@ -373,37 +374,37 @@ SENDMAIL(1) SENDMAIL(1)
<b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
Optional list of destinations that are eligible for
per-destination logfiles with mail that is queued
per-destination logfiles with mail that is queued
to those destinations.
<b>VERP CONTROLS</b>
The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
details of Postfix support for variable envelope return
details of Postfix support for variable envelope return
path addresses.
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
The two default VERP delimiter characters.
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
The characters Postfix accepts as VERP delimiter
characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
The characters Postfix accepts as VERP delimiter
characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
and in SMTP commands.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are
The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are
updated with "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
The location of all postfix administrative com-
The location of all postfix administrative com-
mands.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
The directory with Postfix support programs and
The directory with Postfix support programs and
daemon programs.
<b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
@ -411,16 +412,16 @@ SENDMAIL(1) SENDMAIL(1)
<a href="postalias.1.html"><b>postalias</b>(1)</a> and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
The time after which the sender receives the mes-
The time after which the sender receives the mes-
sage headers of mail that is still queued.
<b><a href="postconf.5.html#enable_errors_to">enable_errors_to</a> (no)</b>
Report mail delivery errors to the address speci-
fied with the non-standard Errors-To: message
header, instead of the envelope sender address
(this feature is removed with Postfix version 2.2,
is turned off by default with Postfix version 2.1,
and is always turned on with older Postfix ver-
Report mail delivery errors to the address speci-
fied with the non-standard Errors-To: message
header, instead of the envelope sender address
(this feature is removed with Postfix version 2.2,
is turned off by default with Postfix version 2.1,
and is always turned on with older Postfix ver-
sions).
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
@ -428,21 +429,21 @@ SENDMAIL(1) SENDMAIL(1)
and most Postfix daemon processes.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
Don't rewrite message headers from remote clients
Don't rewrite message headers from remote clients
at all when this parameter is empty; otherwise, re-
write message headers and append the specified
write message headers and append the specified
domain name to incomplete addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>FILES</b>
@ -467,7 +468,7 @@ SENDMAIL(1) SENDMAIL(1)
<a href="VERP_README.html">VERP_README</a>, Postfix VERP howto
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

93
gnu/dist/postfix/html/master.5.html vendored
View File

@ -19,9 +19,9 @@ MASTER(5) MASTER(5)
process. The <a href="master.5.html">master.cf</a> configuration file defines how a
client program connects to a service, and what daemon pro-
gram runs when a service is requested. Most daemon pro-
cesses are short-lived and terminate after serving <b><a href="postconf.5.html#max_use">max_use</a></b>
clients, or after inactivity for <b><a href="postconf.5.html#max_idle">max_idle</a></b> or more units of
time.
cesses are short-lived and terminate voluntarily after
serving <b><a href="postconf.5.html#max_use">max_use</a></b> clients, or after inactivity for <b><a href="postconf.5.html#max_idle">max_idle</a></b>
or more units of time.
All daemons specified here must speak a Postfix-internal
protocol. In order to execute non-Postfix software use the
@ -109,44 +109,57 @@ MASTER(5) MASTER(5)
trolled with the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configura-
tion parameter in <a href="postconf.5.html">main.cf</a>).
<b>pass</b> The service listens on a UNIX-domain socket,
receives one open connection (file descrip-
tor passing) per connection request, and is
accessible to local clients only.
The service name is a pathname relative to
the Postfix queue directory (pathname con-
trolled with the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configura-
tion parameter in <a href="postconf.5.html">main.cf</a>).
This feature is available as of Postfix ver-
sion 2.5.
<b>Private (default: y)</b>
Whether or not access is restricted to the mail
system. Internet (type <b>inet</b>) services can't be
Whether or not access is restricted to the mail
system. Internet (type <b>inet</b>) services can't be
private.
<b>Unprivileged (default: y)</b>
Whether the service runs with root privileges or as
the owner of the Postfix system (the owner name is
the owner of the Postfix system (the owner name is
controlled by the <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> configuration variable
in the <a href="postconf.5.html">main.cf</a> file).
The <a href="local.8.html"><b>local</b>(8)</a>, <a href="pipe.8.html"><b>pipe</b>(8)</a>, <a href="spawn.8.html"><b>spawn</b>(8)</a>, and <a href="virtual.8.html"><b>virtual</b>(8)</a>
The <a href="local.8.html"><b>local</b>(8)</a>, <a href="pipe.8.html"><b>pipe</b>(8)</a>, <a href="spawn.8.html"><b>spawn</b>(8)</a>, and <a href="virtual.8.html"><b>virtual</b>(8)</a>
daemons require privileges.
<b>Chroot (default: y)</b>
Whether or not the service runs chrooted to the
Whether or not the service runs chrooted to the
mail queue directory (pathname is controlled by the
<b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configuration variable in the
<b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configuration variable in the
<a href="postconf.5.html">main.cf</a> file).
Chroot should not be used with the <a href="local.8.html"><b>local</b>(8)</a>,
<a href="pipe.8.html"><b>pipe</b>(8)</a>, <a href="spawn.8.html"><b>spawn</b>(8)</a>, and <a href="virtual.8.html"><b>virtual</b>(8)</a> daemons.
Although the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server can run chrooted,
<a href="pipe.8.html"><b>pipe</b>(8)</a>, <a href="spawn.8.html"><b>spawn</b>(8)</a>, and <a href="virtual.8.html"><b>virtual</b>(8)</a> daemons.
Although the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server can run chrooted,
doing so defeats most of the purpose of having that
service in the first place.
The files in the examples/chroot-setup subdirectory
of the Postfix source archive show set up a Postfix
chroot environment on a variety of systems. See
also <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> for issues related
chroot environment on a variety of systems. See
also <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> for issues related
to running daemons chrooted.
<b>Wake up time (default: 0)</b>
Automatically wake up the named service after the
specified number of seconds. The wake up is imple-
mented by connecting to the service and sending a
wake up request. A ? at the end of the wake-up
time field requests that no wake up events be sent
Automatically wake up the named service after the
specified number of seconds. The wake up is imple-
mented by connecting to the service and sending a
wake up request. A ? at the end of the wake-up
time field requests that no wake up events be sent
before the first time a service is used. Specify 0
for no automatic wake up.
@ -154,59 +167,59 @@ MASTER(5) MASTER(5)
a wake up timer.
<b>Process limit (default: $<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
The maximum number of processes that may execute
The maximum number of processes that may execute
this service simultaneously. Specify 0 for no
process count limit.
NOTE: Some Postfix services must be configured as a
single-process service (for example, <a href="qmgr.8.html"><b>qmgr</b>(8)</a>) and
some services must be configured with no process
single-process service (for example, <a href="qmgr.8.html"><b>qmgr</b>(8)</a>) and
some services must be configured with no process
limit (for example, <a href="cleanup.8.html"><b>cleanup</b>(8)</a>). These limits must
not be changed.
<b>Command name + arguments</b>
The command to be executed. Characters that are
special to the shell such as "&gt;" or "|" have no
special meaning here, and quotes cannot be used to
The command to be executed. Characters that are
special to the shell such as "&gt;" or "|" have no
special meaning here, and quotes cannot be used to
protect arguments containing whitespace.
The command name is relative to the Postfix daemon
The command name is relative to the Postfix daemon
directory (pathname is controlled by the <b><a href="postconf.5.html#daemon_directory">dae</a>-</b>
<b><a href="postconf.5.html#daemon_directory">mon_directory</a></b> configuration variable).
The command argument syntax for specific commands
is specified in the respective daemon manual page.
The command argument syntax for specific commands
is specified in the respective daemon manual page.
The following command-line options have the same
The following command-line options have the same
effect for all daemon programs:
<b>-D</b> Run the daemon under control by the command
<b>-D</b> Run the daemon under control by the command
specified with the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> variable
in the <a href="postconf.5.html">main.cf</a> configuration file. See
<a href="DEBUG_README.html">DEBUG_README</a> for hints and tips.
<b>-o</b> <i>name</i>=<i>value</i>
Override the named <a href="postconf.5.html">main.cf</a> configuration
parameter. The parameter value can refer to
parameter. The parameter value can refer to
other parameters as <i>$name</i> etc., just like in
<a href="postconf.5.html">main.cf</a>. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for syntax.
NOTE 1: do not specify whitespace around the
"=". In parameter values, either avoid
"=". In parameter values, either avoid
whitespace altogether, use commas instead of
spaces, or consider overrides like "-o
name=$override_parameter" with $over-
spaces, or consider overrides like "-o
name=$override_parameter" with $over-
ride_parameter set in <a href="postconf.5.html">main.cf</a>.
NOTE 2: Over-zealous use of parameter over-
rides makes the Postfix configuration hard
to understand and maintain. At a certain
point, it might be easier to configure mul-
tiple instances of Postfix, instead of con-
NOTE 2: Over-zealous use of parameter over-
rides makes the Postfix configuration hard
to understand and maintain. At a certain
point, it might be easier to configure mul-
tiple instances of Postfix, instead of con-
figuring multiple personalities via mas-
ter.cf.
<b>-v</b> Increase the verbose logging level. Specify
<b>-v</b> Increase the verbose logging level. Specify
multiple <b>-v</b> options to make a Postfix daemon
process increasingly verbose.
@ -219,7 +232,7 @@ MASTER(5) MASTER(5)
<a href="DEBUG_README.html">DEBUG_README</a>, Postfix debugging
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

1
gnu/dist/postfix/html/master.8.html vendored
View File

@ -171,6 +171,7 @@ MASTER(8) MASTER(8)
/etc/postfix/<a href="postconf.5.html">main.cf</a>, global configuration file.
/etc/postfix/<a href="master.5.html">master.cf</a>, master server configuration file.
/var/spool/postfix/pid/master.pid, master lock file.
/var/lib/postfix/master.lock, master lock file.
<b>SEE ALSO</b>
<a href="qmgr.8.html">qmgr(8)</a>, queue manager

19
gnu/dist/postfix/html/mysql_table.5.html vendored
View File

@ -259,7 +259,15 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values.
The following parameters can be used to fill in a SELECT
<b>OBSOLETE QUERY INTERFACE</b>
This section describes an interface that is deprecated as
of Postfix 2.2. It is replaced by the more general <b>query</b>
interface described above. If the <b>query</b> parameter is
defined, the legacy parameters described here ignored.
Please migrate to the new interface as the legacy inter-
face may be removed in a future release.
The following parameters can be used to fill in a SELECT
template statement of the form:
SELECT [<b>select_field</b>]
@ -267,18 +275,11 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>]
The specifier %s is replaced by the search string, and is
The specifier %s is replaced by the search string, and is
escaped so if it contains single quotes or other odd char-
acters, it will not cause a parse error, or worse, a secu-
rity problem.
As of Postfix 2.2 this interface is obsolete, it is
replaced by the more general <b>query</b> interface described
above. If the <b>query</b> parameter is defined, the legacy
parameters are ignored. Please migrate to the new inter-
face as the legacy interface may be removed in a future
release.
<b>select_field</b>
The SQL "select" parameter. Example:
<b>select_field</b> = forw_addr

47
gnu/dist/postfix/html/newaliases.1.html vendored
View File

@ -363,9 +363,10 @@ SENDMAIL(1) SENDMAIL(1)
The maximal number of Received: message headers
that is allowed in the primary message headers.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (version dependent)</b>
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
manager.
manager; prior to Postfix 2.4 the default value was
1000s.
<b>FAST FLUSH CONTROLS</b>
The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation
@ -373,37 +374,37 @@ SENDMAIL(1) SENDMAIL(1)
<b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
Optional list of destinations that are eligible for
per-destination logfiles with mail that is queued
per-destination logfiles with mail that is queued
to those destinations.
<b>VERP CONTROLS</b>
The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
details of Postfix support for variable envelope return
details of Postfix support for variable envelope return
path addresses.
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
The two default VERP delimiter characters.
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
The characters Postfix accepts as VERP delimiter
characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
The characters Postfix accepts as VERP delimiter
characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
and in SMTP commands.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are
The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are
updated with "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
The location of all postfix administrative com-
The location of all postfix administrative com-
mands.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
The directory with Postfix support programs and
The directory with Postfix support programs and
daemon programs.
<b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
@ -411,16 +412,16 @@ SENDMAIL(1) SENDMAIL(1)
<a href="postalias.1.html"><b>postalias</b>(1)</a> and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
The time after which the sender receives the mes-
The time after which the sender receives the mes-
sage headers of mail that is still queued.
<b><a href="postconf.5.html#enable_errors_to">enable_errors_to</a> (no)</b>
Report mail delivery errors to the address speci-
fied with the non-standard Errors-To: message
header, instead of the envelope sender address
(this feature is removed with Postfix version 2.2,
is turned off by default with Postfix version 2.1,
and is always turned on with older Postfix ver-
Report mail delivery errors to the address speci-
fied with the non-standard Errors-To: message
header, instead of the envelope sender address
(this feature is removed with Postfix version 2.2,
is turned off by default with Postfix version 2.1,
and is always turned on with older Postfix ver-
sions).
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
@ -428,21 +429,21 @@ SENDMAIL(1) SENDMAIL(1)
and most Postfix daemon processes.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
Don't rewrite message headers from remote clients
Don't rewrite message headers from remote clients
at all when this parameter is empty; otherwise, re-
write message headers and append the specified
write message headers and append the specified
domain name to incomplete addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>FILES</b>
@ -467,7 +468,7 @@ SENDMAIL(1) SENDMAIL(1)
<a href="VERP_README.html">VERP_README</a>, Postfix VERP howto
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

105
gnu/dist/postfix/html/oqmgr.8.html vendored
View File

@ -149,8 +149,8 @@ OQMGR(8) OQMGR(8)
manager of the arrival of new mail one would request <b>I</b>.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced status codes)
<a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a> (Delivery status notifications)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<b>SECURITY</b>
The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon is not security sensitive. It reads
@ -187,9 +187,11 @@ OQMGR(8) OQMGR(8)
<b>ter.cf</b> entry.
<b>COMPATIBILITY CONTROLS</b>
Available before Postfix version 2.5:
<b><a href="postconf.5.html#allow_min_user">allow_min_user</a> (no)</b>
Allow a recipient address to have `-' as the first
character.
Allow a sender or recipient address to have `-' as
the first character.
<b>ACTIVE QUEUE CONTROLS</b>
<b><a href="postconf.5.html#qmgr_clog_warn_time">qmgr_clog_warn_time</a> (300s)</b>
@ -220,33 +222,75 @@ OQMGR(8) OQMGR(8)
The default maximal number of parallel deliveries
to the same destination.
<i>transport</i><b>_destination_concurrency_limit</b>
<b><a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> ($<a href="postconf.5.html#initial_destination_concurrency">initial_desti</a>-</b>
<b><a href="postconf.5.html#initial_destination_concurrency">nation_concurrency</a>)</b>
Initial concurrency for delivery via the named mes-
sage <i>transport</i>.
<b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> (1)</b>
How many pseudo-cohorts must suffer connection or
handshake failure before a specific destination is
considered unavailable (and further delivery is
suspended).
<b><a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a></b>
<b>($<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> (1)</b>
The per-destination amount of delivery concurrency
negative feedback, after a delivery completes with
a connection or handshake failure.
<b><a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a></b>
<b>($<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> (1)</b>
The per-destination amount of delivery concurrency
positive feedback, after a delivery completes with-
out connection or handshake failure.
<b><a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a></b>
<b>($<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#destination_concurrency_feedback_debug">destination_concurrency_feedback_debug</a> (no)</b>
Make the queue manager's feedback algorithm verbose
for performance analysis purposes.
<b>RECIPIENT SCHEDULING CONTROLS</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a> (50)</b>
The default maximal number of recipients per mes-
sage delivery.
<i>transport</i><b>_destination_recipient_limit</b>
<b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b>
Idem, for delivery via the named message <i>transport</i>.
<b>OTHER RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (version dependent)</b>
<b><a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (300s)</b>
The minimal time between attempts to deliver a
deferred message.
deferred message; prior to Postfix 2.4 the default
value was 1000s.
<b><a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a> (4000s)</b>
The maximal time between attempts to deliver a
The maximal time between attempts to deliver a
deferred message.
<b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> (5d)</b>
The maximal time a message is queued before it is
The maximal time a message is queued before it is
sent back as undeliverable.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (version dependent)</b>
The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
manager.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
manager; prior to Postfix 2.4 the default value was
1000s.
<b><a href="postconf.5.html#transport_retry_time">transport_retry_time</a> (60s)</b>
The time between attempts by the Postfix queue man-
@ -259,14 +303,27 @@ OQMGR(8) OQMGR(8)
The maximal time a bounce message is queued before
it is considered undeliverable.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a> (0s)</b>
The default amount of delay that is inserted
between individual deliveries to the same destina-
tion; with per-destination recipient limit &gt; 1, a
destination is a domain, otherwise it is a recipi-
ent.
<b><a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> $<a href="postconf.5.html#default_destination_rate_delay">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_rate_delay">tion_rate_delay</a></b>
Idem, for delivery via the named message <i>transport</i>.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#defer_transports">defer_transports</a> (empty)</b>
@ -275,11 +332,11 @@ OQMGR(8) OQMGR(8)
"<b>sendmail -q</b>" or equivalent.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal
The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
Log warnings about problematic configuration set-
Log warnings about problematic configuration set-
tings, and provide helpful suggestions.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@ -287,23 +344,23 @@ OQMGR(8) OQMGR(8)
over an internal communication channel.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>FILES</b>
@ -326,7 +383,7 @@ OQMGR(8) OQMGR(8)
<a href="QSHAPE_README.html">QSHAPE_README</a>, Postfix queue analysis
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

28
gnu/dist/postfix/html/pgsql_table.5.html vendored
View File

@ -61,7 +61,7 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
<b>query</b> = SELECT <i>select</i><b>_</b><i>function</i>('%s')
or in the absence of <b>selection_function</b>, the lower prece-
or in the absence of <b>select_function</b>, the lower prece-
dence:
<b>query</b> = SELECT <i>select</i><b>_</b><i>field</i>
@ -264,23 +264,26 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values.
Pre-Postfix 2.2 legacy interfaces:
<b>OBSOLETE QUERY INTERFACES</b>
This section describes query interfaces that are depre-
cated as of Postfix 2.2. Please migrate to the new <b>query</b>
interface as the old interfaces are slated to be phased
out.
<b>select_function</b>
This parameter specifies a database function name.
This parameter specifies a database function name.
Example:
select_function = my_lookup_user_alias
This is equivalent to:
query = SELECT my_lookup_user_alias('%s')
This parameter overrides the legacy table-related
fields (described below). With Postfix versions
prior to 2.2, it also overrides the <b>query</b> parame-
This parameter overrides the legacy table-related
fields (described below). With Postfix versions
prior to 2.2, it also overrides the <b>query</b> parame-
ter. Starting with Postfix 2.2, the <b>query</b> parameter
has highest precedence, and this parameter is dep-
recated. Please migrate to the new <b>query</b> interface
as this interface is slated to be phased out.
has highest precedence, and the <b>select_function</b>
parameter is deprecated.
The following parameters (with lower precedence than the
<b>select_function</b> interface described above) can be used to
@ -299,9 +302,8 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
Starting with Postfix 2.2, this interface is obsoleted by
the more general <b>query</b> interface described above. If
higher precedence the <b>query</b> or <b>select_function</b> parameters
described above are defined, these parameters are ignored.
Please migrate to the new <b>query</b> interface as this inter-
face is slated to be phased out.
described above are defined, the parameters described here
are ignored.
<b>select_field</b>
The SQL "select" parameter. Example:
@ -329,7 +331,7 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
<a href="PGSQL_README.html">PGSQL_README</a>, Postfix PostgreSQL client guide
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>

162
gnu/dist/postfix/html/pipe.8.html vendored
View File

@ -30,14 +30,16 @@ PIPE(8) PIPE(8)
<a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
<b>SINGLE-RECIPIENT DELIVERY</b>
Some external commands cannot handle more than one recipi-
ent per delivery request. Examples of such transports are
pagers or fax machines.
Some destinations cannot handle more than one recipient
per delivery request. Examples are pagers or fax machines.
In addition, multi-recipient delivery is undesirable when
prepending a <b>Delivered-to:</b> or <b>X-Original-To:</b> message
header.
To prevent Postfix from sending multiple recipients per
delivery request, specify
<i>transport</i><b>_destination_recipient_limit = 1</b>
<b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> = 1</b>
in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, where <i>transport</i> is the name
in the first column of the Postfix <a href="master.5.html"><b>master.cf</b></a> entry for the
@ -74,7 +76,7 @@ PIPE(8) PIPE(8)
escape sequences are recognized: <b>\a \b \f \n \r \t</b>
<b>\v \</b><i>ddd</i> (up to three octal digits) and <b>\\</b>.
<b>flags=BDFORhqu.</b>&gt; (optional)
<b>flags=BDFORXhqu.</b>&gt; (optional)
Optional message processing flags. By default, a
message is copied unchanged.
@ -86,7 +88,15 @@ PIPE(8) PIPE(8)
<b>D</b> Prepend a "<b>Delivered-To:</b> <i>recipient</i>" message
header with the envelope recipient address.
Note: for this to work, the <i>transport</i><b>_desti-</b>
<b>nation_recipient_limit</b> must be 1.
<b>nation_recipient_limit</b> must be 1 (see SIN-
GLE-RECIPIENT DELIVERY above for details).
The <b>D</b> flag also enforces loop detection
(Postfix 2.5 and later): if a message
already contains a <b>Delivered-To:</b> header with
the same recipient address, then the message
is returned as undeliverable. The address
comparison is case insensitive.
This feature is available as of Postfix 2.0.
@ -97,25 +107,38 @@ PIPE(8) PIPE(8)
<b>O</b> Prepend an "<b>X-Original-To:</b> <i>recipient</i>" mes-
sage header with the recipient address as
given to Postfix. Note: for this to work,
the <i>transport</i><b>_destination_recipient_limit</b>
must be 1.
the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b>
must be 1 (see SINGLE-RECIPIENT DELIVERY
above for details).
This feature is available as of Postfix 2.0.
<b>R</b> Prepend a <b>Return-Path:</b> message header with
<b>R</b> Prepend a <b>Return-Path:</b> message header with
the envelope sender address.
<b>h</b> Fold the command-line <b>$recipient</b> domain name
and <b>$nexthop</b> host name to lower case. This
is recommended for delivery via <b>UUCP</b>.
<b>X</b> Indicate that the external command performs
final delivery. This flag affects the sta-
tus reported in "success" DSN (delivery sta-
tus notification) messages, and changes it
from "relayed" into "delivered".
This feature is available as of Postfix 2.5.
<b>h</b> Fold the command-line <b>$original_recipient</b>
and <b>$recipient</b> address domain part (text to
the right of the right-most <b>@</b> character) to
lower case; fold the entire command-line
<b>$domain</b> and <b>$nexthop</b> host or domain informa-
tion to lower case. This is recommended for
delivery via <b>UUCP</b>.
<b>q</b> Quote white space and other special charac-
ters in the command-line <b>$sender</b> and <b>$recip-</b>
<b>ient</b> address localparts (text to the left of
the right-most <b>@</b> character), according to an
8-bit transparent version of <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a>. This
is recommended for delivery via <b>UUCP</b> or
<b>BSMTP</b>.
ters in the command-line <b>$sender</b>, <b>$origi-</b>
<b>nal_recipient</b> and <b>$recipient</b> address local-
parts (text to the left of the right-most <b>@</b>
character), according to an 8-bit transpar-
ent version of <a href="http://tools.ietf.org/html/rfc822">RFC 822</a>. This is recommended
for delivery via <b>UUCP</b> or <b>BSMTP</b>.
The result is compatible with the address
parsing of command-line recipients by the
@ -126,53 +149,53 @@ PIPE(8) PIPE(8)
<b>$user</b>, <b>$extension</b> or <b>$mailbox</b> command-line
macros.
<b>u</b> Fold the command-line <b>$recipient</b> address
localpart (text to the left of the right-
most <b>@</b> character) to lower case. This is
recommended for delivery via <b>UUCP</b>.
<b>u</b> Fold the command-line <b>$original_recipient</b>
and <b>$recipient</b> address localpart (text to
the left of the right-most <b>@</b> character) to
lower case. This is recommended for deliv-
ery via <b>UUCP</b>.
<b>.</b> Prepend "<b>.</b>" to lines starting with "<b>.</b>". This
is needed by, for example, <b>BSMTP</b> software.
&gt; Prepend "&gt;" to lines starting with "<b>From</b> ".
&gt; Prepend "&gt;" to lines starting with "<b>From</b> ".
This is expected by, for example, <b>UUCP</b> soft-
ware.
<b>null_sender</b>=<i>replacement</i> (default: MAILER-DAEMON)
Replace the null sender address (typically used for
delivery status notifications) with the specified
delivery status notifications) with the specified
text when expanding the <b>$sender</b> command-line macro,
and when generating a From_ or Return-Path: message
header.
If the null sender replacement text is a non-empty
string then it is affected by the <b>q</b> flag for
If the null sender replacement text is a non-empty
string then it is affected by the <b>q</b> flag for
address quoting in command-line arguments.
The null sender replacement text may be empty; this
form is recommended for content filters that feed
form is recommended for content filters that feed
mail back into Postfix. The empty sender address is
not affected by the <b>q</b> flag for address quoting in
not affected by the <b>q</b> flag for address quoting in
command-line arguments.
Caution: a null sender address is easily mis-parsed
by naive software. For example, when the <a href="pipe.8.html"><b>pipe</b>(8)</a>
by naive software. For example, when the <a href="pipe.8.html"><b>pipe</b>(8)</a>
daemon executes a command such as:
command -f$sender -- $recipient (<i>bad</i>)
the command will mis-parse the -f option value when
the sender address is a null string. For correct
the sender address is a null string. For correct
parsing, specify <b>$sender</b> as an argument by itself:
command -f $sender -- $recipient (<i>good</i>)
This feature is available with Postfix 2.3 and
later.
This feature is available as of Postfix 2.3.
<b>size</b>=<i>size</i><b>_</b><i>limit</i> (optional)
Messages greater in size than this limit (in bytes)
will be returned to the sender as undeliverable.
Don't deliver messages that exceed this size limit
(in bytes); return them to the sender instead.
<b>user</b>=<i>username</i> (required)
@ -218,44 +241,77 @@ PIPE(8) PIPE(8)
This is available in Postfix 2.2 and later.
<b>${client_port</b>}
This macro expands to the remote client TCP
port number.
This is available in Postfix 2.5 and later.
<b>${client_protocol</b>}
This macro expands to the remote client pro-
tocol.
This is available in Postfix 2.2 and later.
<b>${domain</b>}
This macro expands to the domain portion of
the recipient address. For example, with an
address <i>user+foo@domain</i> the domain is
<i>domain</i>.
This information is modified by the <b>h</b> flag
for case folding.
This is available in Postfix 2.5 and later.
<b>${extension</b>}
This macro expands to the extension part of
a recipient address. For example, with an
This macro expands to the extension part of
a recipient address. For example, with an
address <i>user+foo@domain</i> the extension is
<i>foo</i>.
A command-line argument that contains
<b>${extension</b>} expands into as many command-
A command-line argument that contains
<b>${extension</b>} expands into as many command-
line arguments as there are recipients.
This information is modified by the <b>u</b> flag
This information is modified by the <b>u</b> flag
for case folding.
<b>${mailbox</b>}
This macro expands to the complete local
part of a recipient address. For example,
with an address <i>user+foo@domain</i> the mailbox
This macro expands to the complete local
part of a recipient address. For example,
with an address <i>user+foo@domain</i> the mailbox
is <i>user+foo</i>.
A command-line argument that contains
<b>${mailbox</b>} expands to as many command-line
A command-line argument that contains
<b>${mailbox</b>} expands to as many command-line
arguments as there are recipients.
This information is modified by the <b>u</b> flag
This information is modified by the <b>u</b> flag
for case folding.
<b>${nexthop</b>}
This macro expands to the next-hop hostname.
This information is modified by the <b>h</b> flag
This information is modified by the <b>h</b> flag
for case folding.
<b>${original_recipient</b>}
This macro expands to the complete recipient
address before any address rewriting or
aliasing.
A command-line argument that contains
<b>${original_recipient</b>} expands to as many
command-line arguments as there are recipi-
ents.
This information is modified by the <b>hqu</b>
flags for quoting and case folding.
This feature is available in Postfix 2.5 and
later.
<b>${recipient</b>}
This macro expands to the complete recipient
address.
@ -278,8 +334,8 @@ PIPE(8) PIPE(8)
<b>${sasl_sender</b>}
This macro expands to the SASL sender name
(i.e. the original submitter as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC</a>
<a href="http://www.faqs.org/rfcs/rfc2554.html">2554</a>) used during the reception of the mes-
(i.e. the original submitter as per <a href="http://tools.ietf.org/html/rfc4954">RFC</a>
<a href="http://tools.ietf.org/html/rfc4954">4954</a>) used during the reception of the mes-
sage.
This is available in Postfix 2.2 and later.
@ -321,14 +377,14 @@ PIPE(8) PIPE(8)
for case folding.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced status codes)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<b>DIAGNOSTICS</b>
Command exit status codes are expected to follow the con-
ventions defined in &lt;<b>sysexits.h</b>&gt;. Exit status 0 means
normal successful completion.
Postfix version 2.3 and later support <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>-style
Postfix version 2.3 and later support <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>-style
enhanced status codes. If a command terminates with a
non-zero exit status, and the command output begins with
an enhanced status code, this status code takes precedence
@ -356,19 +412,19 @@ PIPE(8) PIPE(8)
In the text below, <i>transport</i> is the first field in a <b>mas-</b>
<b>ter.cf</b> entry.
<i>transport</i><b>_destination_concurrency_limit ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
Limit the number of parallel deliveries to the same
destination, for delivery via the named <i>transport</i>.
The limit is enforced by the Postfix queue manager.
<i>transport</i><b>_destination_recipient_limit ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
Limit the number of recipients per message deliv-
ery, for delivery via the named <i>transport</i>. The
limit is enforced by the Postfix queue manager.
<i>transport</i><b>_time_limit ($<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b>
<b><a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> ($<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b>
Limit the time for delivery to external command,
for delivery via the named <i>transport</i>. The limit is
enforced by the pipe delivery agent.

2
gnu/dist/postfix/html/postalias.1.html vendored
View File

@ -215,7 +215,7 @@ POSTALIAS(1) POSTALIAS(1)
becomes, for example, "postfix/smtpd".
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<b>SEE ALSO</b>
<a href="aliases.5.html">aliases(5)</a>, format of alias database input file.

1439
gnu/dist/postfix/html/postconf.5.html vendored
View File

File diff suppressed because it is too large Load Diff

59
gnu/dist/postfix/html/postfix.1.html vendored
View File

@ -56,14 +56,17 @@ POSTFIX(1) POSTFIX(1)
<b>reload</b> Re-read configuration files. Running processes ter-
minate at their earliest convenience.
<b>status</b> Indicate if the Postfix mail system is currently
running.
<b>set-permissions [</b><i>name</i>=<i>value ...</i><b>]</b>
Set the ownership and permissions of Postfix
related files and directories, as specified in the
Set the ownership and permissions of Postfix
related files and directories, as specified in the
<b>postfix-files</b> file.
Specify <i>name</i>=<i>value</i> to override and update specific
<a href="postconf.5.html">main.cf</a> configuration parameters. Use this, for
example, to change the <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> or <b><a href="postconf.5.html#setgid_group">setgid_group</a></b>
Specify <i>name</i>=<i>value</i> to override and update specific
<a href="postconf.5.html">main.cf</a> configuration parameters. Use this, for
example, to change the <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> or <b><a href="postconf.5.html#setgid_group">setgid_group</a></b>
setting for an already installed Postfix system.
This feature is available in Postfix 2.1 and later.
@ -71,12 +74,12 @@ POSTFIX(1) POSTFIX(1)
<b>fix/post-install set-permissions</b>".
<b>upgrade-configuration [</b><i>name</i>=<i>value ...</i><b>]</b>
Update the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> files with infor-
mation that Postfix needs in order to run: add or
update services, and add or update configuration
Update the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> files with infor-
mation that Postfix needs in order to run: add or
update services, and add or update configuration
parameter settings.
Specify <i>name</i>=<i>value</i> to override and update specific
Specify <i>name</i>=<i>value</i> to override and update specific
<a href="postconf.5.html">main.cf</a> configuration parameters.
This feature is available in Postfix 2.1 and later.
@ -86,10 +89,10 @@ POSTFIX(1) POSTFIX(1)
The following options are implemented:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
Read the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> configuration files
in the named directory instead of the default con-
Read the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> configuration files
in the named directory instead of the default con-
figuration directory. Use this to distinguish
between multiple Postfix instances on the same
between multiple Postfix instances on the same
host.
<b>-D</b> (with <b>postfix start</b> only)
@ -98,43 +101,43 @@ POSTFIX(1) POSTFIX(1)
parameter.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
tiple <b>-v</b> options make the software increasingly
tiple <b>-v</b> options make the software increasingly
verbose.
<b>ENVIRONMENT</b>
The <a href="postfix.1.html"><b>postfix</b>(1)</a> command exports the following environment
The <a href="postfix.1.html"><b>postfix</b>(1)</a> command exports the following environment
variables before executing the <b>postfix-script</b> file:
<b>MAIL_CONFIG</b>
This is set when the -c command-line option is
This is set when the -c command-line option is
present.
<b>MAIL_VERBOSE</b>
This is set when the -v command-line option is
This is set when the -v command-line option is
present.
<b>MAIL_DEBUG</b>
This is set when the -D command-line option is
This is set when the -D command-line option is
present.
<b>CONFIGURATION PARAMETERS</b>
The following <a href="postconf.5.html"><b>main.cf</b></a> configuration parameters are
The following <a href="postconf.5.html"><b>main.cf</b></a> configuration parameters are
exported as environment variables with the same names:
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
The location of all postfix administrative com-
The location of all postfix administrative com-
mands.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
The directory with Postfix support programs and
The directory with Postfix support programs and
daemon programs.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
@ -150,7 +153,7 @@ POSTFIX(1) POSTFIX(1)
location of the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command.
<b><a href="postconf.5.html#newaliases_path">newaliases_path</a> (see 'postconf -d' output)</b>
Sendmail compatibility feature that specifies the
Sendmail compatibility feature that specifies the
location of the <a href="newaliases.1.html"><b>newaliases</b>(1)</a> command.
<b><a href="postconf.5.html#mailq_path">mailq_path</a> (see 'postconf -d' output)</b>
@ -158,7 +161,7 @@ POSTFIX(1) POSTFIX(1)
the Postfix <a href="mailq.1.html"><b>mailq</b>(1)</a> command is installed.
<b><a href="postconf.5.html#html_directory">html_directory</a> (see 'postconf -d' output)</b>
The location of Postfix HTML files that describe
The location of Postfix HTML files that describe
how to build, configure or operate a specific Post-
fix subsystem or feature.
@ -166,10 +169,16 @@ POSTFIX(1) POSTFIX(1)
Where the Postfix manual pages are installed.
<b><a href="postconf.5.html#readme_directory">readme_directory</a> (see 'postconf -d' output)</b>
The location of Postfix README files that describe
The location of Postfix README files that describe
how to build, configure or operate a specific Post-
fix subsystem or feature.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
The directory with Postfix-writable data files (for
example: caches, pseudo-random numbers).
Other configuration parameters:
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>

2
gnu/dist/postfix/html/postqueue.1.html vendored
View File

@ -75,7 +75,7 @@ POSTQUEUE(1) POSTQUEUE(1)
<b>-s</b> <i>site</i>
Schedule immediate delivery of all mail that is
queued for the named <i>site</i>. A numerical site must be
specified as a valid <a href="http://www.faqs.org/rfcs/rfc2821.html">RFC 2821</a> address literal
specified as a valid <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> address literal
enclosed in [], just like in email addresses. The
site must be eligible for the "fast flush" service.
See <a href="flush.8.html"><b>flush</b>(8)</a> for more information about the "fast

62
gnu/dist/postfix/html/postsuper.1.html vendored
View File

@ -101,23 +101,27 @@ POSTSUPER(1) POSTSUPER(1)
ting. It becomes subject to expiration after it is
released from "hold".
This feature is available in Postfix 2.0 and later.
<b>-H</b> <i>queue</i><b>_</b><i>id</i>
Release mail that was put "on hold". Move one mes-
sage with the named queue ID from the named mail
sage with the named queue ID from the named mail
queue(s) (default: <b>hold</b>) to the <b>deferred</b> queue.
If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads
If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads
queue IDs from standard input.
Note: specify "<b>postsuper -r</b>" to release mail that
was kept on hold for a significant fraction of
<b>$<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>,
Note: specify "<b>postsuper -r</b>" to release mail that
was kept on hold for a significant fraction of
<b>$<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>,
or longer.
Specify "<b>-H ALL</b>" to release all mail that is "on
hold". As a safety measure, the word <b>ALL</b> must be
Specify "<b>-H ALL</b>" to release all mail that is "on
hold". As a safety measure, the word <b>ALL</b> must be
specified in upper case.
This feature is available in Postfix 2.0 and later.
<b>-p</b> Purge old temporary files that are left over after
system or software crashes.
@ -168,33 +172,35 @@ POSTSUPER(1) POSTSUPER(1)
the Postfix mail system is running, but no harm
should be done.
<b>-s</b> Structure check and structure repair. This should
This feature is available in Postfix 1.1 and later.
<b>-s</b> Structure check and structure repair. This should
be done once before Postfix startup.
<b>o</b> Rename files whose name does not match the
<b>o</b> Rename files whose name does not match the
message file inode number. This operation is
necessary after restoring a mail queue from
necessary after restoring a mail queue from
a different machine, or from backup media.
<b>o</b> Move queue files that are in the wrong place
in the file system hierarchy and remove sub-
directories that are no longer needed. File
position rearrangements are necessary after
position rearrangements are necessary after
a change in the <b><a href="postconf.5.html#hash_queue_names">hash_queue_names</a></b> and/or
<b><a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a></b> configuration parameters.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
tiple <b>-v</b> options make the software increasingly
tiple <b>-v</b> options make the software increasingly
verbose.
<b>DIAGNOSTICS</b>
Problems are reported to the standard error stream and to
Problems are reported to the standard error stream and to
<b>syslogd</b>(8).
<a href="postsuper.1.html"><b>postsuper</b>(1)</a> reports the number of messages deleted with
<b>-d</b>, the number of messages requeued with <b>-r</b>, and the num-
ber of messages whose queue file name was fixed with <b>-s</b>.
The report is written to the standard error stream and to
<a href="postsuper.1.html"><b>postsuper</b>(1)</a> reports the number of messages deleted with
<b>-d</b>, the number of messages requeued with <b>-r</b>, and the num-
ber of messages whose queue file name was fixed with <b>-s</b>.
The report is written to the standard error stream and to
<b>syslogd</b>(8).
<b>ENVIRONMENT</b>
@ -202,37 +208,37 @@ POSTSUPER(1) POSTSUPER(1)
Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file.
<b>BUGS</b>
Mail that is not sanitized by Postfix (i.e. mail in the
Mail that is not sanitized by Postfix (i.e. mail in the
<b>maildrop</b> queue) cannot be placed "on hold".
<b>CONFIGURATION PARAMETERS</b>
The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
to this program. The text below provides only a parameter
summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
ples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> (1)</b>
The number of subdirectory levels for queue direc-
tories listed with the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> parameter.
The number of subdirectory levels for queue direc-
tories listed with the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> parameter.
<b><a href="postconf.5.html#hash_queue_names">hash_queue_names</a> (deferred, defer)</b>
The names of queue directories that are split
The names of queue directories that are split
across multiple subdirectory levels.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
@ -240,7 +246,7 @@ POSTSUPER(1) POSTSUPER(1)
<a href="postqueue.1.html">postqueue(1)</a>, unprivileged queue operations
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

97
gnu/dist/postfix/html/proxymap.8.html vendored
View File

@ -13,8 +13,10 @@ PROXYMAP(8) PROXYMAP(8)
<b>proxymap</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides read-only table lookup
service to Postfix processes. The purpose of the service
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides read-only or read-write
table lookup service to Postfix processes. These services
are implemented with distinct service names: <b>proxymap</b> and
<b>proxywrite</b>, respectively. The purpose of these services
is:
<b>o</b> To overcome chroot restrictions. For example, a
@ -39,6 +41,10 @@ PROXYMAP(8) PROXYMAP(8)
The total number of connections is limited by the
number of proxymap server processes.
<b>o</b> To provide single-updater functionality for lookup
tables that do not reliably support multiple writ-
ers (i.e. all file-based tables).
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server implements the following requests:
<b>open</b> <i>maptype:mapname flags</i>
@ -49,10 +55,34 @@ PROXYMAP(8) PROXYMAP(8)
<b>lookup</b> <i>maptype:mapname flags key</i>
Look up the data stored under the requested key.
The reply is the request completion status code
(below) and the lookup result value. The <i>map-</i>
<i>type:mapname</i> and <i>flags</i> are the same as with the
<b>open</b> request.
The reply is the request completion status code and
the lookup result value. The <i>maptype:mapname</i> and
<i>flags</i> are the same as with the <b>open</b> request.
<b>update</b> <i>maptype:mapname flags key value</i>
Update the data stored under the requested key.
The reply is the request completion status code.
The <i>maptype:mapname</i> and <i>flags</i> are the same as with
the <b>open</b> request.
To implement single-updater maps, specify a process
limit of 1 in the <a href="master.5.html">master.cf</a> file entry for the
<b>proxywrite</b> service.
This request is supported in Postfix 2.5 and later.
<b>delete</b> <i>maptype:mapname flags key</i>
Delete the data stored under the requested key.
The reply is the request completion status code.
The <i>maptype:mapname</i> and <i>flags</i> are the same as with
the <b>open</b> request.
This request is supported in Postfix 2.5 and later.
The request completion status is one of OK, RETRY, NOKEY
(lookup failed because the key was not found), BAD (mal-
formed request) or DENY (the table is not approved for
proxy read or update access).
There is no <b>close</b> command, nor are tables implicitly
closed when a client disconnects. The purpose is to share
@ -69,11 +99,11 @@ PROXYMAP(8) PROXYMAP(8)
<b>SECURITY</b>
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server opens only tables that are approved
via the <b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a></b> configuration parameter, does not
talk to users, and can run at fixed low privilege,
chrooted or not. However, running the proxymap server
chrooted severely limits usability, because it can open
only chrooted tables.
via the <b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a></b> or <b><a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a></b> configuration
parameters, does not talk to users, and can run at fixed
low privilege, chrooted or not. However, running the
proxymap server chrooted severely limits usability,
because it can open only chrooted tables.
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is not a trusted daemon process,
and must not be used to look up sensitive information such
@ -86,26 +116,49 @@ PROXYMAP(8) PROXYMAP(8)
same <a href="postconf.5.html">main.cf</a> setting to be used by sensitive and non-sen-
sitive processes.
Postfix-writable data files should be stored under a dedi-
cated directory that is writable only by the Postfix mail
system, such as the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>.
In particular, Postfix-writable files should never exist
in root-owned directories. That would open up a particular
type of security hole where ownership of a file or direc-
tory does not match the provider of its content.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b>BUGS</b>
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides service to multiple
clients, and must therefore not be used for tables that
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides service to multiple
clients, and must therefore not be used for tables that
have high-latency lookups.
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> read-write service does not explicitly
close lookup tables (even if it did, this could not be
relied on, because the process may be terminated between
table updates). The read-write service should therefore
not be used with tables that leave persistent storage in
an inconsistent state between updates (for example, CDB).
Tables that support "sync on update" should be safe (for
example, Berkeley DB) as should tables that are imple-
mented by a real DBMS.
<b>CONFIGURATION PARAMETERS</b>
On busy mail systems a long time may pass before <a href="proxymap.8.html"><b>prox-</b></a>
On busy mail systems a long time may pass before <a href="proxymap.8.html"><b>prox-</b></a>
<a href="proxymap.8.html"><b>ymap</b>(8)</a> relevant changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up. Use the
command "<b>postfix reload</b>" to speed up a change.
The text below provides only a parameter summary. See
The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
The directory with Postfix-writable data files (for
example: caches, pseudo-random numbers).
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
@ -135,7 +188,17 @@ PROXYMAP(8) PROXYMAP(8)
<b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a> (see 'postconf -d' output)</b>
The lookup tables that the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is
allowed to access.
allowed to access for the read-only service.
Available in Postfix 2.5 and later:
<b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
The directory with Postfix-writable data files (for
example: caches, pseudo-random numbers).
<b><a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a> (see 'postconf -d' output)</b>
The lookup tables that the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is
allowed to access for the read-write service.
<b>SEE ALSO</b>
<a href="postconf.5.html">postconf(5)</a>, configuration parameters

128
gnu/dist/postfix/html/qmgr.8.html vendored
View File

@ -155,8 +155,8 @@ QMGR(8) QMGR(8)
manager of the arrival of new mail one would request <b>I</b>.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced status codes)
<a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a> (Delivery status notifications)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<b>SECURITY</b>
The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon is not security sensitive. It reads
@ -193,9 +193,11 @@ QMGR(8) QMGR(8)
<b>ter.cf</b> entry.
<b>COMPATIBILITY CONTROLS</b>
Available before Postfix version 2.5:
<b><a href="postconf.5.html#allow_min_user">allow_min_user</a> (no)</b>
Allow a recipient address to have `-' as the first
character.
Allow a sender or recipient address to have `-' as
the first character.
<b>ACTIVE QUEUE CONTROLS</b>
<b><a href="postconf.5.html#qmgr_clog_warn_time">qmgr_clog_warn_time</a> (300s)</b>
@ -220,15 +222,15 @@ QMGR(8) QMGR(8)
The default per-transport upper limit on the number
of in-memory recipients.
<i>transport</i><b>_recipient_limit ($<a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a>)</b>
<b><a href="postconf.5.html#transport_recipient_limit"><i>transport</i>_recipient_limit</a> ($<a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a> (1000)</b>
The default value for the extra per-transport limit
imposed on the number of in-memory recipients.
<i>transport</i><b>_extra_recipient_limit ($default_extra_recipi-</b>
<b>ent_limit)</b>
<b><a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> ($<a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipi</a>-</b>
<b><a href="postconf.5.html#default_extra_recipient_limit">ent_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
Available in Postfix version 2.4 and later:
@ -237,16 +239,16 @@ QMGR(8) QMGR(8)
The default per-transport limit on the number of
recipients refilled at once.
<i>transport</i><b>_recipient_refill_limit ($default_recipi-</b>
<b>ent_refill_limit)</b>
<b><a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a> ($<a href="postconf.5.html#default_recipient_refill_limit">default_recipi</a>-</b>
<b><a href="postconf.5.html#default_recipient_refill_limit">ent_refill_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a> (5s)</b>
The default per-transport maximum delay between
recipients refills.
<i>transport</i><b>_recipient_refill_delay ($default_recipi-</b>
<b>ent_refill_delay)</b>
<b><a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a> ($<a href="postconf.5.html#default_recipient_refill_delay">default_recipi</a>-</b>
<b><a href="postconf.5.html#default_recipient_refill_delay">ent_refill_delay</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b>DELIVERY CONCURRENCY CONTROLS</b>
@ -258,16 +260,55 @@ QMGR(8) QMGR(8)
The default maximal number of parallel deliveries
to the same destination.
<i>transport</i><b>_destination_concurrency_limit ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> ($<a href="postconf.5.html#initial_destination_concurrency">initial_desti</a>-</b>
<b><a href="postconf.5.html#initial_destination_concurrency">nation_concurrency</a>)</b>
Initial concurrency for delivery via the named mes-
sage <i>transport</i>.
<b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> (1)</b>
How many pseudo-cohorts must suffer connection or
handshake failure before a specific destination is
considered unavailable (and further delivery is
suspended).
<b><a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a></b>
<b>($<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> (1)</b>
The per-destination amount of delivery concurrency
negative feedback, after a delivery completes with
a connection or handshake failure.
<b><a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a></b>
<b>($<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> (1)</b>
The per-destination amount of delivery concurrency
positive feedback, after a delivery completes with-
out connection or handshake failure.
<b><a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a></b>
<b>($<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#destination_concurrency_feedback_debug">destination_concurrency_feedback_debug</a> (no)</b>
Make the queue manager's feedback algorithm verbose
for performance analysis purposes.
<b>RECIPIENT SCHEDULING CONTROLS</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a> (50)</b>
The default maximal number of recipients per mes-
sage delivery.
<i>transport</i><b>_destination_recipient_limit ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
@ -277,7 +318,7 @@ QMGR(8) QMGR(8)
allowed to preempt delivery of one message with
another.
<i>transport</i><b>_delivery_slot_cost ($<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>)</b>
<b><a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> ($<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a> (3)</b>
@ -285,7 +326,7 @@ QMGR(8) QMGR(8)
invoke the Postfix queue manager's scheduling algo-
rithm at all.
<i>transport</i><b>_minimum_delivery_slots ($<a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_deliv</a>-</b>
<b><a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> ($<a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_deliv</a>-</b>
<b><a href="postconf.5.html#default_minimum_delivery_slots">ery_slots</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
@ -293,7 +334,7 @@ QMGR(8) QMGR(8)
The default value for transport-specific _deliv-
ery_slot_discount settings.
<i>transport</i><b>_delivery_slot_discount ($<a href="postconf.5.html#default_delivery_slot_discount">default_deliv</a>-</b>
<b><a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> ($<a href="postconf.5.html#default_delivery_slot_discount">default_deliv</a>-</b>
<b><a href="postconf.5.html#default_delivery_slot_discount">ery_slot_discount</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
@ -301,25 +342,27 @@ QMGR(8) QMGR(8)
The default value for transport-specific _deliv-
ery_slot_loan settings.
<i>transport</i><b>_delivery_slot_loan ($<a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>)</b>
<b><a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> ($<a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b>OTHER RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (version dependent)</b>
<b><a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (300s)</b>
The minimal time between attempts to deliver a
deferred message.
deferred message; prior to Postfix 2.4 the default
value was 1000s.
<b><a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a> (4000s)</b>
The maximal time between attempts to deliver a
The maximal time between attempts to deliver a
deferred message.
<b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> (5d)</b>
The maximal time a message is queued before it is
The maximal time a message is queued before it is
sent back as undeliverable.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (version dependent)</b>
The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
manager.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
manager; prior to Postfix 2.4 the default value was
1000s.
<b><a href="postconf.5.html#transport_retry_time">transport_retry_time</a> (60s)</b>
The time between attempts by the Postfix queue man-
@ -332,14 +375,27 @@ QMGR(8) QMGR(8)
The maximal time a bounce message is queued before
it is considered undeliverable.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a> (0s)</b>
The default amount of delay that is inserted
between individual deliveries to the same destina-
tion; with per-destination recipient limit &gt; 1, a
destination is a domain, otherwise it is a recipi-
ent.
<b><a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> $<a href="postconf.5.html#default_destination_rate_delay">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_rate_delay">tion_rate_delay</a></b>
Idem, for delivery via the named message <i>transport</i>.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#defer_transports">defer_transports</a> (empty)</b>
@ -348,11 +404,11 @@ QMGR(8) QMGR(8)
"<b>sendmail -q</b>" or equivalent.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal
The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
Log warnings about problematic configuration set-
Log warnings about problematic configuration set-
tings, and provide helpful suggestions.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@ -360,23 +416,23 @@ QMGR(8) QMGR(8)
over an internal communication channel.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>FILES</b>
@ -400,7 +456,7 @@ QMGR(8) QMGR(8)
<a href="QSHAPE_README.html">QSHAPE_README</a>, Postfix queue analysis
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
@ -409,7 +465,7 @@ QMGR(8) QMGR(8)
P.O. Box 704
Yorktown Heights, NY 10598, USA
Scheduler enhancements:
Preemptive scheduler enhancements:
Patrik Rak
Modra 6
155 00, Prague, Czech Republic

16
gnu/dist/postfix/html/qmqpd.8.html vendored
View File

@ -134,21 +134,25 @@ QMQPD(8) QMQPD(8)
What clients are allowed to connect to the QMQP
server port.
<b>qmqpd_client_port_logging (no)</b>
Enable logging of the remote QMQP client port in
addition to the hostname and IP address.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
The characters Postfix accepts as VERP delimiter
characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
The characters Postfix accepts as VERP delimiter
characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
and in SMTP commands.
<b>SEE ALSO</b>
@ -161,7 +165,7 @@ QMQPD(8) QMQPD(8)
<a href="QMQP_README.html">QMQP_README</a>, Postfix ezmlm-idx howto.
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>

10
gnu/dist/postfix/html/regexp_table.5.html vendored
View File

@ -99,11 +99,6 @@ REGEXP_TABLE(5) REGEXP_TABLE(5)
Toggles the case sensitivity flag. By default,
matching is case insensitive.
<b>x</b> (default: on)
Toggles the extended expression syntax flag. By
default, support for extended expression syntax is
enabled.
<b>m</b> (default: off)
Toggle the multi-line mode flag. When this flag is
on, the <b>^</b> and <b>$</b> metacharacters match immediately
@ -111,6 +106,11 @@ REGEXP_TABLE(5) REGEXP_TABLE(5)
respectively, in addition to matching at the start
and end of the input string.
<b>x</b> (default: on)
Toggles the extended expression syntax flag. By
default, support for extended expression syntax is
enabled.
<b>TABLE SEARCH ORDER</b>
Patterns are applied in the order as specified in the ta-
ble, until a pattern is found that matches the input

47
gnu/dist/postfix/html/sendmail.1.html vendored
View File

@ -363,9 +363,10 @@ SENDMAIL(1) SENDMAIL(1)
The maximal number of Received: message headers
that is allowed in the primary message headers.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (version dependent)</b>
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
manager.
manager; prior to Postfix 2.4 the default value was
1000s.
<b>FAST FLUSH CONTROLS</b>
The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation
@ -373,37 +374,37 @@ SENDMAIL(1) SENDMAIL(1)
<b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
Optional list of destinations that are eligible for
per-destination logfiles with mail that is queued
per-destination logfiles with mail that is queued
to those destinations.
<b>VERP CONTROLS</b>
The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
details of Postfix support for variable envelope return
details of Postfix support for variable envelope return
path addresses.
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
The two default VERP delimiter characters.
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
The characters Postfix accepts as VERP delimiter
characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
The characters Postfix accepts as VERP delimiter
characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
and in SMTP commands.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are
The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are
updated with "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
The location of all postfix administrative com-
The location of all postfix administrative com-
mands.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
The directory with Postfix support programs and
The directory with Postfix support programs and
daemon programs.
<b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
@ -411,16 +412,16 @@ SENDMAIL(1) SENDMAIL(1)
<a href="postalias.1.html"><b>postalias</b>(1)</a> and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
The time after which the sender receives the mes-
The time after which the sender receives the mes-
sage headers of mail that is still queued.
<b><a href="postconf.5.html#enable_errors_to">enable_errors_to</a> (no)</b>
Report mail delivery errors to the address speci-
fied with the non-standard Errors-To: message
header, instead of the envelope sender address
(this feature is removed with Postfix version 2.2,
is turned off by default with Postfix version 2.1,
and is always turned on with older Postfix ver-
Report mail delivery errors to the address speci-
fied with the non-standard Errors-To: message
header, instead of the envelope sender address
(this feature is removed with Postfix version 2.2,
is turned off by default with Postfix version 2.1,
and is always turned on with older Postfix ver-
sions).
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
@ -428,21 +429,21 @@ SENDMAIL(1) SENDMAIL(1)
and most Postfix daemon processes.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
Don't rewrite message headers from remote clients
Don't rewrite message headers from remote clients
at all when this parameter is empty; otherwise, re-
write message headers and append the specified
write message headers and append the specified
domain name to incomplete addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>FILES</b>
@ -467,7 +468,7 @@ SENDMAIL(1) SENDMAIL(1)
<a href="VERP_README.html">VERP_README</a>, Postfix VERP howto
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

103
gnu/dist/postfix/html/smtp-sink.1.html vendored
View File

@ -134,9 +134,9 @@ SMTP-SINK(1) SMTP-SINK(1)
and use quotes to protect white space from the
shell. Command names are case-insensitive.
<b>-r</b> <i>command,command,...</i>
Reject the specified commands with a soft (4xx)
error code. This option implies <b>-p</b>.
<b>-Q</b> <i>command,command,...</i>
Send a 421 reply and disconnect after receiving one
of the specified commands.
Examples of commands are CONNECT, HELO, EHLO, LHLO,
MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT.
@ -144,39 +144,49 @@ SMTP-SINK(1) SMTP-SINK(1)
and use quotes to protect white space from the
shell. Command names are case-insensitive.
<b>-r</b> <i>command,command,...</i>
Reject the specified commands with a soft (4xx)
error code. This option implies <b>-p</b>.
Examples of commands are CONNECT, HELO, EHLO, LHLO,
MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT.
Separate command names by white space or commas,
and use quotes to protect white space from the
shell. Command names are case-insensitive.
<b>-R</b> <i>root-directory</i>
Change the process root directory to the specified
location. This option requires super-user privi-
Change the process root directory to the specified
location. This option requires super-user privi-
leges. See also the <b>-u</b> option.
<b>-s</b> <i>command,command,...</i>
Log the named commands to syslogd.
Examples of commands are CONNECT, HELO, EHLO, LHLO,
MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT.
Separate command names by white space or commas,
and use quotes to protect white space from the
MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT.
Separate command names by white space or commas,
and use quotes to protect white space from the
shell. Command names are case-insensitive.
<b>-S start-string</b>
An optional string that is prepended to each mes-
sage that is written to a dump file (see the dump
file format description below). The following C
An optional string that is prepended to each mes-
sage that is written to a dump file (see the dump
file format description below). The following C
escape sequences are supported: \a (bell), \b
(backslace), \f (formfeed), \n (newline), \r (car-
riage return), \t (horizontal tab), \v (vertical
tab), \<i>ddd</i> (up to three octal digits) and \\ (the
(backslace), \f (formfeed), \n (newline), \r (car-
riage return), \t (horizontal tab), \v (vertical
tab), \<i>ddd</i> (up to three octal digits) and \\ (the
backslash character).
<b>-t</b> <i>timeout</i> (default: 100)
Limit the time for receiving a command or sending a
response. The time limit is specified in seconds.
response. The time limit is specified in seconds.
<b>-u</b> <i>username</i>
Switch to the specified user privileges after open-
ing the network socket and optionally changing the
process root directory. This option is required
when the process runs with super-user privileges.
ing the network socket and optionally changing the
process root directory. This option is required
when the process runs with super-user privileges.
See also the <b>-R</b> option.
<b>-v</b> Show the SMTP conversations.
@ -185,8 +195,17 @@ SMTP-SINK(1) SMTP-SINK(1)
Wait <i>delay</i> seconds before responding to a DATA com-
mand.
<b>-W</b> <i>command:delay[:odds]</i>
Wait <i>delay</i> seconds before responding to <i>command</i>.
If <i>odds</i> is also specified (a number between 1-99
inclusive), wait for a random multiple of <i>delay</i>.
The random multiplier is equal to the number of
times the program needs to roll a dice with a range
of 0..99 inclusive, before the dice produces a
result greater than or equal to <i>odds</i>.
[<b>inet:</b>][<i>host</i>]:<i>port</i>
Listen on network interface <i>host</i> (default: any
Listen on network interface <i>host</i> (default: any
interface) TCP port <i>port</i>. Both <i>host</i> and <i>port</i> may be
specified in numeric or symbolic form.
@ -194,79 +213,79 @@ SMTP-SINK(1) SMTP-SINK(1)
Listen on the UNIX-domain socket at <i>pathname</i>.
<i>backlog</i>
The maximum length the queue of pending connec-
The maximum length the queue of pending connec-
tions, as defined by the <b>listen</b>(2) system call.
<b>DUMP FILE FORMAT</b>
Each dumped message contains a sequence of text lines,
terminated with the newline character. The sequence of
Each dumped message contains a sequence of text lines,
terminated with the newline character. The sequence of
information is as follows:
<b>o</b> The optional string specified with the <b>-S</b> option.
<b>o</b> The <b>smtp-sink</b> generated headers as documented
<b>o</b> The <b>smtp-sink</b> generated headers as documented
below.
<b>o</b> The message header and body as received from the
<b>o</b> The message header and body as received from the
SMTP client.
<b>o</b> An empty line.
The format of the <b>smtp-sink</b> generated headers is as fol-
The format of the <b>smtp-sink</b> generated headers is as fol-
lows:
<b>X-Client-Addr:</b> <i>text</i>
The client IP address without enclosing []. An IPv6
address is prefixed with "ipv6:". This record is
address is prefixed with "ipv6:". This record is
always present.
<b>X-Client-Proto:</b> <i>text</i>
The client protocol: SMTP, ESMTP or LMTP. This
The client protocol: SMTP, ESMTP or LMTP. This
record is always present.
<b>X-Helo-Args:</b> <i>text</i>
The arguments of the last HELO or EHLO command
before this mail delivery transaction. This record
is present only if the client sent a recognizable
The arguments of the last HELO or EHLO command
before this mail delivery transaction. This record
is present only if the client sent a recognizable
HELO or EHLO command before the DATA command.
<b>X-Mail-Args:</b> <i>text</i>
The arguments of the MAIL command that started this
mail delivery transaction. This record is present
mail delivery transaction. This record is present
exactly once.
<b>X-Rcpt-Args:</b> <i>text</i>
The arguments of an RCPT command within this mail
delivery transaction. There is one record for each
RCPT command, and they are in the order as sent by
The arguments of an RCPT command within this mail
delivery transaction. There is one record for each
RCPT command, and they are in the order as sent by
the client.
<b>Received:</b> <i>text</i>
A message header for compatibility with mail pro-
cessing software. This three-line header marks the
end of the headers provided by <b>smtp-sink</b>, and is
A message header for compatibility with mail pro-
cessing software. This three-line header marks the
end of the headers provided by <b>smtp-sink</b>, and is
formatted as follows:
<b>from</b> <i>helo</i> <b>([</b><i>addr</i><b>])</b>
The HELO or EHLO command argument and client
IP address. If the client did not send HELO
or EHLO, the client IP address is used
or EHLO, the client IP address is used
instead.
<b>by</b> <i>host</i> <b>(smtp-sink) with</b> <i>proto</i> <b>id</b> <i>random</i><b>;</b>
The hostname specified with the <b>-h</b> option,
the client protocol (see <b>X-Client-Proto</b>
The hostname specified with the <b>-h</b> option,
the client protocol (see <b>X-Client-Proto</b>
above), and the pseudo-random portion of the
per-message capture file name.
<i>time-stamp</i>
A time stamp as defined in <a href="http://www.faqs.org/rfcs/rfc2822.html">RFC 2822</a>.
A time stamp as defined in <a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a>.
<b>SEE ALSO</b>
<a href="smtp-source.1.html">smtp-source(1)</a>, SMTP/LMTP message generator
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

29
gnu/dist/postfix/html/smtp-source.1.html vendored
View File

@ -35,23 +35,32 @@ SMTP-SOURCE(1) SMTP-SOURCE(1)
available when Postfix is built without IPv6 sup-
port.
<b>-c</b> Display a running counter that is incremented each
<b>-A</b> Don't abort when the server sends something other
than the expected positive reply code.
<b>-c</b> Display a running counter that is incremented each
time an SMTP DATA command completes.
<b>-C</b> <i>count</i>
When a host sends RESET instead of SYN|ACK, try
<i>count</i> times before giving up. The default count is
When a host sends RESET instead of SYN|ACK, try
<i>count</i> times before giving up. The default count is
1. Specify a larger count in order to work around a
problem with TCP/IP stacks that send RESET when the
listen queue is full.
<b>-d</b> Don't disconnect after sending a message; send the
<b>-d</b> Don't disconnect after sending a message; send the
next message over the same connection.
<b>-f</b> <i>from</i>
Use the specified sender address (default:
Use the specified sender address (default:
&lt;foo@<a href="postconf.5.html#myhostname">myhostname</a>&gt;).
<b>-F</b> <i>file</i>
Send the pre-formatted message header and body in
the specified <i>file</i>, while prepending '.' before
lines that begin with '.', and while appending CRLF
after each line.
<b>-l</b> <i>length</i>
Send <i>length</i> bytes as message payload. The length
does not include message headers.
@ -81,6 +90,11 @@ SMTP-SOURCE(1) SMTP-SOURCE(1)
action (default: 1). Recipient names are generated
by prepending a number to the recipient address.
<b>-R</b> <i>interval</i>
Wait for a random period of time 0 &lt;= n &lt;= interval
between messages. Suspending one thread does not
affect other delivery threads.
<b>-s</b> <i>session</i><b>_</b><i>count</i>
Run the specified number of SMTP sessions in paral-
lel (default: 1).
@ -92,11 +106,6 @@ SMTP-SOURCE(1) SMTP-SOURCE(1)
<b>-t</b> <i>to</i> Use the specified recipient address (default:
&lt;foo@<a href="postconf.5.html#myhostname">myhostname</a>&gt;).
<b>-R</b> <i>interval</i>
Wait for a random period of time 0 &lt;= n &lt;= interval
between messages. Suspending one thread does not
affect other delivery threads.
<b>-v</b> Make the program more verbose, for debugging pur-
poses.

175
gnu/dist/postfix/html/smtp.8.html vendored
View File

@ -99,21 +99,22 @@ SMTP(8) SMTP(8)
low privilege.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> (SMTP protocol)
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://www.faqs.org/rfcs/rfc1651.html">RFC 1651</a> (SMTP service extensions)
<a href="http://www.faqs.org/rfcs/rfc1652.html">RFC 1652</a> (8bit-MIME transport)
<a href="http://www.faqs.org/rfcs/rfc1870.html">RFC 1870</a> (Message Size Declaration)
<a href="http://www.faqs.org/rfcs/rfc2033.html">RFC 2033</a> (LMTP protocol)
<a href="http://www.faqs.org/rfcs/rfc2034.html">RFC 2034</a> (SMTP Enhanced Error Codes)
<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (MIME: Format of Internet Message Bodies)
<a href="http://www.faqs.org/rfcs/rfc2046.html">RFC 2046</a> (MIME: Media Types)
<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (AUTH command)
<a href="http://www.faqs.org/rfcs/rfc2821.html">RFC 2821</a> (SMTP protocol)
<a href="http://www.faqs.org/rfcs/rfc2920.html">RFC 2920</a> (SMTP Pipelining)
<a href="http://www.faqs.org/rfcs/rfc3207.html">RFC 3207</a> (STARTTLS command)
<a href="http://www.faqs.org/rfcs/rfc3461.html">RFC 3461</a> (SMTP DSN Extension)
<a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc1651">RFC 1651</a> (SMTP service extensions)
<a href="http://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
<a href="http://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
<a href="http://tools.ietf.org/html/rfc2033">RFC 2033</a> (LMTP protocol)
<a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Error Codes)
<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
<a href="http://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
<a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command)
<a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
<a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
<a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8). Cor-
@ -193,7 +194,7 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
Quote addresses in SMTP MAIL FROM and RCPT TO com-
mands as required by <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
mands as required by <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
<b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
Skip SMTP servers that greet with a 5XX status code
@ -261,6 +262,24 @@ SMTP(8) SMTP(8)
riZation ID (authzid); send only the SASL authenti-
Cation ID (authcid) plus the authcid's password.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b>
Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix
SMTP client.
<b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b>
Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the
Postfix SMTP client.
<b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b>
Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the
Postfix SMTP client.
<b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b>
Restricted <a href="header_checks.5.html"><b>body_checks</b>(5)</a> tables for the Postfix
SMTP client.
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.0 and later:
@ -296,10 +315,10 @@ SMTP(8) SMTP(8)
tion is enabled.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
SASL security options; as of Postfix 2.3 the list
of available features depends on the SASL client
implementation that is selected with
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Postfix SMTP client SASL security options; as of
Postfix 2.3 the list of available features depends
on the SASL client implementation that is selected
with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Available in Postfix version 2.2 and later:
@ -318,52 +337,70 @@ SMTP(8) SMTP(8)
will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
Implementation-specific information that is passed
through to the SASL plug-in implementation that is
selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Implementation-specific information that the Post-
fix SMTP client passes through to the SASL plug-in
implementation that is selected with
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
The SASL plug-in type that the Postfix SMTP client
The SASL plug-in type that the Postfix SMTP client
should use for authentication.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
An optional table to prevent repeated SASL authen-
tication failures with the same remote SMTP server
hostname, username and password.
<b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b>
The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
entry before it is removed.
<b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b>
When a remote SMTP server rejects a SASL authenti-
cation request with a 535 reply code, defer mail
delivery instead of returning mail as undeliver-
able.
<b>STARTTLS SUPPORT CONTROLS</b>
Detailed information about STARTTLS configuration may be
Detailed information about STARTTLS configuration may be
found in the <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
The default SMTP TLS security level for the Postfix
SMTP client; when a non-empty value is specified,
this overrides the obsolete parameters
SMTP client; when a non-empty value is specified,
this overrides the obsolete parameters
<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and
<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
Time limit for Postfix SMTP client write and read
operations during TLS startup and shutdown hand-
Time limit for Postfix SMTP client write and read
operations during TLS startup and shutdown hand-
shake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP client
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP client
certificate.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
Directory with PEM format certificate authority
certificates that the Postfix SMTP client uses to
Directory with PEM format certificate authority
certificates that the Postfix SMTP client uses to
verify a remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
File with the Postfix SMTP client RSA certificate
File with the Postfix SMTP client RSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
The minimum TLS cipher grade that the Postfix SMTP
The minimum TLS cipher grade that the Postfix SMTP
client will use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
@ -372,43 +409,43 @@ SMTP(8) SMTP(8)
levels.
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
Additional list of ciphers or cipher types to
exclude from the SMTP client cipher list at manda-
Additional list of ciphers or cipher types to
exclude from the SMTP client cipher list at manda-
tory TLS security levels.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
File with the Postfix SMTP client DSA certificate
File with the Postfix SMTP client DSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
File with the Postfix SMTP client DSA private key
File with the Postfix SMTP client DSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
File with the Postfix SMTP client RSA private key
File with the Postfix SMTP client RSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
Enable additional Postfix SMTP client logging of
Enable additional Postfix SMTP client logging of
TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
Log the hostname of a remote SMTP server that
offers STARTTLS, when TLS is not already enabled
Log the hostname of a remote SMTP server that
offers STARTTLS, when TLS is not already enabled
for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
TLS security policy by next-hop destination; when a
non-empty value is specified, this overrides the
non-empty value is specified, this overrides the
obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
List of TLS protocols that the Postfix SMTP client
will use with mandatory TLS encryption.
List of SSL/TLS protocols that the Postfix SMTP
client will use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (5)</b>
The verification depth for remote SMTP server cer-
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
The verification depth for remote SMTP server cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
@ -416,7 +453,7 @@ SMTP(8) SMTP(8)
for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
Name of the file containing the optional Postfix
Name of the file containing the optional Postfix
SMTP client TLS session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
@ -428,9 +465,9 @@ SMTP(8) SMTP(8)
for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
server in order to seed its internal pseudo random
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
server in order to seed its internal pseudo random
number generator (PRNG).
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
@ -442,7 +479,7 @@ SMTP(8) SMTP(8)
ciphers.
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
The OpenSSL cipherlist for "LOW" or higher grade
The OpenSSL cipherlist for "LOW" or higher grade
ciphers.
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
@ -450,17 +487,28 @@ SMTP(8) SMTP(8)
ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
The OpenSSL cipherlist for "NULL" grade ciphers
The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
Available in Postfix version 2.4 and later:
<b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
<b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
sessions with a verified server certificate.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
List of acceptable remote SMTP server certificate
fingerprints for the "fingerprint" TLS security
level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = fingerprint).
<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (md5)</b>
The message digest algorithm used to construct
remote SMTP server certificate fingerprints.
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
@ -730,6 +778,9 @@ SMTP(8) SMTP(8)
that can't be found or that are unreachable.
<b>SEE ALSO</b>
<a href="generic.5.html">generic(5)</a>, output address rewriting
<a href="header_checks.5.html">header_checks(5)</a>, message header content inspection
<a href="header_checks.5.html">body_checks(5)</a>, body parts content inspection
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="scache.8.html">scache(8)</a>, connection cache server
@ -766,10 +817,6 @@ SMTP(8) SMTP(8)
SuSE Rhein/Main AG
65760 Eschborn, Germany
Connection caching in cooperation with:
Victor Duchovni
Morgan Stanley
TLS support originally by:
Lutz Jaenicke
BTU Cottbus
@ -777,5 +824,9 @@ SMTP(8) SMTP(8)
Universitaetsplatz 3-4
D-03044 Cottbus, Germany
Revised TLS and SMTP connection cache support by:
Victor Duchovni
Morgan Stanley
SMTP(8)
</pre> </body> </html>

229
gnu/dist/postfix/html/smtpd.8.html vendored
View File

@ -12,6 +12,8 @@ SMTPD(8) SMTPD(8)
<b>SYNOPSIS</b>
<b>smtpd</b> [generic Postfix daemon options]
<b>sendmail -bs</b>
<b>DESCRIPTION</b>
The SMTP server accepts network connection requests and
performs zero or more SMTP transactions per connection.
@ -41,19 +43,21 @@ SMTPD(8) SMTPD(8)
SMTP server can be run chrooted at fixed low privilege.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> (SMTP protocol)
<a href="http://www.faqs.org/rfcs/rfc1123.html">RFC 1123</a> (Host requirements)
<a href="http://www.faqs.org/rfcs/rfc1652.html">RFC 1652</a> (8bit-MIME transport)
<a href="http://www.faqs.org/rfcs/rfc1869.html">RFC 1869</a> (SMTP service extensions)
<a href="http://www.faqs.org/rfcs/rfc1870.html">RFC 1870</a> (Message Size Declaration)
<a href="http://www.faqs.org/rfcs/rfc1985.html">RFC 1985</a> (ETRN command)
<a href="http://www.faqs.org/rfcs/rfc2034.html">RFC 2034</a> (SMTP Enhanced Error Codes)
<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (AUTH command)
<a href="http://www.faqs.org/rfcs/rfc2821.html">RFC 2821</a> (SMTP protocol)
<a href="http://www.faqs.org/rfcs/rfc2920.html">RFC 2920</a> (SMTP Pipelining)
<a href="http://www.faqs.org/rfcs/rfc3207.html">RFC 3207</a> (STARTTLS command)
<a href="http://www.faqs.org/rfcs/rfc3461.html">RFC 3461</a> (SMTP DSN Extension)
<a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc1123">RFC 1123</a> (Host requirements)
<a href="http://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
<a href="http://tools.ietf.org/html/rfc1869">RFC 1869</a> (SMTP service extensions)
<a href="http://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
<a href="http://tools.ietf.org/html/rfc1985">RFC 1985</a> (ETRN command)
<a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Error Codes)
<a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command)
<a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
<a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
<a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc3848">RFC 3848</a> (ESMTP Transmission Types)
<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
@ -78,7 +82,7 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
Enable inter-operability with SMTP clients that
implement an obsolete version of the AUTH command
(<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>).
(<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).
<b><a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> (no)</b>
Disable the SMTP VRFY command.
@ -91,7 +95,7 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> (no)</b>
Require that addresses received in SMTP MAIL FROM
and RCPT TO commands are enclosed with &lt;&gt;, and that
those addresses do not contain <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> style com-
those addresses do not contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style com-
ments or phrases.
Available in Postfix version 2.1 and later:
@ -108,8 +112,8 @@ SMTPD(8) SMTPD(8)
is specified.
<b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
What SMTP clients Postfix will not offer AUTH sup-
port to.
What remote SMTP clients the Postfix SMTP server
will not offer AUTH support to.
Available in Postfix version 2.2 and later:
@ -258,53 +262,58 @@ SMTPD(8) SMTPD(8)
Milter (mail filter) applications after an unknown
SMTP command.
<b><a href="postconf.5.html#milter_end_of_data_macros">milter_end_of_data_macros</a> (see postconf -n output)</b>
<b><a href="postconf.5.html#milter_end_of_header_macros">milter_end_of_header_macros</a> (see postconf -n output)</b>
The macros that are sent to Milter (mail filter)
applications after the end of the message header.
<b><a href="postconf.5.html#milter_end_of_data_macros">milter_end_of_data_macros</a> (see postconf -n output)</b>
The macros that are sent to Milter (mail filter)
applications after the message end-of-data.
<b>GENERAL CONTENT INSPECTION CONTROLS</b>
The following parameters are applicable for both built-in
The following parameters are applicable for both built-in
and external content filters.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
Enable or disable recipient validation, built-in
Enable or disable recipient validation, built-in
content filtering, or address mapping.
<b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
The following parameters are applicable for both before-
The following parameters are applicable for both before-
queue and after-queue content filtering.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> (empty)</b>
What SMTP clients are allowed to use the XFORWARD
What SMTP clients are allowed to use the XFORWARD
feature.
<b>SASL AUTHENTICATION CONTROLS</b>
Postfix SASL support (<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>) can be used to authenti-
cate remote SMTP clients to the Postfix SMTP server, and
to authenticate the Postfix SMTP client to a remote SMTP
Postfix SASL support (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>) can be used to authenti-
cate remote SMTP clients to the Postfix SMTP server, and
to authenticate the Postfix SMTP client to a remote SMTP
server. See the <a href="SASL_README.html">SASL_README</a> document for details.
<b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
Enable inter-operability with SMTP clients that
implement an obsolete version of the AUTH command
(<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>).
Enable inter-operability with SMTP clients that
implement an obsolete version of the AUTH command
(<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).
<b><a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> (no)</b>
Enable SASL authentication in the Postfix SMTP
Enable SASL authentication in the Postfix SMTP
server.
<b><a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> (empty)</b>
The name of the local SASL authentication realm.
The name of the Postfix SMTP server's local SASL
authentication realm.
<b><a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> (noanonymous)</b>
SASL security options; as of Postfix 2.3 the list
of available features depends on the SASL server
implementation that is selected with
<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
Postfix SMTP server SASL security options; as of
Postfix 2.3 the list of available features depends
on the SASL server implementation that is selected
with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
<b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b>
Optional lookup table with the SASL login names
@ -313,24 +322,38 @@ SMTPD(8) SMTPD(8)
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
What SMTP clients Postfix will not offer AUTH sup-
port to.
What remote SMTP clients the Postfix SMTP server
will not offer AUTH support to.
Available in Postfix version 2.1 and 2.2:
<b>smtpd_sasl_application_name (smtpd)</b>
The application name that the Postfix SMTP server
uses for SASL server initialization.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> (no)</b>
Report the SASL authenticated user name in the
Report the SASL authenticated user name in the
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> Received message header.
<b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> (smtpd)</b>
Implementation-specific information that is passed
through to the SASL plug-in implementation that is
selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
Implementation-specific information that the Post-
fix SMTP server passes through to the SASL plug-in
implementation that is selected with
<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a> (cyrus)</b>
The SASL plug-in type that the Postfix SMTP server
should use for authentication.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a> (empty)</b>
Search path for Cyrus SASL application configura-
tion files, currently used only to locate the
$<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file.
<b>STARTTLS SUPPORT CONTROLS</b>
Detailed information about STARTTLS configuration may be
found in the <a href="TLS_README.html">TLS_README</a> document.
@ -375,7 +398,7 @@ SMTPD(8) SMTPD(8)
server, do not announce or accept SASL authentica-
tion over unencrypted connections.
<b><a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> (5)</b>
<b><a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> (9)</b>
The verification depth for remote SMTP client cer-
tificates.
@ -421,7 +444,7 @@ SMTPD(8) SMTPD(8)
tory TLS security levels.
<b><a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
The TLS protocols accepted by the Postfix SMTP
The SSL/TLS protocols accepted by the Postfix SMTP
server with mandatory TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> (no)</b>
@ -432,9 +455,9 @@ SMTPD(8) SMTPD(8)
CommonName.
<b><a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> (no)</b>
With mandatory TLS encryption, require a remote
SMTP client certificate in order to allow TLS con-
nections to proceed.
With mandatory TLS encryption, require a trusted
remote SMTP client certificate in order to allow
TLS connections to proceed.
<b><a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> (empty)</b>
Name of the file containing the optional Postfix
@ -475,6 +498,13 @@ SMTPD(8) SMTPD(8)
The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> (md5)</b>
The message digest algorithm used to construct
client-certificate fingerprints for
<b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a></b>.
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
@ -919,42 +949,43 @@ SMTPD(8) SMTPD(8)
The delay between queries for the completion of an
address verification request in progress.
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> (postmaster)</b>
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
The sender address to use in address verification
probes.
probes; prior to Postfix 2.5 the default was "post-
master".
<b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a recipient address is rejected by the
The numerical Postfix SMTP server response code
when a sender address is rejected by the
<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
<b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
The numerical Postfix SMTP server response when a
The numerical Postfix SMTP server response when a
recipient address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unveri</a>-
<a href="postconf.5.html#reject_unverified_recipient">fied_recipient</a> restriction.
<b>ACCESS CONTROL RESPONSES</b>
The following parameters control numerical SMTP reply
The following parameters control numerical SMTP reply
codes and/or text responses.
<b><a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a> (554)</b>
The numerical Postfix SMTP server response code
when a client is rejected by an <a href="access.5.html"><b>access</b>(5)</a> map
The numerical Postfix SMTP server response code
when a client is rejected by an <a href="access.5.html"><b>access</b>(5)</a> map
restriction.
<b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a remote SMTP client request is rejected by
The numerical Postfix SMTP server response code
when a remote SMTP client request is rejected by
the "defer" restriction.
<b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b>
The numerical Postfix SMTP server response code
when the client HELO or EHLO command parameter is
rejected by the <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a>
The numerical Postfix SMTP server response code
when the client HELO or EHLO command parameter is
rejected by the <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a>
restriction.
<b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b>
The numerical Postfix SMTP server response code
The numerical Postfix SMTP server response code
when a remote SMTP client request is blocked by the
<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>,
<a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a>
@ -962,53 +993,53 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
The numerical Postfix SMTP server reply code when a
client request is rejected by the
client request is rejected by the
<a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
<a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a>
restriction.
<b><a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a request is rejected by the <b>reject_plain-</b>
The numerical Postfix SMTP server response code
when a request is rejected by the <b>reject_plain-</b>
<b>text_session</b> restriction.
<b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b>
The numerical Postfix SMTP server response code
when a remote SMTP client request is rejected by
The numerical Postfix SMTP server response code
when a remote SMTP client request is rejected by
the "reject" restriction.
<b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b>
The numerical Postfix SMTP server response code
when a client request is rejected by the
The numerical Postfix SMTP server response code
when a client request is rejected by the
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient restriction.
<b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a sender or recipient address is rejected by
The numerical Postfix SMTP server response code
when a sender or recipient address is rejected by
the <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or
<a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction.
<b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a client without valid address &lt;=&gt; name map-
The numerical Postfix SMTP server response code
when a client without valid address &lt;=&gt; name map-
ping is rejected by the reject_unknown_client_host-
name restriction.
<b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when the hostname specified with the HELO or EHLO
command is rejected by the
The numerical Postfix SMTP server response code
when the hostname specified with the HELO or EHLO
command is rejected by the
<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b>
The default SMTP server response template for a
request that is rejected by an RBL-based restric-
The default SMTP server response template for a
request that is rejected by an RBL-based restric-
tion.
<b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
The numerical Postfix SMTP server response code
The numerical Postfix SMTP server response code
when a remote SMTP client request is blocked by the
<a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> restriction.
@ -1017,16 +1048,16 @@ SMTPD(8) SMTPD(8)
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
The location of all postfix administrative com-
The location of all postfix administrative com-
mands.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
@ -1047,37 +1078,37 @@ SMTPD(8) SMTPD(8)
and most Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
The internet hostname of this mail system.
<b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
The list of "trusted" SMTP clients that have more
The list of "trusted" SMTP clients that have more
privileges than "strangers".
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The domain name that locally-posted mail appears to
come from, and that locally posted mail is deliv-
come from, and that locally posted mail is deliv-
ered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
@ -1085,24 +1116,30 @@ SMTPD(8) SMTPD(8)
sions (user+foo).
<b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b>
The text that follows the 220 status code in the
The text that follows the 220 status code in the
SMTP greeting banner.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT, GET, POST)</b>
List of commands that causes the Postfix SMTP
server to immediately terminate the session with a
List of commands that causes the Postfix SMTP
server to immediately terminate the session with a
221 code.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtpd_client_port_logging">smtpd_client_port_logging</a> (no)</b>
Enable logging of the remote SMTP client port in
addition to the hostname and IP address.
<b>SEE ALSO</b>
<a href="anvil.8.html">anvil(8)</a>, connection/rate limiting
<a href="cleanup.8.html">cleanup(8)</a>, message canonicalization
@ -1151,5 +1188,9 @@ SMTPD(8) SMTPD(8)
Universitaetsplatz 3-4
D-03044 Cottbus, Germany
Revised TLS support by:
Victor Duchovni
Morgan Stanley
SMTPD(8)
</pre> </body> </html>

2
gnu/dist/postfix/html/spawn.8.html vendored
View File

@ -77,7 +77,7 @@ SPAWN(8) SPAWN(8)
entry in the <a href="master.5.html"><b>master.cf</b></a> file.
<b>RESOURCE AND RATE CONTROL</b>
<i>transport</i><b>_time_limit ($<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b>
<b><a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> ($<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b>
The amount of time the command is allowed to run
before it is terminated.

27
gnu/dist/postfix/html/tlsmgr.8.html vendored
View File

@ -47,6 +47,13 @@ TLSMGR(8) TLSMGR(8)
source and exchange file, and creates or truncates the
optional TLS session cache files.
With Postfix version 2.5 and later, the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> no
longer uses root privileges when opening cache files.
These files should now be stored under the Postfix-owned
<b><a href="postconf.5.html#data_directory">data_directory</a></b>. As a migration aid, an attempt to open a
cache file under a non-Postfix directory is redirected to
the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>, and a warning is logged.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to the syslog daemon.
@ -111,7 +118,7 @@ TLSMGR(8) TLSMGR(8)
$<a href="postconf.5.html#tls_random_source">tls_random_source</a> when (re)seeding the in-memory
pseudo random number generator (PRNG) pool.
<b><a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a> (${<a href="postconf.5.html#config_directory">config_directory</a>}/prng_exch)</b>
<b><a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a> (see 'postconf -d' output)</b>
Name of the pseudo random number generator (PRNG)
state file that is maintained by <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>.
@ -131,25 +138,29 @@ TLSMGR(8) TLSMGR(8)
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
The directory with Postfix-writable data files (for
example: caches, pseudo-random numbers).
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
@ -164,7 +175,7 @@ TLSMGR(8) TLSMGR(8)
<a href="TLS_README.html">TLS_README</a>, Postfix TLS configuration and operation
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

12
gnu/dist/postfix/html/trace.8.html vendored
View File

@ -43,12 +43,12 @@ BOUNCE(8) BOUNCE(8)
on retry logic in their own client.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (Format of Internet Message Bodies)
<a href="http://www.faqs.org/rfcs/rfc2822.html">RFC 2822</a> (ARPA Internet Text Messages)
<a href="http://www.faqs.org/rfcs/rfc3462.html">RFC 3462</a> (Delivery Status Notifications)
<a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a> (Delivery Status Notifications)
<a href="http://www.faqs.org/rfcs/rfc3834.html">RFC 3834</a> (Auto-Submitted: message header)
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (Format of Internet Message Bodies)
<a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc3462">RFC 3462</a> (Delivery Status Notifications)
<a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery Status Notifications)
<a href="http://tools.ietf.org/html/rfc3834">RFC 3834</a> (Auto-Submitted: message header)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).

1
gnu/dist/postfix/html/transport.5.html vendored
View File

@ -273,6 +273,7 @@ TRANSPORT(5) TRANSPORT(5)
<b>SEE ALSO</b>
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, rewrite and resolve addresses
<a href="master.5.html">master(5)</a>, <a href="master.5.html">master.cf</a> file format
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager

122
gnu/dist/postfix/html/trivial-rewrite.8.html vendored
View File

@ -106,24 +106,30 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
Resolve "user@ipaddress" as "user@[ipaddress]",
instead of rejecting the address as invalid.
Available with Postfix version 2.5 and later:
<b><a href="postconf.5.html#allow_min_user">allow_min_user</a> (no)</b>
Allow a sender or recipient address to have `-' as
the first character.
<b>ADDRESS REWRITING CONTROLS</b>
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The domain name that locally-posted mail appears to
come from, and that locally posted mail is deliv-
come from, and that locally posted mail is deliv-
ered to.
<b><a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a> (yes)</b>
Enable the rewriting of the form "user%domain" to
Enable the rewriting of the form "user%domain" to
"user@domain".
<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a> (yes)</b>
With locally submitted mail, append the string
"@$<a href="postconf.5.html#myorigin">myorigin</a>" to mail addresses without domain
With locally submitted mail, append the string
"@$<a href="postconf.5.html#myorigin">myorigin</a>" to mail addresses without domain
information.
<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> (yes)</b>
With locally submitted mail, append the string
".$<a href="postconf.5.html#mydomain">mydomain</a>" to addresses that have no ".domain"
With locally submitted mail, append the string
".$<a href="postconf.5.html#mydomain">mydomain</a>" to addresses that have no ".domain"
information.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
@ -131,75 +137,82 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
sions (user+foo).
<b><a href="postconf.5.html#swap_bangpath">swap_bangpath</a> (yes)</b>
Enable the rewriting of "site!user" into
Enable the rewriting of "site!user" into
"user@site".
Available in Postfix 2.2 and later:
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
Don't rewrite message headers from remote clients
Don't rewrite message headers from remote clients
at all when this parameter is empty; otherwise, re-
write message headers and append the specified
write message headers and append the specified
domain name to incomplete addresses.
<b>ROUTING CONTROLS</b>
The following is applicable to Postfix version 2.0 and
later. Earlier versions do not have support for: <a href="postconf.5.html#virtual_transport">vir</a>-
<a href="postconf.5.html#virtual_transport">tual_transport</a>, <a href="postconf.5.html#relay_transport">relay_transport</a>, <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>,
The following is applicable to Postfix version 2.0 and
later. Earlier versions do not have support for: <a href="postconf.5.html#virtual_transport">vir</a>-
<a href="postconf.5.html#virtual_transport">tual_transport</a>, <a href="postconf.5.html#relay_transport">relay_transport</a>, <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>,
<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> or <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
<b><a href="postconf.5.html#local_transport">local_transport</a> (<a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The default mail delivery transport and next-hop
destination for final delivery to domains listed
with <a href="postconf.5.html#mydestination">mydestination</a>, and for [ipaddress] destina-
tions that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_inter</a>-
The default mail delivery transport and next-hop
destination for final delivery to domains listed
with <a href="postconf.5.html#mydestination">mydestination</a>, and for [ipaddress] destina-
tions that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_inter</a>-
<a href="postconf.5.html#proxy_interfaces">faces</a>.
<b><a href="postconf.5.html#virtual_transport">virtual_transport</a> (virtual)</b>
The default mail delivery transport and next-hop
destination for final delivery to domains listed
The default mail delivery transport and next-hop
destination for final delivery to domains listed
with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
<b><a href="postconf.5.html#relay_transport">relay_transport</a> (relay)</b>
The default mail delivery transport and next-hop
destination for remote delivery to domains listed
The default mail delivery transport and next-hop
destination for remote delivery to domains listed
with $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#default_transport">default_transport</a> (smtp)</b>
The default mail delivery transport and next-hop
destination for destinations that do not match
The default mail delivery transport and next-hop
destination for destinations that do not match
$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_inter</a>-
<a href="postconf.5.html#proxy_interfaces">faces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mail-
box_domains</a>, or $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
<b>put)</b>
What Postfix features match subdomains of
"domain.tld" automatically, instead of requiring an
explicit ".domain.tld" pattern.
<b><a href="postconf.5.html#relayhost">relayhost</a> (empty)</b>
The next-hop destination of non-local mail; over-
The next-hop destination of non-local mail; over-
rides non-<a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a> in recipient addresses.
<b><a href="postconf.5.html#transport_maps">transport_maps</a> (empty)</b>
Optional lookup tables with mappings from recipient
address to (message delivery transport, next-hop
address to (message delivery transport, next-hop
destination).
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> (empty)</b>
A sender-dependent override for the global <a href="postconf.5.html#relayhost">relay</a>-
A sender-dependent override for the global <a href="postconf.5.html#relayhost">relay</a>-
<a href="postconf.5.html#relayhost">host</a> parameter setting.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#empty_address_relayhost_maps_lookup_key">empty_address_relayhost_maps_lookup_key</a> (</b>&lt;&gt;<b>)</b>
The <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> search string
that will be used instead of the null sender
address.
<b>ADDRESS VERIFICATION CONTROLS</b>
Postfix version 2.1 introduces sender and recipient
address verification. This feature is implemented by
sending probe email messages that are not actually deliv-
ered. By default, address verification probes use the
same route as regular mail. To override specific aspects
of message routing for address verification probes, spec-
Postfix version 2.1 introduces sender and recipient
address verification. This feature is implemented by
sending probe email messages that are not actually deliv-
ered. By default, address verification probes use the
same route as regular mail. To override specific aspects
of message routing for address verification probes, spec-
ify one or more of the following:
<b><a href="postconf.5.html#address_verify_local_transport">address_verify_local_transport</a> ($<a href="postconf.5.html#local_transport">local_transport</a>)</b>
@ -207,7 +220,7 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
address verification probes.
<b><a href="postconf.5.html#address_verify_virtual_transport">address_verify_virtual_transport</a> ($<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b>
Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting
Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting
for address verification probes.
<b><a href="postconf.5.html#address_verify_relay_transport">address_verify_relay_transport</a> ($<a href="postconf.5.html#relay_transport">relay_transport</a>)</b>
@ -215,35 +228,36 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
address verification probes.
<b><a href="postconf.5.html#address_verify_default_transport">address_verify_default_transport</a> ($<a href="postconf.5.html#default_transport">default_transport</a>)</b>
Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting
Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting
for address verification probes.
<b><a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> ($<a href="postconf.5.html#relayhost">relayhost</a>)</b>
Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for
Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for
address verification probes.
<b><a href="postconf.5.html#address_verify_transport_maps">address_verify_transport_maps</a> ($<a href="postconf.5.html#transport_maps">transport_maps</a>)</b>
Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for
Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for
address verification probes.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> (empty)</b>
<b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a></b>
<b>($<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>)</b>
Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
parameter setting for address verification probes.
parameter setting for address verification probes.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a> (MAILER-DAEMON)</b>
The recipient of mail addressed to the null
The recipient of mail addressed to the null
address.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@ -251,13 +265,13 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#relocated_maps">relocated_maps</a> (empty)</b>
@ -265,33 +279,33 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
for users or domains that no longer exist.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
Display the name of the recipient table in the
Display the name of the recipient table in the
"User unknown" responses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
Log warnings about problematic configuration set-
Log warnings about problematic configuration set-
tings, and provide helpful suggestions.
<b>SEE ALSO</b>
@ -306,7 +320,7 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
<a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a>, Postfix address verification
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

49
gnu/dist/postfix/html/verify.8.html vendored
View File

@ -54,6 +54,14 @@ VERIFY(8) VERIFY(8)
trades one problem (disk space exhaustion) for another one
(poor response time to client requests).
With Postfix version 2.5 and later, the <a href="verify.8.html"><b>verify</b>(8)</a> server
no longer uses root privileges when opening the
<b><a href="postconf.5.html#address_verify_map">address_verify_map</a></b> cache file. The file should now be
stored under the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>. As a
migration aid, an attempt to open a cache file under a
non-Postfix directory is redirected to the Postfix-owned
<b><a href="postconf.5.html#data_directory">data_directory</a></b>, and a warning is logged.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
@ -82,12 +90,13 @@ VERIFY(8) VERIFY(8)
Optional lookup table for persistent address veri-
fication status storage.
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> (postmaster)</b>
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
The sender address to use in address verification
probes.
probes; prior to Postfix 2.5 the default was "post-
master".
<b><a href="postconf.5.html#address_verify_positive_expire_time">address_verify_positive_expire_time</a> (31d)</b>
The time after which a successful probe expires
The time after which a successful probe expires
from the address verification cache.
<b><a href="postconf.5.html#address_verify_positive_refresh_time">address_verify_positive_refresh_time</a> (7d)</b>
@ -99,24 +108,24 @@ VERIFY(8) VERIFY(8)
results.
<b><a href="postconf.5.html#address_verify_negative_expire_time">address_verify_negative_expire_time</a> (3d)</b>
The time after which a failed probe expires from
The time after which a failed probe expires from
the address verification cache.
<b><a href="postconf.5.html#address_verify_negative_refresh_time">address_verify_negative_refresh_time</a> (3h)</b>
The time after which a failed address verification
The time after which a failed address verification
probe needs to be refreshed.
<b>PROBE MESSAGE ROUTING CONTROLS</b>
By default, probe messages are delivered via the same
route as regular messages. The following parameters can
By default, probe messages are delivered via the same
route as regular messages. The following parameters can
be used to override specific message routing mechanisms.
<b><a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> ($<a href="postconf.5.html#relayhost">relayhost</a>)</b>
Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for
Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for
address verification probes.
<b><a href="postconf.5.html#address_verify_transport_maps">address_verify_transport_maps</a> ($<a href="postconf.5.html#transport_maps">transport_maps</a>)</b>
Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for
Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for
address verification probes.
<b><a href="postconf.5.html#address_verify_local_transport">address_verify_local_transport</a> ($<a href="postconf.5.html#local_transport">local_transport</a>)</b>
@ -124,7 +133,7 @@ VERIFY(8) VERIFY(8)
address verification probes.
<b><a href="postconf.5.html#address_verify_virtual_transport">address_verify_virtual_transport</a> ($<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b>
Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting
Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting
for address verification probes.
<b><a href="postconf.5.html#address_verify_relay_transport">address_verify_relay_transport</a> ($<a href="postconf.5.html#relay_transport">relay_transport</a>)</b>
@ -132,17 +141,17 @@ VERIFY(8) VERIFY(8)
address verification probes.
<b><a href="postconf.5.html#address_verify_default_transport">address_verify_default_transport</a> ($<a href="postconf.5.html#default_transport">default_transport</a>)</b>
Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting
Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting
for address verification probes.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@ -150,23 +159,23 @@ VERIFY(8) VERIFY(8)
over an internal communication channel.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
@ -179,7 +188,7 @@ VERIFY(8) VERIFY(8)
<a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a>, address verification howto
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>

2
gnu/dist/postfix/html/virtual.8.html vendored
View File

@ -131,7 +131,7 @@ VIRTUAL(8) VIRTUAL(8)
virtual delivery agent will terminate with a fatal error.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<b>DIAGNOSTICS</b>
Mail bounces when the recipient has no mailbox or when the

6
gnu/dist/postfix/implementation-notes/MILTER vendored
View File

@ -247,4 +247,8 @@ or backward compatibility.
It does mean, however, that a pointer record can easily exceed the
length of a header record. This is why we go through the trouble
of record relocation and dummy records.
of record relocation and dummy records.
In Postfix 2.4 we fixed this by adding padding to short message
header records so that we can always write a pointer record over a
message header. This immensly simplifies the code.

9
gnu/dist/postfix/man/man1/postfix.1 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: postfix.1,v 1.1.1.10 2007/05/19 16:27:47 heas Exp $
.\" $NetBSD: postfix.1,v 1.1.1.11 2008/06/22 14:00:59 christos Exp $
.\"
.TH POSTFIX 1
.ad
@ -53,6 +53,8 @@ poor delivery performance of all other mail.
.IP \fBreload\fR
Re-read configuration files. Running processes terminate at their
earliest convenience.
.IP \fBstatus\fR
Indicate if the Postfix mail system is currently running.
.IP "\fBset-permissions\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR
Set the ownership and permissions of Postfix related files and
directories, as specified in the \fBpostfix-files\fR file.
@ -142,6 +144,11 @@ Where the Postfix manual pages are installed.
The location of Postfix README files that describe how to build,
configure or operate a specific Postfix subsystem or feature.
.PP
Available in Postfix version 2.5 and later:
.IP "\fBdata_directory (see 'postconf -d' output)\fR"
The directory with Postfix-writable data files (for example:
caches, pseudo-random numbers).
.PP
Other configuration parameters:
.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
The default location of the Postfix main.cf and master.cf

8
gnu/dist/postfix/man/man1/postsuper.1 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: postsuper.1,v 1.1.1.10 2007/05/19 16:27:48 heas Exp $
.\" $NetBSD: postsuper.1,v 1.1.1.11 2008/06/22 14:00:59 christos Exp $
.\"
.TH POSTSUPER 1
.ad
@ -96,6 +96,8 @@ Note: while mail is "on hold" it will not expire when its
time in the queue exceeds the \fBmaximal_queue_lifetime\fR
or \fBbounce_queue_lifetime\fR setting. It becomes subject to
expiration after it is released from "hold".
.sp
This feature is available in Postfix 2.0 and later.
.IP "\fB-H \fIqueue_id\fR"
Release mail that was put "on hold".
Move one message with the named queue ID from the named
@ -111,6 +113,8 @@ or \fB$bounce_queue_lifetime\fR, or longer.
Specify "\fB-H ALL\fR" to release all mail that is "on hold".
As a safety measure, the word \fBALL\fR must be specified in upper
case.
.sp
This feature is available in Postfix 2.0 and later.
.IP \fB-p\fR
Purge old temporary files that are left over after system or
software crashes.
@ -156,6 +160,8 @@ Warning: Postfix queue IDs are reused.
There is a very small possibility that \fBpostsuper\fR(1) requeues
the wrong message file when it is executed while the Postfix mail
system is running, but no harm should be done.
.sp
This feature is available in Postfix 1.1 and later.
.IP \fB-s\fR
Structure check and structure repair. This should be done once
before Postfix startup.

7
gnu/dist/postfix/man/man1/sendmail.1 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: sendmail.1,v 1.1.1.11 2007/05/19 16:27:48 heas Exp $
.\" $NetBSD: sendmail.1,v 1.1.1.12 2008/06/22 14:01:00 christos Exp $
.\"
.TH SENDMAIL 1
.ad
@ -310,8 +310,9 @@ The delay between attempts to fork() a child process.
.IP "\fBhopcount_limit (50)\fR"
The maximal number of Received: message headers that is allowed
in the primary message headers.
.IP "\fBqueue_run_delay (version dependent)\fR"
The time between deferred queue scans by the queue manager.
.IP "\fBqueue_run_delay (300s)\fR"
The time between deferred queue scans by the queue manager;
prior to Postfix 2.4 the default value was 1000s.
.SH "FAST FLUSH CONTROLS"
.na
.nf

17
gnu/dist/postfix/man/man1/smtp-sink.1 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: smtp-sink.1,v 1.1.1.6 2007/05/19 16:27:48 heas Exp $
.\" $NetBSD: smtp-sink.1,v 1.1.1.7 2008/06/22 14:01:00 christos Exp $
.\"
.TH SMTP-SINK 1
.ad
@ -119,6 +119,14 @@ Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY,
DATA, ., RSET, NOOP, and QUIT. Separate command names by
white space or commas, and use quotes to protect white space
from the shell. Command names are case-insensitive.
.IP "\fB-Q \fIcommand,command,...\fR"
Send a 421 reply and disconnect after receiving one
of the specified commands.
.sp
Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY,
DATA, ., RSET, NOOP, and QUIT. Separate command names by
white space or commas, and use quotes to protect white space
from the shell. Command names are case-insensitive.
.IP "\fB-r \fIcommand,command,...\fR"
Reject the specified commands with a soft (4xx) error code.
This option implies \fB-p\fR.
@ -158,6 +166,13 @@ with super-user privileges. See also the \fB-R\fR option.
Show the SMTP conversations.
.IP "\fB-w \fIdelay\fR"
Wait \fIdelay\fR seconds before responding to a DATA command.
.IP "\fB-W \fIcommand:delay[:odds]\fR"
Wait \fIdelay\fR seconds before responding to \fIcommand\fR.
If \fIodds\fR is also specified (a number between 1-99
inclusive), wait for a random multiple of \fIdelay\fR. The
random multiplier is equal to the number of times the program
needs to roll a dice with a range of 0..99 inclusive, before
the dice produces a result greater than or equal to \fIodds\fR.
.IP [\fBinet:\fR][\fIhost\fR]:\fIport\fR
Listen on network interface \fIhost\fR (default: any interface)
TCP port \fIport\fR. Both \fIhost\fR and \fIport\fR may be

15
gnu/dist/postfix/man/man1/smtp-source.1 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: smtp-source.1,v 1.1.1.6 2007/05/19 16:27:47 heas Exp $
.\" $NetBSD: smtp-source.1,v 1.1.1.7 2008/06/22 14:00:58 christos Exp $
.\"
.TH SMTP-SOURCE 1
.ad
@ -35,6 +35,9 @@ Postfix is built without IPv6 support.
.IP \fB-6\fR
Connect to the server with IPv6. This option is not available when
Postfix is built without IPv6 support.
.IP "\fB-A\fR"
Don't abort when the server sends something other than the
expected positive reply code.
.IP \fB-c\fR
Display a running counter that is incremented each time
an SMTP DATA command completes.
@ -48,6 +51,10 @@ Don't disconnect after sending a message; send the next
message over the same connection.
.IP "\fB-f \fIfrom\fR"
Use the specified sender address (default: <foo@myhostname>).
.IP "\fB-F \fIfile\fR"
Send the pre-formatted message header and body in the
specified \fIfile\fR, while prepending '.' before lines that
begin with '.', and while appending CRLF after each line.
.IP "\fB-l \fIlength\fR"
Send \fIlength\fR bytes as message payload. The length does not
include message headers.
@ -71,15 +78,15 @@ Old mode: don't send HELO, and don't send message headers.
Send the specified number of recipients per transaction (default: 1).
Recipient names are generated by prepending a number to the
recipient address.
.IP "\fB-R \fIinterval\fR"
Wait for a random period of time 0 <= n <= interval between messages.
Suspending one thread does not affect other delivery threads.
.IP "\fB-s \fIsession_count\fR"
Run the specified number of SMTP sessions in parallel (default: 1).
.IP "\fB-S \fIsubject\fR"
Send mail with the named subject line (default: none).
.IP "\fB-t \fIto\fR"
Use the specified recipient address (default: <foo@myhostname>).
.IP "\fB-R \fIinterval\fR"
Wait for a random period of time 0 <= n <= interval between messages.
Suspending one thread does not affect other delivery threads.
.IP \fB-v\fR
Make the program more verbose, for debugging purposes.
.IP "\fB-w \fIinterval\fR"

9
gnu/dist/postfix/man/man5/access.5 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: access.5,v 1.1.1.15 2007/05/19 16:27:48 heas Exp $
.\" $NetBSD: access.5,v 1.1.1.16 2008/06/22 14:01:01 christos Exp $
.\"
.TH ACCESS 5
.ad
@ -218,6 +218,13 @@ This feature is available in Postfix 2.1 and later.
.IP \fIrestriction...\fR
Apply the named UCE restriction(s) (\fBpermit\fR, \fBreject\fR,
\fBreject_unauth_destination\fR, and so on).
.IP "\fBBCC \fIuser@domain\fR"
Send one copy of the message to the specified recipient.
.sp
If multiple BCC actions are specified within the same SMTP
MAIL transaction, only the last action will be used.
.sp
This feature is not part of the stable Postfix release.
.IP "\fBDISCARD \fIoptional text...\fR
Claim successful delivery and silently discard the message.
Log the optional text if specified, otherwise log a generic

12
gnu/dist/postfix/man/man5/bounce.5 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: bounce.5,v 1.1.1.4 2007/05/19 16:27:48 heas Exp $
.\" $NetBSD: bounce.5,v 1.1.1.5 2008/06/22 14:01:01 christos Exp $
.\"
.TH BOUNCE 5
.ad
@ -149,14 +149,16 @@ The usage and specification of template message headers is
subject to the following restrictions:
.IP \(bu
Template message header names can be specified in upper
case, lower case or mixed case. Postfix always uses the
spelling as shown in the example above.
case, lower case or mixed case. Postfix always produces
bounce message header labels of the form "\fBFrom:\fR" and
"\fBSubject:\fR".
.IP \(bu
Template message headers must not span multiple lines.
.IP \(bu
Template message headers must not contain main.cf $parameters.
Template message headers do not support $parameter expansions.
.IP \(bu
Template message headers must contain ASCII characters only.
Template message headers must contain ASCII characters only,
and must not contain ASCII null characters.
.SH "TEMPLATE MESSAGE TEXT FORMAT"
.na
.nf

6
gnu/dist/postfix/man/man5/cidr_table.5 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: cidr_table.5,v 1.1.1.4 2007/05/19 16:27:48 heas Exp $
.\" $NetBSD: cidr_table.5,v 1.1.1.5 2008/06/22 14:01:01 christos Exp $
.\"
.TH CIDR_TABLE 5
.ad
@ -98,6 +98,10 @@ Use "\fBpostconf readme_directory\fR" or
.na
.nf
DATABASE_README, Postfix lookup table overview
.SH "HISTORY"
.na
.nf
CIDR table support was introduced with Postfix version 2.1.
.SH "AUTHOR(S)"
.na
.nf

14
gnu/dist/postfix/man/man5/header_checks.5 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: header_checks.5,v 1.1.1.7 2007/05/19 16:27:48 heas Exp $
.\" $NetBSD: header_checks.5,v 1.1.1.8 2008/06/22 14:01:01 christos Exp $
.\"
.TH HEADER_CHECKS 5
.ad
@ -93,17 +93,17 @@ given below.
For a discussion of specific pattern or flags syntax,
see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively.
.IP "\fB/\fIpattern\fB/\fIflags action\fR"
When \fIpattern\fR matches the input string, execute
When /\fIpattern\fR/ matches the input string, execute
the corresponding \fIaction\fR. See below for a list
of possible actions.
.IP "\fB!/\fIpattern\fB/\fIflags action\fR"
When \fIpattern\fR does \fBnot\fR match the input string,
When /\fIpattern\fR/ does \fBnot\fR match the input string,
execute the corresponding \fIaction\fR.
.IP "\fBif /\fIpattern\fB/\fIflags\fR"
.IP "\fBendif\fR"
Match the input string against the patterns between \fBif\fR
and \fBendif\fR, if and only if the same input string also
matches \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
matches /\fIpattern\fR/. The \fBif\fR..\fBendif\fR can nest.
.sp
Note: do not prepend whitespace to patterns inside
\fBif\fR..\fBendif\fR.
@ -111,7 +111,7 @@ Note: do not prepend whitespace to patterns inside
.IP "\fBendif\fR"
Match the input string against the patterns between \fBif\fR
and \fBendif\fR, if and only if the same input string does
\fBnot\fR match \fIpattern\fR. The \fBif\fR..\fBendif\fR
\fBnot\fR match /\fIpattern\fR/. The \fBif\fR..\fBendif\fR
can nest.
.IP "blank lines and comments"
Empty lines and whitespace-only lines are ignored, as
@ -274,6 +274,10 @@ before applying more drastic actions.
.SH BUGS
.ad
.fi
Empty lines never match, because some map types mis-behave
when given a zero-length search string. This limitation may
be removed for regular expression tables in a future release.
Many people overlook the main limitations of header and body_checks
rules.
.IP \(bu

34
gnu/dist/postfix/man/man5/ldap_table.5 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: ldap_table.5,v 1.1.1.5 2007/05/19 16:27:48 heas Exp $
.\" $NetBSD: ldap_table.5,v 1.1.1.6 2008/06/22 14:01:02 christos Exp $
.\"
.TH LDAP_TABLE 5
.ad
@ -549,6 +549,38 @@ tls_cert.
.IP "\fBtls_require_cert (default: no)\fR"
Whether or not to request server's X509 certificate and
check its validity when establishing SSL/TLS connections.
The supported values are \fBno\fR and \fByes\fR.
.sp
With \fBno\fR, the server certificate trust chain is not checked,
but with OpenLDAP prior to 2.1.13, the name in the server
certificate must still match the LDAP server name. With OpenLDAP
2.0.0 to 2.0.11 the server name is not necessarily what you
specified, rather it is determined (by reverse lookup) from the
IP address of the LDAP server connection. With OpenLDAP prior to
2.0.13, subjectAlternativeName extensions in the LDAP server
certificate are ignored: the server name must match the subject
CommonName. The \fBno\fR setting corresponds to the \fBnever\fR
value of \fBTLS_REQCERT\fR in LDAP client configuration files.
.sp
Don't use TLS with OpenLDAP 2.0.x (and especially with x <= 11)
if you can avoid it.
.sp
With \fByes\fR, the server certificate must be issued by a trusted
CA, and not be expired. The LDAP server name must match one of the
name(s) found in the certificate (see above for OpenLDAP library
version dependent behavior). The \fByes\fR setting corresponds to the
\fBdemand\fR value of \fBTLS_REQCERT\fR in LDAP client configuration
files.
.sp
The "try" and "never" values of \fBTLS_REQCERT\fR have no equivalents
here. They are not available with OpenLDAP 2.0, and in any case have
questionable security properties. Either you want TLS verified LDAP
connections, or you don't.
.sp
The \fByes\fR value only works correctly with Postfix 2.5 and later,
or with OpenLDAP 2.0. Earlier Postfix releases or later OpenLDAP
releases don't work together with this setting. Support for LDAP
over TLS was added to Postfix based on the OpenLDAP 2.0 API.
.IP "\fBtls_random_file (No default)\fR"
Path of a file to obtain random bits from when /dev/[u]random
is not available, to be used by the client in SSL/TLS

18
gnu/dist/postfix/man/man5/master.5 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: master.5,v 1.1.1.3 2006/08/27 00:38:03 rpaulo Exp $
.\" $NetBSD: master.5,v 1.1.1.4 2008/06/22 14:01:02 christos Exp $
.\"
.TH MASTER 5
.ad
@ -19,9 +19,9 @@ run in the background under control of the \fBmaster\fR(8)
process. The master.cf configuration file defines how a
client program connects to a service, and what daemon
program runs when a service is requested. Most daemon
processes are short-lived and terminate after serving
\fBmax_use\fR clients, or after inactivity for \fBmax_idle\fR
or more units of time.
processes are short-lived and terminate voluntarily after
serving \fBmax_use\fR clients, or after inactivity for
\fBmax_idle\fR or more units of time.
All daemons specified here must speak a Postfix-internal
protocol. In order to execute non-Postfix software use the
@ -103,6 +103,16 @@ for local clients only.
The service name is a pathname relative to the Postfix
queue directory (pathname controlled with the \fBqueue_directory\fR
configuration parameter in main.cf).
.IP \fBpass\fR
The service listens on a UNIX-domain socket, receives one
open connection (file descriptor passing) per connection
request, and is accessible to local clients only.
The service name is a pathname relative to the Postfix
queue directory (pathname controlled with the \fBqueue_directory\fR
configuration parameter in main.cf).
This feature is available as of Postfix version 2.5.
.RE
.IP "\fBPrivate (default: y)\fR"
Whether or not access is restricted to the mail system.

21
gnu/dist/postfix/man/man5/mysql_table.5 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: mysql_table.5,v 1.1.1.4 2007/05/19 16:27:49 heas Exp $
.\" $NetBSD: mysql_table.5,v 1.1.1.5 2008/06/22 14:01:02 christos Exp $
.\"
.TH MYSQL_TABLE 5
.ad
@ -260,7 +260,18 @@ A setting of zero disables the limit. Lookups fail with a
temporary error if the limit is exceeded. Setting the
limit to 1 ensures that lookups do not return multiple
values.
.PP
.SH "OBSOLETE QUERY INTERFACE"
.na
.nf
.ad
.fi
This section describes an interface that is deprecated as
of Postfix 2.2. It is replaced by the more general \fBquery\fR
interface described above. If the \fBquery\fR parameter
is defined, the legacy parameters described here ignored.
Please migrate to the new interface as the legacy interface
may be removed in a future release.
The following parameters can be used to fill in a
SELECT template statement of the form:
@ -274,12 +285,6 @@ SELECT template statement of the form:
The specifier %s is replaced by the search string, and is
escaped so if it contains single quotes or other odd characters,
it will not cause a parse error, or worse, a security problem.
As of Postfix 2.2 this interface is obsolete, it is replaced
by the more general \fBquery\fR interface described above.
If the \fBquery\fR parameter is defined, the legacy parameters
are ignored. Please migrate to the new interface as the legacy
interface may be removed in a future release.
.IP "\fBselect_field\fR"
The SQL "select" parameter. Example:
.nf

23
gnu/dist/postfix/man/man5/pgsql_table.5 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: pgsql_table.5,v 1.1.1.4 2007/05/19 16:27:49 heas Exp $
.\" $NetBSD: pgsql_table.5,v 1.1.1.5 2008/06/22 14:01:02 christos Exp $
.\"
.TH PGSQL_TABLE 5
.ad
@ -67,7 +67,7 @@ migrate to the new interface set:
\fBquery\fR = SELECT \fIselect_function\fR('%s')
.fi
or in the absence of \fBselection_function\fR, the lower precedence:
or in the absence of \fBselect_function\fR, the lower precedence:
.nf
\fBquery\fR = SELECT \fIselect_field\fR
@ -263,8 +263,15 @@ A setting of zero disables the limit. Lookups fail with a
temporary error if the limit is exceeded. Setting the
limit to 1 ensures that lookups do not return multiple
values.
.PP
Pre-Postfix 2.2 legacy interfaces:
.SH "OBSOLETE QUERY INTERFACES"
.na
.nf
.ad
.fi
This section describes query interfaces that are deprecated
as of Postfix 2.2. Please migrate to the new \fBquery\fR
interface as the old interfaces are slated to be phased
out.
.IP "\fBselect_function\fR"
This parameter specifies a database function name. Example:
.nf
@ -279,9 +286,8 @@ This is equivalent to:
This parameter overrides the legacy table-related fields (described
below). With Postfix versions prior to 2.2, it also overrides the
\fBquery\fR parameter. Starting with Postfix 2.2, the \fBquery\fR
parameter has highest precedence, and this parameter is deprecated.
Please migrate to the new \fBquery\fR interface as this interface
is slated to be phased out.
parameter has highest precedence, and the \fBselect_function\fR
parameter is deprecated.
.PP
The following parameters (with lower precedence than the
\fBselect_function\fR interface described above) can be used to
@ -302,8 +308,7 @@ problem.
Starting with Postfix 2.2, this interface is obsoleted by the more
general \fBquery\fR interface described above. If higher precedence
the \fBquery\fR or \fBselect_function\fR parameters described above
are defined, these parameters are ignored. Please migrate to the new
\fBquery\fR interface as this interface is slated to be phased out.
are defined, the parameters described here are ignored.
.IP "\fBselect_field\fR"
The SQL "select" parameter. Example:
.nf

8
gnu/dist/postfix/man/man5/regexp_table.5 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: regexp_table.5,v 1.1.1.12 2007/05/19 16:27:51 heas Exp $
.\" $NetBSD: regexp_table.5,v 1.1.1.13 2008/06/22 14:01:09 christos Exp $
.\"
.TH REGEXP_TABLE 5
.ad
@ -93,14 +93,14 @@ characters after the pattern:
.IP "\fBi\fR (default: on)"
Toggles the case sensitivity flag. By default, matching is case
insensitive.
.IP "\fBx\fR (default: on)"
Toggles the extended expression syntax flag. By default, support
for extended expression syntax is enabled.
.IP "\fBm\fR (default: off)"
Toggle the multi-line mode flag. When this flag is on, the \fB^\fR
and \fB$\fR metacharacters match immediately after and immediately
before a newline character, respectively, in addition to
matching at the start and end of the input string.
.IP "\fBx\fR (default: on)"
Toggles the extended expression syntax flag. By default, support
for extended expression syntax is enabled.
.SH "TABLE SEARCH ORDER"
.na
.nf

3
gnu/dist/postfix/man/man5/transport.5 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: transport.5,v 1.1.1.12 2007/05/19 16:27:51 heas Exp $
.\" $NetBSD: transport.5,v 1.1.1.13 2008/06/22 14:01:10 christos Exp $
.\"
.TH TRANSPORT 5
.ad
@ -284,6 +284,7 @@ List of transport lookup tables.
.na
.nf
trivial-rewrite(8), rewrite and resolve addresses
master(5), master.cf file format
postconf(5), configuration parameters
postmap(1), Postfix lookup table manager
.SH "README FILES"

5
gnu/dist/postfix/man/man8/error.8 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: error.8,v 1.1.1.7 2007/05/19 16:27:51 heas Exp $
.\" $NetBSD: error.8,v 1.1.1.8 2008/06/22 14:01:13 christos Exp $
.\"
.TH ERROR 8
.ad
@ -19,7 +19,8 @@ requests from
the queue manager. Each request specifies a queue file, a sender
address, the reason for non-delivery (specified as the
next-hop destination), and recipient information.
The reason may be prefixed with an RFC 3463-compatible detail code.
The reason may be prefixed with an RFC 3463-compatible detail code;
if none is specified a default 4.0.0 or 5.0.0 code is used instead.
This program expects to be run from the \fBmaster\fR(8) process
manager.

3
gnu/dist/postfix/man/man8/master.8 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: master.8,v 1.1.1.9 2007/05/19 16:27:52 heas Exp $
.\" $NetBSD: master.8,v 1.1.1.10 2008/06/22 14:01:14 christos Exp $
.\"
.TH MASTER 8
.ad
@ -153,6 +153,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd".
/etc/postfix/main.cf, global configuration file.
/etc/postfix/master.cf, master server configuration file.
/var/spool/postfix/pid/master.pid, master lock file.
/var/lib/postfix/master.lock, master lock file.
.SH "SEE ALSO"
.na
.nf

52
gnu/dist/postfix/man/man8/oqmgr.8 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: oqmgr.8,v 1.1.1.5 2007/05/19 16:27:52 heas Exp $
.\" $NetBSD: oqmgr.8,v 1.1.1.6 2008/06/22 14:01:14 christos Exp $
.\"
.TH OQMGR 8
.ad
@ -181,8 +181,10 @@ In the text below, \fItransport\fR is the first field in a
.nf
.ad
.fi
Available before Postfix version 2.5:
.IP "\fBallow_min_user (no)\fR"
Allow a recipient address to have `-' as the first character.
Allow a sender or recipient address to have `-' as the first
character.
.SH "ACTIVE QUEUE CONTROLS"
.na
.nf
@ -212,8 +214,34 @@ to the same destination.
.IP "\fBdefault_destination_concurrency_limit (20)\fR"
The default maximal number of parallel deliveries to the same
destination.
.IP \fItransport\fB_destination_concurrency_limit\fR
.IP "\fItransport\fB_destination_concurrency_limit ($default_destination_concurrency_limit)\fR"
Idem, for delivery via the named message \fItransport\fR.
.PP
Available in Postfix version 2.5 and later:
.IP "\fItransport\fB_initial_destination_concurrency ($initial_destination_concurrency)\fR"
Initial concurrency for delivery via the named message
\fItransport\fR.
.IP "\fBdefault_destination_concurrency_failed_cohort_limit (1)\fR"
How many pseudo-cohorts must suffer connection or handshake
failure before a specific destination is considered unavailable
(and further delivery is suspended).
.IP "\fItransport\fB_destination_concurrency_failed_cohort_limit ($default_destination_concurrency_failed_cohort_limit)\fR"
Idem, for delivery via the named message \fItransport\fR.
.IP "\fBdefault_destination_concurrency_negative_feedback (1)\fR"
The per-destination amount of delivery concurrency negative
feedback, after a delivery completes with a connection or handshake
failure.
.IP "\fItransport\fB_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback)\fR"
Idem, for delivery via the named message \fItransport\fR.
.IP "\fBdefault_destination_concurrency_positive_feedback (1)\fR"
The per-destination amount of delivery concurrency positive
feedback, after a delivery completes without connection or handshake
failure.
.IP "\fItransport\fB_destination_concurrency_positive_feedback ($default_destination_concurrency_positive_feedback)\fR"
Idem, for delivery via the named message \fItransport\fR.
.IP "\fBdestination_concurrency_feedback_debug (no)\fR"
Make the queue manager's feedback algorithm verbose for performance
analysis purposes.
.SH "RECIPIENT SCHEDULING CONTROLS"
.na
.nf
@ -228,15 +256,17 @@ Idem, for delivery via the named message \fItransport\fR.
.nf
.ad
.fi
.IP "\fBminimal_backoff_time (version dependent)\fR"
The minimal time between attempts to deliver a deferred message.
.IP "\fBminimal_backoff_time (300s)\fR"
The minimal time between attempts to deliver a deferred message;
prior to Postfix 2.4 the default value was 1000s.
.IP "\fBmaximal_backoff_time (4000s)\fR"
The maximal time between attempts to deliver a deferred message.
.IP "\fBmaximal_queue_lifetime (5d)\fR"
The maximal time a message is queued before it is sent back as
undeliverable.
.IP "\fBqueue_run_delay (version dependent)\fR"
The time between deferred queue scans by the queue manager.
.IP "\fBqueue_run_delay (300s)\fR"
The time between deferred queue scans by the queue manager;
prior to Postfix 2.4 the default value was 1000s.
.IP "\fBtransport_retry_time (60s)\fR"
The time between attempts by the Postfix queue manager to contact
a malfunctioning message delivery transport.
@ -245,6 +275,14 @@ Available in Postfix version 2.1 and later:
.IP "\fBbounce_queue_lifetime (5d)\fR"
The maximal time a bounce message is queued before it is considered
undeliverable.
.PP
Available in Postfix version 2.5 and later:
.IP "\fBdefault_destination_rate_delay (0s)\fR"
The default amount of delay that is inserted between individual
deliveries to the same destination; with per-destination recipient
limit > 1, a destination is a domain, otherwise it is a recipient.
.IP "\fItransport\fB_destination_rate_delay $default_destination_rate_delay
Idem, for delivery via the named message \fItransport\fR.
.SH MISCELLANEOUS CONTROLS
.ad
.fi

76
gnu/dist/postfix/man/man8/pipe.8 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: pipe.8,v 1.1.1.10 2007/05/19 16:27:52 heas Exp $
.\" $NetBSD: pipe.8,v 1.1.1.11 2008/06/22 14:01:14 christos Exp $
.\"
.TH PIPE 8
.ad
@ -33,9 +33,11 @@ appropriate.
.nf
.ad
.fi
Some external commands cannot handle more than one recipient
per delivery request. Examples of such transports are pagers
or fax machines.
Some destinations cannot handle more than one recipient per
delivery request. Examples are pagers or fax machines.
In addition, multi-recipient delivery is undesirable when
prepending a \fBDelivered-to:\fR or \fBX-Original-To:\fR
message header.
To prevent Postfix from sending multiple recipients per delivery
request, specify
@ -75,7 +77,7 @@ The output record delimiter. Typically one would use either
\fB\er\en\fR or \fB\en\fR. The usual C-style backslash escape
sequences are recognized: \fB\ea \eb \ef \en \er \et \ev
\e\fIddd\fR (up to three octal digits) and \fB\e\e\fR.
.IP "\fBflags=BDFORhqu.>\fR (optional)"
.IP "\fBflags=BDFORXhqu.>\fR (optional)"
Optional message processing flags. By default, a message is
copied unchanged.
.RS
@ -86,7 +88,14 @@ when preceded by a blank line.
.IP \fBD\fR
Prepend a "\fBDelivered-To: \fIrecipient\fR" message header with the
envelope recipient address. Note: for this to work, the
\fItransport\fB_destination_recipient_limit\fR must be 1.
\fItransport\fB_destination_recipient_limit\fR must be 1
(see SINGLE-RECIPIENT DELIVERY above for details).
.sp
The \fBD\fR flag also enforces loop detection (Postfix 2.5 and later):
if a message already contains a \fBDelivered-To:\fR header
with the same recipient address, then the message is
returned as undeliverable. The address comparison is case
insensitive.
.sp
This feature is available as of Postfix 2.0.
.IP \fBF\fR
@ -96,19 +105,31 @@ This is expected by, for example, \fBUUCP\fR software.
.IP \fBO\fR
Prepend an "\fBX-Original-To: \fIrecipient\fR" message header
with the recipient address as given to Postfix. Note: for this to
work, the \fItransport\fB_destination_recipient_limit\fR must be 1.
work, the \fItransport\fB_destination_recipient_limit\fR must be 1
(see SINGLE-RECIPIENT DELIVERY above for details).
.sp
This feature is available as of Postfix 2.0.
.IP \fBR\fR
Prepend a \fBReturn-Path:\fR message header with the envelope sender
address.
.IP \fBX\fR
Indicate that the external command performs final delivery.
This flag affects the status reported in "success" DSN
(delivery status notification) messages, and changes it
from "relayed" into "delivered".
.sp
This feature is available as of Postfix 2.5.
.IP \fBh\fR
Fold the command-line \fB$recipient\fR domain name and \fB$nexthop\fR
host name to lower case.
Fold the command-line \fB$original_recipient\fR and
\fB$recipient\fR address domain part
(text to the right of the right-most \fB@\fR character) to
lower case; fold the entire command-line \fB$domain\fR and
\fB$nexthop\fR host or domain information to lower case.
This is recommended for delivery via \fBUUCP\fR.
.IP \fBq\fR
Quote white space and other special characters in the command-line
\fB$sender\fR and \fB$recipient\fR address localparts (text to the
\fB$sender\fR, \fB$original_recipient\fR and \fB$recipient\fR
address localparts (text to the
left of the right-most \fB@\fR character), according to an 8-bit
transparent version of RFC 822.
This is recommended for delivery via \fBUUCP\fR or \fBBSMTP\fR.
@ -120,7 +141,8 @@ The \fBq\fR flag affects only entire addresses, not the partial
address information from the \fB$user\fR, \fB$extension\fR or
\fB$mailbox\fR command-line macros.
.IP \fBu\fR
Fold the command-line \fB$recipient\fR address localpart (text to
Fold the command-line \fB$original_recipient\fR and
\fB$recipient\fR address localpart (text to
the left of the right-most \fB@\fR character) to lower case.
This is recommended for delivery via \fBUUCP\fR.
.IP \fB.\fR
@ -161,10 +183,10 @@ specify \fB$sender\fR as an argument by itself:
command -f $sender -- $recipient (\fIgood\fR)
.fi
.IP
This feature is available with Postfix 2.3 and later.
This feature is available as of Postfix 2.3.
.IP "\fBsize\fR=\fIsize_limit\fR (optional)"
Messages greater in size than this limit (in bytes) will
be returned to the sender as undeliverable.
Don't deliver messages that exceed this size limit (in
bytes); return them to the sender instead.
.IP "\fBuser\fR=\fIusername\fR (required)"
.IP "\fBuser\fR=\fIusername\fR:\fIgroupname\fR"
Execute the external command with the rights of the
@ -199,10 +221,22 @@ This is available in Postfix 2.2 and later.
This macro expands to the remote client hostname.
.sp
This is available in Postfix 2.2 and later.
.IP \fB${\fBclient_port\fR}\fR
This macro expands to the remote client TCP port number.
.sp
This is available in Postfix 2.5 and later.
.IP \fB${\fBclient_protocol\fR}\fR
This macro expands to the remote client protocol.
.sp
This is available in Postfix 2.2 and later.
.IP \fB${\fBdomain\fR}\fR
This macro expands to the domain portion of the recipient
address. For example, with an address \fIuser+foo@domain\fR
the domain is \fIdomain\fR.
.sp
This information is modified by the \fBh\fR flag for case folding.
.sp
This is available in Postfix 2.5 and later.
.IP \fB${\fBextension\fR}\fR
This macro expands to the extension part of a recipient address.
For example, with an address \fIuser+foo@domain\fR the extension is
@ -225,6 +259,18 @@ This information is modified by the \fBu\fR flag for case folding.
This macro expands to the next-hop hostname.
.sp
This information is modified by the \fBh\fR flag for case folding.
.IP \fB${\fBoriginal_recipient\fR}\fR
This macro expands to the complete recipient address before any
address rewriting or aliasing.
.sp
A command-line argument that contains
\fB${\fBoriginal_recipient\fR}\fR expands to as many
command-line arguments as there are recipients.
.sp
This information is modified by the \fBhqu\fR flags for quoting
and case folding.
.sp
This feature is available in Postfix 2.5 and later.
.IP \fB${\fBrecipient\fR}\fR
This macro expands to the complete recipient address.
.sp
@ -241,7 +287,7 @@ if the message has been received without SASL authentication.
This is available in Postfix 2.2 and later.
.IP \fB${\fBsasl_sender\fR}\fR
This macro expands to the SASL sender name (i.e. the original
submitter as per RFC 2554) used during the reception of the message.
submitter as per RFC 4954) used during the reception of the message.
.sp
This is available in Postfix 2.2 and later.
.IP \fB${\fBsasl_username\fR}\fR

75
gnu/dist/postfix/man/man8/proxymap.8 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: proxymap.8,v 1.1.1.7 2007/05/19 16:27:52 heas Exp $
.\" $NetBSD: proxymap.8,v 1.1.1.8 2008/06/22 14:01:15 christos Exp $
.\"
.TH PROXYMAP 8
.ad
@ -14,9 +14,10 @@ Postfix lookup table proxy server
.SH DESCRIPTION
.ad
.fi
The \fBproxymap\fR(8) server provides read-only table
lookup service to Postfix processes. The purpose
of the service is:
The \fBproxymap\fR(8) server provides read-only or read-write
table lookup service to Postfix processes. These services are
implemented with distinct service names: \fBproxymap\fR and
\fBproxywrite\fR, respectively. The purpose of these services is:
.IP \(bu
To overcome chroot restrictions. For example, a chrooted SMTP
server needs access to the system passwd file in order to
@ -41,6 +42,10 @@ virtual_alias_maps =
.sp
The total number of connections is limited by the number of
proxymap server processes.
.IP \(bu
To provide single-updater functionality for lookup tables
that do not reliably support multiple writers (i.e. all
file-based tables).
.PP
The \fBproxymap\fR(8) server implements the following requests:
.IP "\fBopen\fR \fImaptype:mapname flags\fR"
@ -50,11 +55,34 @@ dependent flags (to distinguish a fixed string table from a regular
expression table).
.IP "\fBlookup\fR \fImaptype:mapname flags key\fR"
Look up the data stored under the requested key.
The reply is the request completion status code (below) and
The reply is the request completion status code and
the lookup result value.
The \fImaptype:mapname\fR and \fIflags\fR are the same
as with the \fBopen\fR request.
.IP "\fBupdate\fR \fImaptype:mapname flags key value\fR"
Update the data stored under the requested key.
The reply is the request completion status code.
The \fImaptype:mapname\fR and \fIflags\fR are the same
as with the \fBopen\fR request.
.sp
To implement single-updater maps, specify a process limit
of 1 in the master.cf file entry for the \fBproxywrite\fR
service.
.sp
This request is supported in Postfix 2.5 and later.
.IP "\fBdelete\fR \fImaptype:mapname flags key\fR"
Delete the data stored under the requested key.
The reply is the request completion status code.
The \fImaptype:mapname\fR and \fIflags\fR are the same
as with the \fBopen\fR request.
.sp
This request is supported in Postfix 2.5 and later.
.PP
The request completion status is one of OK, RETRY, NOKEY
(lookup failed because the key was not found), BAD (malformed
request) or DENY (the table is not approved for proxy read
or update access).
There is no \fBclose\fR command, nor are tables implicitly closed
when a client disconnects. The purpose is to share tables among
multiple client processes.
@ -76,8 +104,9 @@ or after \fB$max_idle\fR seconds of idle time.
.nf
.ad
.fi
The \fBproxymap\fR(8) server opens only tables that are approved via the
\fBproxy_read_maps\fR configuration parameter, does not talk to
The \fBproxymap\fR(8) server opens only tables that are
approved via the \fBproxy_read_maps\fR or \fBproxy_write_maps\fR
configuration parameters, does not talk to
users, and can run at fixed low privilege, chrooted or not.
However, running the proxymap server chrooted severely limits
usability, because it can open only chrooted tables.
@ -90,6 +119,15 @@ In Postfix version 2.2 and later, the proxymap client recognizes
requests to access a table for security-sensitive purposes,
and opens the table directly. This allows the same main.cf
setting to be used by sensitive and non-sensitive processes.
Postfix-writable data files should be stored under a dedicated
directory that is writable only by the Postfix mail system,
such as the Postfix-owned \fBdata_directory\fR.
In particular, Postfix-writable files should never exist
in root-owned directories. That would open up a particular
type of security hole where ownership of a file or directory
does not match the provider of its content.
.SH DIAGNOSTICS
.ad
.fi
@ -100,6 +138,15 @@ Problems and transactions are logged to \fBsyslogd\fR(8).
The \fBproxymap\fR(8) server provides service to multiple clients,
and must therefore not be used for tables that have high-latency
lookups.
The \fBproxymap\fR(8) read-write service does not explicitly
close lookup tables (even if it did, this could not be relied on,
because the process may be terminated between table updates).
The read-write service should therefore not be used with tables that
leave persistent storage in an inconsistent state between
updates (for example, CDB). Tables that support "sync on
update" should be safe (for example, Berkeley DB) as should
tables that are implemented by a real DBMS.
.SH "CONFIGURATION PARAMETERS"
.na
.nf
@ -115,6 +162,9 @@ The text below provides only a parameter summary. See
.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
The default location of the Postfix main.cf and master.cf
configuration files.
.IP "\fBdata_directory (see 'postconf -d' output)\fR"
The directory with Postfix-writable data files (for example:
caches, pseudo-random numbers).
.IP "\fBdaemon_timeout (18000s)\fR"
How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
@ -132,7 +182,16 @@ The process ID of a Postfix command or daemon process.
.IP "\fBprocess_name (read-only)\fR"
The process name of a Postfix command or daemon process.
.IP "\fBproxy_read_maps (see 'postconf -d' output)\fR"
The lookup tables that the \fBproxymap\fR(8) server is allowed to access.
The lookup tables that the \fBproxymap\fR(8) server is allowed to
access for the read-only service.
.PP
Available in Postfix 2.5 and later:
.IP "\fBdata_directory (see 'postconf -d' output)\fR"
The directory with Postfix-writable data files (for example:
caches, pseudo-random numbers).
.IP "\fBproxy_write_maps (see 'postconf -d' output)\fR"
The lookup tables that the \fBproxymap\fR(8) server is allowed to
access for the read-write service.
.SH "SEE ALSO"
.na
.nf

52
gnu/dist/postfix/man/man8/qmgr.8 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: qmgr.8,v 1.1.1.9 2007/05/19 16:27:52 heas Exp $
.\" $NetBSD: qmgr.8,v 1.1.1.10 2008/06/22 14:01:15 christos Exp $
.\"
.TH QMGR 8
.ad
@ -185,8 +185,10 @@ In the text below, \fItransport\fR is the first field in a
.nf
.ad
.fi
Available before Postfix version 2.5:
.IP "\fBallow_min_user (no)\fR"
Allow a recipient address to have `-' as the first character.
Allow a sender or recipient address to have `-' as the first
character.
.SH "ACTIVE QUEUE CONTROLS"
.na
.nf
@ -237,6 +239,32 @@ The default maximal number of parallel deliveries to the same
destination.
.IP "\fItransport\fB_destination_concurrency_limit ($default_destination_concurrency_limit)\fR"
Idem, for delivery via the named message \fItransport\fR.
.PP
Available in Postfix version 2.5 and later:
.IP "\fItransport\fB_initial_destination_concurrency ($initial_destination_concurrency)\fR"
Initial concurrency for delivery via the named message
\fItransport\fR.
.IP "\fBdefault_destination_concurrency_failed_cohort_limit (1)\fR"
How many pseudo-cohorts must suffer connection or handshake
failure before a specific destination is considered unavailable
(and further delivery is suspended).
.IP "\fItransport\fB_destination_concurrency_failed_cohort_limit ($default_destination_concurrency_failed_cohort_limit)\fR"
Idem, for delivery via the named message \fItransport\fR.
.IP "\fBdefault_destination_concurrency_negative_feedback (1)\fR"
The per-destination amount of delivery concurrency negative
feedback, after a delivery completes with a connection or handshake
failure.
.IP "\fItransport\fB_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback)\fR"
Idem, for delivery via the named message \fItransport\fR.
.IP "\fBdefault_destination_concurrency_positive_feedback (1)\fR"
The per-destination amount of delivery concurrency positive
feedback, after a delivery completes without connection or handshake
failure.
.IP "\fItransport\fB_destination_concurrency_positive_feedback ($default_destination_concurrency_positive_feedback)\fR"
Idem, for delivery via the named message \fItransport\fR.
.IP "\fBdestination_concurrency_feedback_debug (no)\fR"
Make the queue manager's feedback algorithm verbose for performance
analysis purposes.
.SH "RECIPIENT SCHEDULING CONTROLS"
.na
.nf
@ -276,15 +304,17 @@ Idem, for delivery via the named message \fItransport\fR.
.nf
.ad
.fi
.IP "\fBminimal_backoff_time (version dependent)\fR"
The minimal time between attempts to deliver a deferred message.
.IP "\fBminimal_backoff_time (300s)\fR"
The minimal time between attempts to deliver a deferred message;
prior to Postfix 2.4 the default value was 1000s.
.IP "\fBmaximal_backoff_time (4000s)\fR"
The maximal time between attempts to deliver a deferred message.
.IP "\fBmaximal_queue_lifetime (5d)\fR"
The maximal time a message is queued before it is sent back as
undeliverable.
.IP "\fBqueue_run_delay (version dependent)\fR"
The time between deferred queue scans by the queue manager.
.IP "\fBqueue_run_delay (300s)\fR"
The time between deferred queue scans by the queue manager;
prior to Postfix 2.4 the default value was 1000s.
.IP "\fBtransport_retry_time (60s)\fR"
The time between attempts by the Postfix queue manager to contact
a malfunctioning message delivery transport.
@ -293,6 +323,14 @@ Available in Postfix version 2.1 and later:
.IP "\fBbounce_queue_lifetime (5d)\fR"
The maximal time a bounce message is queued before it is considered
undeliverable.
.PP
Available in Postfix version 2.5 and later:
.IP "\fBdefault_destination_rate_delay (0s)\fR"
The default amount of delay that is inserted between individual
deliveries to the same destination; with per-destination recipient
limit > 1, a destination is a domain, otherwise it is a recipient.
.IP "\fItransport\fB_destination_rate_delay $default_destination_rate_delay
Idem, for delivery via the named message \fItransport\fR.
.SH "MISCELLANEOUS CONTROLS"
.na
.nf
@ -370,7 +408,7 @@ IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
Scheduler enhancements:
Preemptive scheduler enhancements:
Patrik Rak
Modra 6
155 00, Prague, Czech Republic

5
gnu/dist/postfix/man/man8/qmqpd.8 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: qmqpd.8,v 1.1.1.6 2007/05/19 16:27:52 heas Exp $
.\" $NetBSD: qmqpd.8,v 1.1.1.7 2008/06/22 14:01:15 christos Exp $
.\"
.TH QMQPD 8
.ad
@ -132,6 +132,9 @@ The process ID of a Postfix command or daemon process.
The process name of a Postfix command or daemon process.
.IP "\fBqmqpd_authorized_clients (empty)\fR"
What clients are allowed to connect to the QMQP server port.
.IP "\fBqmqpd_client_port_logging (no)\fR"
Enable logging of the remote QMQP client port in addition to
the hostname and IP address.
.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
The location of the Postfix top-level queue directory.
.IP "\fBsyslog_facility (mail)\fR"

60
gnu/dist/postfix/man/man8/smtp.8 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: smtp.8,v 1.1.1.15 2007/08/02 08:04:51 heas Exp $
.\" $NetBSD: smtp.8,v 1.1.1.16 2008/06/22 14:01:16 christos Exp $
.\"
.TH SMTP 8
.ad
@ -110,6 +110,7 @@ RFC 2920 (SMTP Pipelining)
RFC 3207 (STARTTLS command)
RFC 3461 (SMTP DSN Extension)
RFC 3463 (Enhanced Status Codes)
RFC 4954 (AUTH command)
.SH DIAGNOSTICS
.ad
.fi
@ -234,6 +235,18 @@ Available in Postfix version 2.4.4 and later:
When authenticating to a remote SMTP or LMTP server with the
default setting "no", send no SASL authoriZation ID (authzid); send
only the SASL authentiCation ID (authcid) plus the authcid's password.
.PP
Available in Postfix version 2.5 and later:
.IP "\fBsmtp_header_checks (empty)\fR"
Restricted \fBheader_checks\fR(5) tables for the Postfix SMTP client.
.IP "\fBsmtp_mime_header_checks (empty)\fR"
Restricted \fBmime_header_checks\fR(5) tables for the Postfix SMTP
client.
.IP "\fBsmtp_nested_header_checks (empty)\fR"
Restricted \fBnested_header_checks\fR(5) tables for the Postfix SMTP
client.
.IP "\fBsmtp_body_checks (empty)\fR"
Restricted \fBbody_checks\fR(5) tables for the Postfix SMTP client.
.SH "MIME PROCESSING CONTROLS"
.na
.nf
@ -267,7 +280,8 @@ Optional SMTP client lookup tables with one username:password entry
per remote hostname or domain, or sender address when sender-dependent
authentication is enabled.
.IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
SASL security options; as of Postfix 2.3 the list of available
Postfix SMTP client SASL security options; as of Postfix 2.3
the list of available
features depends on the SASL client implementation that is selected
with \fBsmtp_sasl_type\fR.
.PP
@ -283,12 +297,26 @@ available only with SASL authentication, and disables SMTP connection
caching to ensure that mail from different senders will use the
appropriate credentials.
.IP "\fBsmtp_sasl_path (empty)\fR"
Implementation-specific information that is passed through to
Implementation-specific information that the Postfix SMTP client
passes through to
the SASL plug-in implementation that is selected with
\fBsmtp_sasl_type\fR.
.IP "\fBsmtp_sasl_type (cyrus)\fR"
The SASL plug-in type that the Postfix SMTP client should use
for authentication.
.PP
Available in Postfix version 2.5 and later:
.IP "\fBsmtp_sasl_auth_cache_name (empty)\fR"
An optional table to prevent repeated SASL authentication
failures with the same remote SMTP server hostname, username and
password.
.IP "\fBsmtp_sasl_auth_cache_time (90d)\fR"
The maximal age of an smtp_sasl_auth_cache_name entry before it
is removed.
.IP "\fBsmtp_sasl_auth_soft_bounce (yes)\fR"
When a remote SMTP server rejects a SASL authentication request
with a 535 reply code, defer mail delivery instead of returning
mail as undeliverable.
.SH "STARTTLS SUPPORT CONTROLS"
.na
.nf
@ -342,9 +370,9 @@ Optional lookup tables with the Postfix SMTP client TLS security
policy by next-hop destination; when a non-empty value is specified,
this overrides the obsolete smtp_tls_per_site parameter.
.IP "\fBsmtp_tls_mandatory_protocols (SSLv3, TLSv1)\fR"
List of TLS protocols that the Postfix SMTP client will use
with mandatory TLS encryption.
.IP "\fBsmtp_tls_scert_verifydepth (5)\fR"
List of SSL/TLS protocols that the Postfix SMTP client will use with
mandatory TLS encryption.
.IP "\fBsmtp_tls_scert_verifydepth (9)\fR"
The verification depth for remote SMTP server certificates.
.IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR"
The server certificate peername verification method for the
@ -379,6 +407,15 @@ Available in Postfix version 2.4 and later:
The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions with a verified server
certificate.
.PP
Available in Postfix version 2.5 and later:
.IP "\fBsmtp_tls_fingerprint_cert_match (empty)\fR"
List of acceptable remote SMTP server certificate fingerprints
for the "fingerprint" TLS security level (\fBsmtp_tls_security_level\fR =
fingerprint).
.IP "\fBsmtp_tls_fingerprint_digest (md5)\fR"
The message digest algorithm used to construct remote SMTP server
certificate fingerprints.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf
@ -577,6 +614,9 @@ found or that are unreachable.
.SH "SEE ALSO"
.na
.nf
generic(5), output address rewriting
header_checks(5), message header content inspection
body_checks(5), body parts content inspection
qmgr(8), queue manager
bounce(8), delivery status reports
scache(8), connection cache server
@ -623,13 +663,13 @@ Till Franke
SuSE Rhein/Main AG
65760 Eschborn, Germany
Connection caching in cooperation with:
Victor Duchovni
Morgan Stanley
TLS support originally by:
Lutz Jaenicke
BTU Cottbus
Allgemeine Elektrotechnik
Universitaetsplatz 3-4
D-03044 Cottbus, Germany
Revised TLS and SMTP connection cache support by:
Victor Duchovni
Morgan Stanley

68
gnu/dist/postfix/man/man8/smtpd.8 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: smtpd.8,v 1.1.1.15 2007/05/19 16:27:53 heas Exp $
.\" $NetBSD: smtpd.8,v 1.1.1.16 2008/06/22 14:01:16 christos Exp $
.\"
.TH SMTPD 8
.ad
@ -11,6 +11,8 @@ Postfix SMTP server
.na
.nf
\fBsmtpd\fR [generic Postfix daemon options]
\fBsendmail -bs\fR
.SH DESCRIPTION
.ad
.fi
@ -59,6 +61,8 @@ RFC 2920 (SMTP Pipelining)
RFC 3207 (STARTTLS command)
RFC 3461 (SMTP DSN Extension)
RFC 3463 (Enhanced Status Codes)
RFC 3848 (ESMTP Transmission Types)
RFC 4954 (AUTH command)
.SH DIAGNOSTICS
.ad
.fi
@ -90,7 +94,7 @@ undesirable use.
.fi
.IP "\fBbroken_sasl_auth_clients (no)\fR"
Enable inter-operability with SMTP clients that implement an obsolete
version of the AUTH command (RFC 2554).
version of the AUTH command (RFC 4954).
.IP "\fBdisable_vrfy_command (no)\fR"
Disable the SMTP VRFY command.
.IP "\fBsmtpd_noop_commands (empty)\fR"
@ -111,7 +115,8 @@ Request that the Postfix SMTP server rejects mail from unknown
sender addresses, even when no explicit reject_unlisted_sender
access restriction is specified.
.IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
What SMTP clients Postfix will not offer AUTH support to.
What remote SMTP clients the Postfix SMTP server will not offer
AUTH support to.
.PP
Available in Postfix version 2.2 and later:
.IP "\fBsmtpd_discard_ehlo_keyword_address_maps (empty)\fR"
@ -230,6 +235,9 @@ filter) applications after the SMTP DATA command.
.IP "\fBmilter_unknown_command_macros (see postconf -n output)\fR"
The macros that are sent to version 3 or higher Milter (mail
filter) applications after an unknown SMTP command.
.IP "\fBmilter_end_of_header_macros (see postconf -n output)\fR"
The macros that are sent to Milter (mail filter) applications
after the end of the message header.
.IP "\fBmilter_end_of_data_macros (see postconf -n output)\fR"
The macros that are sent to Milter (mail filter) applications
after the message end-of-data.
@ -261,19 +269,21 @@ What SMTP clients are allowed to use the XFORWARD feature.
.nf
.ad
.fi
Postfix SASL support (RFC 2554) can be used to authenticate remote
Postfix SASL support (RFC 4954) can be used to authenticate remote
SMTP clients to the Postfix SMTP server, and to authenticate the
Postfix SMTP client to a remote SMTP server.
See the SASL_README document for details.
.IP "\fBbroken_sasl_auth_clients (no)\fR"
Enable inter-operability with SMTP clients that implement an obsolete
version of the AUTH command (RFC 2554).
version of the AUTH command (RFC 4954).
.IP "\fBsmtpd_sasl_auth_enable (no)\fR"
Enable SASL authentication in the Postfix SMTP server.
.IP "\fBsmtpd_sasl_local_domain (empty)\fR"
The name of the local SASL authentication realm.
The name of the Postfix SMTP server's local SASL authentication
realm.
.IP "\fBsmtpd_sasl_security_options (noanonymous)\fR"
SASL security options; as of Postfix 2.3 the list of available
Postfix SMTP server SASL security options; as of Postfix 2.3
the list of available
features depends on the SASL server implementation that is selected
with \fBsmtpd_sasl_type\fR.
.IP "\fBsmtpd_sender_login_maps (empty)\fR"
@ -282,19 +292,31 @@ Optional lookup table with the SASL login names that own sender
.PP
Available in Postfix version 2.1 and later:
.IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
What SMTP clients Postfix will not offer AUTH support to.
What remote SMTP clients the Postfix SMTP server will not offer
AUTH support to.
.PP
Available in Postfix version 2.1 and 2.2:
.IP "\fBsmtpd_sasl_application_name (smtpd)\fR"
The application name that the Postfix SMTP server uses for SASL
server initialization.
.PP
Available in Postfix version 2.3 and later:
.IP "\fBsmtpd_sasl_authenticated_header (no)\fR"
Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received
message header.
.IP "\fBsmtpd_sasl_path (smtpd)\fR"
Implementation-specific information that is passed through to
Implementation-specific information that the Postfix SMTP server
passes through to
the SASL plug-in implementation that is selected with
\fBsmtpd_sasl_type\fR.
.IP "\fBsmtpd_sasl_type (cyrus)\fR"
The SASL plug-in type that the Postfix SMTP server should use
for authentication.
.PP
Available in Postfix version 2.5 and later:
.IP "\fBcyrus_sasl_config_path (empty)\fR"
Search path for Cyrus SASL application configuration files,
currently used only to locate the $smtpd_sasl_path.conf file.
.SH "STARTTLS SUPPORT CONTROLS"
.na
.nf
@ -328,7 +350,7 @@ Ask a remote SMTP client for a client certificate.
When TLS encryption is optional in the Postfix SMTP server, do
not announce or accept SASL authentication over unencrypted
connections.
.IP "\fBsmtpd_tls_ccert_verifydepth (5)\fR"
.IP "\fBsmtpd_tls_ccert_verifydepth (9)\fR"
The verification depth for remote SMTP client certificates.
.IP "\fBsmtpd_tls_cert_file (empty)\fR"
File with the Postfix SMTP server RSA certificate in PEM format.
@ -357,7 +379,7 @@ TLS encryption.
Additional list of ciphers or cipher types to exclude from the
SMTP server cipher list at mandatory TLS security levels.
.IP "\fBsmtpd_tls_mandatory_protocols (SSLv3, TLSv1)\fR"
The TLS protocols accepted by the Postfix SMTP server with
The SSL/TLS protocols accepted by the Postfix SMTP server with
mandatory TLS encryption.
.IP "\fBsmtpd_tls_received_header (no)\fR"
Request that the Postfix SMTP server produces Received: message
@ -365,7 +387,7 @@ headers that include information about the protocol and cipher used,
as well as the client CommonName and client certificate issuer
CommonName.
.IP "\fBsmtpd_tls_req_ccert (no)\fR"
With mandatory TLS encryption, require a remote SMTP client
With mandatory TLS encryption, require a trusted remote SMTP client
certificate in order to allow TLS connections to proceed.
.IP "\fBsmtpd_tls_session_cache_database (empty)\fR"
Name of the file containing the optional Postfix SMTP server
@ -391,6 +413,12 @@ The OpenSSL cipherlist for "EXPORT" or higher grade ciphers.
.IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR"
The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption.
.PP
Available in Postfix version 2.5 and later:
.IP "\fBsmtpd_tls_fingerprint_digest (md5)\fR"
The message digest algorithm used to construct client-certificate
fingerprints for \fBcheck_ccert_access\fR and
\fBpermit_tls_clientcerts\fR.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf
@ -739,10 +767,11 @@ of an address verification request in progress.
.IP "\fBaddress_verify_poll_delay (3s)\fR"
The delay between queries for the completion of an address
verification request in progress.
.IP "\fBaddress_verify_sender (postmaster)\fR"
The sender address to use in address verification probes.
.IP "\fBaddress_verify_sender ($double_bounce_sender)\fR"
The sender address to use in address verification probes; prior
to Postfix 2.5 the default was "postmaster".
.IP "\fBunverified_sender_reject_code (450)\fR"
The numerical Postfix SMTP server response code when a recipient
The numerical Postfix SMTP server response code when a sender
address is rejected by the reject_unverified_sender restriction.
.IP "\fBunverified_recipient_reject_code (450)\fR"
The numerical Postfix SMTP server response when a recipient address
@ -865,6 +894,11 @@ Available in Postfix version 2.2 and later:
.IP "\fBsmtpd_forbidden_commands (CONNECT, GET, POST)\fR"
List of commands that causes the Postfix SMTP server to immediately
terminate the session with a 221 code.
.PP
Available in Postfix version 2.5 and later:
.IP "\fBsmtpd_client_port_logging (no)\fR"
Enable logging of the remote SMTP client port in addition to
the hostname and IP address.
.SH "SEE ALSO"
.na
.nf
@ -924,3 +958,7 @@ BTU Cottbus
Allgemeine Elektrotechnik
Universitaetsplatz 3-4
D-03044 Cottbus, Germany
Revised TLS support by:
Victor Duchovni
Morgan Stanley

15
gnu/dist/postfix/man/man8/tlsmgr.8 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: tlsmgr.8,v 1.1.1.2 2006/07/19 01:16:50 rpaulo Exp $
.\" $NetBSD: tlsmgr.8,v 1.1.1.3 2008/06/22 14:01:16 christos Exp $
.\"
.TH TLSMGR 8
.ad
@ -50,6 +50,14 @@ The \fBtlsmgr\fR(8) can be run chrooted and with reduced privileges.
At process startup it connects to the entropy source and
exchange file, and creates or truncates the optional TLS
session cache files.
With Postfix version 2.5 and later, the \fBtlsmgr\fR(8) no
longer uses root privileges when opening cache files. These
files should now be stored under the Postfix-owned
\fBdata_directory\fR. As a migration aid, an attempt to
open a cache file under a non-Postfix directory is redirected
to the Postfix-owned \fBdata_directory\fR, and a warning
is logged.
.SH DIAGNOSTICS
.ad
.fi
@ -112,7 +120,7 @@ random number generator (PRNG) pool.
The number of bytes that \fBtlsmgr\fR(8) reads from $tls_random_source
when (re)seeding the in-memory pseudo random number generator (PRNG)
pool.
.IP "\fBtls_random_exchange_name (${config_directory}/prng_exch)\fR"
.IP "\fBtls_random_exchange_name (see 'postconf -d' output)\fR"
Name of the pseudo random number generator (PRNG) state file
that is maintained by \fBtlsmgr\fR(8).
.IP "\fBtls_random_prng_update_period (3600s)\fR"
@ -131,6 +139,9 @@ sources.
.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
The default location of the Postfix main.cf and master.cf
configuration files.
.IP "\fBdata_directory (see 'postconf -d' output)\fR"
The directory with Postfix-writable data files (for example:
caches, pseudo-random numbers).
.IP "\fBdaemon_timeout (18000s)\fR"
How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.

14
gnu/dist/postfix/man/man8/trivial-rewrite.8 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: trivial-rewrite.8,v 1.1.1.12 2007/05/19 16:27:51 heas Exp $
.\" $NetBSD: trivial-rewrite.8,v 1.1.1.13 2008/06/22 14:01:11 christos Exp $
.\"
.TH TRIVIAL-REWRITE 8
.ad
@ -110,6 +110,11 @@ invalid.
.IP "\fBresolve_numeric_domain (no)\fR"
Resolve "user@ipaddress" as "user@[ipaddress]", instead of
rejecting the address as invalid.
.PP
Available with Postfix version 2.5 and later:
.IP "\fBallow_min_user (no)\fR"
Allow a sender or recipient address to have `-' as the first
character.
.SH "ADDRESS REWRITING CONTROLS"
.na
.nf
@ -174,6 +179,11 @@ Available in Postfix version 2.3 and later:
.IP "\fBsender_dependent_relayhost_maps (empty)\fR"
A sender-dependent override for the global relayhost parameter
setting.
.PP
Available in Postfix version 2.5 and later:
.IP "\fBempty_address_relayhost_maps_lookup_key (<>)\fR"
The sender_dependent_relayhost_maps search string that will be
used instead of the null sender address.
.SH "ADDRESS VERIFICATION CONTROLS"
.na
.nf
@ -206,7 +216,7 @@ Overrides the transport_maps parameter setting for address verification
probes.
.PP
Available in Postfix version 2.3 and later:
.IP "\fBaddress_verify_sender_dependent_relayhost_maps (empty)\fR"
.IP "\fBaddress_verify_sender_dependent_relayhost_maps ($sender_dependent_relayhost_maps)\fR"
Overrides the sender_dependent_relayhost_maps parameter setting for address
verification probes.
.SH "MISCELLANEOUS CONTROLS"

15
gnu/dist/postfix/man/man8/verify.8 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: verify.8,v 1.1.1.3 2005/08/18 21:04:26 rpaulo Exp $
.\" $NetBSD: verify.8,v 1.1.1.4 2008/06/22 14:01:16 christos Exp $
.\"
.TH VERIFY 8
.ad
@ -54,6 +54,14 @@ The address verification server can be coerced to store
unlimited amounts of garbage. Limiting the cache size
trades one problem (disk space exhaustion) for another
one (poor response time to client requests).
With Postfix version 2.5 and later, the \fBverify\fR(8)
server no longer uses root privileges when opening the
\fBaddress_verify_map\fR cache file. The file should now
be stored under the Postfix-owned \fBdata_directory\fR. As
a migration aid, an attempt to open a cache file under a
non-Postfix directory is redirected to the Postfix-owned
\fBdata_directory\fR, and a warning is logged.
.SH DIAGNOSTICS
.ad
.fi
@ -90,8 +98,9 @@ The text below provides only a parameter summary. See
.IP "\fBaddress_verify_map (empty)\fR"
Optional lookup table for persistent address verification status
storage.
.IP "\fBaddress_verify_sender (postmaster)\fR"
The sender address to use in address verification probes.
.IP "\fBaddress_verify_sender ($double_bounce_sender)\fR"
The sender address to use in address verification probes; prior
to Postfix 2.5 the default was "postmaster".
.IP "\fBaddress_verify_positive_expire_time (31d)\fR"
The time after which a successful probe expires from the address
verification cache.

84
gnu/dist/postfix/mantools/make_soho_readme vendored Executable file
View File

@ -0,0 +1,84 @@
#!/bin/sh
cat <<'EOF'
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Postfix Small/Home Office Hints and Tips</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Small/Home Office Hints and Tips</h1>
<hr>
<h2>Overview</h2>
<p> This document combines hints and tips for "small office/home
office" applications into one document so that they are easier to
find. The text describes the mail sending side only. If your machine
does not receive mail directly (i.e. it does not have its own
Internet domain name and its own fixed IP address), then you will
need a solution such as "fetchmail", which is outside the scope of
the Postfix documentation. </p>
<ul>
<li> <p> Selected topics from the STANDARD_CONFIGURATION_README document: </p>
<ul>
<li><a href="#stand_alone">Postfix on a stand-alone Internet host</a>
<li><a href="#fantasy">Postfix on hosts without a real
Internet hostname</a>
</ul>
<p> Selected topics from the SASL_README document: </p>
<ul>
<li><a href="#client_sasl">Enabling SASL authentication in the
Postfix SMTP client</a></li>
<li><a href="#client_sasl_sender">Supporting multiple ISP accounts
in the Postfix SMTP client</a></li>
</ul>
</ul>
<p> See the SASL_README and STANDARD_CONFIGURATION_README documents for
further information on these topics. </p>
EOF
sed -n '/^<h2><a name="stand_alone">/,${
/^<h2><a name="null_client">/q
p
}' STANDARD_CONFIGURATION_README.html
sed -n '/^<h2><a name="fantasy">/,${
/^<\/body>/q
p
}' STANDARD_CONFIGURATION_README.html
sed -n '/^<h2><a name="client_sasl">/,${
/^<h2><a name="credits/q
p
}' SASL_README.html
cat <<'EOF'
</body>
</html>
EOF

15
gnu/dist/postfix/mantools/postconf2html vendored
View File

@ -7,6 +7,8 @@
# - Process input as text blocks separated by one or more empty
# (or all whitespace) lines.
#
# - Skip text between <!-- and -->; each must be on a different line.
#
# - Don't touch blocks that start with `<' in column zero.
#
# The only changes made are:
@ -36,10 +38,21 @@ while(<>) {
# Gobble up the next text block.
$block = "";
$comment = 0;
do {
$_ =~ s/\s+\n$/\n/;
$block .= $_;
} while(($_ = <>) && /\S/);
if ($_ =~ /<!--/)
{ $comment = 1; }
if ($comment && $_ =~ /-->/)
{ $comment = 0; $block =~ s/<!--.*-->//sg; }
} while((($_ = <>) && /\S/) || $comment);
# Skip blanks after comment elimination.
if ($block =~ /^\s/) {
$block =~ s/^\s+//s;
next if ($block eq "");
}
# Don't touch a text block starting with < in column zero.
if ($block =~ /^</) {

11
gnu/dist/postfix/mantools/postconf2man vendored
View File

@ -31,7 +31,10 @@ while(<>) {
$block .= $_;
} while(($_ = <>) && /\S/);
$block =~ s/\n\./\n\\\&./g;
# How the %!#$^@ do I get a backslash substituted into a string?
# Even \134 comes out as \e. What brain damage is this?
#$block =~ s/\n\./\n\\\&./g;
$block =~ s/\n\./\n\134\&./g;
if ($block =~ /<H2>/) {
$block =~ s/<H2><a[^>]+>([^<]+)<\/a><\/H2>/\n.SH \1\n/g;
$block =~ tr/a-z/A-Z/;
@ -66,11 +69,13 @@ while(<>) {
$block =~ s/\s*<\/dt>/"/g;
$block =~ s/<tt>\s*//g;
$block =~ s/\s*<\/tt>//g;
$block =~ s/<blockquote>/\n.na\n.nf\n.in +4\n/g;
$block =~ s/<\/blockquote>/\n.in -4\n.fi\n.ad\n/g;
$block =~ s/<blockquote>/\n.sp\n.in +4\n/g;
$block =~ s/<\/blockquote>/\n.in -4\n/g;
$block =~ s/\n<br>/\n.br\n/g;
$block =~ s/<br>\s*/\n.br\n/g;
$block =~ s/&le;/<=/g;
$block =~ s/&lt;/</g;
$block =~ s/&ge;/>=/g;
$block =~ s/&gt;/>/g;
$block =~ s/&amp;/\&/g;
$block =~ s/\s+\n/\n/g;

63
gnu/dist/postfix/mantools/postlink vendored
View File

@ -123,6 +123,7 @@ while (<>) {
s;\bcommand_time_limit\b;<a href="postconf.5.html#command_time_limit">$&</a>;g;
s;\bconfig_direc[-</bB>]*\n*[ <bB>]*tory\b;<a href="postconf.5.html#config_directory">$&</a>;g;
s;\bcon[-</bB>]*\n*[ <bB>]*tent_filter\b;<a href="postconf.5.html#content_filter">$&</a>;g;
s;\bdata_directory\b;<a href="postconf.5.html#data_directory">$&</a>;g;
s;\bdae[-</bB>]*\n*[ <bB>]*mon_directory\b;<a href="postconf.5.html#daemon_directory">$&</a>;g;
s;\bdaemon_timeout\b;<a href="postconf.5.html#daemon_timeout">$&</a>;g;
s;\bdebug_peer_level\b;<a href="postconf.5.html#debug_peer_level">$&</a>;g;
@ -131,15 +132,15 @@ while (<>) {
s;\bdefault_deliv[-</Bb>]*\n* *[<Bb>]*ery_slot_cost\b;<a href="postconf.5.html#default_delivery_slot_cost">$&</a>;g;
s;\bdefault_deliv[-</Bb>]*\n* *[<Bb>]*ery_slot_discount\b;<a href="postconf.5.html#default_delivery_slot_discount">$&</a>;g;
s;\bdefault_deliv[-</Bb>]*\n* *[<Bb>]*ery_slot_loan\b;<a href="postconf.5.html#default_delivery_slot_loan">$&</a>;g;
s;\bdefault_destina[-</Bb>]*\n* *[<Bb>]*tion_concurrency_limit\b;<a href="postconf.5.html#default_destination_concurrency_limit">$&</a>;g;
s;\bdefault_destina[-</Bb>]*\n* *[<Bb>]*tion_concur[-</Bb>]*\n* *[<Bb>]*rency_limit\b;<a href="postconf.5.html#default_destination_concurrency_limit">$&</a>;g;
s;\bdefault_destina[-</Bb>]*\n* *[<Bb>]*tion_recip[-</bB>]*\n* *[<bB>]*ient_limit\b;<a href="postconf.5.html#default_destination_recipient_limit">$&</a>;g;
s;\bdefault_extra_recip[-</bB>]*\n* *[<bB>]*ient_limit\b;<a href="postconf.5.html#default_extra_recipient_limit">$&</a>;g;
s;\bdefault_extra_recipi[-</bB>]*\n* *[<bB>]*ent_limit\b;<a href="postconf.5.html#default_extra_recipient_limit">$&</a>;g;
s;\bdefault_minimum_deliv[-</Bb>]*\n* *[<Bb>]*ery_slots\b;<a href="postconf.5.html#default_minimum_delivery_slots">$&</a>;g;
s;\bdefault_privs\b;<a href="postconf.5.html#default_privs">$&</a>;g;
s;\bdefault_process_limit\b;<a href="postconf.5.html#default_process_limit">$&</a>;g;
s;\bdefault_rbl_reply\b;<a href="postconf.5.html#default_rbl_reply">$&</a>;g;
s;\bdefault_recipient_refill_limit\b;<a href="postconf.5.html#default_recipient_refill_limit">$&</a>;g;
s;\bdefault_recipient_refill_delay\b;<a href="postconf.5.html#default_recipient_refill_delay">$&</a>;g;
s;\bdefault_recipi[-</bB>]*\n* *[<bB>]*ent_refill_limit\b;<a href="postconf.5.html#default_recipient_refill_limit">$&</a>;g;
s;\bdefault_recipi[-</bB>]*\n* *[<bB>]*ent_refill_delay\b;<a href="postconf.5.html#default_recipient_refill_delay">$&</a>;g;
s;\bdefault_recip[-</bB>]*\n* *[<bB>]*ient_limit\b;<a href="postconf.5.html#default_recipient_limit">$&</a>;g;
s;\bdefault_transport\b;<a href="postconf.5.html#default_transport">$&</a>;g;
s;\bdefault_verp_delimiters\b;<a href="postconf.5.html#default_verp_delimiters">$&</a>;g;
@ -151,6 +152,7 @@ while (<>) {
s;\bdelay_warn[-</bB>]*\n*[ <bB>]*ing_time\b;<a href="postconf.5.html#delay_warning_time">$&</a>;g;
s;\bdeliver_lock_attempts\b;<a href="postconf.5.html#deliver_lock_attempts">$&</a>;g;
s;\bdeliver_lock_delay\b;<a href="postconf.5.html#deliver_lock_delay">$&</a>;g;
s;\bdetect_8bit_encoding_header\b;<a href="postconf.5.html#detect_8bit_encoding_header">$&</a>;g;
s;\bdisable_dns_lookups\b;<a href="postconf.5.html#disable_dns_lookups">$&</a>;g;
s;\bdisable_mime_input_processing\b;<a href="postconf.5.html#disable_mime_input_processing">$&</a>;g;
s;\bdisable_mime_output_conversion\b;<a href="postconf.5.html#disable_mime_output_conversion">$&</a>;g;
@ -193,7 +195,7 @@ while (<>) {
s;\bin_flow_delay\b;<a href="postconf.5.html#in_flow_delay">$&</a>;g;
s;\binet_inter[-</bB>]*\n*[ <bB>]*faces\b;<a href="postconf.5.html#inet_interfaces">$&</a>;g;
s;\binet_protocols\b;<a href="postconf.5.html#inet_protocols">$&</a>;g;
s;\binitial_destination_concurrency\b;<a href="postconf.5.html#initial_destination_concurrency">$&</a>;g;
s;\binitial_desti[-</bB>]*\n*[ <bB>]*nation_concurrency\b;<a href="postconf.5.html#initial_destination_concurrency">$&</a>;g;
s;\binvalid_hostname_reject_code\b;<a href="postconf.5.html#invalid_hostname_reject_code">$&</a>;g;
s;\bipc_idle\b;<a href="postconf.5.html#ipc_idle">$&</a>;g;
s;\bipc_timeout\b;<a href="postconf.5.html#ipc_timeout">$&</a>;g;
@ -214,6 +216,7 @@ while (<>) {
s;\blmtp_tls_policy_maps\b;<a href="postconf.5.html#lmtp_tls_policy_maps">$&</a>;g;
s;\blmtp_tls_secure_cert_match\b;<a href="postconf.5.html#lmtp_tls_secure_cert_match">$&</a>;g;
s;\blmtp_tls_security_level\b;<a href="postconf.5.html#lmtp_tls_security_level">$&</a>;g;
s;\blmtp_tls_fingerprint_cert_match\b;<a href="postconf.5.html#lmtp_tls_fingerprint_cert_match">$&</a>;g;
s;\blmtp_tls_verify_cert_match\b;<a href="postconf.5.html#lmtp_tls_verify_cert_match">$&</a>;g;
s;\blmtp_tls_per_site\b;<a href="postconf.5.html#lmtp_tls_per_site">$&</a>;g;
s;\blmtp_tls_cert_file\b;<a href="postconf.5.html#lmtp_tls_cert_file">$&</a>;g;
@ -222,6 +225,7 @@ while (<>) {
s;\blmtp_tls_dkey_file\b;<a href="postconf.5.html#lmtp_tls_dkey_file">$&</a>;g;
s;\blmtp_tls_CAfile\b;<a href="postconf.5.html#lmtp_tls_CAfile">$&</a>;g;
s;\blmtp_tls_CApath\b;<a href="postconf.5.html#lmtp_tls_CApath">$&</a>;g;
s;\blmtp_tls_fingerprint_digest\b;<a href="postconf.5.html#lmtp_tls_fingerprint_digest">$&</a>;g;
s;\blmtp_tls_mandatory_ciphers\b;<a href="postconf.5.html#lmtp_tls_mandatory_ciphers">$&</a>;g;
s;\blmtp_tls_exclude_ciphers\b;<a href="postconf.5.html#lmtp_tls_exclude_ciphers">$&</a>;g;
s;\blmtp_tls_mandatory_exclude_ciphers\b;<a href="postconf.5.html#lmtp_tls_mandatory_exclude_ciphers">$&</a>;g;
@ -260,7 +264,10 @@ while (<>) {
s;\blmtp_quit_timeout\b;<a href="postconf.5.html#lmtp_quit_timeout">$&</a>;g;
s;\blmtp_rcpt_timeout\b;<a href="postconf.5.html#lmtp_rcpt_timeout">$&</a>;g;
s;\blmtp_rset_timeout\b;<a href="postconf.5.html#lmtp_rset_timeout">$&</a>;g;
s;\blmtp_sasl_auth_cache_name\b;<a href="postconf.5.html#lmtp_sasl_auth_cache_name">$&</a>;g;
s;\blmtp_sasl_auth_cache_time\b;<a href="postconf.5.html#lmtp_sasl_auth_cache_time">$&</a>;g;
s;\blmtp_sasl_auth_enable\b;<a href="postconf.5.html#lmtp_sasl_auth_enable">$&</a>;g;
s;\blmtp_sasl_auth_soft_bounce\b;<a href="postconf.5.html#lmtp_sasl_auth_soft_bounce">$&</a>;g;
s;\blmtp_sasl_password_maps\b;<a href="postconf.5.html#lmtp_sasl_password_maps">$&</a>;g;
s;\blmtp_sasl_security_options\b;<a href="postconf.5.html#lmtp_sasl_security_options">$&</a>;g;
s;\blmtp_sasl_type\b;<a href="postconf.5.html#lmtp_sasl_type">$&</a>;g;
@ -327,12 +334,20 @@ while (<>) {
s;\bpropagate_unmatched_extensions\b;<a href="postconf.5.html#propagate_unmatched_extensions">$&</a>;g;
s;\bproxy_inter[-</bB>]*\n* *[<bB>]*faces\b;<a href="postconf.5.html#proxy_interfaces">$&</a>;g;
s;\bproxy_read_maps\b;<a href="postconf.5.html#proxy_read_maps">$&</a>;g;
s;\bproxy_write_maps\b;<a href="postconf.5.html#proxy_write_maps">$&</a>;g;
s;\bqmgr_clog_warn_time\b;<a href="postconf.5.html#qmgr_clog_warn_time">$&</a>;g;
s;\bqmgr_fudge_factor\b;<a href="postconf.5.html#qmgr_fudge_factor">$&</a>;g;
s;\bqmgr_message_active_limit\b;<a href="postconf.5.html#qmgr_message_active_limit">$&</a>;g;
s;\bqmgr_message_recip[-</bB>]*\n* *[<bB>]*ient_limit\b;<a href="postconf.5.html#qmgr_message_recipient_limit">$&</a>;g;
s;\bqmgr_message_recip[-</bB>]*\n* *[<bB>]*ient_minimum\b;<a href="postconf.5.html#qmgr_message_recipient_minimum">$&</a>;g;
s;\bqmqpd_authorized_clients\b;<a href="postconf.5.html#qmqpd_authorized_clients">$&</a>;g;
s;\bdefault_destination_concur[-</Bb>]*\n* *[<Bb>]*rency_negative_feedback\b;<a href="postconf.5.html#default_destination_concurrency_negative_feedback">$&</a>;g;
s;\bdefault_destination_concur[-</Bb>]*\n* *[<Bb>]*rency_positive_feedback\b;<a href="postconf.5.html#default_destination_concurrency_positive_feedback">$&</a>;g;
s;\bdefault_destination_con[-</Bb>]*\n* *[<Bb>]*currency_failed_cohort_limit\b;<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">$&</a>;g;
s;\bdestination_concurrency_feedback_debug\b;<a href="postconf.5.html#destination_concurrency_feedback_debug">$&</a>;g;
s;\bdefault_destina[-</Bb>]*\n* *[<Bb>]*tion_rate_delay\b;<a href="postconf.5.html#default_destination_rate_delay">$&</a>;g;
s;\bqmqpd_error_delay\b;<a href="postconf.5.html#qmqpd_error_delay">$&</a>;g;
s;\bqmqpd_timeout\b;<a href="postconf.5.html#qmqpd_timeout">$&</a>;g;
s;\bqueue_directory\b;<a href="postconf.5.html#queue_directory">$&</a>;g;
@ -370,6 +385,7 @@ while (<>) {
s;\bsender_canonical_classes\b;<a href="postconf.5.html#sender_canonical_classes">$&</a>;g;
s;\bsender_canonical_maps\b;<a href="postconf.5.html#sender_canonical_maps">$&</a>;g;
s;\bsender_dependent_relay[-</bB>]*\n*[ <bB>]*host_maps\b;<a href="postconf.5.html#sender_dependent_relayhost_maps">$&</a>;g;
s;\bempty_address_relayhost_maps_lookup_key\b;<a href="postconf.5.html#empty_address_relayhost_maps_lookup_key">$&</a>;g;
s;\bsendmail_path\b;<a href="postconf.5.html#sendmail_path">$&</a>;g;
s;\bservice_throttle_time\b;<a href="postconf.5.html#service_throttle_time">$&</a>;g;
s;\bsetgid_group\b;<a href="postconf.5.html#setgid_group">$&</a>;g;
@ -428,7 +444,10 @@ while (<>) {
s;\bsmtp_randomize_addresses\b;<a href="postconf.5.html#smtp_randomize_addresses">$&</a>;g;
s;\bsmtp_rcpt_timeout\b;<a href="postconf.5.html#smtp_rcpt_timeout">$&</a>;g;
s;\bsmtp_rset_timeout\b;<a href="postconf.5.html#smtp_rset_timeout">$&</a>;g;
s;\bsmtp_sasl_auth_cache_name\b;<a href="postconf.5.html#smtp_sasl_auth_cache_name">$&</a>;g;
s;\bsmtp_sasl_auth_cache_time\b;<a href="postconf.5.html#smtp_sasl_auth_cache_time">$&</a>;g;
s;\bsmtp_sasl_auth_enable\b;<a href="postconf.5.html#smtp_sasl_auth_enable">$&</a>;g;
s;\bsmtp_sasl_auth_soft_bounce\b;<a href="postconf.5.html#smtp_sasl_auth_soft_bounce">$&</a>;g;
s;\bsmtp_sasl_mechanism_filter\b;<a href="postconf.5.html#smtp_sasl_mechanism_filter">$&</a>;g;
s;\bsmtp_sasl_pass[-</Bb>]*\n* *[<Bb>]*word_maps\b;<a href="postconf.5.html#smtp_sasl_password_maps">$&</a>;g;
s;\bsmtp_sasl_path\b;<a href="postconf.5.html#smtp_sasl_path">$&</a>;g;
@ -446,6 +465,7 @@ while (<>) {
s;\bsmtpd_client_event_limit_exceptions\b;<a href="postconf.5.html#smtpd_client_event_limit_exceptions">$&</a>;g;
s;\bsmtpd_client_connection_rate_limit\b;<a href="postconf.5.html#smtpd_client_connection_rate_limit">$&</a>;g;
s;\bsmtpd_client_message_rate_limit\b;<a href="postconf.5.html#smtpd_client_message_rate_limit">$&</a>;g;
s;\bsmtpd_client_port_logging\b;<a href="postconf.5.html#smtpd_client_port_logging">$&</a>;g;
s;\bsmtpd_client_recipient_rate_limit\b;<a href="postconf.5.html#smtpd_client_recipient_rate_limit">$&</a>;g;
s;\bsmtpd_client_new_tls_session_rate_limit\b;<a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">$&</a>;g;
s;\bsmtpd_client_restrictions\b;<a href="postconf.5.html#smtpd_client_restrictions">$&</a>;g;
@ -481,6 +501,7 @@ while (<>) {
s;\bsmtpd_reject_unlisted_sender\b;<a href="postconf.5.html#smtpd_reject_unlisted_sender">$&</a>;g;
s;\bsmtpd_restriction_classes\b;<a href="postconf.5.html#smtpd_restriction_classes">$&</a>;g;
s;\bsmtpd_sasl_path\b;<a href="postconf.5.html#smtpd_sasl_path">$&</a>;g;
s;\bcyrus_sasl_config_path\b;<a href="postconf.5.html#cyrus_sasl_config_path">$&</a>;g;
s;\bsmtpd_sasl_auth_enable\b;<a href="postconf.5.html#smtpd_sasl_auth_enable">$&</a>;g;
s;\bsmtpd_sasl_authenticated_header\b;<a href="postconf.5.html#smtpd_sasl_authenticated_header">$&</a>;g;
s;\bsmtpd_sasl_exceptions_networks\b;<a href="postconf.5.html#smtpd_sasl_exceptions_networks">$&</a>;g;
@ -540,6 +561,7 @@ while (<>) {
s;\bsmtp_tls_CAfile\b;<a href="postconf.5.html#smtp_tls_CAfile">$&</a>;g;
s;\bsmtp_tls_CApath\b;<a href="postconf.5.html#smtp_tls_CApath">$&</a>;g;
s;\bsmtp_tls_cert_file\b;<a href="postconf.5.html#smtp_tls_cert_file">$&</a>;g;
s;\bsmtp_tls_fingerprint_digest\b;<a href="postconf.5.html#smtp_tls_fingerprint_digest">$&</a>;g;
s;\bsmtp_tls_mandatory_ciphers\b;<a href="postconf.5.html#smtp_tls_mandatory_ciphers">$&</a>;g;
s;\bsmtp_tls_cipherlist\b;<a href="postconf.5.html#smtp_tls_cipherlist">$&</a>;g;
s;\bsmtp_tls_exclude_ciphers\b;<a href="postconf.5.html#smtp_tls_exclude_ciphers">$&</a>;g;
@ -553,6 +575,7 @@ while (<>) {
s;\bsmtp_tls_per_site\b;<a href="postconf.5.html#smtp_tls_per_site">$&</a>;g;
s;\bsmtp_tls_policy_maps\b;<a href="postconf.5.html#smtp_tls_policy_maps">$&</a>;g;
s;\bsmtp_tls_mandatory_protocols\b;<a href="postconf.5.html#smtp_tls_mandatory_protocols">$&</a>;g;
s;\bsmtp_tls_fingerprint_cert_match\b;<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">$&</a>;g;
s;\bsmtp_tls_verify_cert_match\b;<a href="postconf.5.html#smtp_tls_verify_cert_match">$&</a>;g;
s;\bsmtp_tls_secure_cert_match\b;<a href="postconf.5.html#smtp_tls_secure_cert_match">$&</a>;g;
s;\bsmtp_tls_scert_verifydepth\b;<a href="postconf.5.html#smtp_tls_scert_verifydepth">$&</a>;g;
@ -560,6 +583,10 @@ while (<>) {
s;\bsmtp_tls_session_cache_database\b;<a href="postconf.5.html#smtp_tls_session_cache_database">$&</a>;g;
s;\bsmtp_tls_session_cache_timeout\b;<a href="postconf.5.html#smtp_tls_session_cache_timeout">$&</a>;g;
s;\bsmtp_use_tls\b;<a href="postconf.5.html#smtp_use_tls">$&</a>;g;
s;\bsmtp_header_checks\b;<a href="postconf.5.html#smtp_header_checks">$&</a>;g;
s;\bsmtp_mime_header_checks\b;<a href="postconf.5.html#smtp_mime_header_checks">$&</a>;g;
s;\bsmtp_nested_header_checks\b;<a href="postconf.5.html#smtp_nested_header_checks">$&</a>;g;
s;\bsmtp_body_checks\b;<a href="postconf.5.html#smtp_body_checks">$&</a>;g;
s;\bsmtpd_enforce_tls\b;<a href="postconf.5.html#smtpd_enforce_tls">$&</a>;g;
s;\bsmtpd_sasl_tls_security_options\b;<a href="postconf.5.html#smtpd_sasl_tls_security_options">$&</a>;g;
s;\bsmtpd_sasl_type\b;<a href="postconf.5.html#smtpd_sasl_type">$&</a>;g;
@ -572,6 +599,7 @@ while (<>) {
s;\bsmtpd_tls_cert_file\b;<a href="postconf.5.html#smtpd_tls_cert_file">$&</a>;g;
s;\bsmtpd_tls_cipherlist\b;<a href="postconf.5.html#smtpd_tls_cipherlist">$&</a>;g;
s;\bsmtpd_tls_exclude_ciphers\b;<a href="postconf.5.html#smtpd_tls_exclude_ciphers">$&</a>;g;
s;\bsmtpd_tls_fingerprint_digest\b;<a href="postconf.5.html#smtpd_tls_fingerprint_digest">$&</a>;g;
s;\bsmtpd_tls_mandatory_ciphers\b;<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">$&</a>;g;
s;\bsmtpd_tls_mandatory_exclude_ciphers\b;<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">$&</a>;g;
s;\bsmtpd_tls_dcert_file\b;<a href="postconf.5.html#smtpd_tls_dcert_file">$&</a>;g;
@ -604,6 +632,25 @@ while (<>) {
s;\bfrozen_delivered_to\b;<a href="postconf.5.html#frozen_delivered_to">$&</a>;g;
# Transport-dependent magical parameters.
s;(<i>transport</i>)(<b>)?(_destination_concurrency_failed_cohort_limit)\b;$2<a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_destination_concurrency_negative_feedback)\b;$2<a href="postconf.5.html#transport_destination_concurrency_positive_feedback">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_destination_concurrency_positive_feedback)\b;$2<a href="postconf.5.html#transport_destination_concurrency_positive_feedback">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_delivery_slot_cost)\b;$2<a href="postconf.5.html#transport_delivery_slot_cost">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_delivery_slot_discount)\b;$2<a href="postconf.5.html#transport_delivery_slot_discount">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_delivery_slot_loan)\b;$2<a href="postconf.5.html#transport_delivery_slot_loan">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_destination_concurrency_limit)\b;$2<a href="postconf.5.html#transport_destination_concurrency_limit">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_destination_recipient_limit)\b;$2<a href="postconf.5.html#transport_destination_recipient_limit">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_extra_recipient_limit)\b;$2<a href="postconf.5.html#transport_extra_recipient_limit">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_initial_destination_concurrency)\b;$2<a href="postconf.5.html#transport_initial_destination_concurrency">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_minimum_delivery_slots)\b;$2<a href="postconf.5.html#transport_minimum_delivery_slots">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_recipient_limit)\b;$2<a href="postconf.5.html#transport_recipient_limit">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_recipient_refill_delay)\b;$2<a href="postconf.5.html#transport_recipient_refill_delay">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_recipient_refill_limit)\b;$2<a href="postconf.5.html#transport_recipient_refill_limit">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_time_limit)\b;$2<a href="postconf.5.html#transport_time_limit">$1$3</a>;g;
s;(<i>transport</i>)(<b>)?(_destination_rate_delay)\b;$2<a href="postconf.5.html#transport_destination_rate_delay">$1$3</a>;g;
# Undo hyperlinks of manual pages with the same name as parameters.
s/<a href="[^"]*">([^<]*)<\/a>\(/$1(/g;
@ -732,6 +779,7 @@ while (<>) {
s;\breject_invalid_hostname\b;<a href="postconf.5.html#reject_invalid_helo_hostname">$&</a>;g;
s;\breject_non_fqdn_helo_hostname\b;<a href="postconf.5.html#reject_non_fqdn_helo_hostname">$&</a>;g;
s;\breject_non_fqdn_hostname\b;<a href="postconf.5.html#reject_non_fqdn_helo_hostname">$&</a>;g;
s;\breject_rhsbl_helo\b;<a href="postconf.5.html#reject_rhsbl_helo">$&</a>;g;
s;\breject_unknown_helo_hostname\b;<a href="postconf.5.html#reject_unknown_helo_hostname">$&</a>;g;
s;\breject_unknown_hostname\b;<a href="postconf.5.html#reject_unknown_helo_hostname">$&</a>;g;
@ -781,12 +829,13 @@ while (<>) {
s;\bmilter_data_macros\b;<a href="postconf.5.html#milter_data_macros">$&</a>;g;
s;\bmilter_unknown_command_macros\b;<a href="postconf.5.html#milter_unknown_command_macros">$&</a>;g;
s;\bmilter_end_of_data_macros\b;<a href="postconf.5.html#milter_end_of_data_macros">$&</a>;g;
s;\bmilter_end_of_header_macros\b;<a href="postconf.5.html#milter_end_of_header_macros">$&</a>;g;
# Hyperlink URLs and RFC documents
s/(http:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
s/(ftp:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
s/\bRFC\s*([1-9]\d*)/<a href="http:\/\/www.faqs.org\/rfcs\/rfc$1.html">$&<\/a>/;
s/\bRFC\s*([1-9]\d*)/<a href="http:\/\/tools.ietf.org\/html\/rfc$1">$&<\/a>/;
# Split README/RFC/parameter/restriction hyperlinks that span line breaks
@ -795,6 +844,7 @@ while (<>) {
# Glue manual/parameter/restriction hyperlinks without line breaks.
s/(<a href="[^"]*">)([<bB>]*[-a-zA-Z0-9._]*[<bB>]*)<\/a>\1/$1$2/g;
# One more time:
s/(<a href="[^"]*">)([<bB>]*[-a-zA-Z0-9._]*[<bB>]*)<\/a>\1/$1$2/g;
# Hyperlink phrases not in headers.
@ -830,6 +880,7 @@ while (<>) {
# Hyperlink map types.
s/\b(cdb):/<a href="CDB_README.html">$1<\/a>:/g;
s/\b(cidr):/<a href="cidr_table.5.html">$1<\/a>:/g;
s/\b(pcre):/<a href="pcre_table.5.html">$1<\/a>:/g;
s/\b(proxy):/<a href="proxymap.8.html">$1<\/a>:/g;

2
gnu/dist/postfix/mantools/spell vendored
View File

@ -3,5 +3,5 @@
for i in $*
do
echo === $i ===
dehtml $i | spell | fgrep -vxf proto/stop
mantools/html2readme $i | col -b | spell | fgrep -vxf proto/stop
done

2
gnu/dist/postfix/mantools/xpostconf vendored
View File

@ -58,7 +58,7 @@ open(POSTCONF, $protofile) || die " cannot open $protofile: $!\n";
while(<POSTCONF>) {
next if /^#/;
next if /^#/ && $text eq "";
next unless ($name || /\S/);
if (/^%(PARAM|CLASS)/) {

28
gnu/dist/postfix/proto/ADDRESS_VERIFICATION_README.html vendored
View File

@ -207,9 +207,10 @@ delivery failure in response to end of DATA after a message is
transferred. Postfix address verification does not work with such
sites. </p>
<li> <p> By default, Postfix probe messages have "postmaster@$myorigin"
as the sender address. This is SAFE because the Postfix SMTP server
does not reject mail for this address. </p>
<li> <p> By default, Postfix probe messages have "double-bounce@$myorigin"
as the sender address (with Postfix versions before 2.5, the default
is "postmaster@$myorigin"). This is SAFE because the Postfix SMTP
server does not reject mail for this address. </p>
<p> You can change this into the null address ("address_verify_sender
="). This is UNSAFE because address probes will fail with
@ -272,7 +273,7 @@ specific domains that often appear in forged email. </p>
unverified_sender_reject_code = 550
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/mta/verify
address_verify_map = btree:/var/lib/postfix/verify
/etc/postfix/sender_access:
aol.com reject_unverified_sender
@ -314,7 +315,7 @@ you can see what mail would be blocked: </p>
...
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/mta/verify
address_verify_map = btree:/var/lib/postfix/verify
</pre>
</blockquote>
@ -373,19 +374,28 @@ stop". </p>
<pre>
/etc/postfix/main.cf:
# Note: avoid hash files here. Use btree instead.
address_verify_map = btree:/var/mta/verify
address_verify_map = btree:/var/lib/postfix/verify
</pre>
</blockquote>
<p> NOTE: Do not put this file in a file system that may run out
<p> NOTE 1: As of version 2.5, Postfix no longer uses root privileges
when opening this file. The file should now be stored under the
Postfix-owned data_directory. As a migration aid, an attempt to
open the file under a non-Postfix directory is redirected to the
Postfix-owned data_directory, and a warning is logged. If you wish
to continue using a pre-existing database file, move it to the
data_directory, and change ownership to the account specified with
the mail_owner parameter. </p>
<p> NOTE 2: Do not put this file in a file system that may run out
of space. When the address verification table gets corrupted the
world comes to an end and YOU will have to MANUALLY fix things as
described in the next section. Meanwhile, you will not receive mail
via SMTP. </p>
<p> The verify(8) daemon process will create a new database when
<p> NOTE 3: The verify(8) daemon process will create a new database when
none exists, and will open/create the file before it enters the
chroot jail and before it drops root privileges. </p>
chroot jail. </p>
<h2><a name="dirty_secret">Managing the address verification
database</a></h2>

14
gnu/dist/postfix/proto/BACKSCATTER_README.html vendored
View File

@ -20,11 +20,8 @@ Backscatter Howto</h1>
<h2>Overview </h2>
This document describes features that require Postfix version 2.0
or later. The examples use Perl Compatible Regular Expressions
(Postfix pcre: tables), but also provide a translation to POSIX
regular expressions (Postfix regexp: tables). PCRE is preferred
primarily because the implementation is often faster.</p>
<p> This document describes features that require Postfix version
2.0 or later. </p>
<p> Topics covered in this document: </p>
@ -56,6 +53,11 @@ scanners</a>
</ul>
<p> The examples use Perl Compatible Regular Expressions (Postfix
pcre: tables), but also provide a translation to POSIX regular
expressions (Postfix regexp: tables). PCRE is preferred primarily
because the implementation is often faster.</p>
<h2><a name="wtf">What is backscatter mail?</a></h2>
<p> When a spammer or worm sends mail with forged sender addresses,
@ -73,7 +75,7 @@ to=&lt;yyyyyy@your.domain.here&gt; proto=ESMTP helo=&lt;zzzzzz&gt;
</pre>
</blockquote>
<p> What you see are lots of "user unknown" errors with "from=<>".
<p> What you see are lots of "user unknown" errors with "from=&lt;&gt;".
These are error reports from MAILER-DAEMONs elsewhere on the Internet.
</p>

7
gnu/dist/postfix/proto/CDB_README.html vendored
View File

@ -37,7 +37,12 @@ information about Postfix databases. </p>
<p> CDB support is available with Postfix 2.2 and later releases.
This document describes how to build Postfix with CDB support. </p>
<h2>Building Postfix with CDB</h2>
<h2>Building Postfix with CDB support</h2>
<p> These instructions assume that you build Postfix from source
code as described in the INSTALL document. Some modification may
be required if you build Postfix from a vendor-specific source
package. </p>
<p> Postfix is compatible with two CDB implementations: </p>

4
gnu/dist/postfix/proto/DATABASE_README.html vendored
View File

@ -365,8 +365,8 @@ example, the lookup table "static:foobar" always returns the string
described in tcp_table(5). The lookup table name is "tcp:host:port"
where "host" specifies a symbolic hostname or a numeric IP address,
and "port" specifies a symbolic service name or a numeric port
number. This protocol is not available up to and including Postfix
version 2.4. </dd>
number. This protocol is not available in the stable Postfix release.
</dd>
<dt> <b>unix</b> (read-only) </dt>

8
gnu/dist/postfix/proto/INSTALL.html vendored
View File

@ -308,6 +308,9 @@ default</th> </tr>
<tr> <td>DEF_DAEMON_DIR</td> <td>daemon_directory</td>
<td>/usr/libexec/postfix</td> </tr>
<tr> <td>DEF_DATA_DIR</td> <td>data_directory</td>
<td>/var/lib/postfix</td> </tr>
<tr> <td>DEF_MAILQ_PATH</td> <td>mailq_path</td> <td>/usr/bin/mailq</td>
</tr>
@ -333,6 +336,9 @@ default</th> </tr>
</blockquote>
<p> Note: the data_directory parameter (for caches and pseudo-random
numbers) was introduced with Postfix version 2.5. </p>
<h3>4.5 - Support for thousands of processes</h3>
<p> The number of connections that Postfix can manage simultaneously
@ -738,7 +744,7 @@ Postfix system with: </p>
</blockquote>
<p> and watch your maillog file for any error messages. The pathname
is /var/log/maillog, /var/log/mail, /var/log/syslog, or someting
is /var/log/maillog, /var/log/mail, /var/log/syslog, or something
else. Typically, the pathname is defined in the /etc/syslog.conf
file. </p>

5
gnu/dist/postfix/proto/LDAP_README.html vendored
View File

@ -55,6 +55,11 @@ it to each. </p>
<h2><a name="build">Building Postfix with LDAP support</a></h2>
<p> These instructions assume that you build Postfix from source
code as described in the INSTALL document. Some modification may
be required if you build Postfix from a vendor-specific source
package. </p>
<p> Note 1: Postfix no longer supports the LDAP version 1 interface.
</p>

76
gnu/dist/postfix/proto/MILTER_README.html vendored
View File

@ -22,20 +22,20 @@
<p> Postfix version 2.3 introduces support for the Sendmail version
8 Milter (mail filter) protocol. This protocol is used by applications
that run outside the MTA to inspect SMTP events (CONNECT, DISCONNECT),
SMTP commands (HELO, MAIL FROM, etc.) as well as mail content. All
this happens before mail is queued. </p>
SMTP commands (HELO, MAIL FROM, etc.) as well as mail content (headers
and body). All this happens before mail is queued. </p>
<p> The reason for adding Milter support to Postfix is that there
exists a large collection of applications, not only to block unwanted
mail, but also to verify authenticity (examples: <a
href="http://sourceforge.net/projects/dkim-milter/">Domain keys
identified mail</a>, <a
href="http://sourceforge.net/projects/dkim-milter/">DomainKeys
Identified Mail (DKIM)</a>, <a
href="http://sourceforge.net/projects/sid-milter/">SenderID+SPF</a> and
<a href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>)
<a href="http://sourceforge.net/projects/dk-milter/">DomainKeys</a>)
or to digitally sign mail (examples: <a
href="http://sourceforge.net/projects/dkim-milter/">Domain keys
identified mail</a>, <a
href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>).
href="http://sourceforge.net/projects/dkim-milter/">DomainKeys
Identified Mail (DKIM)</a>, <a
href="http://sourceforge.net/projects/dk-milter/">DomainKeys</a>).
Having yet another Postfix-specific version of all that software
is a poor use of human and system resources. </p>
@ -429,6 +429,7 @@ not exist, and "reject" to reject mail with a permanent status.
<blockquote>
<pre>
/etc/postfix/main.cf:
# What to do in case of errors? Specify accept, reject, or tempfail.
milter_default_action = tempfail
</pre>
@ -438,11 +439,13 @@ not exist, and "reject" to reject mail with a permanent status.
<p> As Postfix is not built with the Sendmail libmilter library,
you may need to configure the Milter protocol version that Postfix
should use. The default version is 2. </p>
should use. The default version is 2. Other protocol versions are
3 and 4 (Postfix 2.3 and later), and 6 (Postfix 2.5 an later). </p>
<blockquote>
<pre>
milter_protocol = 2
/etc/postfix/main.cf:
milter_protocol = 2
</pre>
</blockquote>
@ -501,7 +504,7 @@ EOH, BODY, EOM </td> </tr>
</blockquote>
<p> Beware: 30s is not a lot for applications that do a lot of DNS
<p> Beware: 30s may be too short for applications doing lots of DNS
lookups. However, if you increase the above timeouts too much,
remote SMTP clients may hang up and mail may be delivered multiple
times. This is an inherent problem with before-queue filtering. </p>
@ -510,7 +513,8 @@ times. This is an inherent problem with before-queue filtering. </p>
<p> Postfix emulates a limited number of Sendmail macros, as shown
in the table. Different macros are available at different SMTP
protocol stages (EOM = end-of-message); their availability is not
protocol stages (EOH = end-of-header, EOM = end-of-message); their
availability is not
always the same as in Sendmail. See the <a
href="#workarounds">workarounds</a> section below for solutions.
</p>
@ -522,7 +526,7 @@ href="#workarounds">workarounds</a> section below for solutions.
<tr> <th> Name </th> <th> Availability </th> <th> Description </th>
</tr>
<tr> <td> i </td> <td> DATA, EOM </td> <td> Queue ID </td> </tr>
<tr> <td> i </td> <td> DATA, EOH, EOM </td> <td> Queue ID </td> </tr>
<tr> <td> j </td> <td> Always </td> <td> value of myhostname </td>
</tr>
@ -530,13 +534,13 @@ href="#workarounds">workarounds</a> section below for solutions.
<tr> <td> _ </td> <td> Always </td> <td> The validated client name
and address </td> </tr>
<tr> <td> {auth_authen} </td> <td> MAIL, DATA, EOM </td> <td> SASL
<tr> <td> {auth_authen} </td> <td> MAIL, DATA, EOH, EOM </td> <td> SASL
login name </td> </tr>
<tr> <td> {auth_author} </td> <td> MAIL, DATA, EOM </td> <td> SASL
<tr> <td> {auth_author} </td> <td> MAIL, DATA, EOH, EOM </td> <td> SASL
sender </td> </tr>
<tr> <td> {auth_type} </td> <td> MAIL, DATA, EOM </td> <td> SASL
<tr> <td> {auth_type} </td> <td> MAIL, DATA, EOH, EOM </td> <td> SASL
login method </td> </tr>
<tr> <td> {client_addr} </td> <td> Always </td> <td> Client IP
@ -548,20 +552,23 @@ Connection concurrency for this client </td> </tr>
<tr> <td> {client_name} </td> <td> Always </td> <td> Client hostname,
"unknown" when lookup or verification fails </td> </tr>
<tr> <td> {client_port} </td> <td> Always (Postfix &ge;2.5) </td>
<td> Client TCP port </td> </tr>
<tr> <td> {client_ptr} </td> <td> CONNECT, HELO, MAIL, DATA </td>
<td> Client name from reverse lookup, "unknown" when lookup fails
</td> </tr>
<tr> <td> {cert_issuer} </td> <td> HELO, MAIL, DATA, EOM </td> <td>
<tr> <td> {cert_issuer} </td> <td> HELO, MAIL, DATA, EOH, EOM </td> <td>
TLS client certificate issuer </td> </tr>
<tr> <td> {cert_subject} </td> <td> HELO, MAIL, DATA, EOM </td>
<tr> <td> {cert_subject} </td> <td> HELO, MAIL, DATA, EOH, EOM </td>
<td> TLS client certificate subject </td> </tr>
<tr> <td> {cipher_bits} </td> <td> HELO, MAIL, DATA, EOM </td> <td>
<tr> <td> {cipher_bits} </td> <td> HELO, MAIL, DATA, EOH, EOM </td> <td>
TLS session key size </td> </tr>
<tr> <td> {cipher} </td> <td> HELO, MAIL, DATA, EOM </td> <td> TLS
<tr> <td> {cipher} </td> <td> HELO, MAIL, DATA, EOH, EOM </td> <td> TLS
cipher </td> </tr>
<tr> <td> {daemon_name} </td> <td> Always </td> <td> value of
@ -573,7 +580,7 @@ milter_macro_daemon_name </td> </tr>
<tr> <td> {rcpt_addr} </td> <td> RCPT </td> <td> Recipient address
</td> </tr>
<tr> <td> {tls_version} </td> <td> HELO, MAIL, DATA, EOM </td> <td>
<tr> <td> {tls_version} </td> <td> HELO, MAIL, DATA, EOH, EOM </td> <td>
TLS protocol version </td> </tr>
<tr> <td> v </td> <td> Always </td> <td> value of milter_macro_v
@ -585,7 +592,9 @@ TLS protocol version </td> </tr>
<p> Postfix sends specific sets of macros at different SMTP protocol
stages. The sets are configured with the parameters as described
in the table (EOM = end of message). </p>
in the table (EOH = end of headers; EOM = end of message). The
protocol version is a number that Postfix sends at the beginning
of the Milter protocol handshake. </p>
<blockquote>
@ -609,6 +618,9 @@ TO </td> </tr>
<tr> <td> milter_data_macros </td> <td> 4 or higher </td> <td> DATA
</td> </tr>
<tr> <td> milter_end_of_header_macros </td> <td> 6 or higher </td>
<td> EOH </td> </tr>
<tr> <td> milter_end_of_data_macros </td> <td> 2 or higher </td>
<td> EOM </td> </tr>
@ -621,7 +633,7 @@ TO </td> </tr>
<h2><a name="workarounds">Workarounds</a></h2>
<p> Content filters may break domain key etc. signatures. If you
<p> Content filters may break DKIM etc. signatures. If you
use an SMTP-based content filter, then you should add a line to
master.cf with "-o disable_mime_output_conversion=yes" (note: no
spaces around the "="), as described in the <a
@ -647,8 +659,8 @@ sid-filter[36540]: WARNING: sendmail symbol 'i' not available
</pre>
</blockquote>
<p> And they may insert a message header with "unknown-msgid" like
this: </p>
<p> And they may insert an ugly message header with "unknown-msgid"
like this: </p>
<blockquote>
<pre>
@ -762,9 +774,11 @@ a discussion. </p>
<ul>
<li> <p> Postfix currently supports only applications that speak
the Sendmail 8 Milter protocol versions 2..4. Support for other
protocol types or protocol versions may be added later. </p>
<li> <p> Postfix version 2.3 introduces support for Sendmail 8
milter protocol versions 2, 3 and 4; Postfix version 2.5 adds support
for protocol version 6, which is available with Sendmail 8.14.
Support for other protocol types or protocol versions may be added
later. </p>
<li> <p> For applications that are written in C, you need to use
the Sendmail libmilter library. A Postfix replacement may be
@ -809,6 +823,12 @@ operation will log a warning like this: </p>
<p> The solution is to use Postfix version 2.4 or later. </p>
<li> <p> Postfix version 2.5 implements the Sendmail 8.14 features
except: SMFIP_RCPT_REJ (report rejected recipients to the mail
filter), SMFIR_CHGFROM (replace sender, with optional ESMTP command
parameters), and SMFIR_ADDRCPT_PAR (add recipient, with optional
ESMTP command parameters).
<li> <p> Most Milter configuration options are global. Future Postfix
versions may support per-Milter timeouts, per-Milter error handling,
etc. </p>

5
gnu/dist/postfix/proto/MYSQL_README.html vendored
View File

@ -33,6 +33,11 @@ clients by using the Postfix proxymap(8) service. </p>
<h2>Building Postfix with MySQL support</h2>
<p> These instructions assume that you build Postfix from source
code as described in the INSTALL document. Some modification may
be required if you build Postfix from a vendor-specific source
package. </p>
<p> Note: to use mysql with Debian GNU/Linux's Postfix, all you
need is to install the postfix-mysql package and you're done.
There is no need to recompile Postfix. </p>

Some files were not shown because too many files have changed in this diff Show More