.TH SMTPD 8 
.ad
.fi
.SH NAME
smtpd
\-
Postfix SMTP server
.SH SYNOPSIS
.na
.nf
\fBsmtpd\fR [generic Postfix daemon options]
.SH DESCRIPTION
.ad
.fi
The SMTP server accepts network connection requests
and performs zero or more SMTP transactions per connection.
Each received message is piped through the \fBcleanup\fR(8)
daemon, and is placed into the \fBincoming\fR queue as one
single queue file.  For this mode of operation, the program
expects to be run from the \fBmaster\fR(8) process manager.

Alternatively, the SMTP server takes an established
connection on standard input and deposits messages directly
into the \fBmaildrop\fR queue. In this so-called stand-alone
mode, the SMTP server can accept mail even while the mail
system is not running.

The SMTP server implements a variety of policies for connection
requests, and for parameters given to \fBHELO, ETRN, MAIL FROM, VRFY\fR
and \fBRCPT TO\fR commands. They are detailed below and in the
\fBmain.cf\fR configuration file.
.SH SECURITY
.na
.nf
.ad
.fi
The SMTP server is moderately security-sensitive. It talks to SMTP
clients and to DNS servers on the network. The SMTP server can be
run chrooted at fixed low privilege.
.SH STANDARDS
.na
.nf
RFC 821 (SMTP protocol)
RFC 1123 (Host requirements)
RFC 1651 (SMTP service extensions)
RFC 1652 (8bit-MIME transport)
RFC 1854 (SMTP Pipelining)
RFC 1870 (Message Size Declaration)
RFC 1985 (ETRN command)
RFC 2554 (AUTH command)
.SH DIAGNOSTICS
.ad
.fi
Problems and transactions are logged to \fBsyslogd\fR(8).

Depending on the setting of the \fBnotify_classes\fR parameter,
the postmaster is notified of bounces, protocol problems,
policy violations, and of other trouble.
.SH CONFIGURATION PARAMETERS
.na
.nf
.ad
.fi
The following \fBmain.cf\fR parameters are especially relevant to
this program. See the Postfix \fBmain.cf\fR file for syntax details
and for default values. Use the \fBpostfix reload\fR command after
a configuration change.
.SH "Compatibility controls"
.ad
.fi
.IP \fBstrict_rfc821_envelopes\fR
Disallow non-RFC 821 style addresses in envelopes. For example,
allow RFC822-style address forms with comments, like Sendmail does.
.IP \fBbroken_sasl_auth_clients\fR
Support older Microsoft clients that mis-implement the AUTH
protocol, and that expect an EHLO response of "250 AUTH=list"
instead of "250 AUTH list".
.SH "Content inspection controls"
.IP \fBcontent_filter\fR
The name of a mail delivery transport that filters mail and that
either bounces mail or re-injects the result back into Postfix.
This parameter uses the same syntax as the right-hand side of
a Postfix transport table.
.SH "Authentication controls"
.IP \fBenable_sasl_authentication\fR
Enable per-session authentication as per RFC 2554 (SASL).
This functionality is available only when explicitly selected
at program build time and explicitly enabled at runtime.
.IP \fBsmtpd_sasl_local_domain\fR
The name of the local authentication realm.
.IP \fBsmtpd_sasl_security_options\fR
Zero or more of the following.
.RS
.IP \fBnoplaintext\fR
Disallow authentication methods that use plaintext passwords.
.IP \fBnoactive\fR
Disallow authentication methods that are vulnerable to non-dictionary
active attacks.
.IP \fBnodictionary\fR
Disallow authentication methods that are vulnerable to passive
dictionary attack.
.IP \fBnoanonymous\fR
Disallow anonymous logins.
.RE
.SH Miscellaneous
.ad
.fi
.IP \fBalways_bcc\fR
Address to send a copy of each message that enters the system.
.IP \fBcommand_directory\fR
Location of Postfix support commands (default:
\fB$program_directory\fR).
.IP \fBdebug_peer_level\fR
Increment in verbose logging level when a remote host matches a
pattern in the \fBdebug_peer_list\fR parameter.
.IP \fBdebug_peer_list\fR
List of domain or network patterns. When a remote host matches
a pattern, increase the verbose logging level by the amount
specified in the \fBdebug_peer_level\fR parameter.
.IP \fBerror_notice_recipient\fR
Recipient of protocol/policy/resource/software error notices.
.IP \fBhopcount_limit\fR
Limit the number of \fBReceived:\fR message headers.
.IP \fBlocal_recipient_maps\fR
List of maps with user names that are local to \fB$myorigin\fR
or \fB$inet_interfaces\fR. If this parameter is defined,
then the SMTP server rejects mail for unknown local users.
.IP \fBnotify_classes\fR
List of error classes. Of special interest are:
.RS
.IP \fBpolicy\fR
When a client violates any policy, mail a transcript of the
entire SMTP session to the postmaster.
.IP \fBprotocol\fR
When a client violates the SMTP protocol or issues an unimplemented
command, mail a transcript of the entire SMTP session to the
postmaster.
.RE
.IP \fBsmtpd_banner\fR
Text that follows the \fB220\fR status code in the SMTP greeting banner.
.IP \fBsmtpd_recipient_limit\fR
Restrict the number of recipients that the SMTP server accepts
per message delivery.
.IP \fBsmtpd_timeout\fR
Limit the time to send a server response and to receive a client
request.
.IP \fBsoft_bounce\fR
Change hard (5xx) reject responses into soft (4xx) reject responses.
This can be useful for testing purposes.
.SH "Resource controls"
.ad
.fi
.IP \fBline_length_limit\fR
Limit the amount of memory in bytes used for the handling of
partial input lines.
.IP \fBmessage_size_limit\fR
Limit the total size in bytes of a message, including on-disk
storage for envelope information.
.IP \fBqueue_minfree\fR
Minimal amount of free space in bytes in the queue file system
for the SMTP server to accept any mail at all.
.SH Tarpitting
.ad
.fi
.IP \fBsmtpd_error_sleep_time\fR
Time to wait in seconds before sending a 4xx or 5xx server error
response.
.IP \fBsmtpd_soft_error_limit\fR
When an SMTP client has made this number of errors, wait
\fIerror_count\fR seconds before responding to any client request.
.IP \fBsmtpd_hard_error_limit\fR
Disconnect after a client has made this number of errors.
.IP \fBsmtpd_junk_command_limit\fR
Limit the number of times a client can issue a junk command
such as NOOP, VRFY, ETRN or RSET in one SMTP session before
it is penalized with tarpit delays.
.SH "UCE control restrictions"
.ad
.fi
.IP \fBsmtpd_client_restrictions\fR
Restrict what clients may connect to this mail system.
.IP \fBsmtpd_helo_required\fR
Require that clients introduce themselves at the beginning
of an SMTP session.
.IP \fBsmtpd_helo_restrictions\fR
Restrict what client hostnames are allowed in \fBHELO\fR and
\fBEHLO\fR commands.
.IP \fBsmtpd_sender_restrictions\fR
Restrict what sender addresses are allowed in \fBMAIL FROM\fR commands.
.IP \fBsmtpd_recipient_restrictions\fR
Restrict what recipient addresses are allowed in \fBRCPT TO\fR commands.
.IP \fBsmtpd_etrn_restrictions\fR
Restrict what domain names can be used in \fBETRN\fR commands,
and what clients may issue \fBETRN\fR commands.
.IP \fBallow_untrusted_routing\fR
Allow untrusted clients to specify addresses with sender-specified
routing.  Enabling this opens up nasty relay loopholes involving
trusted backup MX hosts.
.IP \fBsmtpd_restriction_classes\fR
Declares the name of zero or more parameters that contain a
list of UCE restrictions. The names of these parameters can
then be used instead of the restriction lists that they represent.
.IP \fBmaps_rbl_domains\fR
List of DNS domains that publish the addresses of blacklisted
hosts.
.IP \fBrelay_domains\fR
Restrict what domains or networks this mail system will relay
mail from or to.
.SH "UCE control responses"
.ad
.fi
.IP \fBaccess_map_reject_code\fR
Server response when a client violates an access database restriction.
.IP \fBinvalid_hostname_reject_code\fR
Server response when a client violates the \fBreject_invalid_hostname\fR
restriction.
.IP \fBmaps_rbl_reject_code\fR
Server response when a client violates the \fBmaps_rbl_domains\fR
restriction.
.IP \fBreject_code\fR
Response code when the client matches a \fBreject\fR restriction.
.IP \fBrelay_domains_reject_code\fR
Server response when a client attempts to violate the mail relay
policy.
.IP \fBunknown_address_reject_code\fR
Server response when a client violates the \fBreject_unknown_address\fR
restriction.
.IP \fBunknown_client_reject_code\fR
Server response when a client without address to name mapping
violates the \fBreject_unknown_clients\fR restriction.
.IP \fBunknown_hostname_reject_code\fR
Server response when a client violates the \fBreject_unknown_hostname\fR
restriction.
.SH SEE ALSO
.na
.nf
cleanup(8) message canonicalization
master(8) process manager
syslogd(8) system logging
.SH LICENSE
.na
.nf
.ad
.fi
The Secure Mailer license must be distributed with this software.
.SH AUTHOR(S)
.na
.nf
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA