221 lines
7.5 KiB
Groff
221 lines
7.5 KiB
Groff
.TH SMTP 8
|
|
.ad
|
|
.fi
|
|
.SH NAME
|
|
smtp
|
|
\-
|
|
Postfix remote delivery via SMTP
|
|
.SH SYNOPSIS
|
|
.na
|
|
.nf
|
|
\fBsmtp\fR [generic Postfix daemon options]
|
|
.SH DESCRIPTION
|
|
.ad
|
|
.fi
|
|
The SMTP client processes message delivery requests from
|
|
the queue manager. Each request specifies a queue file, a sender
|
|
address, a domain or host to deliver to, and recipient information.
|
|
This program expects to be run from the \fBmaster\fR(8) process
|
|
manager.
|
|
|
|
The SMTP client updates the queue file and marks recipients
|
|
as finished, or it informs the queue manager that delivery should
|
|
be tried again at a later time. Delivery problem reports are sent
|
|
to the \fBbounce\fR(8) or \fBdefer\fR(8) daemon as appropriate.
|
|
|
|
The SMTP client looks up a list of mail exchanger addresses for
|
|
the destination host, sorts the list by preference, and connects
|
|
to each listed address until it finds a server that responds.
|
|
|
|
When the domain or host is specified as a comma/whitespace
|
|
separated list, the SMTP client repeats the above process
|
|
for all destinations until it finds a server that responds.
|
|
|
|
Once the SMTP client has received the server greeting banner, no
|
|
error will cause it to proceed to the next address on the mail
|
|
exchanger list. Instead, the message is either bounced, or its
|
|
delivery is deferred until later.
|
|
.SH SECURITY
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The SMTP client is moderately security-sensitive. It talks to SMTP
|
|
servers and to DNS servers on the network. The SMTP client can be
|
|
run chrooted at fixed low privilege.
|
|
.SH STANDARDS
|
|
.na
|
|
.nf
|
|
RFC 821 (SMTP protocol)
|
|
RFC 1651 (SMTP service extensions)
|
|
RFC 1870 (Message Size Declaration)
|
|
RFC 2197 (Pipelining)
|
|
RFC 2554 (AUTH command)
|
|
RFC 2821 (SMTP protocol)
|
|
.SH DIAGNOSTICS
|
|
.ad
|
|
.fi
|
|
Problems and transactions are logged to \fBsyslogd\fR(8).
|
|
Corrupted message files are marked so that the queue manager can
|
|
move them to the \fBcorrupt\fR queue for further inspection.
|
|
|
|
Depending on the setting of the \fBnotify_classes\fR parameter,
|
|
the postmaster is notified of bounces, protocol problems, and of
|
|
other trouble.
|
|
.SH BUGS
|
|
.ad
|
|
.fi
|
|
.SH CONFIGURATION PARAMETERS
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The following \fBmain.cf\fR parameters are especially relevant to
|
|
this program. See the Postfix \fBmain.cf\fR file for syntax details
|
|
and for default values. Use the \fBpostfix reload\fR command after
|
|
a configuration change.
|
|
.SH Miscellaneous
|
|
.ad
|
|
.fi
|
|
.IP \fBbest_mx_transport\fR
|
|
Name of the delivery transport to use when the local machine
|
|
is the most-preferred mail exchanger (by default, a mailer
|
|
loop is reported, and the message is bounced).
|
|
.IP \fBdebug_peer_level\fR
|
|
Verbose logging level increment for hosts that match a
|
|
pattern in the \fBdebug_peer_list\fR parameter.
|
|
.IP \fBdebug_peer_list\fR
|
|
List of domain or network patterns. When a remote host matches
|
|
a pattern, increase the verbose logging level by the amount
|
|
specified in the \fBdebug_peer_level\fR parameter.
|
|
.IP \fBdisable_dns_lookups\fR
|
|
Disable DNS lookups. This means that mail must be forwarded
|
|
via a smart relay host.
|
|
.IP \fBerror_notice_recipient\fR
|
|
Recipient of protocol/policy/resource/software error notices.
|
|
.IP \fBfallback_relay\fR
|
|
Hosts to hand off mail to if a message destination is not found
|
|
or if a destination is unreachable.
|
|
.IP \fBignore_mx_lookup_error\fR
|
|
When a name server fails to respond to an MX query, search for an
|
|
A record instead deferring mail delivery.
|
|
.IP \fBinet_interfaces\fR
|
|
The network interface addresses that this mail system receives
|
|
mail on. When any of those addresses appears in the list of mail
|
|
exchangers for a remote destination, the list is truncated to
|
|
avoid mail delivery loops.
|
|
.IP \fBnotify_classes\fR
|
|
When this parameter includes the \fBprotocol\fR class, send mail to the
|
|
postmaster with transcripts of SMTP sessions with protocol errors.
|
|
.IP \fBsmtp_always_send_ehlo\fR
|
|
Always send EHLO at the start of a connection.
|
|
.IP \fBsmtp_never_send_ehlo\fR
|
|
Never send EHLO at the start of a connection.
|
|
.IP \fBsmtp_bind_address\fR
|
|
Numerical source network address to bind to when making a connection.
|
|
.IP \fBsmtp_break_lines\fR
|
|
Break lines > \fB$line_length_limit\fR into multiple shorter lines.
|
|
Some SMTP servers misbehave on long lines.
|
|
.IP \fBsmtp_skip_4xx_greeting\fR
|
|
Skip servers that greet us with a 4xx status code.
|
|
.IP \fBsmtp_skip_5xx_greeting\fR
|
|
Skip servers that greet us with a 5xx status code.
|
|
.IP \fBsmtp_skip_quit_response\fR
|
|
Do not wait for the server response after sending QUIT.
|
|
.IP \fBsmtp_pix_workaround_delay_time\fR
|
|
The time to pause before sending .<CR><LF>, while working
|
|
around the CISCO PIX firewall <CR><LF>.<CR><LF> bug.
|
|
.IP \fBsmtp_pix_workaround_threshold_time\fR
|
|
The time a message must be queued before the CISCO PIX firewall
|
|
<CR><LF>.<CR><LF> bug workaround is turned on.
|
|
.SH "Authentication controls"
|
|
.IP \fBsmtp_enable_sasl_auth\fR
|
|
Enable per-session authentication as per RFC 2554 (SASL).
|
|
By default, Postfix is built without SASL support.
|
|
.IP \fBsmtp_sasl_password_maps\fR
|
|
Lookup tables with per-host or domain \fIname\fR:\fIpassword\fR entries.
|
|
No entry for a host means no attempt to authenticate.
|
|
.IP \fBsmtp_sasl_security_options\fR
|
|
Zero or more of the following.
|
|
.RS
|
|
.IP \fBnoplaintext\fR
|
|
Disallow authentication methods that use plaintext passwords.
|
|
.IP \fBnoactive\fR
|
|
Disallow authentication methods that are vulnerable to non-dictionary
|
|
active attacks.
|
|
.IP \fBnodictionary\fR
|
|
Disallow authentication methods that are vulnerable to passive
|
|
dictionary attack.
|
|
.IP \fBnoanonymous\fR
|
|
Disallow anonymous logins.
|
|
.RE
|
|
.SH "Resource controls"
|
|
.ad
|
|
.fi
|
|
.IP \fBsmtp_destination_concurrency_limit\fR
|
|
Limit the number of parallel deliveries to the same destination.
|
|
The default limit is taken from the
|
|
\fBdefault_destination_concurrency_limit\fR parameter.
|
|
.IP \fBsmtp_destination_recipient_limit\fR
|
|
Limit the number of recipients per message delivery.
|
|
The default limit is taken from the
|
|
\fBdefault_destination_recipient_limit\fR parameter.
|
|
.SH "Timeout controls"
|
|
.ad
|
|
.fi
|
|
.PP
|
|
The default time unit is seconds; an explicit time unit can
|
|
be specified by appending a one-letter suffix to the value:
|
|
s (seconds), m (minutes), h (hours), d (days) or w (weeks).
|
|
.IP \fBsmtp_connect_timeout\fR
|
|
Timeout for completing a TCP connection. When no
|
|
connection can be made within the deadline, the SMTP client
|
|
tries the next address on the mail exchanger list.
|
|
.IP \fBsmtp_helo_timeout\fR
|
|
Timeout for receiving the SMTP greeting banner.
|
|
When the server drops the connection without sending a
|
|
greeting banner, or when it sends no greeting banner within the
|
|
deadline, the SMTP client tries the next address on the mail
|
|
exchanger list.
|
|
.IP \fBsmtp_helo_timeout\fR
|
|
Timeout for sending the \fBHELO\fR command, and for
|
|
receiving the server response.
|
|
.IP \fBsmtp_mail_timeout\fR
|
|
Timeout for sending the \fBMAIL FROM\fR command, and for
|
|
receiving the server response.
|
|
.IP \fBsmtp_rcpt_timeout\fR
|
|
Timeout for sending the \fBRCPT TO\fR command, and for
|
|
receiving the server response.
|
|
.IP \fBsmtp_data_init_timeout\fR
|
|
Timeout for sending the \fBDATA\fR command, and for
|
|
receiving the server response.
|
|
.IP \fBsmtp_data_xfer_timeout\fR
|
|
Timeout for sending the message content.
|
|
.IP \fBsmtp_data_done_timeout\fR
|
|
Timeout for sending the "\fB.\fR" command, and for
|
|
receiving the server response. When no response is received, a
|
|
warning is logged that the mail may be delivered multiple times.
|
|
.IP \fBsmtp_quit_timeout\fR
|
|
Timeout for sending the \fBQUIT\fR command, and for
|
|
receiving the server response.
|
|
.SH SEE ALSO
|
|
.na
|
|
.nf
|
|
bounce(8) non-delivery status reports
|
|
master(8) process manager
|
|
qmgr(8) queue manager
|
|
syslogd(8) system logging
|
|
.SH LICENSE
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The Secure Mailer license must be distributed with this software.
|
|
.SH AUTHOR(S)
|
|
.na
|
|
.nf
|
|
Wietse Venema
|
|
IBM T.J. Watson Research
|
|
P.O. Box 704
|
|
Yorktown Heights, NY 10598, USA
|