NetBSD/gnu/dist/postfix/html/uce.html

<html>

<head>

<title> Postfix Configuration - UCE Controls</title>

</head>

<body>

<h1><a href="big-picture.html"><img src="small-picture.gif" width="115" height="45"></a>
Postfix Configuration - UCE Controls</h1>

<hr>

<a href="index.html">Up one level</a> | <a href="basic.html">Basic
Configuration</a> | UCE Controls | <a href="rate.html">Rate
Controls</a> | <a href="resource.html">Resource Controls</a> | <a
href="rewrite.html">Address Manipulation </a>

<h2> Introduction</h2>

Postfix offers a variety of parameters that limit the delivery of
unsolicited commercial email (UCE).

<p>

By default, the Postfix <a href="smtpd.8.html">SMTP server</a> will
accept mail only from or to the local network or domain, or to
domains that are hosted by Postfix, so that your system can't be
used as a mail relay to forward bulk mail from random strangers.

<p>

The text in this document describes how you can set up more detailed
anti-UCE policies that prevent delivery of unwanted email altogether,
for example with sendmail-style <b>access</b> lists or with <b>RBL</b>
(real-time blackhole list) name servers.

<p> Unless indicated otherwise, all parameters described here are
in the <b>main.cf</b> file. If you change parameters of a running
Postfix system, don't forget to issue a <b>postfix reload</b>
command.

<ul>

<li> <a href="#header_checks">Header filtering</a>

<p>

<li> <a href="#body_checks">Body filtering</a>

<p>

<li> <a href="#smtpd_client_restrictions">Client hostname/address
restrictions</a>

<p>

<li> <a href="#smtpd_helo_required">Require HELO (EHLO) command </a>

<p>

<li> <a href="#smtpd_helo_restrictions">HELO (EHLO) hostname
restrictions</a>

<p>

<li> <a href="#strict_rfc821_envelopes">Require strict RFC 821-style
envelope addresses </a>

<p>

<li> <a href="#smtpd_sender_restrictions">Sender address restrictions
</a>

<p>

<li> <a href="#smtpd_recipient_restrictions">Recipient address
restrictions</a>

<p>

<li> <a href="#smtpd_etrn_restrictions">ETRN command restrictions</a>

<p>

<li> <a href="#generic">Generic restrictions</a>

<p>

<li> <a href="#additional">Additional UCE control parameters</a>

</ul>

<a name="header_checks">

<h2> Header filtering</h2>

The <b>header_checks</b> parameter restricts what is allowed in
message headers. Patterns are applied to entire logical message
headers, even when a header spans multiple lines of text. 

<p>

By default, the same <b>header_checks</b> patterns are used for
primary message headers, for MIME headers (including headers at
the start of multipart body parts), and for the headers at the
beginning of attached email messages.

<p>

<dl>

<dt>Default:

<dd>Allow anything in message headers.

<p>

<dt>Syntax:

<dd>Specify a list of zero or more lookup tables. Whenever a header
matches a table, the action depends on the lookup result:

<p>

<dl>

<dt>REJECT <dd>

<dt>REJECT text... <dd>

Reject the message, log the header and the optional text,
and send the optional text to the originator.

<dt>IGNORE <dd> Delete the header from the message.

<dt>WARN <dd>

<dt>WARN text... <dd> 

Log (but do not reject) the header with a warning, and log the
optional text.

<dt>HOLD <dd>

<dt>HOLD text... <dd>

Place the message on the <b>hold</b> queue. Mail on hold can be
inspected with the <a href="postcat.1.html">postcat</a> command,
and can be destroyed or taken off hold with the <a
href="postsuper.1.html">postsuper</a> command.  
The optional text is logged together with the matched text.

<dt>DISCARD <dd> 

<dt>DISCARD text... <dd>

Claim successful delivery and silently discard the message.
The optional text is logged together with the matched text.

<dt>FILTER <i>transport</i>:<i>nexthop</i> <dd>
After the message is queued, send the entire message through
a content filter. This requires different cleanup servers
before and after the filter, with header/body checks turned
off in the second cleanup server. More details about content
filtering are in the Postfix FILTER_README file. This feature
overrides the main.cf <b>content_filter</b> setting.

</dl>

<p>

<i>At present, specifying a header pattern with OK serves no useful
purpose. A rule ending in OK affects only the header being matched.
The next header may still result in a REJECT match, causing the
mail still to be rejected.</i>

</dl>

<p>

<dt>Examples (main.cf):

<dd> <b>header_checks = regexp:/etc/postfix/header_checks</b>

<dd> <b>header_checks = pcre:/etc/postfix/header_checks</b>

<p>

<dt>Example (header_checks):

<dd> <tt>/^to: *friend@public\.com$/ REJECT</tt>

<p>

<a name="body_checks">

<h2> Body filtering</h2>

The <b>body_checks</b> parameter restricts what text is
is allowed in message body lines.

<p>

Note: the message body is matched one line at a time.
There is no multi-line concept as with message headers.

<p>

<dl>

<dt>Default:

<dd>Allow anything in message body lines.

<p>

<dt>Syntax:

<dd>Specify a list of zero or more lookup tables. Whenever a body
line matches a table, the action depends on the lookup result:

<p>

<dl>

<dt>REJECT <dd>

<dt>REJECT text... <dd>

Reject the message, log the body line and the optional text,
and send the optional text to the originator.

<dt>WARN <dd>

<dt>WARN text... <dd> 

Log (but do not reject) the body line with a warning, and log the
optional text.

<dt>IGNORE <dd> Delete the matched line from the message.

<dt>HOLD <dd> 

<dt>HOLD text... <dd>

Place the message on the <b>hold</b> queue. Mail on hold can be
inspected with the <a href="postcat.1.html">postcat</a> command,
and can be destroyed or taken off hold with the <a
href="postsuper.1.html">postsuper</a> command.
The optional text is logged together with the matched text.

<dt>DISCARD <dd> 

<dt>DISCARD text... <dd> 

Claim successful delivery and silently discard the message.
The optional text is logged together with the matched text.

<dt>FILTER <i>transport</i>:<i>nexthop</i> <dd>
After the message is queued, send the entire message through
a content filter. This requires different cleanup servers
before and after the filter, with header/body checks turned
off in the second cleanup server. More details about content
filtering are in the Postfix FILTER_README file. This feature
overrides the main.cf <b>content_filter</b> setting.

</dl>

<p>

<i>At present, specifying a pattern with OK serves no useful
purpose. A rule ending in OK affects only the line being matched.
The next line may still result in a REJECT match, causing the
mail still to be rejected.</i>

</dl>

<p>

<dt>Examples (main.cf):

<dd> <b>body_checks = regexp:/etc/postfix/body_checks</b>

<dd> <b>body_checks = pcre:/etc/postfix/body_checks</b>

<p>

<a name="smtpd_client_restrictions">

<h2> Client hostname/address restrictions</h2>

The <b>smtpd_client_restrictions</b> parameter restricts what
clients this system accepts SMTP connections from.

<p>

By default, this restriction is applied when the client sends the
RCPT TO command. In order to have the restriction take effect
as soon as possible, specify <b>smtpd_delay_reject = no</b> in
the Postfix <b>main.cf</b> configuration file. Doing so may cause
unexpected results with poorly implemented client software.

<p>

<dl>

<dt>Default:

<dd><b>smtpd_client_restrictions =</b>

<p>

<dd>Allow SMTP connections from any client.

<p>

<dt>Syntax:

<dd>Specify a list of zero or more restrictions, separated by
whitespace or commas. Restrictions are applied in the order as
specified; the first restriction that matches wins.

<p>

In addition to restrictions that are specific to the client hostname
or IP address, you may list here any restrictions based on the
information passed with the <a href="#smtpd_helo_restrictions">
HELO/EHLO command</a>, on the <a href="#smtpd_sender_restrictions">
sender address </a> or on the <a href="#smtpd_recipient_restrictions">
recipient address</a>.  The HELO/EHLO, sender or recipient restrictions
take effect only if <b>smtpd_delay_reject = yes</b> so that all
restrictions are evaluated after the RCPT TO command.

<p>

<dt>Examples:

<dd> <b>smtpd_client_restrictions = hash:/etc/postfix/access,
reject_rbl_client relays.mail-abuse.org</b> (paid service)

<dd> <b>smtpd_client_restrictions = hash:/etc/postfix/access,
reject_rbl_client relays.ordb.org</b> (free service)

<dd> <b>smtpd_client_restrictions = hash:/etc/postfix/access,
reject_rhsbl_client dsn.rfc-ignorant.org</b> (free service)

<dd> <b>smtpd_client_restrictions = permit_mynetworks,
reject_unknown_client</b>

<p>

<dt> Restrictions:

<p>

<dl>

<a name="reject_unknown_client">

<dt> <b>reject_unknown_client</b> <dd> Reject the request when the
client IP address has no PTR (address to name) record in the DNS,
or when the PTR record does not have a matching A (name to address)
record.  The <b>unknown_client_reject_code</b> parameter specifies
the response code to rejected requests (default:  <b>450</b>).

<p>

<a name="permit_mynetworks">

<dt> <b>permit_mynetworks</b> <dd> Permit the request when the
client IP address matches any network listed in <a
href="basic.html#mynetworks"> $mynetworks</a>.

<p>

<a name="reject_rbl_client">

<dt> <b>reject_rbl_client</b> <i>domain.tld</i> <dd> Reject the
request when the reversed client network address is listed with an
A record under <i>domain.tld</i>.  

The <b> maps_rbl_reject_code</b> parameter specifies the response
code for rejected requests (default:  <b>554</b>), the <b><a
href="#default_rbl_reply"> default_rbl_reply </a></b> parameter
specifies the default server reply, and the <b><a href="#rbl_reply_maps">
rbl_reply_maps </a></b> parameter specifies tables with server replies
indexed by RBL domain.

<p>

<a name="reject_rhsbl_client">

<dt> <b>reject_rhsbl_client</b> <i>domain.tld</i> <dd> Reject the
request when the client hostname is listed with an A record under
<i>domain.tld</i>.  See above for additional RBL related configuration
parameters.

<p>

<a name="check_client_access">

<dt> <b>check_client_access</b> <i>maptype</i>:<i>mapname</i>

<dt> <i>maptype</i>:<i>mapname</i> <dd> Search the named <a
href="access.5.html">access database</a> for the client hostname, parent
domains, client IP address, or networks obtained by stripping least
significant octets.  

<p>

<dt> <b><a href="#permit">permit</a></b>

<dt> <b><a href="#defer">defer</a></b>

<dt> <b><a href="#reject">reject</a></b>

<dt> <b><a href="#warn_if_reject">warn_if_reject</a></b>

<dt> <b><a href="#reject_unauth_pipelining">reject_unauth_pipelining</a></b>

<dd> See generic restrictions.

</dl>

</dl>

<a name="smtpd_helo_required">

<h2> Require HELO (EHLO) command</h2>

The <b>smtpd_helo_required</b> parameter determines if clients must
send a <b>HELO</b> (or <b>EHLO</b>) command at the beginning of an
SMTP session.  Requiring this will stop some UCE software.

<p>

<dl>

<dt>Default:

<dd><b>smtpd_helo_required = no</b>

<p>

<dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
does not require the use of <b>HELO</b> (<b>EHLO</b>).

<p>

<dt>Syntax:

<dd>Specify <b>yes</b> or <b>no</b>.

<p>

<dt>Example:

<dd> <b>smtpd_helo_required = yes</b>

</dl>

<a name="smtpd_helo_restrictions">

<h2> HELO (EHLO) hostname restrictions</h2>

The <b>smtpd_helo_restrictions</b> parameter restricts what hostnames
clients may send with the <b>HELO</b> (<b>EHLO</b>) command.  Some
UCE software can be stopped by being strict here.

<p>

By default, this restriction is applied when the client sends the
RCPT TO command. In order to have the restriction take effect
as soon as possible, specify <b>smtpd_delay_reject = no</b> in
the Postfix <b>main.cf</b> configuration file. Doing so may cause
unexpected results with poorly implemented client software.

<dl>

<dt>Default:

<dd><b>smtpd_helo_restrictions =</b>

<p>

<dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
accepts any garbage in the <b>HELO</b> (<b>EHLO</b>) command. There
is a lot of broken or misconfigured software on the Internet.

<p>

<dt>Syntax:

<dd>Specify a list of zero or more restrictions, separated by
whitespace or commas.  Restrictions are applied in the order as
specified; the first restriction that matches wins.

<p>

In addition to restrictions that are specific to HELO (EHLO) command
parameters, you may list here any restrictions on the <a
href="#smtpd_client_restrictions"> client hostname </a>, <a
href="#smtpd_client_restrictions"> client address </a>, <a
href="#smtpd_sender_restrictions"> sender address </a> or <a
href="#smtpd_recipient_restrictions"> recipient address</a>.  The
sender or recipient restrictions take effect only if <b>smtpd_delay_reject
= yes</b> so that all restrictions are evaluated after the RCPT TO
command.

<p>

<dt>Example:

<dd> <b>smtpd_helo_restrictions = permit_mynetworks,
reject_invalid_hostname</b>

<p>

<dt> Restrictions:

<p>

<dl>

<a name="reject_invalid_hostname">

<dt> <b>reject_invalid_hostname</b> <dd> Reject the request when
the client HELO or EHLO parameter has a bad hostname syntax. The
<b>invalid_hostname_reject_code</b> specifies the response code to
rejected requests (default:  501).

<p>

<a name="reject_unknown_hostname">

<dt> <b>reject_unknown_hostname</b> <dd> Reject the request when
the hostname in the client HELO (EHLO) command has no DNS A or MX
record. The <b>unknown_hostname_reject_code</b> specifies the
response code to rejected requests (default:  <b>450</b>).

<p>

<a name="reject_non_fqdn_hostname">

<dt> <b>reject_non_fqdn_hostname</b> <dd> Reject the request when
the hostname in the client HELO (EHLO) command is not in fully-qualified
domain form, as required by the RFC. The <b>non_fqdn_reject_code</b>
specifies the response code to rejected requests (default:
<b>504</b>).

<p>

<a name="check_helo_access">

<dt> <b>check_helo_access</b> <i>maptype</i>:<i>mapname</i>

<dt> <i>maptype</i>:<i>mapname</i> <dd> Search the named <a
href="access.5.html">access database</a> for the <b>HELO</b> hostname
or parent domains.

<p>

<dt> <b><a href="#permit">permit</a></b>

<dt> <b><a href="#defer">defer</a></b>

<dt> <b><a href="#reject">reject</a></b>

<dt> <b><a href="#warn_if_reject">warn_if_reject</a></b>

<dt> <b><a href="#reject_unauth_pipelining">reject_unauth_pipelining</a></b>

<dd> See generic restrictions.

</dl>

</dl>

<a name="strict_rfc821_envelopes">

<h2> Require strict RFC 821-style envelope addresses </h2>

The <b>strict_rfc821_envelopes</b> parameter controls how tolerant
Postfix is with respect to addresses given in MAIL FROM or RCPT TO
commands. Unfortunately, the widely-used Sendmail program tolerates
lots of non-standard behavior, so a lot of software expects to get
away with it.  Being strict to the RFC not only stops unwanted
mail, it also blocks legitimate mail from poorly-written mail
applications.

<p>

<dl>

<dt> Default:

<dd><b>strict_rfc821_envelopes = no</b>

<p>

<dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
accepts any address form that it can make sense of, including
address forms that contain RFC 822-style comments, or addresses
not enclosed in &lt;&gt;. There is a lot of broken or misconfigured
software out there on the Internet.

<p>

<dt> Example:

<dd><b>strict_rfc821_envelopes = yes</b>

</dl>

<a name="smtpd_sender_restrictions">

<h2> Sender address restrictions</h2>

The <b>smtpd_sender_restrictions</b> parameter restricts what sender
addresses this system accepts in MAIL FROM commands.

<p>

By default, this restriction is applied when the client sends the
RCPT TO command. In order to have the restriction take effect
as soon as possible, specify <b>smtpd_delay_reject = no</b> in
the Postfix <b>main.cf</b> configuration file. Doing so may cause
unexpected results with poorly implemented client software.

<p>

<dl>

<dt> Default:

<dd><b>smtpd_sender_restrictions =</b>

<p>

<dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
accepts any sender address.

<p>

<dt>Syntax:

<dd>Specify a list of zero or more restrictions, separated by
whitespace or commas. Restrictions are applied in the order as
specified; the first restriction that matches wins.

<p>

In addition to restrictions that are specific to sender mail
addresses, you can also specify restrictions based on the information
passed with the <a href="#smtpd_helo_restrictions"> HELO/EHLO
command </a>, on the <a href="#smtpd_client_restrictions"> client
hostname </a> or <a href="#smtpd_client_restrictions"> network
address </a>, or on the <a href="#smtpd_recipient_restrictions">
recipient address </a>.  The recipient restrictions take effect
only if <b>smtpd_delay_reject = yes</b> so that all restrictions
are evaluated after the RCPT TO command.

<p>

<dt> Example:

<dd> <b>smtpd_sender_restrictions = hash:/etc/postfix/access,
reject_unknown_sender_domain</b>

<p>

<dt> Restrictions:

<dl compact>

<a name="reject_unknown_sender_domain">

<dt> <b>reject_unknown_sender_domain</b> <dd> Reject the request
when the sender mail address has no DNS A or MX record. The
<b>unknown_address_reject_code </b> parameter specifies the response
code for rejected requests (default:  <b>450</b>).  The response
is always <b>450</b> in case of a temporary DNS error.

<p>

<a name="reject_rhsbl_sender">

<dt> <b>reject_rhsbl_sender</b> <i>domain.tld</i> <dd> Reject the
request when the sender mail address domain is listed with an A
record under <i>domain.tld</i>.

The <b> maps_rbl_reject_code</b> parameter specifies the response
code for rejected requests (default:  <b>554</b>), the <b><a
href="#default_rbl_reply"> default_rbl_reply </a></b> parameter
specifies the default server reply, and the <b><a href="#rbl_reply_maps">
rbl_reply_maps </a></b> parameter specifies tables with server replies
indexed by RBL domain.
<p>

<a name="check_sender_access">

<dt> <b>check_sender_access</b> <i>maptype</i>:<i>mapname</i>

<dt> <i>maptype</i>:<i>mapname</i> <dd> Search the named <a
href="access.5.html">access database</a> for the sender mail address,
sender domain and parent domain, or <i>localpart</i>@. 

<p>

<a name="reject_non_fqdn_sender">

<dt> <b>reject_non_fqdn_sender</b> <dd> Reject the request when
the address in the client MAIL FROM command is not in fully-qualified
domain form. The <b>non_fqdn_reject_code</b> specifies the
response code to rejected requests (default:  <b>504</b>).

<p>

<a name="reject_sender_login_mismatch">

<dt> <b>reject_sender_login_mismatch</b>

<dd> Reject the request when <a href="#smtpd_sender_login_maps">
$smtpd_sender_owner_maps</a> specifies an owner for the MAIL FROM
address, but the client is not (SASL) logged in as that MAIL FROM
address owner; or when the client is (SASL) logged in, but the
client login name doesn't own the MAIL FROM address according to
<a href="#smtpd_sender_login_maps"> $smtpd_sender_login_maps</a>.

<p>

<dt> <b><a href="#permit">permit</a></b>

<dt> <b><a href="#defer">defer</a></b>

<dt> <b><a href="#reject">reject</a></b>

<dt> <b><a href="#warn_if_reject">warn_if_reject</a></b>

<dt> <b><a href="#reject_unauth_pipelining">reject_unauth_pipelining</a></b>

<dd> See generic restrictions.

</dl>

</dl>

<a name="smtpd_recipient_restrictions">

<h2> Recipient address restrictions</h2>

The <b>smtpd_recipient_restrictions</b> parameter restricts what
recipient addresses this system accepts in RCPT TO commands.

<dl>

<dt>Default: 

<dd><b>smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination</b>

<p>

<dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
relays mail:

<p>

<ul>

<li>from trusted clients whose IP address matches <a
href="basic.html#mynetworks">$mynetworks</a> to any destination,

<li>from untrusted clients to destinations that match <a
href="#relay_domains"> $relay_domains</a> or a subdomain thereof,
except for addresses that contain sender-specified routing
(<i>user@elsewhere@domain</i>).

</ul>

<p>

In addition to the above, the Postfix <a href="smtpd.8.html">SMTP
server</a> by default accepts mail for which Postfix is the final
destination:

<p>

<ul>

<li>to destinations that match <a
href="basic.html#inet_interfaces">$inet_interfaces</a>,

<li>to destinations that match <a
href="basic.html#mydestination">$mydestination</a>,

<li>to destinations that match <a href="virtual.5.html">$virtual_alias_domains</a>,

<li>to destinations that match <a
href="virtual.8.html">$virtual_mailbox_domains</a>.

</ul>

<p>

<dt>Syntax:

<dd>Specify a list of zero or more restrictions, separated by
whitespace or commas. Restrictions are applied in the order as
specified; the first restriction that matches wins.

<p>

In addition to restrictions that are specific to recipient mail
addresses, you can also specify restrictions based on the <a
href="#smtpd_sender_restrictions"> sender mail address</a>, on the
information passed with the <a href="#smtpd_helo_restrictions">
HELO/EHLO command </a>, and on the <a href="#smtpd_client_restrictions">
client hostname </a> or <a href="#smtpd_client_restrictions">
network address </a>.

<p>

<dt> Example:

<dd> <b>smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination</b>

<p>

<dd><i>Note: you must specify at least one of the following
restrictions: </i><b>reject</b>, <b>defer</b>, <b>defer_if_permit</b>,
<i>or</i> <b>reject_unauth_destination</b>. <i>Postfix will refuse
to receive mail otherwise. </i>

<p>

<dt> Restrictions:

<dl>

<a name="permit_auth_destination">

<dt> <b>permit_auth_destination</b> <dd> 
Permit the request when one of the following is true:

<ul>

<li>the resolved destination address matches <a
href="#relay_domains">$relay_domains</a> or a subdomain thereof,
and the address contains no sender-specified routing
(<i>user@elsewhere@domain</i>),

<li>Postfix is the final destination:  any destination that matches
<a href="basic.html#mydestination">$mydestination</a>, <a
href="basic.html#inet_interfaces">$inet_interfaces</a>, <a
href="virtual.5.html">$virtual_alias_domains</a>, or
href="virtual.8.html">$virtual_mailbox_domains</a>.

</ul>

<p>

<a name="reject_unauth_destination">

<dt> <b>reject_unauth_destination</b> <dd> 
Reject the request unless one of the following is true:

<ul>

<li>the resolved destination address matches <a
href="#relay_domains">$relay_domains</a> or a subdomain thereof,
and the address contains no sender-specified routing
(<i>user@elsewhere@domain</i>),

<li>Postfix is the final destination:  any destination that matches
<a href="basic.html#mydestination">$mydestination</a>, <a
href="basic.html#inet_interfaces">$inet_interfaces</a>, <a
href="virtual.5.html">$virtual_alias_domains</a>, or <a
href="virtual.8.html">$virtual_mailbox_domains</a>.

</ul>

The <b>relay_domains_reject_code</b> parameter specifies the response
code for rejected requests (default:  <b>554</b>).

<p>

<a name="permit_mx_backup">

<dt> <b>permit_mx_backup</b> <dd> Permit the request when the local
mail system is MX host for the resolved destination. 
This includes the case that the local mail system is the final
destination.  However, the SMTP server will not forward mail with
addresses that have sender-specified routing information (example:
<i>user@elsewhere@domain</i>),

<p>

Use the optional <a href="#permit_mx_backup_networks">
permit_mx_backup_networks</a> parameter to also require that the
primary MX hosts match a list of network blocks.

<p>

Relevant configuration parameters:  <a
href="#permit_mx_backup_networks">permit_mx_backup_networks</a>,
<a href="basic.html#mydestination"> $mydestination</a>, <a
href="basic.html#inet_interfaces"> $inet_interfaces</a>.

<p>

<dt> <b>check_recipient_access</b> <i>maptype</i>:<i>mapname</i>

<dt> <i>maptype</i>:<i>mapname</i> <dd> Search the named <a
href="access.5.html">access database</a> for the resolved destination
address, recipient domain or parent domain, or <i>localpart</i>@. 

<p>

<a name="check_recipient_maps">

<dt> <b>check_recipient_maps</b> <dd> Reject the request
when the recipient address is not listed in one of the following
lookup tables:

<blockquote>

<table border="1">

<tr><th>Recipient domain matches <th>Recipient lookup table 

<tr><td><a href="basic.html#mydestination"> $mydestination</a> or
<a href="basic.html#inet_interfaces">$inet_interfaces</a> 
<td>$local_recipient_maps

<tr><td>$virtual_alias_domains <td>$virtual_alias_maps 

<tr><td>$virtual_mailbox_domains <td>$virtual_mailbox_maps 

<tr><td>$relay_domains <td>$relay_recipient_maps 

</table>

</blockquote>

Note 1: a null $local_recipient_maps or $relay_recipient_maps setting
means that no recipient check is done for the corresponding domains.

<p>

Note 2: Postfix applies an implicit <b>check_recipient_maps</b>
restriction at the end of all recipient restrictions.

<p>

<a name="reject_unknown_recipient_domain">

<dt> <b>reject_unknown_recipient_domain</b> <dd> Reject the request
when the recipient mail address has no DNS A or MX record. The
<b>unknown_address_reject_code </b> parameter specifies the response
code for rejected requests (default:  <b>450</b>).  The response
is always <b>450</b> in case of a temporary DNS error.

<p>

<a name="reject_rhsbl_recipient">

<dt> <b>reject_rhsbl_recipient</b> <i>domain.tld</i> <dd> Reject the
request when the recipient mail address domain is listed with an A
record under <i>domain.tld</i>.

The <b> maps_rbl_reject_code</b> parameter specifies the response
code for rejected requests (default:  <b>554</b>), the <b><a
href="#default_rbl_reply"> default_rbl_reply </a></b> parameter
specifies the default server reply, and the <b><a href="#rbl_reply_maps">
rbl_reply_maps </a></b> parameter specifies tables with server replies
indexed by RBL domain.

<p>

<a name="reject_non_fqdn_recipient">

<dt> <b>reject_non_fqdn_recipient</b> <dd> Reject the request when
the address in the client RCPT TO command is not in fully-qualified
domain form. The <b>non_fqdn_reject_code</b> specifies the
response code to rejected requests (default:  <b>504</b>).

<p>

<dt> <b><a href="#permit">permit</a></b>

<dt> <b><a href="#defer">defer</a></b>

<dt> <b><a href="#reject">reject</a></b>

<dt> <b><a href="#warn_if_reject">warn_if_reject</a></b>

<dt> <b><a href="#reject_unauth_pipelining">reject_unauth_pipelining</a></b>

<dd> See generic restrictions.

</dl>

</dl>

<a name="smtpd_etrn_restrictions">

<h2> ETRN command restrictions</h2>

Not really an UCE restriction, the <b>smtpd_etrn_restrictions</b>
parameter restricts what domains can be specified in ETRN commands,
and what clients can issue ETRN commands.

<dl>

<dt>Default:

<dd><b>smtpd_etrn_restrictions =</b>

<p>

<dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
accepts any ETRN command from any client.

<p>

<dt>Syntax:

<dd>Specify a list of zero or more restrictions, separated by
whitespace or commas. Restrictions are applied in the order as
specified; the first restriction that matches wins.

<p>

In addition to restrictions that are specific to ETRN domain names,
you can also specify restrictions based on the information passed
with the <a href="#smtpd_helo_restrictions"> HELO/EHLO command
</a>, and on the <a href="#smtpd_client_restrictions"> client
hostname </a> or <a href="#smtpd_client_restrictions"> network
address </a>.

<p>

<dt> Example:

<dd> <b>smtpd_etrn_restrictions = permit_mynetworks,
hash:/etc/postfix/etrn_access, reject</b>

<p>

<dt> Restrictions:

<dl>

<a name="check_etrn_access">

<dt> <b>check_etrn_access</b> <i>maptype</i>:<i>mapname</i>

<dt> <i>maptype</i>:<i>mapname</i> <dd> Search the named <a
href="access.5.html">access database</a> for the domain specified
in the ETRN command, or its parent domains. Reject the request if
the result is <b>REJECT</b> <i>text...</i> or "[<b>45</b>]<i>XX
text</i>".  Permit
the request if the result is <b>OK</b> or <b>RELAY</b> or
all-numerical. Otherwise, treat the result as another list of UCE
restrictions.  The <b>access_map_reject_code </b> parameter specifies
the result code for rejected requests (default: <b>554</b>).

<p>

<dt> <b><a href="#permit">permit</a></b>

<dt> <b><a href="#defer">defer</a></b>

<dt> <b><a href="#reject">reject</a></b>

<dt> <b><a href="#warn_if_reject">warn_if_reject</a></b>

<dt> <b><a href="#reject_unauth_pipelining">reject_unauth_pipelining</a></b>

<dd> See generic restrictions.

</dl>

</dl>

<a name="generic">

<h2> Generic restrictions</h2>

The following restrictions can use used for client hostnames or
addresses, for HELO (EHLO) hostnames, for sender mail addresses
and for recipient mail addresses.

<dl>

Restrictions:

<p>

<dl>

<a name="permit">

<dt> <b>permit</b> <dd> Permit the request. This restriction
is useful at the end of a restriction list, to make the default
policy explicit. 

<p>

<a name="defer">

<dt> <b>defer</b> <dd> Defer the request. The client is told to
try again later. This restriction is useful at the end of a
restriction list, to make the default policy explicit.

<p>

<a name="reject">

<dt> <b>reject</b> <dd> Reject the request. This restriction
is useful at the end of a restriction list, to make the default
policy explicit. The <b>reject_code</b> configuration parameter
specifies the response code to rejected requests (default:
<b>554</b>).

<p>

<a name="warn_if_reject">

<dt> <b>warn_if_reject</b>
<dd> Change the meaning of the next restriction, so that it logs
a warning instead of rejecting a request (look for logfile records
that contain "reject_warning").  This is useful for testing new
restrictions in a "live" environment without risking unnecessary
loss of mail.

<p>

<a name="reject_unauth_pipelining">

<dt> <b>reject_unauth_pipelining</b> <dd> Reject the request when
the client sends SMTP commands ahead of time without knowing that
Postfix actually supports SMTP command pipelining.  This stops mail
from bulk mail software that improperly uses SMTP command pipelining
to speed up deliveries.

</dl>

</dl>

<a name="additional">

<h2> Additional UCE control parameters</h2>

<dl>

<a name="default_rbl_reply">

<dt> <b>default_rbl_reply</b>

<dd>The default reply template that is used when an SMTP client
request is blocked by a <b>reject_rbl</b> or <b>reject_rhsbl</b>
restriction.  The reply template is subjected to exactly one level
of $name macro substitution as described below. The
<b>smtpd_expansion_filter</b> configuration parameter specifies
the set of characters that are allowed in $name macro expansions.
Characters outside the allowed set are replaced by "_".

<p>

<dl>

<dt>Default:

<dd><b> default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} </b>

<p>

Instead of the form $<i>name</i> you can also specify ${<i>name</i>}
or $(<i>name</i>).

<p>

<dt>Macro expansion syntax:

<dl>

<dt> $client <dd>  The client hostname and IP address, formatted as
<i>name</i>[<i>address</i>].

<dt> $client_name <dd>  The client hostname, or <b>unknown</b>.

<dt> $client_address <dd>  The client IP address.

<dt> $helo_name <dd>  The hostname given in the HELO or EHLO command,
or the empty string when no HELO or EHLO command was given.

<dt> $sender <dd>  The sender address, or <> in case of the null
address.

<dt> $sender_name <dd>  The sender address localpart, or <> in case
of the null address.

<dt> $sender_domain <dd>  The sender address domain, or the empty
string when no domain is available.

<dt> $recipient <dd>  The recipient address, or <> in case of the
null address.

<dt> $recipient_name <dd>  The recipient address localpart, or <>
in case of the null address.

<dt> $recipient_domain <dd>  The recipient address domain, or the
empty string when no domain is available.

<dt> $rbl_what <dd>  The blacklisted entity: an IP address, a
hostname, a domain name, or an email address whose domain is
blacklisted.

<dt> $rbl_domain <dd>  The RBL domain where $rbl_what is blacklisted
with an A record.

<dt> $rbl_reason <dd>  The reason why $rbl_what is blacklisted, or
the empty string when no information is available.

<dt> $rbl_class <dd>  The blacklisted entity type: Client host,
Helo command, Sender address, or Recipient address.

<dt> $rbl_code <dd>  The numerical server reply code, as specified
with the <b>maps_rbl_reject_code</b> configuration parameter
(default: 554).

<dt> All other text <dd> Copied without change, with the exception
of conditional macro expansion as described below.

</dl>

<p>

Conditional macro expansion syntax:

<dl>

<dt> ${<i>name</i>?<i>text</i>} <dd> expands to <i>text</i> if
$<i>name</i> is not empty.

<dt> ${<i>name</i>:<i>text</i>} <dd> expands to <i>text</i> if
$<i>name</i> is empty.

</dl>

</dl>

</dl>

<p>

<dl>

<a name="permit_mx_backup_networks">

<dt> <b>permit_mx_backup_networks</b>

<dd>Restrict the use of the <a href="#permit_mx_backup">
permit_mx_backup</a> relay control feature to destinations whose
primary MX hosts match a list of network blocks.

<p>

<dl>

<dt>Default:

<dd><b>permit_mx_backup_networks = </b>

<p>

That is, all networks are authorized by default.

<p>

<dt>Syntax:

<dd> Specify a list of network
blocks in CIDR (network/mask) notation, for example:

<p>

<dl>

<dd> <b>permit_mx_backup_networks = 168.100.0.0/16</b>

</dl>

<p>

You can also specify the absolute pathname of a pattern file instead
of listing the patterns in the <b>main.cf</b> file.

</dl>

</dl>

<p>

<dl>

<a name="rbl_reply_maps">

<dt> <b>rbl_reply_maps</b>

<dd> This parameter specifies lookup tables with RBL reply templates
indexed by RBL domain name. If no template is found, the
<a href="#default_rbl_reply"> default_rbl_reply </a> template is
used instead.

<p>

<dl>

<dt>Default:

<dd><b>rbl_reply_maps = </b>

<p>

By default, Postfix always uses the <a href="#default_rbl_reply">
default_rbl_reply </a> template.

<p>

<dt>Syntax:

<dd> Specify zero or more <i>type</i>:<i>name</i> lookup tables,
separated by whitespace and/or commas. For the syntax of the
template reply strings, see the <a href="#default_rbl_reply">
default_rbl_reply </a> parameter description.

</dl>

</dl>

<dl>

<a name="relay_domains">

<dt> <b>relay_domains</b>

<dd> This parameter controls the behavior of the <a
href="#reject_unauth_destination"> reject_unauth_destination</a>
and <a href="#permit_auth_destination"> permit_auth_destination</a>
restrictions that can appear as part of a recipient address
restriction list.

<p>

<dl>

<dt>Default:

<dd><b>relay_domains = <a href="basic.html#mydestination">
$mydestination</a></b>

<p>

<dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
relays mail:

<p>

<ul>

<li>from trusted clients whose IP address matches <a
href="basic.html#mynetworks">$mynetworks</a>,

<li>from untrusted clients to destinations that match <a
href="#relay_domains"> $relay_domains</a> or a subdomain thereof,
except for addresses that contain sender-specified routing
(<i>user@elsewhere@domain</i>).

</ul>

<p>

<dt>Syntax:

<dd> Specify zero or more domain names, <i>/file/name</i> patterns
and/or <i>type</i>:<i>name</i> lookup tables, separated by whitespace
and/or commas.  A <i>/file/name</i> is replaced by its contents;
<i>type</i>:<i>name</i> requests that table lookup is done instead
of string comparison.

</dl>

<p>

A host or destination address matches <b>$relay_domains</b> when
its name or parent domain matches any of the names, files or lookup
tables listed in <b>$relay_domains.</b>

</dl>

<dl>

<a name="smtpd_sender_login_maps">

<dt> <b>smtpd_sender_login_maps</b>

<dd>This parameter specifies ownership of MAIL FROM addresses, as
used by the <a href="#reject_sender_login_mismatch">
reject_sender_login_mismatch</a> sender address restriction.

<p>

<dl>

<dt>Default:

<dd><b>smtpd_sender_login_maps = </b>

<p>

<dt>Syntax:

<dd> Specify zero or more type:name lookup tables, separated by
whitespace and/or commas.  The maps are searched in the
specified order. Regexp tables are allowed.

<p>

Each map entry specifies a sender address and the login name that
owns the address. The search order is:

<p>

<dl>

<dt><i>user@domain owner</i>

<dd>This form has the highest precedence.

<p>

<dt><i>user        owner</i>

<dd>This matches <i>user@site</i> when <i>site</i> is equal to <a
href="basic.html#myorigin"> $myorigin</a>, when <i>site</i> is
listed in <a href="basic.html#mydestination"> $mydestination</a>,
or when it is listed in <a href="basic.html#inet_interfaces">
$inet_interfaces</a>.

<p>

<dt><i>@domain     owner</i>

<dd>This matches every address in the specified domain, and has
the lowest precedence.

</dl>

</dl>

</dl>

<hr>

<a href="index.html">Up one level</a> | <a href="basic.html">Basic
Configuration</a> | UCE Controls | <a href="rate.html">Rate
Controls</a> | <a href="resource.html">Resource Controls</a> | <a
href="rewrite.html">Address Manipulation </a>

</body>

</html>