253 lines
8.5 KiB
Groff
253 lines
8.5 KiB
Groff
.TH SMTPD 8
|
|
.ad
|
|
.fi
|
|
.SH NAME
|
|
smtpd
|
|
\-
|
|
Postfix SMTP server
|
|
.SH SYNOPSIS
|
|
.na
|
|
.nf
|
|
\fBsmtpd\fR [generic Postfix daemon options]
|
|
.SH DESCRIPTION
|
|
.ad
|
|
.fi
|
|
The SMTP server accepts network connection requests
|
|
and performs zero or more SMTP transactions per connection.
|
|
Each received message is piped through the \fBcleanup\fR(8)
|
|
daemon, and is placed into the \fBincoming\fR queue as one
|
|
single queue file. For this mode of operation, the program
|
|
expects to be run from the \fBmaster\fR(8) process manager.
|
|
|
|
Alternatively, the SMTP server takes an established
|
|
connection on standard input and deposits messages directly
|
|
into the \fBmaildrop\fR queue. In this so-called stand-alone
|
|
mode, the SMTP server can accept mail even while the mail
|
|
system is not running.
|
|
|
|
The SMTP server implements a variety of policies for connection
|
|
requests, and for parameters given to \fBHELO, ETRN, MAIL FROM, VRFY\fR
|
|
and \fBRCPT TO\fR commands. They are detailed below and in the
|
|
\fBmain.cf\fR configuration file.
|
|
.SH SECURITY
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The SMTP server is moderately security-sensitive. It talks to SMTP
|
|
clients and to DNS servers on the network. The SMTP server can be
|
|
run chrooted at fixed low privilege.
|
|
.SH STANDARDS
|
|
.na
|
|
.nf
|
|
RFC 821 (SMTP protocol)
|
|
RFC 1123 (Host requirements)
|
|
RFC 1651 (SMTP service extensions)
|
|
RFC 1652 (8bit-MIME transport)
|
|
RFC 1854 (SMTP Pipelining)
|
|
RFC 1870 (Message Size Declaration)
|
|
RFC 1985 (ETRN command)
|
|
RFC 2554 (AUTH command)
|
|
.SH DIAGNOSTICS
|
|
.ad
|
|
.fi
|
|
Problems and transactions are logged to \fBsyslogd\fR(8).
|
|
|
|
Depending on the setting of the \fBnotify_classes\fR parameter,
|
|
the postmaster is notified of bounces, protocol problems,
|
|
policy violations, and of other trouble.
|
|
.SH CONFIGURATION PARAMETERS
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The following \fBmain.cf\fR parameters are especially relevant to
|
|
this program. See the Postfix \fBmain.cf\fR file for syntax details
|
|
and for default values. Use the \fBpostfix reload\fR command after
|
|
a configuration change.
|
|
.SH "Compatibility controls"
|
|
.ad
|
|
.fi
|
|
.IP \fBstrict_rfc821_envelopes\fR
|
|
Disallow non-RFC 821 style addresses in envelopes. For example,
|
|
allow RFC822-style address forms with comments, like Sendmail does.
|
|
.IP \fBbroken_sasl_auth_clients\fR
|
|
Support older Microsoft clients that mis-implement the AUTH
|
|
protocol, and that expect an EHLO response of "250 AUTH=list"
|
|
instead of "250 AUTH list".
|
|
.SH "Content inspection controls"
|
|
.IP \fBcontent_filter\fR
|
|
The name of a mail delivery transport that filters mail and that
|
|
either bounces mail or re-injects the result back into Postfix.
|
|
This parameter uses the same syntax as the right-hand side of
|
|
a Postfix transport table.
|
|
.SH "Authentication controls"
|
|
.IP \fBenable_sasl_authentication\fR
|
|
Enable per-session authentication as per RFC 2554 (SASL).
|
|
This functionality is available only when explicitly selected
|
|
at program build time and explicitly enabled at runtime.
|
|
.IP \fBsmtpd_sasl_local_domain\fR
|
|
The name of the local authentication realm.
|
|
.IP \fBsmtpd_sasl_security_options\fR
|
|
Zero or more of the following.
|
|
.RS
|
|
.IP \fBnoplaintext\fR
|
|
Disallow authentication methods that use plaintext passwords.
|
|
.IP \fBnoactive\fR
|
|
Disallow authentication methods that are vulnerable to non-dictionary
|
|
active attacks.
|
|
.IP \fBnodictionary\fR
|
|
Disallow authentication methods that are vulnerable to passive
|
|
dictionary attack.
|
|
.IP \fBnoanonymous\fR
|
|
Disallow anonymous logins.
|
|
.RE
|
|
.SH Miscellaneous
|
|
.ad
|
|
.fi
|
|
.IP \fBalways_bcc\fR
|
|
Address to send a copy of each message that enters the system.
|
|
.IP \fBcommand_directory\fR
|
|
Location of Postfix support commands (default:
|
|
\fB$program_directory\fR).
|
|
.IP \fBdebug_peer_level\fR
|
|
Increment in verbose logging level when a remote host matches a
|
|
pattern in the \fBdebug_peer_list\fR parameter.
|
|
.IP \fBdebug_peer_list\fR
|
|
List of domain or network patterns. When a remote host matches
|
|
a pattern, increase the verbose logging level by the amount
|
|
specified in the \fBdebug_peer_level\fR parameter.
|
|
.IP \fBerror_notice_recipient\fR
|
|
Recipient of protocol/policy/resource/software error notices.
|
|
.IP \fBhopcount_limit\fR
|
|
Limit the number of \fBReceived:\fR message headers.
|
|
.IP \fBlocal_recipient_maps\fR
|
|
List of maps with user names that are local to \fB$myorigin\fR
|
|
or \fB$inet_interfaces\fR. If this parameter is defined,
|
|
then the SMTP server rejects mail for unknown local users.
|
|
.IP \fBnotify_classes\fR
|
|
List of error classes. Of special interest are:
|
|
.RS
|
|
.IP \fBpolicy\fR
|
|
When a client violates any policy, mail a transcript of the
|
|
entire SMTP session to the postmaster.
|
|
.IP \fBprotocol\fR
|
|
When a client violates the SMTP protocol or issues an unimplemented
|
|
command, mail a transcript of the entire SMTP session to the
|
|
postmaster.
|
|
.RE
|
|
.IP \fBsmtpd_banner\fR
|
|
Text that follows the \fB220\fR status code in the SMTP greeting banner.
|
|
.IP \fBsmtpd_recipient_limit\fR
|
|
Restrict the number of recipients that the SMTP server accepts
|
|
per message delivery.
|
|
.IP \fBsmtpd_timeout\fR
|
|
Limit the time to send a server response and to receive a client
|
|
request.
|
|
.IP \fBsoft_bounce\fR
|
|
Change hard (5xx) reject responses into soft (4xx) reject responses.
|
|
This can be useful for testing purposes.
|
|
.SH "Resource controls"
|
|
.ad
|
|
.fi
|
|
.IP \fBline_length_limit\fR
|
|
Limit the amount of memory in bytes used for the handling of
|
|
partial input lines.
|
|
.IP \fBmessage_size_limit\fR
|
|
Limit the total size in bytes of a message, including on-disk
|
|
storage for envelope information.
|
|
.IP \fBqueue_minfree\fR
|
|
Minimal amount of free space in bytes in the queue file system
|
|
for the SMTP server to accept any mail at all.
|
|
.SH Tarpitting
|
|
.ad
|
|
.fi
|
|
.IP \fBsmtpd_error_sleep_time\fR
|
|
Time to wait in seconds before sending a 4xx or 5xx server error
|
|
response.
|
|
.IP \fBsmtpd_soft_error_limit\fR
|
|
When an SMTP client has made this number of errors, wait
|
|
\fIerror_count\fR seconds before responding to any client request.
|
|
.IP \fBsmtpd_hard_error_limit\fR
|
|
Disconnect after a client has made this number of errors.
|
|
.IP \fBsmtpd_junk_command_limit\fR
|
|
Limit the number of times a client can issue a junk command
|
|
such as NOOP, VRFY, ETRN or RSET in one SMTP session before
|
|
it is penalized with tarpit delays.
|
|
.SH "UCE control restrictions"
|
|
.ad
|
|
.fi
|
|
.IP \fBsmtpd_client_restrictions\fR
|
|
Restrict what clients may connect to this mail system.
|
|
.IP \fBsmtpd_helo_required\fR
|
|
Require that clients introduce themselves at the beginning
|
|
of an SMTP session.
|
|
.IP \fBsmtpd_helo_restrictions\fR
|
|
Restrict what client hostnames are allowed in \fBHELO\fR and
|
|
\fBEHLO\fR commands.
|
|
.IP \fBsmtpd_sender_restrictions\fR
|
|
Restrict what sender addresses are allowed in \fBMAIL FROM\fR commands.
|
|
.IP \fBsmtpd_recipient_restrictions\fR
|
|
Restrict what recipient addresses are allowed in \fBRCPT TO\fR commands.
|
|
.IP \fBsmtpd_etrn_restrictions\fR
|
|
Restrict what domain names can be used in \fBETRN\fR commands,
|
|
and what clients may issue \fBETRN\fR commands.
|
|
.IP \fBallow_untrusted_routing\fR
|
|
Allow untrusted clients to specify addresses with sender-specified
|
|
routing. Enabling this opens up nasty relay loopholes involving
|
|
trusted backup MX hosts.
|
|
.IP \fBsmtpd_restriction_classes\fR
|
|
Declares the name of zero or more parameters that contain a
|
|
list of UCE restrictions. The names of these parameters can
|
|
then be used instead of the restriction lists that they represent.
|
|
.IP \fBmaps_rbl_domains\fR
|
|
List of DNS domains that publish the addresses of blacklisted
|
|
hosts.
|
|
.IP \fBrelay_domains\fR
|
|
Restrict what domains or networks this mail system will relay
|
|
mail from or to.
|
|
.SH "UCE control responses"
|
|
.ad
|
|
.fi
|
|
.IP \fBaccess_map_reject_code\fR
|
|
Server response when a client violates an access database restriction.
|
|
.IP \fBinvalid_hostname_reject_code\fR
|
|
Server response when a client violates the \fBreject_invalid_hostname\fR
|
|
restriction.
|
|
.IP \fBmaps_rbl_reject_code\fR
|
|
Server response when a client violates the \fBmaps_rbl_domains\fR
|
|
restriction.
|
|
.IP \fBreject_code\fR
|
|
Response code when the client matches a \fBreject\fR restriction.
|
|
.IP \fBrelay_domains_reject_code\fR
|
|
Server response when a client attempts to violate the mail relay
|
|
policy.
|
|
.IP \fBunknown_address_reject_code\fR
|
|
Server response when a client violates the \fBreject_unknown_address\fR
|
|
restriction.
|
|
.IP \fBunknown_client_reject_code\fR
|
|
Server response when a client without address to name mapping
|
|
violates the \fBreject_unknown_clients\fR restriction.
|
|
.IP \fBunknown_hostname_reject_code\fR
|
|
Server response when a client violates the \fBreject_unknown_hostname\fR
|
|
restriction.
|
|
.SH SEE ALSO
|
|
.na
|
|
.nf
|
|
cleanup(8) message canonicalization
|
|
master(8) process manager
|
|
syslogd(8) system logging
|
|
.SH LICENSE
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The Secure Mailer license must be distributed with this software.
|
|
.SH AUTHOR(S)
|
|
.na
|
|
.nf
|
|
Wietse Venema
|
|
IBM T.J. Watson Research
|
|
P.O. Box 704
|
|
Yorktown Heights, NY 10598, USA
|