10457 lines
312 KiB
Protocol Buffer
10457 lines
312 KiB
Protocol Buffer
# This is the input file for automatically generating the postconf(5)
|
|
# manual page, the summaries of parameters in on-line manual pages,
|
|
# and for the postconf.5.html hyperlinked document.
|
|
#
|
|
# The following tools operate on information from this file:
|
|
#
|
|
# xpostconf
|
|
# Extracts specific parameter definitions from this file, or
|
|
# produces a sorted version of all the information in this
|
|
# document.
|
|
#
|
|
# postconf2html
|
|
# Adds parameter name +default headers. The result can be embedded
|
|
# into the postconf.5.html hyperlinked document.
|
|
#
|
|
# postconf2man
|
|
# Converts this file into something that can be embedded into
|
|
# the postconf(5) UNIX-style manual page. This tool knows only
|
|
# a limited subset of HTML as described below.
|
|
#
|
|
# postconf2src
|
|
# Converts this file result into something that can be embedded
|
|
# into Postfix source code files.
|
|
#
|
|
# The subset of HTML that you can use is limited by the postconf2man
|
|
# tool:
|
|
#
|
|
# * Supported HTML elements are: blockquote, ul, li, dl, dt, dd,
|
|
# p, pre, b, i, h, and the escapes for < and >. Sorry, no tables.
|
|
#
|
|
# * HTML elements must be specified in lower case.
|
|
#
|
|
# * Lists cannot be nested.
|
|
#
|
|
# * The postconf2man tool leaves unrecognized HTML in place as a
|
|
# reminder that it is not supported.
|
|
#
|
|
# Also:
|
|
#
|
|
# * All <dt> and <dd>text must be closed with </dt> and </dd>.
|
|
#
|
|
# The postlink tool automatically inserts hyperlinks for the following,
|
|
# so you must not hyperlink that information yourself:
|
|
#
|
|
# * Postfix manual pages
|
|
# * URLs
|
|
# * RFCs
|
|
# * Postfix configuration parameters
|
|
# * Postfix README files
|
|
# * Address classes and other terminology.
|
|
#
|
|
# The xpostconf and postconf2html tools expect the file format described
|
|
# in the comments below. The description includes the transformation
|
|
# that is done by the postconf2html tool.
|
|
#
|
|
# * The format of this file is blocks of text separated by one or
|
|
# more empty (or all whitespace) lines.
|
|
#
|
|
# * A text block that begins with %PARAM specifies a parameter name
|
|
# and its default value, separated by whitespace. The text in
|
|
# the blocks that follow is the parameter description.
|
|
#
|
|
# * The first line (text up to the first ". ") is used in Postfix
|
|
# on-line manual pages, in the one-line configuration parameter
|
|
# summaries.
|
|
#
|
|
# * A text block that begins with the "<" character is treated as
|
|
# literal HTML. For example, to specify a "dl" list element one
|
|
# would write:
|
|
#
|
|
# |<dt><b>name</b></dt> <dd>
|
|
# |
|
|
# |text that describes "name".
|
|
# |
|
|
# |</dd> ...
|
|
#
|
|
# As described below, the text that describes "name" will be
|
|
# enclosed with <p> and </p>.
|
|
#
|
|
# An "ul" list element would be written like this:
|
|
#
|
|
# |<li> text for this list element.
|
|
#
|
|
# * Any text block that does not begin with < is an error.
|
|
|
|
%CLASS address-verification Address verification (Postfix 2.1 and later)
|
|
|
|
<p>
|
|
Sender/recipient address verification is implemented by sending
|
|
probe email messages that are not actually delivered. This feature
|
|
is requested via the reject_unverified_sender and
|
|
reject_unverified_recipient access restrictions. The status of
|
|
verification probes is maintained by the address verification
|
|
service. See the file ADDRESS_VERIFICATION_README for information
|
|
about how to configure and operate the Postfix sender/recipient
|
|
address verification service.
|
|
</p>
|
|
|
|
%CLASS smtpd-compatibility Compatibility controls
|
|
|
|
%CLASS resource-control Resource controls
|
|
|
|
%CLASS after-queue-filter After-queue content filter
|
|
|
|
<p>
|
|
As of version 1.0, Postfix can be configured to send new mail to
|
|
an external content filter AFTER the mail is queued. This content
|
|
filter is expected to inject mail back into a (Postfix or other)
|
|
MTA for further delivery. See the FILTER_README document for
|
|
details.
|
|
</p>
|
|
|
|
%CLASS before-queue-filter Before-queue content filter
|
|
|
|
<p>
|
|
The Postfix SMTP server can be configured to send incoming mail to
|
|
a real-time SMTP-based content filter BEFORE mail is queued. This
|
|
content filter is expected to inject mail back into Postfix. See
|
|
the SMTPD_PROXY_README document for details on how to configure
|
|
and operate this feature.
|
|
</p>
|
|
|
|
%CLASS basic-config Basic configuration parameters
|
|
|
|
%CLASS smtpd-access-relay SMTP server access and relay control
|
|
|
|
%CLASS smtpd-sasl SMTP server SASL authentication
|
|
|
|
%CLASS unknown-recipients Rejecting mail for unknown recipients
|
|
|
|
%CLASS smtpd-reply-code SMTP server response codes
|
|
|
|
%CLASS other Other configuration parameters
|
|
|
|
%PARAM access_map_reject_code 554
|
|
|
|
<p>
|
|
The numerical Postfix SMTP server response code when a client
|
|
is rejected by an access(5) map restriction.
|
|
</p>
|
|
|
|
<p>
|
|
Do not change this unless you have a complete understanding of RFC 821.
|
|
</p>
|
|
|
|
%PARAM address_verify_default_transport $default_transport
|
|
|
|
<p>
|
|
Overrides the default_transport parameter setting for address
|
|
verification probes.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM address_verify_local_transport $local_transport
|
|
|
|
<p>
|
|
Overrides the local_transport parameter setting for address
|
|
verification probes.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM address_verify_map
|
|
|
|
<p>
|
|
Optional lookup table for persistent address verification status
|
|
storage. The table is maintained by the verify(8) service, and
|
|
is opened before the process releases privileges.
|
|
</p>
|
|
|
|
<p>
|
|
By default, the information is kept in volatile memory, and is lost
|
|
after "<b>postfix reload</b>" or "<b>postfix stop</b>".
|
|
</p>
|
|
|
|
<p>
|
|
Specify a location in a file system that will not fill up. If the
|
|
database becomes corrupted, the world comes to an end. To recover
|
|
delete the file and do "<b>postfix reload</b>".
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
address_verify_map = hash:/etc/postfix/verify
|
|
address_verify_map = btree:/etc/postfix/verify
|
|
</pre>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM address_verify_negative_cache yes
|
|
|
|
<p>
|
|
Enable caching of failed address verification probe results. When
|
|
this feature is enabled, the cache may pollute quickly with garbage.
|
|
When this feature is disabled, Postfix will generate an address
|
|
probe for every lookup.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM address_verify_negative_expire_time 3d
|
|
|
|
<p>
|
|
The time after which a failed probe expires from the address
|
|
verification cache.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM address_verify_negative_refresh_time 3h
|
|
|
|
<p>
|
|
The time after which a failed address verification probe needs to
|
|
be refreshed.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM address_verify_poll_count 3
|
|
|
|
<p>
|
|
How many times to query the verify(8) service for the completion
|
|
of an address verification request in progress.
|
|
</p>
|
|
|
|
<p>
|
|
The default poll count is 3.
|
|
</p>
|
|
|
|
<p>
|
|
Specify 1 to implement a crude form of greylisting, that is, always
|
|
defer the first delivery request for a never seen before address.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
address_verify_poll_count = 1
|
|
</pre>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM address_verify_poll_delay 3s
|
|
|
|
<p>
|
|
The delay between queries for the completion of an address
|
|
verification request in progress.
|
|
</p>
|
|
|
|
<p>
|
|
The default polling delay is 3 seconds.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM address_verify_positive_expire_time 31d
|
|
|
|
<p>
|
|
The time after which a successful probe expires from the address
|
|
verification cache.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM address_verify_positive_refresh_time 7d
|
|
|
|
<p>
|
|
The time after which a successful address verification probe needs
|
|
to be refreshed. The address verification status is not updated
|
|
when the probe fails (optimistic caching).
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM address_verify_relay_transport $relay_transport
|
|
|
|
<p>
|
|
Overrides the relay_transport parameter setting for address
|
|
verification probes.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM address_verify_relayhost $relayhost
|
|
|
|
<p>
|
|
Overrides the relayhost parameter setting for address verification
|
|
probes. This information can be overruled with the transport(5) table.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM address_verify_sender postmaster
|
|
|
|
<p> The sender address to use in address verification probes. To
|
|
avoid problems with address probes that are sent in response to
|
|
address probes, the Postfix SMTP server excludes the probe sender
|
|
address from all SMTPD access blocks. </p>
|
|
|
|
<p>
|
|
Specify an empty value (address_verify_sender =) or <> if you want
|
|
to use the null sender address. Beware, some sites reject mail from
|
|
<>, even though RFCs require that such addresses be accepted.
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
address_verify_sender = <>
|
|
address_verify_sender = postmaster@my.domain
|
|
</pre>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM address_verify_transport_maps $transport_maps
|
|
|
|
<p>
|
|
Overrides the transport_maps parameter setting for address verification
|
|
probes.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM address_verify_virtual_transport $virtual_transport
|
|
|
|
<p>
|
|
Overrides the virtual_transport parameter setting for address
|
|
verification probes.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM alias_database see "postconf -d" output
|
|
|
|
<p>
|
|
The alias databases for local(8) delivery that are updated with
|
|
"<b>newaliases</b>" or with "<b>sendmail -bi</b>".
|
|
</p>
|
|
|
|
<p>
|
|
This is a separate configuration parameter because not all the
|
|
tables specified with $alias_maps have to be local files.
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
alias_database = hash:/etc/aliases
|
|
alias_database = hash:/etc/mail/aliases
|
|
</pre>
|
|
|
|
%PARAM alias_maps see "postconf -d" output
|
|
|
|
<p>
|
|
The alias databases that are used for local(8) delivery. See
|
|
aliases(5) for syntax details.
|
|
</p>
|
|
|
|
<p>
|
|
The default list is system dependent. On systems with NIS, the
|
|
default is to search the local alias database, then the NIS alias
|
|
database.
|
|
</p>
|
|
|
|
<p>
|
|
If you change the alias database, run "<b>postalias /etc/aliases</b>"
|
|
(or wherever your system stores the mail alias file), or simply
|
|
run "<b>newaliases</b>" to build the necessary DBM or DB file.
|
|
</p>
|
|
|
|
<p>
|
|
The local(8) delivery agent disallows regular expression substitution
|
|
of $1 etc. in alias_maps, because that would open a security hole.
|
|
</p>
|
|
|
|
<p>
|
|
The local(8) delivery agent will silently ignore requests to use
|
|
the proxymap(8) server within alias_maps. Instead it will open the
|
|
table directly. Before Postfix version 2.2, the local(8) delivery
|
|
agent will terminate with a fatal error.
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
alias_maps = hash:/etc/aliases, nis:mail.aliases
|
|
alias_maps = hash:/etc/aliases
|
|
</pre>
|
|
|
|
%PARAM allow_mail_to_commands alias, forward
|
|
|
|
<p>
|
|
Restrict local(8) mail delivery to external commands. The default
|
|
is to disallow delivery to "|command" in :include: files (see
|
|
aliases(5) for the text that defines this terminology).
|
|
</p>
|
|
|
|
<p>
|
|
Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>,
|
|
in order to allow commands in aliases(5), .forward files or in
|
|
:include: files, respectively.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
allow_mail_to_commands = alias,forward,include
|
|
</pre>
|
|
|
|
%PARAM allow_mail_to_files alias, forward
|
|
|
|
<p>
|
|
Restrict local(8) mail delivery to external files. The default is
|
|
to disallow "/file/name" destinations in :include: files (see
|
|
aliases(5) for the text that defines this terminology).
|
|
</p>
|
|
|
|
<p>
|
|
Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>,
|
|
in order to allow "/file/name" destinations in aliases(5), .forward
|
|
files and in :include: files, respectively.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
allow_mail_to_files = alias,forward,include
|
|
</pre>
|
|
|
|
%PARAM allow_min_user no
|
|
|
|
<p>
|
|
Allow a recipient address to have `-' as the first character. By
|
|
default, this is not allowed, to avoid accidents with software that
|
|
passes email addresses via the command line. Such software
|
|
would not be able to distinguish a malicious address from a
|
|
bona fide command-line option. Although this can be prevented by
|
|
inserting a "--" option terminator into the command line, this is
|
|
difficult to enforce consistently and globally. </p>
|
|
|
|
%PARAM allow_percent_hack yes
|
|
|
|
<p>
|
|
Enable the rewriting of the form "user%domain" to "user@domain".
|
|
This is enabled by default.
|
|
</p>
|
|
|
|
<p> Note: with Postfix version 2.2, message header address rewriting
|
|
happens only when one of the following conditions is true: </p>
|
|
|
|
<ul>
|
|
|
|
<li> The message is received with the Postfix sendmail(1) command,
|
|
|
|
<li> The message is received from a network client that matches
|
|
$local_header_rewrite_clients,
|
|
|
|
<li> The message is received from the network, and the
|
|
remote_header_rewrite_domain parameter specifies a non-empty value.
|
|
|
|
</ul>
|
|
|
|
<p> To get the behavior before Postfix version 2.2, specify
|
|
"local_header_rewrite_clients = static:all". </p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
allow_percent_hack = no
|
|
</pre>
|
|
|
|
%PARAM allow_untrusted_routing no
|
|
|
|
<p>
|
|
Forward mail with sender-specified routing (user[@%!]remote[@%!]site)
|
|
from untrusted clients to destinations matching $relay_domains.
|
|
</p>
|
|
|
|
<p>
|
|
By default, this feature is turned off. This closes a nasty open
|
|
relay loophole where a backup MX host can be tricked into forwarding
|
|
junk mail to a primary MX host which then spams it out to the world.
|
|
</p>
|
|
|
|
<p>
|
|
This parameter also controls if non-local addresses with sender-specified
|
|
routing can match Postfix access tables. By default, such addresses
|
|
cannot match Postfix access tables, because the address is ambiguous.
|
|
</p>
|
|
|
|
%PARAM always_bcc
|
|
|
|
<p>
|
|
Optional address that receives a "blind carbon copy" of each message
|
|
that is received by the Postfix mail system.
|
|
</p>
|
|
|
|
<p>
|
|
Note: if mail to the BCC address bounces it will be returned to
|
|
the sender.
|
|
</p>
|
|
|
|
<p> Note: automatic BCC recipients are produced only for new mail.
|
|
To avoid mailer loops, automatic BCC recipients are not generated
|
|
for mail that Postfix forwards internally, nor for mail that Postfix
|
|
generates itself. </p>
|
|
|
|
%PARAM berkeley_db_create_buffer_size 16777216
|
|
|
|
<p>
|
|
The per-table I/O buffer size for programs that create Berkeley DB
|
|
hash or btree tables. Specify a byte count.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM berkeley_db_read_buffer_size 131072
|
|
|
|
<p>
|
|
The per-table I/O buffer size for programs that read Berkeley DB
|
|
hash or btree tables. Specify a byte count.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM best_mx_transport
|
|
|
|
<p>
|
|
Where the Postfix SMTP client should deliver mail when it detects
|
|
a "mail loops back to myself" error condition. This happens when
|
|
the local MTA is the best SMTP mail exchanger for a destination
|
|
not listed in $mydestination, $inet_interfaces, $proxy_interfaces,
|
|
$virtual_alias_domains, or $virtual_mailbox_domains. By default,
|
|
the Postfix SMTP client returns such mail as undeliverable.
|
|
</p>
|
|
|
|
<p>
|
|
Specify, for example, "best_mx_transport = local" to pass the mail
|
|
from the Postfix SMTP client to the local(8) delivery agent. You
|
|
can specify
|
|
any message delivery "transport" or "transport:nexthop" that is
|
|
defined in the master.cf file. See the transport(5) manual page
|
|
for the syntax and meaning of "transport" or "transport:nexthop".
|
|
</p>
|
|
|
|
<p>
|
|
However, this feature is expensive because it ties up a Postfix
|
|
SMTP client process while the local(8) delivery agent is doing its
|
|
work. It is more efficient (for Postfix) to list all hosted domains
|
|
in a table or database.
|
|
</p>
|
|
|
|
%PARAM biff yes
|
|
|
|
<p>
|
|
Whether or not to use the local biff service. This service sends
|
|
"new mail" notifications to users who have requested new mail
|
|
notification with the UNIX command "biff y".
|
|
</p>
|
|
|
|
<p>
|
|
For compatibility reasons this feature is on by default. On systems
|
|
with lots of interactive users, the biff service can be a performance
|
|
drain. Specify "biff = no" in main.cf to disable.
|
|
</p>
|
|
|
|
%PARAM body_checks
|
|
|
|
<p> Optional lookup tables for content inspection as specified in
|
|
the body_checks(5) manual page. </p>
|
|
|
|
<p> Note: with Postfix versions before 2.0, these rules inspect
|
|
all content after the primary message headers. </p>
|
|
|
|
%PARAM body_checks_size_limit 51200
|
|
|
|
<p>
|
|
How much text in a message body segment (or attachment, if you
|
|
prefer to use that term) is subjected to body_checks inspection.
|
|
The amount of text is limited to avoid scanning huge attachments.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM bounce_queue_lifetime 5d
|
|
|
|
<p>
|
|
The maximal time a bounce message is queued before it is considered
|
|
undeliverable. By default, this is the same as the queue life time
|
|
for regular mail.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is d (days).
|
|
</p>
|
|
|
|
<p>
|
|
Specify 0 when mail delivery should be tried only once.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM bounce_size_limit 50000
|
|
|
|
<p> The maximal amount of original message text that is sent in a
|
|
non-delivery notification. Specify a byte count. If you increase
|
|
this limit, then you should increase the mime_nesting_limit value
|
|
proportionally. </p>
|
|
|
|
%PARAM canonical_maps
|
|
|
|
<p>
|
|
Optional address mapping lookup tables for message headers and
|
|
envelopes. The mapping is applied to both sender and recipient
|
|
addresses, in both envelopes and in headers, as controlled
|
|
with the canonical_classes parameter. This is typically used
|
|
to clean up dirty addresses from legacy mail systems, or to replace
|
|
login names by Firstname.Lastname. The table format and lookups
|
|
are documented in canonical(5). For an overview of Postfix address
|
|
manipulations see the ADDRESS_REWRITING_README document.
|
|
</p>
|
|
|
|
<p>
|
|
If you use this feature, run "<b>postmap /etc/postfix/canonical</b>" to
|
|
build the necessary DBM or DB file after every change. The changes
|
|
will become visible after a minute or so. Use "<b>postfix reload</b>"
|
|
to eliminate the delay.
|
|
</p>
|
|
|
|
<p> Note: with Postfix version 2.2, message header address mapping
|
|
happens only when message header address rewriting is enabled: </p>
|
|
|
|
<ul>
|
|
|
|
<li> The message is received with the Postfix sendmail(1) command,
|
|
|
|
<li> The message is received from a network client that matches
|
|
$local_header_rewrite_clients,
|
|
|
|
<li> The message is received from the network, and the
|
|
remote_header_rewrite_domain parameter specifies a non-empty value.
|
|
|
|
</ul>
|
|
|
|
<p> To get the behavior before Postfix version 2.2, specify
|
|
"local_header_rewrite_clients = static:all". </p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
canonical_maps = dbm:/etc/postfix/canonical
|
|
canonical_maps = hash:/etc/postfix/canonical
|
|
</pre>
|
|
|
|
%PARAM canonical_classes envelope_sender, envelope_recipient, header_sender, header_recipient
|
|
|
|
<p> What addresses are subject to canonical_maps address mapping.
|
|
By default, canonical_maps address mapping is applied to envelope
|
|
sender and recipient addresses, and to header sender and header
|
|
recipient addresses. </p>
|
|
|
|
<p> Specify one or more of: envelope_sender, envelope_recipient,
|
|
header_sender, header_recipient </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM sender_canonical_classes envelope_sender, header_sender
|
|
|
|
<p> What addresses are subject to sender_canonical_maps address
|
|
mapping. By default, sender_canonical_maps address mapping is
|
|
applied to envelope sender addresses, and to header sender addresses.
|
|
</p>
|
|
|
|
<p> Specify one or more of: envelope_sender, header_sender </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM recipient_canonical_classes envelope_recipient, header_recipient
|
|
|
|
<p> What addresses are subject to recipient_canonical_maps address
|
|
mapping. By default, recipient_canonical_maps address mapping is
|
|
applied to envelope recipient addresses, and to header recipient
|
|
addresses. </p>
|
|
|
|
<p> Specify one or more of: envelope_recipient, header_recipient
|
|
</p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM command_directory see "postconf -d" output
|
|
|
|
<p>
|
|
The location of all postfix administrative commands.
|
|
</p>
|
|
|
|
%PARAM command_time_limit 1000s
|
|
|
|
<p>
|
|
Time limit for delivery to external commands. This limit is used
|
|
by the local(8) delivery agent, and is the default time limit for
|
|
delivery by the pipe(8) delivery agent.
|
|
</p>
|
|
|
|
<p>
|
|
Note: if you set this time limit to a large value you must update the
|
|
global ipc_timeout parameter as well.
|
|
</p>
|
|
|
|
%PARAM daemon_directory see "postconf -d" output
|
|
|
|
<p>
|
|
The directory with Postfix support programs and daemon programs.
|
|
These should not be invoked directly by humans. The directory must
|
|
be owned by root.
|
|
</p>
|
|
|
|
%PARAM daemon_timeout 18000s
|
|
|
|
<p> How much time a Postfix daemon process may take to handle a
|
|
request before it is terminated by a built-in watchdog timer. </p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM debug_peer_level 2
|
|
|
|
<p> The increment in verbose logging level when a remote client or
|
|
server matches a pattern in the debug_peer_list parameter. </p>
|
|
|
|
%PARAM debug_peer_list
|
|
|
|
<p> Optional list of remote client or server hostname or network
|
|
address patterns that cause the verbose logging level to increase
|
|
by the amount specified in $debug_peer_level. </p>
|
|
|
|
<p> Specify domain names, network/netmask patterns, "/file/name"
|
|
patterns or "type:table" lookup tables. The right-hand side result
|
|
from "type:table" lookups is ignored. </p>
|
|
|
|
<p> Pattern matching of domain names is controlled by the
|
|
parent_domain_matches_subdomains parameter. </p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
debug_peer_list = 127.0.0.1
|
|
debug_peer_list = some.domain
|
|
</pre>
|
|
|
|
%PARAM default_database_type see "postconf -d" output
|
|
|
|
<p>
|
|
The default database type for use in newaliases(1), postalias(1)
|
|
and postmap(1) commands. On many UNIX systems the default type is
|
|
either <b>dbm</b> or <b>hash</b>. The default setting is frozen
|
|
when the Postfix system is built.
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
default_database_type = hash
|
|
default_database_type = dbm
|
|
</pre>
|
|
|
|
%PARAM default_delivery_slot_cost 5
|
|
|
|
<p>
|
|
How often the Postfix queue manager's scheduler is allowed to
|
|
preempt delivery of one message with another.
|
|
</p>
|
|
|
|
<p>
|
|
Each transport maintains a so-called "available delivery slot counter"
|
|
for each message. One message can be preempted by another one when
|
|
the other message can be delivered using no more delivery slots
|
|
(i.e., invocations of delivery agents) than the current message
|
|
counter has accumulated (or will eventually accumulate - see about
|
|
slot loans below). This parameter controls how often is the counter
|
|
incremented - it happens after each default_delivery_slot_cost
|
|
recipients have been delivered.
|
|
</p>
|
|
|
|
<p>
|
|
The cost of 0 is used to disable the preempting scheduling completely.
|
|
The minimum value the scheduling algorithm can use is 2 - use it
|
|
if you want to maximize the message throughput rate. Although there
|
|
is no maximum, it doesn't make much sense to use values above say
|
|
50.
|
|
</p>
|
|
|
|
<p>
|
|
The only reason why the value of 2 is not the default is the way
|
|
this parameter affects the delivery of mailing-list mail. In the
|
|
worst case, their delivery can take somewhere between (cost+1/cost)
|
|
and (cost/cost-1) times more than if the preemptive scheduler was
|
|
disabled. The default value of 5 turns out to provide reasonable
|
|
message response times while making sure the mailing-list deliveries
|
|
are not extended by more than 20-25 percent even in the worst case.
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
default_delivery_slot_cost = 0
|
|
default_delivery_slot_cost = 2
|
|
</pre>
|
|
|
|
%PARAM default_destination_concurrency_limit 20
|
|
|
|
<p>
|
|
The default maximal number of parallel deliveries to the same
|
|
destination. This is the default limit for delivery via the lmtp(8),
|
|
pipe(8), smtp(8) and virtual(8) delivery agents.
|
|
</p>
|
|
|
|
%PARAM default_destination_recipient_limit 50
|
|
|
|
<p>
|
|
The default maximal number of recipients per message delivery.
|
|
This is the default limit for delivery via the lmtp(8), pipe(8),
|
|
smtp(8) and virtual(8) delivery agents.
|
|
</p>
|
|
|
|
<p> Setting this parameter to a value of 1 changes the meaning of
|
|
the corresponding per-destination concurrency limit from concurrency
|
|
per domain into concurrency per recipient. </p>
|
|
|
|
%PARAM default_extra_recipient_limit 1000
|
|
|
|
<p>
|
|
The default value for the extra per-transport limit imposed on the
|
|
number of in-memory recipients. This extra recipient space is
|
|
reserved for the cases when the Postfix queue manager's scheduler
|
|
preempts one message with another and suddenly needs some extra
|
|
recipients slots for the chosen message in order to avoid performance
|
|
degradation.
|
|
</p>
|
|
|
|
%PARAM default_minimum_delivery_slots 3
|
|
|
|
<p>
|
|
How many recipients a message must have in order to invoke the
|
|
Postfix queue manager's scheduling algorithm at all. Messages
|
|
which would never accumulate at least this many delivery slots
|
|
(subject to slot cost parameter as well) are never preempted.
|
|
</p>
|
|
|
|
%PARAM default_privs nobody
|
|
|
|
<p>
|
|
The default rights used by the local(8) delivery agent for delivery
|
|
to external file or command. These rights are used when delivery
|
|
is requested from an aliases(5) file that is owned by <b>root</b>, or
|
|
when delivery is done on behalf of <b>root</b>. <b>DO NOT SPECIFY A
|
|
PRIVILEGED USER OR THE POSTFIX OWNER</b>.
|
|
</p>
|
|
|
|
%PARAM default_process_limit 100
|
|
|
|
<p>
|
|
The default maximal number of Postfix child processes that provide
|
|
a given service. This limit can be overruled for specific services
|
|
in the master.cf file.
|
|
</p>
|
|
|
|
%PARAM default_rbl_reply see "postconf -d" output
|
|
|
|
<p>
|
|
The default SMTP server response template for a request that is
|
|
rejected by an RBL-based restriction. This template can be overruled
|
|
by specific entries in the optional rbl_reply_maps lookup table.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
<p>
|
|
The template is subject to exactly one level of $name substitution:
|
|
</p>
|
|
|
|
<dl>
|
|
|
|
<dt><b>$client</b></dt>
|
|
|
|
<dd>The client hostname and IP address, formatted as name[address]. </dd>
|
|
|
|
<dt><b>$client_address</b></dt>
|
|
|
|
<dd>The client IP address. </dd>
|
|
|
|
<dt><b>$client_name</b></dt>
|
|
|
|
<dd>The client hostname or "unknown". See reject_unknown_client_hostname
|
|
for more details. </dd>
|
|
|
|
<dt><b>$reverse_client_name</b></dt>
|
|
|
|
<dd>The client hostname from address->name lookup, or "unknown".
|
|
See reject_unknown_reverse_client_hostname for more details. </dd>
|
|
|
|
#<dt><b>$forward_client_name</b></dt>
|
|
#
|
|
#<dd>The client hostname from address->name lookup followed by
|
|
#name->address lookup, or "unknown". See
|
|
#reject_unknown_forward_client_hostname for more details. </dd>
|
|
|
|
<dt><b>$helo_name</b></dt>
|
|
|
|
<dd>The hostname given in HELO or EHLO command or empty string. </dd>
|
|
|
|
<dt><b>$rbl_class</b></dt>
|
|
|
|
<dd>The blacklisted entity type: Client host, Helo command, Sender
|
|
address, or Recipient address. </dd>
|
|
|
|
<dt><b>$rbl_code</b></dt>
|
|
|
|
<dd>The numerical SMTP response code, as specified with the
|
|
maps_rbl_reject_code configuration parameter. Note: The numerical
|
|
SMTP response code is required, and must appear at the start of the
|
|
reply. With Postfix version 2.3 and later this information may be followed
|
|
by an RFC 3463 enhanced status code. </dd>
|
|
|
|
<dt><b>$rbl_domain</b></dt>
|
|
|
|
<dd>The RBL domain where $rbl_what is blacklisted. </dd>
|
|
|
|
<dt><b>$rbl_reason</b></dt>
|
|
|
|
<dd>The reason why $rbl_what is blacklisted, or an empty string. </dd>
|
|
|
|
<dt><b>$rbl_what</b></dt>
|
|
|
|
<dd>The entity that is blacklisted (an IP address, a hostname, a domain
|
|
name, or an email address whose domain was blacklisted). </dd>
|
|
|
|
<dt><b>$recipient</b></dt>
|
|
|
|
<dd>The recipient address or <> in case of the null address. </dd>
|
|
|
|
<dt><b>$recipient_domain</b></dt>
|
|
|
|
<dd>The recipient domain or empty string. </dd>
|
|
|
|
<dt><b>$recipient_name</b></dt>
|
|
|
|
<dd>The recipient address localpart or <> in case of null address. </dd>
|
|
|
|
<dt><b>$sender</b></dt>
|
|
|
|
<dd>The sender address or <> in case of the null address. </dd>
|
|
|
|
<dt><b>$sender_domain</b></dt>
|
|
|
|
<dd>The sender domain or empty string. </dd>
|
|
|
|
<dt><b>$sender_name</b></dt>
|
|
|
|
<dd>The sender address localpart or <> in case of the null address. </dd>
|
|
|
|
<dt><b>${name?text}</b></dt>
|
|
|
|
<dd>Expands to `text' if $name is not empty. </dd>
|
|
|
|
<dt><b>${name:text}</b></dt>
|
|
|
|
<dd>Expands to `text' if $name is empty. </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Instead of $name you can also specify ${name} or $(name).
|
|
</p>
|
|
|
|
<p> Note: when an enhanced status code is specified in an RBL reply
|
|
template, it is subject to modification. The following transformations
|
|
are needed when the same RBL reply template is used for client,
|
|
helo, sender, or recipient access restrictions. </p>
|
|
|
|
<ul>
|
|
|
|
<li> <p> When rejecting a sender address, the Postfix SMTP server
|
|
will transform a recipient DSN status (e.g., 4.1.1-4.1.6) into the
|
|
corresponding sender DSN status, and vice versa. </p>
|
|
|
|
<li> <p> When rejecting non-address information (such as the HELO
|
|
command argument or the client hostname/address), the Postfix SMTP
|
|
server will transform a sender or recipient DSN status into a generic
|
|
non-address DSN status (e.g., 4.0.0). </p>
|
|
|
|
</ul>
|
|
|
|
%PARAM smtpd_expansion_filter see "postconf -d" output
|
|
|
|
<p>
|
|
The smtpd_expansion_filter configuration parameter controls what
|
|
characters may appear in $name expansions.
|
|
</p>
|
|
|
|
%PARAM default_recipient_limit 10000
|
|
|
|
<p>
|
|
The default per-transport upper limit on the number of in-memory
|
|
recipients. These limits take priority over the global
|
|
qmgr_message_recipient_limit after the message has been assigned
|
|
to the respective transports. See also default_extra_recipient_limit
|
|
and qmgr_message_recipient_minimum.
|
|
</p>
|
|
|
|
%PARAM default_transport smtp
|
|
|
|
<p>
|
|
The default mail delivery transport and next-hop destination for
|
|
destinations that do not match $mydestination, $inet_interfaces,
|
|
$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
|
|
or $relay_domains. In order of decreasing precedence, the nexthop
|
|
destination is taken from $default_transport,
|
|
$sender_dependent_relayhost_maps, $relayhost, or from the recipient
|
|
domain. This information can be overruled with the transport(5)
|
|
table.
|
|
</p>
|
|
|
|
<p>
|
|
Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
|
|
is the name of a mail delivery transport defined in master.cf.
|
|
The <i>:nexthop</i> part is optional. For more details see the
|
|
transport(5) manual page.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
default_transport = uucp:relayhostname
|
|
</pre>
|
|
|
|
%PARAM defer_code 450
|
|
|
|
<p>
|
|
The numerical Postfix SMTP server response code when a remote SMTP
|
|
client request is rejected by the "defer" restriction.
|
|
</p>
|
|
|
|
<p>
|
|
Do not change this unless you have a complete understanding of RFC 821.
|
|
</p>
|
|
|
|
%PARAM defer_transports
|
|
|
|
<p>
|
|
The names of message delivery transports that should not deliver mail
|
|
unless someone issues "<b>sendmail -q</b>" or equivalent. Specify zero
|
|
or more names of mail delivery transports names that appear in the
|
|
first field of master.cf.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
defer_transports = smtp
|
|
</pre>
|
|
|
|
%PARAM deliver_lock_attempts 20
|
|
|
|
<p>
|
|
The maximal number of attempts to acquire an exclusive lock on a
|
|
mailbox file or bounce(8) logfile.
|
|
</p>
|
|
|
|
%PARAM deliver_lock_delay 1s
|
|
|
|
<p>
|
|
The time between attempts to acquire an exclusive lock on a mailbox
|
|
file or bounce(8) logfile.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM disable_vrfy_command no
|
|
|
|
<p>
|
|
Disable the SMTP VRFY command. This stops some techniques used to
|
|
harvest email addresses.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
disable_vrfy_command = no
|
|
</pre>
|
|
|
|
%PARAM double_bounce_sender double-bounce
|
|
|
|
<p> The sender address of postmaster notifications that are generated
|
|
by the mail system. All mail to this address is silently discarded,
|
|
in order to terminate mail bounce loops. </p>
|
|
|
|
%PARAM duplicate_filter_limit 1000
|
|
|
|
<p> The maximal number of addresses remembered by the address
|
|
duplicate filter for aliases(5) or virtual(5) alias expansion, or
|
|
for showq(8) queue displays. </p>
|
|
|
|
%PARAM enable_original_recipient yes
|
|
|
|
<p> Enable support for the X-Original-To message header. This header
|
|
is needed for multi-recipient mailboxes. </p>
|
|
|
|
<p> When this parameter is set to yes, the cleanup(8) daemon performs
|
|
duplicate elimination on distinct pairs of (original recipient,
|
|
rewritten recipient), and generates non-empty original recipient
|
|
queue file records. </p>
|
|
|
|
<p> When this parameter is set to no, the cleanup(8) daemon performs
|
|
duplicate elimination on the rewritten recipient address only, and
|
|
generates empty original recipient queue file records. </p>
|
|
|
|
<p> This feature is available in Postfix 2.1 and later. With Postfix
|
|
version 2.0, support for the X-Original-To message header is always turned
|
|
on. Postfix versions before 2.0 have no support for the X-Original-To
|
|
message header. </p>
|
|
|
|
%PARAM export_environment see "postconf -d" output
|
|
|
|
<p>
|
|
The list of environment variables that a Postfix process will export
|
|
to non-Postfix processes. The TZ variable is needed for sane
|
|
time keeping on System-V-ish systems.
|
|
</p>
|
|
|
|
<p>
|
|
Specify a list of names and/or name=value pairs, separated by
|
|
whitespace or comma. The name=value form is supported with
|
|
Postfix version 2.1 and later.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
export_environment = TZ PATH=/bin:/usr/bin
|
|
</pre>
|
|
|
|
%PARAM smtp_fallback_relay $fallback_relay
|
|
|
|
<p>
|
|
Optional list of relay hosts for SMTP destinations that can't be
|
|
found or that are unreachable. With Postfix 2.2 and earlier this
|
|
parameter is called fallback_relay. </p>
|
|
|
|
<p>
|
|
By default, mail is returned to the sender when a destination is
|
|
not found, and delivery is deferred when a destination is unreachable.
|
|
</p>
|
|
|
|
<p> The fallback relays must be SMTP destinations. Specify a domain,
|
|
host, host:port, [host]:port, [address] or [address]:port; the form
|
|
[host] turns off MX lookups. If you specify multiple SMTP
|
|
destinations, Postfix will try them in the specified order. </p>
|
|
|
|
<p> To prevent mailer loops between MX hosts and fall-back hosts,
|
|
Postfix version 2.3 and later will not use the smtp_fallback_relay
|
|
feature for destinations that it is MX host for. </p>
|
|
|
|
%PARAM fallback_relay
|
|
|
|
<p>
|
|
Optional list of relay hosts for SMTP destinations that can't be
|
|
found or that are unreachable. With Postfix 2.3 this parameter
|
|
is renamed to smtp_fallback_relay. </p>
|
|
|
|
<p>
|
|
By default, mail is returned to the sender when a destination is
|
|
not found, and delivery is deferred when a destination is unreachable.
|
|
</p>
|
|
|
|
<p> The fallback relays must be SMTP destinations. Specify a domain,
|
|
host, host:port, [host]:port, [address] or [address]:port; the form
|
|
[host] turns off MX lookups. If you specify multiple SMTP
|
|
destinations, Postfix will try them in the specified order. </p>
|
|
|
|
<p> Note: before Postfix 2.2, do not use the fallback_relay feature
|
|
when relaying mail
|
|
for a backup or primary MX domain. Mail would loop between the
|
|
Postfix MX host and the fallback_relay host when the final destination
|
|
is unavailable. </p>
|
|
|
|
<ul>
|
|
|
|
<li> In main.cf specify "relay_transport = relay",
|
|
|
|
<li> In master.cf specify "-o fallback_relay =" (i.e., empty) at
|
|
the end of the <tt>relay</tt> entry.
|
|
|
|
<li> In transport maps, specify "relay:<i>nexthop...</i>"
|
|
as the right-hand side for backup or primary MX domain entries.
|
|
|
|
</ul>
|
|
|
|
<p> Postfix version 2.2 and later will not use the fallback_relay feature
|
|
for destinations that it is MX host for.
|
|
</p>
|
|
|
|
%PARAM fast_flush_domains $relay_domains
|
|
|
|
<p>
|
|
Optional list of destinations that are eligible for per-destination
|
|
logfiles with mail that is queued to those destinations.
|
|
</p>
|
|
|
|
<p>
|
|
By default, Postfix maintains "fast flush" logfiles only for
|
|
destinations that the Postfix SMTP server is willing to relay to
|
|
(i.e. the default is: "fast_flush_domains = $relay_domains"; see
|
|
the relay_domains parameter in the postconf(5) manual).
|
|
</p>
|
|
|
|
<p> Specify a list of hosts or domains, "/file/name" patterns or
|
|
"type:table" lookup tables, separated by commas and/or whitespace.
|
|
Continue long lines by starting the next line with whitespace. A
|
|
"/file/name" pattern is replaced by its contents; a "type:table"
|
|
lookup table is matched when the domain or its parent domain appears
|
|
as lookup key. </p>
|
|
|
|
<p>
|
|
Specify "fast_flush_domains =" (i.e., empty) to disable the feature
|
|
altogether.
|
|
</p>
|
|
|
|
%PARAM fast_flush_purge_time 7d
|
|
|
|
<p>
|
|
The time after which an empty per-destination "fast flush" logfile
|
|
is deleted.
|
|
</p>
|
|
|
|
<p>
|
|
You can specify the time as a number, or as a number followed by
|
|
a letter that indicates the time unit: s=seconds, m=minutes, h=hours,
|
|
d=days, w=weeks. The default time unit is days.
|
|
</p>
|
|
|
|
%PARAM fast_flush_refresh_time 12h
|
|
|
|
<p>
|
|
The time after which a non-empty but unread per-destination "fast
|
|
flush" logfile needs to be refreshed. The contents of a logfile
|
|
are refreshed by requesting delivery of all messages listed in the
|
|
logfile.
|
|
</p>
|
|
|
|
<p>
|
|
You can specify the time as a number, or as a number followed by
|
|
a letter that indicates the time unit: s=seconds, m=minutes, h=hours,
|
|
d=days, w=weeks. The default time unit is hours.
|
|
</p>
|
|
|
|
%PARAM fork_attempts 5
|
|
|
|
<p> The maximal number of attempts to fork() a child process. </p>
|
|
|
|
%PARAM fork_delay 1s
|
|
|
|
<p> The delay between attempts to fork() a child process. </p>
|
|
|
|
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
|
|
(weeks). The default time unit is s (seconds). </p>
|
|
|
|
%PARAM execution_directory_expansion_filter see "postconf -d" output
|
|
|
|
<p> Restrict the characters that the local(8) delivery agent allows
|
|
in $name expansions of $command_execution_directory. Characters
|
|
outside the allowed set are replaced by underscores. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM command_execution_directory
|
|
|
|
<p> The local(8) delivery agent working directory for delivery to
|
|
external command. Failure to change directory causes the delivery
|
|
to be deferred. </p>
|
|
|
|
<p> The following $name expansions are done on command_execution_directory
|
|
before the directory is changed. Expansion happens in the context
|
|
of the delivery request. The result of $name expansion is filtered
|
|
with the character set that is specified with the
|
|
execution_directory_expansion_filter parameter. </p>
|
|
|
|
<dl>
|
|
|
|
<dt><b>$user</b></dt>
|
|
|
|
<dd>The recipient's username. </dd>
|
|
|
|
<dt><b>$shell</b></dt>
|
|
|
|
<dd>The recipient's login shell pathname. </dd>
|
|
|
|
<dt><b>$home</b></dt>
|
|
|
|
<dd>The recipient's home directory. </dd>
|
|
|
|
<dt><b>$recipient</b></dt>
|
|
|
|
<dd>The full recipient address. </dd>
|
|
|
|
<dt><b>$extension</b></dt>
|
|
|
|
<dd>The optional recipient address extension. </dd>
|
|
|
|
<dt><b>$domain</b></dt>
|
|
|
|
<dd>The recipient domain. </dd>
|
|
|
|
<dt><b>$local</b></dt>
|
|
|
|
<dd>The entire recipient localpart. </dd>
|
|
|
|
<dt><b>$recipient_delimiter</b></dt>
|
|
|
|
<dd>The system-wide recipient address extension delimiter. </dd>
|
|
|
|
<dt><b>${name?value}</b></dt>
|
|
|
|
<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd>
|
|
|
|
<dt><b>${name:value}</b></dt>
|
|
|
|
<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Instead of $name you can also specify ${name} or $(name).
|
|
</p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM forward_path see "postconf -d" output
|
|
|
|
<p> The local(8) delivery agent search list for finding a .forward
|
|
file with user-specified delivery methods. The first file that is
|
|
found is used. </p>
|
|
|
|
<p> The following $name expansions are done on forward_path before
|
|
the search actually happens. The result of $name expansion is
|
|
filtered with the character set that is specified with the
|
|
forward_expansion_filter parameter. </p>
|
|
|
|
<dl>
|
|
|
|
<dt><b>$user</b></dt>
|
|
|
|
<dd>The recipient's username. </dd>
|
|
|
|
<dt><b>$shell</b></dt>
|
|
|
|
<dd>The recipient's login shell pathname. </dd>
|
|
|
|
<dt><b>$home</b></dt>
|
|
|
|
<dd>The recipient's home directory. </dd>
|
|
|
|
<dt><b>$recipient</b></dt>
|
|
|
|
<dd>The full recipient address. </dd>
|
|
|
|
<dt><b>$extension</b></dt>
|
|
|
|
<dd>The optional recipient address extension. </dd>
|
|
|
|
<dt><b>$domain</b></dt>
|
|
|
|
<dd>The recipient domain. </dd>
|
|
|
|
<dt><b>$local</b></dt>
|
|
|
|
<dd>The entire recipient localpart. </dd>
|
|
|
|
<dt><b>$recipient_delimiter</b></dt>
|
|
|
|
<dd>The system-wide recipient address extension delimiter. </dd>
|
|
|
|
<dt><b>${name?value}</b></dt>
|
|
|
|
<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd>
|
|
|
|
<dt><b>${name:value}</b></dt>
|
|
|
|
<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Instead of $name you can also specify ${name} or $(name).
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
forward_path = /var/forward/$user
|
|
forward_path =
|
|
/var/forward/$user/.forward$recipient_delimiter$extension,
|
|
/var/forward/$user/.forward
|
|
</pre>
|
|
|
|
%CLASS queue-hashing Queue directory hashing
|
|
|
|
<p>
|
|
Queue directory hashing is a performance feature. Splitting one
|
|
queue directory across multiple subdirectory levels can speed up
|
|
file access by reducing the number of files per directory.
|
|
</p>
|
|
|
|
<p>
|
|
Unfortunately, deeply hashing the incoming or deferred queue can
|
|
actually slow down the mail system (with a depth of 2, mailq with
|
|
an empty queue can take several seconds).
|
|
</p>
|
|
|
|
<p>
|
|
Hashing must NOT be used with a world-writable maildrop directory.
|
|
Hashing MUST be used for the defer logfile directory, to avoid poor
|
|
performance when handling lots of deferred mail.
|
|
</p>
|
|
|
|
%PARAM hash_queue_depth 1
|
|
|
|
<p>
|
|
The number of subdirectory levels for queue directories listed with
|
|
the hash_queue_names parameter.
|
|
</p>
|
|
|
|
<p>
|
|
After changing the hash_queue_names or hash_queue_depth parameter,
|
|
execute the command "<b>postfix reload</b>".
|
|
</p>
|
|
|
|
%PARAM hash_queue_names deferred, defer
|
|
|
|
<p>
|
|
The names of queue directories that are split across multiple
|
|
subdirectory levels.
|
|
</p>
|
|
|
|
<p> Before Postfix version 2.2, the default list of hashed queues
|
|
was significantly larger. Claims about improvements in file system
|
|
technology suggest that hashing of the incoming and active queues
|
|
is no longer needed. Fewer hashed directories speed up the time
|
|
needed to restart Postfix. </p>
|
|
|
|
<p>
|
|
After changing the hash_queue_names or hash_queue_depth parameter,
|
|
execute the command "<b>postfix reload</b>".
|
|
</p>
|
|
|
|
%CLASS headerbody-checks Content inspection built-in features
|
|
|
|
<p>
|
|
The Postfix cleanup(8) server has a limited ability to inspect
|
|
message headers and body content for signs of trouble. This is not
|
|
meant to be a substitute for content filters that do complex
|
|
processing such attachment decoding and unzipping.
|
|
</p>
|
|
|
|
%PARAM header_checks
|
|
|
|
<p>
|
|
Optional lookup tables for content inspection of primary non-MIME
|
|
message headers, as specified in the header_checks(5) manual page.
|
|
</p>
|
|
|
|
%PARAM header_size_limit 102400
|
|
|
|
<p>
|
|
The maximal amount of memory in bytes for storing a message header.
|
|
If a header is larger, the excess is discarded. The limit is
|
|
enforced by the cleanup(8) server.
|
|
</p>
|
|
|
|
%PARAM home_mailbox
|
|
|
|
<p>
|
|
Optional pathname of a mailbox file relative to a local(8) user's
|
|
home directory.
|
|
</p>
|
|
|
|
<p>
|
|
Specify a pathname ending in "/" for qmail-style delivery.
|
|
</p>
|
|
|
|
<p> The precedence of local(8) delivery features from high to low
|
|
is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
|
|
mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
|
|
fallback_transport_maps, fallback_transport and luser_relay. </p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
home_mailbox = Mailbox
|
|
home_mailbox = Maildir/
|
|
</pre>
|
|
|
|
%PARAM hopcount_limit 50
|
|
|
|
<p>
|
|
The maximal number of Received: message headers that is allowed
|
|
in the primary message headers. A message that exceeds the limit
|
|
is bounced, in order to stop a mailer loop.
|
|
</p>
|
|
|
|
%PARAM ignore_mx_lookup_error no
|
|
|
|
<p> Ignore DNS MX lookups that produce no response. By default,
|
|
the Postfix SMTP client defers delivery and tries again after some
|
|
delay. This behavior is required by the SMTP standard. </p>
|
|
|
|
<p>
|
|
Specify "ignore_mx_lookup_error = yes" to force a DNS A record
|
|
lookup instead. This violates the SMTP standard and can result in
|
|
mis-delivery of mail.
|
|
</p>
|
|
|
|
%PARAM import_environment see "postconf -d" output
|
|
|
|
<p>
|
|
The list of environment parameters that a Postfix process will
|
|
import from a non-Postfix parent process. Examples of relevant
|
|
parameters:
|
|
</p>
|
|
|
|
<dl>
|
|
|
|
<dt><b>TZ</b></dt>
|
|
|
|
<dd>Needed for sane time keeping on most System-V-ish systems. </dd>
|
|
|
|
<dt><b>DISPLAY</b></dt>
|
|
|
|
<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd>
|
|
|
|
<dt><b>XAUTHORITY</b></dt>
|
|
|
|
<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd>
|
|
|
|
<dt><b>MAIL_CONFIG</b></dt>
|
|
|
|
<dd>Needed to make "<b>postfix -c</b>" work. </dd>
|
|
|
|
</dl>
|
|
|
|
<p> Specify a list of names and/or name=value pairs, separated by
|
|
whitespace or comma. The name=value form is supported with
|
|
Postfix version 2.1 and later. </p>
|
|
|
|
%PARAM in_flow_delay 1s
|
|
|
|
<p> Time to pause before accepting a new message, when the message
|
|
arrival rate exceeds the message delivery rate. This feature is
|
|
turned on by default (it's disabled on SCO UNIX due to an SCO bug).
|
|
</p>
|
|
|
|
<p>
|
|
With the default 100 SMTP server process limit, "in_flow_delay
|
|
= 1s" limits the mail inflow to 100 messages per second above the
|
|
number of messages delivered per second.
|
|
</p>
|
|
|
|
<p>
|
|
Specify 0 to disable the feature. Valid delays are 0..10.
|
|
</p>
|
|
|
|
%PARAM inet_interfaces all
|
|
|
|
<p> The network interface addresses that this mail system receives
|
|
mail on. Specify "all" to receive mail on all network
|
|
interfaces (default), and "loopback-only" to receive mail
|
|
on loopback network interfaces only (Postfix version 2.2 and later). The
|
|
parameter also controls delivery of mail to <tt>user@[ip.address]</tt>.
|
|
</p>
|
|
|
|
<p>
|
|
Note 1: you need to stop and start Postfix when this parameter changes.
|
|
</p>
|
|
|
|
<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
|
|
but this form is not recommended here. </p>
|
|
|
|
<p> When inet_interfaces specifies just one IPv4 and/or IPv6 address
|
|
that is not a loopback address, the Postfix SMTP client will use
|
|
this address as the IP source address for outbound mail. Support
|
|
for IPv6 is available in Postfix version 2.2 and later. </p>
|
|
|
|
<p>
|
|
On a multi-homed firewall with separate Postfix instances listening on the
|
|
"inside" and "outside" interfaces, this can prevent each instance from
|
|
being able to reach servers on the "other side" of the firewall. Setting
|
|
smtp_bind_address to 0.0.0.0 avoids the potential problem for
|
|
IPv4, and setting smtp_bind_address6 to :: solves the problem
|
|
for IPv6. </p>
|
|
|
|
<p>
|
|
A better solution for multi-homed firewalls is to leave inet_interfaces
|
|
at the default value and instead use explicit IP addresses in
|
|
the master.cf SMTP server definitions. This preserves the Postfix
|
|
SMTP client's
|
|
loop detection, by ensuring that each side of the firewall knows that the
|
|
other IP address is still the same host. Setting $inet_interfaces to a
|
|
single IPv4 and/or IPV6 address is primarily useful with virtual
|
|
hosting of domains on
|
|
secondary IP addresses, when each IP address serves a different domain
|
|
(and has a different $myhostname setting). </p>
|
|
|
|
<p>
|
|
See also the proxy_interfaces parameter, for network addresses that
|
|
are forwarded to Postfix by way of a proxy or address translator.
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
inet_interfaces = all (DEFAULT)
|
|
inet_interfaces = loopback-only (Postfix version 2.2 and later)
|
|
inet_interfaces = 127.0.0.1
|
|
inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later)
|
|
inet_interfaces = 192.168.1.2, 127.0.0.1
|
|
</pre>
|
|
|
|
%PARAM inet_protocols ipv4
|
|
|
|
<p> The Internet protocols Postfix will attempt to use when making
|
|
or accepting connections. Specify one or more of "ipv4"
|
|
or "ipv6", separated by whitespace or commas. The form
|
|
"all" is equivalent to "ipv4, ipv6" or "ipv4", depending
|
|
on whether the operating system implements IPv6. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
<p> Note: you MUST stop and start Postfix after changing this
|
|
parameter. </p>
|
|
|
|
<p> On systems that pre-date IPV6_V6ONLY support (RFC 3493), an
|
|
IPv6 server will also accept IPv4 connections, even when IPv4 is
|
|
turned off with the inet_protocols parameter. On systems with
|
|
IPV6_V6ONLY support, Postfix will use separate server sockets for
|
|
IPv6 and IPv4, and each will accept only connections for the
|
|
corresponding protocol. </p>
|
|
|
|
<p> When IPv4 support is enabled via the inet_protocols parameter,
|
|
Postfix will to DNS type A record lookups, and will convert
|
|
IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original
|
|
IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date
|
|
IPV6_V6ONLY support (RFC 3493). </p>
|
|
|
|
<p> When IPv6 support is enabled via the inet_protocols parameter,
|
|
Postfix will do DNS type AAAA record lookups. </p>
|
|
|
|
<p> When both IPv4 and IPv6 support are enabled, the Postfix SMTP
|
|
client will attempt to connect via IPv6 before attempting to use
|
|
IPv4. </p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
inet_protocols = ipv4 (DEFAULT)
|
|
inet_protocols = all
|
|
inet_protocols = ipv6
|
|
inet_protocols = ipv4, ipv6
|
|
</pre>
|
|
|
|
%PARAM initial_destination_concurrency 5
|
|
|
|
<p>
|
|
The initial per-destination concurrency level for parallel delivery
|
|
to the same destination. This limit applies to delivery via smtp(8),
|
|
and via the pipe(8) and virtual(8) delivery agents.
|
|
</p>
|
|
|
|
<p>
|
|
Warning: with concurrency of 1, one bad message can be enough to
|
|
block all mail to a site.
|
|
</p>
|
|
|
|
%PARAM invalid_hostname_reject_code 501
|
|
|
|
<p>
|
|
The numerical Postfix SMTP server response code when the client
|
|
HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname
|
|
restriction.
|
|
</p>
|
|
|
|
<p>
|
|
Do not change this unless you have a complete understanding of RFC 821.
|
|
</p>
|
|
|
|
%PARAM ipc_idle 100s
|
|
|
|
<p>
|
|
The time after which a client closes an idle internal communication
|
|
channel. The purpose is to allow servers to terminate voluntarily
|
|
after they become idle. This is used, for example, by the address
|
|
resolving and rewriting clients.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM ipc_timeout 3600s
|
|
|
|
<p>
|
|
The time limit for sending or receiving information over an internal
|
|
communication channel. The purpose is to break out of deadlock
|
|
situations. If the time limit is exceeded the software aborts with a
|
|
fatal error.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM ipc_ttl 1000s
|
|
|
|
<p>
|
|
The time after which a client closes an active internal communication
|
|
channel. The purpose is to allow servers to terminate voluntarily
|
|
after reaching their client limit. This is used, for example, by
|
|
the address resolving and rewriting clients.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM line_length_limit 2048
|
|
|
|
<p> Upon input, long lines are chopped up into pieces of at most
|
|
this length; upon delivery, long lines are reconstructed. </p>
|
|
|
|
%PARAM lmtp_connect_timeout 0s
|
|
|
|
<p> The LMTP client time limit for completing a TCP connection, or
|
|
zero (use the operating system built-in time limit). When no
|
|
connection can be made within the deadline, the LMTP client tries
|
|
the next address on the mail exchanger list. </p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
lmtp_connect_timeout = 30s
|
|
</pre>
|
|
|
|
%PARAM lmtp_data_done_timeout 600s
|
|
|
|
<p> The LMTP client time limit for sending the LMTP ".", and for
|
|
receiving the server response. When no response is received within
|
|
the deadline, a warning is logged that the mail may be delivered
|
|
multiple times. </p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM lmtp_data_init_timeout 120s
|
|
|
|
<p>
|
|
The LMTP client time limit for sending the LMTP DATA command, and
|
|
for receiving the server response.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM lmtp_data_xfer_timeout 180s
|
|
|
|
<p>
|
|
The LMTP client time limit for sending the LMTP message content.
|
|
When the connection stalls for more than $lmtp_data_xfer_timeout
|
|
the LMTP client terminates the transfer.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM lmtp_lhlo_timeout 300s
|
|
|
|
<p> The LMTP client time limit for receiving the LMTP greeting
|
|
banner. When the server drops the connection without sending a
|
|
greeting banner, or when it sends no greeting banner within the
|
|
deadline, the LMTP client tries the next address on the mail
|
|
exchanger list. </p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM lmtp_mail_timeout 300s
|
|
|
|
<p>
|
|
The LMTP client time limit for sending the MAIL FROM command, and
|
|
for receiving the server response.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM lmtp_quit_timeout 300s
|
|
|
|
<p>
|
|
The LMTP client time limit for sending the QUIT command, and for
|
|
receiving the server response.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM lmtp_rcpt_timeout 300s
|
|
|
|
<p>
|
|
The LMTP client time limit for sending the RCPT TO command, and
|
|
for receiving the server response.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM lmtp_rset_timeout 20s
|
|
|
|
<p> The LMTP client time limit for sending the RSET command, and
|
|
for receiving the server response. The LMTP client sends RSET in
|
|
order to finish a recipient address probe, or to verify that a
|
|
cached connection is still alive. </p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM lmtp_send_xforward_command no
|
|
|
|
<p>
|
|
Send an XFORWARD command to the LMTP server when the LMTP LHLO
|
|
server response announces XFORWARD support. This allows an lmtp(8)
|
|
delivery agent, used for content filter message injection, to
|
|
forward the name, address, protocol and HELO name of the original
|
|
client to the content filter and downstream queuing LMTP server.
|
|
Before you change the value to yes, it is best to make sure that
|
|
your content filter supports this command.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM lmtp_skip_quit_response no
|
|
|
|
<p>
|
|
Wait for the response to the LMTP QUIT command.
|
|
</p>
|
|
|
|
%PARAM lmtp_xforward_timeout 300s
|
|
|
|
<p>
|
|
The LMTP client time limit for sending the XFORWARD command, and
|
|
for receiving the server response.
|
|
</p>
|
|
|
|
<p>
|
|
In case of problems the client does NOT try the next address on
|
|
the mail exchanger list.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM local_command_shell
|
|
|
|
<p>
|
|
Optional shell program for local(8) delivery to non-Postfix command.
|
|
By default, non-Postfix commands are executed directly; commands
|
|
are given to given to /bin/sh only when they contain shell meta
|
|
characters or shell built-in commands. </p>
|
|
|
|
<p> "sendmail's restricted shell" (smrsh) is what most people will
|
|
use in order to restrict what programs can be run from e.g. .forward
|
|
files (smrsh is part of the Sendmail distribution). </p>
|
|
|
|
<p> Note: when a shell program is specified, it is invoked even
|
|
when the command contains no shell built-in commands or meta
|
|
characters. </p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
local_command_shell = /some/where/smrsh -c
|
|
</pre>
|
|
|
|
%PARAM local_destination_concurrency_limit 2
|
|
|
|
<p> The maximal number of parallel deliveries via the local mail
|
|
delivery transport to the same recipient (when
|
|
"local_destination_recipient_limit = 1") or the maximal number of
|
|
parallel deliveries to the same local domain (when
|
|
"local_destination_recipient_limit > 1"). This limit is enforced by
|
|
the queue manager. The message delivery transport name is the first
|
|
field in the entry in the master.cf file. </p>
|
|
|
|
<p> A low limit of 2 is recommended, just in case someone has an
|
|
expensive shell command in a .forward file or in an alias (e.g.,
|
|
a mailing list manager). You don't want to run lots of those at
|
|
the same time. </p>
|
|
|
|
%PARAM local_destination_recipient_limit 1
|
|
|
|
<p> The maximal number of recipients per message delivery via the
|
|
local mail delivery transport. This limit is enforced by the queue
|
|
manager. The message delivery transport name is the first field in
|
|
the entry in the master.cf file. </p>
|
|
|
|
<p> Setting this parameter to a value > 1 changes the meaning of
|
|
local_destination_concurrency_limit from concurrency per recipient
|
|
into concurrency per domain. </p>
|
|
|
|
%PARAM local_recipient_maps proxy:unix:passwd.byname $alias_maps
|
|
|
|
<p> Lookup tables with all names or addresses of local recipients:
|
|
a recipient address is local when its domain matches $mydestination,
|
|
$inet_interfaces or $proxy_interfaces. Specify @domain as a
|
|
wild-card for domains that do not have a valid recipient list.
|
|
Technically, tables listed with $local_recipient_maps are used as
|
|
lists: Postfix needs to know only if a lookup string is found or
|
|
not, but it does not use the result from table lookup. </p>
|
|
|
|
<p>
|
|
If this parameter is non-empty (the default), then the Postfix SMTP
|
|
server will reject mail for unknown local users.
|
|
</p>
|
|
|
|
<p>
|
|
To turn off local recipient checking in the Postfix SMTP server,
|
|
specify "local_recipient_maps =" (i.e. empty).
|
|
</p>
|
|
|
|
<p>
|
|
The default setting assumes that you use the default Postfix local
|
|
delivery agent for local delivery. You need to update the
|
|
local_recipient_maps setting if:
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li>You redefine the local delivery agent in master.cf.
|
|
|
|
<li>You redefine the "local_transport" setting in main.cf.
|
|
|
|
<li>You use the "luser_relay", "mailbox_transport", or "fallback_transport"
|
|
feature of the Postfix local(8) delivery agent.
|
|
|
|
</ul>
|
|
|
|
<p>
|
|
Details are described in the LOCAL_RECIPIENT_README file.
|
|
</p>
|
|
|
|
<p>
|
|
Beware: if the Postfix SMTP server runs chrooted, you need to access
|
|
the passwd file via the proxymap(8) service, in order to overcome
|
|
chroot access restrictions. The alternative, maintaining a copy of
|
|
the system password file in the chroot jail is not practical.
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
local_recipient_maps =
|
|
</pre>
|
|
|
|
%PARAM local_transport local:$myhostname
|
|
|
|
<p> The default mail delivery transport and next-hop destination
|
|
for final delivery to domains listed with mydestination, and for
|
|
[ipaddress] destinations that match $inet_interfaces or $proxy_interfaces.
|
|
This information can be overruled with the transport(5) table. </p>
|
|
|
|
<p>
|
|
By default, local mail is delivered to the transport called "local",
|
|
which is just the name of a service that is defined the master.cf file.
|
|
</p>
|
|
|
|
<p>
|
|
Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
|
|
is the name of a mail delivery transport defined in master.cf.
|
|
The <i>:nexthop</i> part is optional. For more details see the
|
|
transport(5) manual page.
|
|
</p>
|
|
|
|
<p>
|
|
Beware: if you override the default local delivery agent then you
|
|
need to review the LOCAL_RECIPIENT_README document, otherwise the
|
|
SMTP server may reject mail for local recipients.
|
|
</p>
|
|
|
|
%PARAM luser_relay
|
|
|
|
<p>
|
|
Optional catch-all destination for unknown local(8) recipients.
|
|
By default, mail for unknown recipients in domains that match
|
|
$mydestination, $inet_interfaces or $proxy_interfaces is returned
|
|
as undeliverable.
|
|
</p>
|
|
|
|
<p>
|
|
The following $name expansions are done on luser_relay:
|
|
</p>
|
|
|
|
<dl>
|
|
|
|
<dt><b>$domain</b></dt>
|
|
|
|
<dd>The recipient domain. </dd>
|
|
|
|
<dt><b>$extension</b></dt>
|
|
|
|
<dd>The recipient address extension. </dd>
|
|
|
|
<dt><b>$home</b></dt>
|
|
|
|
<dd>The recipient's home directory. </dd>
|
|
|
|
<dt><b>$local</b></dt>
|
|
|
|
<dd>The entire recipient address localpart. </dd>
|
|
|
|
<dt><b>$recipient</b></dt>
|
|
|
|
<dd>The full recipient address. </dd>
|
|
|
|
<dt><b>$recipient_delimiter</b></dt>
|
|
|
|
<dd>The system-wide recipient address extension delimiter. </dd>
|
|
|
|
<dt><b>$shell</b></dt>
|
|
|
|
<dd>The recipient's login shell. </dd>
|
|
|
|
<dt><b>$user</b></dt>
|
|
|
|
<dd>The recipient username. </dd>
|
|
|
|
<dt><b>${name?value}</b></dt>
|
|
|
|
<dd>Expands to <i>value</i> when <i>$name</i> has a non-empty value. </dd>
|
|
|
|
<dt><b>${name:value}</b></dt>
|
|
|
|
<dd>Expands to <i>value</i> when <i>$name</i> has an empty value. </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Instead of $name you can also specify ${name} or $(name).
|
|
</p>
|
|
|
|
<p>
|
|
Note: luser_relay works only for the Postfix local(8) delivery agent.
|
|
</p>
|
|
|
|
<p>
|
|
Note: if you use this feature for accounts not in the UNIX password
|
|
file, then you must specify "local_recipient_maps =" (i.e. empty)
|
|
in the main.cf file, otherwise the Postfix SMTP server will reject mail
|
|
for non-UNIX accounts with "User unknown in local recipient table".
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
luser_relay = $user@other.host
|
|
luser_relay = $local@other.host
|
|
luser_relay = admin+$local
|
|
</pre>
|
|
|
|
%PARAM mail_name Postfix
|
|
|
|
<p>
|
|
The mail system name that is displayed in Received: headers, in
|
|
the SMTP greeting banner, and in bounced mail.
|
|
</p>
|
|
|
|
%PARAM mail_owner postfix
|
|
|
|
<p>
|
|
The UNIX system account that owns the Postfix queue and most Postfix
|
|
daemon processes. Specify the name of a user account that does
|
|
not share a group with other accounts and that owns no other files
|
|
or processes on the system. In particular, don't specify nobody
|
|
or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID.
|
|
</p>
|
|
|
|
<p>
|
|
When this parameter value is changed you need to re-run "<b>postfix
|
|
set-permissions</b>" (with Postfix version 2.0 and earlier:
|
|
"<b>/etc/postfix/post-install set-permissions</b>".
|
|
</p>
|
|
|
|
%PARAM mail_spool_directory see "postconf -d" output
|
|
|
|
<p>
|
|
The directory where local(8) UNIX-style mailboxes are kept. The
|
|
default setting depends on the system type. Specify a name ending
|
|
in / for maildir-style delivery.
|
|
</p>
|
|
|
|
<p>
|
|
Note: maildir delivery is done with the privileges of the recipient.
|
|
If you use the mail_spool_directory setting for maildir style
|
|
delivery, then you must create the top-level maildir directory in
|
|
advance. Postfix will not create it.
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
mail_spool_directory = /var/mail
|
|
mail_spool_directory = /var/spool/mail
|
|
</pre>
|
|
|
|
%PARAM mail_version see "postconf -d" output
|
|
|
|
<p>
|
|
The version of the mail system. Stable releases are named
|
|
<i>major</i>.<i>minor</i>.<i>patchlevel</i>. Experimental releases
|
|
also include the release date. The version string can be used in,
|
|
for example, the SMTP greeting banner.
|
|
</p>
|
|
|
|
%PARAM mailbox_command
|
|
|
|
<p>
|
|
Optional external command that the local(8) delivery agent should
|
|
use for mailbox delivery. The command is run with the user ID and
|
|
the primary group ID privileges of the recipient. Exception:
|
|
command delivery for root executes with $default_privs privileges.
|
|
This is not a problem, because 1) mail for root should always be
|
|
aliased to a real user and 2) don't log in as root, use "su" instead.
|
|
</p>
|
|
|
|
<p>
|
|
The following environment variables are exported to the command:
|
|
</p>
|
|
|
|
<dl>
|
|
|
|
<dt><b>CLIENT_ADDRESS</b></dt>
|
|
|
|
<dd>Remote client network address. Available in Postfix version 2.2 and
|
|
later. </dd>
|
|
|
|
<dt><b>CLIENT_HELO</b></dt>
|
|
|
|
<dd>Remote client EHLO command parameter. Available in Postfix version 2.2
|
|
and later.</dd>
|
|
|
|
<dt><b>CLIENT_HOSTNAME</b></dt>
|
|
|
|
<dd>Remote client hostname. Available in Postfix version 2.2 and later.
|
|
</dd>
|
|
|
|
<dt><b>CLIENT_PROTOCOL</b></dt>
|
|
|
|
<dd>Remote client protocol. Available in Postfix version 2.2 and later.
|
|
</dd>
|
|
|
|
<dt><b>DOMAIN</b></dt>
|
|
|
|
<dd>The domain part of the recipient address. </dd>
|
|
|
|
<dt><b>EXTENSION</b></dt>
|
|
|
|
<dd>The optional address extension. </dd>
|
|
|
|
<dt><b>HOME</b></dt>
|
|
|
|
<dd>The recipient home directory. </dd>
|
|
|
|
<dt><b>LOCAL</b></dt>
|
|
|
|
<dd>The recipient address localpart. </dd>
|
|
|
|
<dt><b>LOGNAME</b></dt>
|
|
|
|
<dd>The recipient's username. </dd>
|
|
|
|
<dt><b>RECIPIENT</b></dt>
|
|
|
|
<dd>The full recipient address. </dd>
|
|
|
|
<dt><b>SASL_METHOD</b></dt>
|
|
|
|
<dd>SASL authentication method specified in the remote client AUTH
|
|
command. Available in Postfix version 2.2 and later. </dd>
|
|
|
|
<dt><b>SASL_SENDER</b></dt>
|
|
|
|
<dd>SASL sender address specified in the remote client MAIL FROM
|
|
command. Available in Postfix version 2.2 and later. </dd>
|
|
|
|
<dt><b>SASL_USER</b></dt>
|
|
|
|
<dd>SASL username specified in the remote client AUTH command.
|
|
Available in Postfix version 2.2 and later. </dd>
|
|
|
|
<dt><b>SENDER</b></dt>
|
|
|
|
<dd>The full sender address. </dd>
|
|
|
|
<dt><b>SHELL</b></dt>
|
|
|
|
<dd>The recipient's login shell. </dd>
|
|
|
|
<dt><b>USER</b></dt>
|
|
|
|
<dd>The recipient username. </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Unlike other Postfix configuration parameters, the mailbox_command
|
|
parameter is not subjected to $name substitutions. This is to make
|
|
it easier to specify shell syntax (see example below).
|
|
</p>
|
|
|
|
<p>
|
|
If you can, avoid shell meta characters because they will force
|
|
Postfix to run an expensive shell process. If you're delivering
|
|
via Procmail then running a shell won't make a noticeable difference
|
|
in the total cost.
|
|
</p>
|
|
|
|
<p>
|
|
Note: if you use the mailbox_command feature to deliver mail
|
|
system-wide, you must set up an alias that forwards mail for root
|
|
to a real user.
|
|
</p>
|
|
|
|
<p> The precedence of local(8) delivery features from high to low
|
|
is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
|
|
mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
|
|
fallback_transport_maps, fallback_transport and luser_relay. </p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
mailbox_command = /some/where/procmail
|
|
mailbox_command = /some/where/procmail -a "$EXTENSION"
|
|
mailbox_command = /some/where/maildrop -d "$USER"
|
|
-f "$SENDER" "$EXTENSION"
|
|
</pre>
|
|
|
|
%PARAM mailbox_size_limit 51200000
|
|
|
|
<p> The maximal size of any local(8) individual mailbox or maildir
|
|
file, or zero (no limit). In fact, this limits the size of any
|
|
file that is written to upon local delivery, including files written
|
|
by external commands that are executed by the local(8) delivery
|
|
agent. </p>
|
|
|
|
<p>
|
|
This limit must not be smaller than the message size limit.
|
|
</p>
|
|
|
|
%PARAM maps_rbl_reject_code 554
|
|
|
|
<p>
|
|
The numerical Postfix SMTP server response code when a remote SMTP
|
|
client request is blocked by the reject_rbl_client, reject_rhsbl_client,
|
|
reject_rhsbl_sender or reject_rhsbl_recipient restriction.
|
|
</p>
|
|
|
|
<p>
|
|
Do not change this unless you have a complete understanding of RFC 821.
|
|
</p>
|
|
|
|
%PARAM masquerade_classes envelope_sender, header_sender, header_recipient
|
|
|
|
<p>
|
|
What addresses are subject to address masquerading.
|
|
</p>
|
|
|
|
<p>
|
|
By default, address masquerading is limited to envelope sender
|
|
addresses, and to header sender and header recipient addresses.
|
|
This allows you to use address masquerading on a mail gateway while
|
|
still being able to forward mail to users on individual machines.
|
|
</p>
|
|
|
|
<p>
|
|
Specify zero or more of: envelope_sender, envelope_recipient,
|
|
header_sender, header_recipient
|
|
</p>
|
|
|
|
%PARAM masquerade_domains
|
|
|
|
<p>
|
|
Optional list of domains whose subdomain structure will be stripped
|
|
off in email addresses.
|
|
</p>
|
|
|
|
<p>
|
|
The list is processed left to right, and processing stops at the
|
|
first match. Thus,
|
|
</p>
|
|
|
|
<pre>
|
|
masquerade_domains = foo.example.com example.com
|
|
</pre>
|
|
|
|
<p>
|
|
strips "user@any.thing.foo.example.com" to "user@foo.example.com",
|
|
but strips "user@any.thing.else.example.com" to "user@example.com".
|
|
</p>
|
|
|
|
<p>
|
|
A domain name prefixed with ! means do not masquerade this domain
|
|
or its subdomains. Thus,
|
|
</p>
|
|
|
|
<pre>
|
|
masquerade_domains = !foo.example.com example.com
|
|
</pre>
|
|
|
|
<p>
|
|
does not change "user@any.thing.foo.example.com" or "user@foo.example.com",
|
|
but strips "user@any.thing.else.example.com" to "user@example.com".
|
|
</p>
|
|
|
|
<p> Note: with Postfix version 2.2, message header address masquerading
|
|
happens only when message header address rewriting is enabled: </p>
|
|
|
|
<ul>
|
|
|
|
<li> The message is received with the Postfix sendmail(1) command,
|
|
|
|
<li> The message is received from a network client that matches
|
|
$local_header_rewrite_clients,
|
|
|
|
<li> The message is received from the network, and the
|
|
remote_header_rewrite_domain parameter specifies a non-empty value.
|
|
|
|
</ul>
|
|
|
|
<p> To get the behavior before Postfix version 2.2, specify
|
|
"local_header_rewrite_clients = static:all". </p>
|
|
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
masquerade_domains = $mydomain
|
|
</pre>
|
|
|
|
%PARAM masquerade_exceptions
|
|
|
|
<p>
|
|
Optional list of user names that are not subjected to address
|
|
masquerading, even when their address matches $masquerade_domains.
|
|
</p>
|
|
|
|
<p>
|
|
By default, address masquerading makes no exceptions.
|
|
</p>
|
|
|
|
<p>
|
|
Specify a list of user names, "/file/name" or "type:table" patterns,
|
|
separated by commas and/or whitespace. The list is matched left to
|
|
right, and the search stops on the first match. Specify "!name" to
|
|
exclude a name from the list. A "/file/name" pattern is replaced
|
|
by its contents; a "type:table" lookup table is matched when a name
|
|
matches a lookup key (the lookup result is ignored). Continue long
|
|
lines by starting the next line with whitespace. </p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
masquerade_exceptions = root, mailer-daemon
|
|
masquerade_exceptions = root
|
|
</pre>
|
|
|
|
%PARAM max_idle 100s
|
|
|
|
<p>
|
|
The maximum amount of time that an idle Postfix daemon process
|
|
waits for the next service request before exiting. This parameter
|
|
is ignored by the Postfix queue manager.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM max_use 100
|
|
|
|
<p>
|
|
The maximal number of connection requests before a Postfix daemon
|
|
process terminates. This parameter is ignored by the Postfix queue
|
|
manager and by other long-lived Postfix daemon processes.
|
|
</p>
|
|
|
|
%PARAM maximal_backoff_time 4000s
|
|
|
|
<p>
|
|
The maximal time between attempts to deliver a deferred message.
|
|
</p>
|
|
|
|
<p> This parameter should be set to a value greater than or equal
|
|
to $minimal_backoff_time. See also $queue_run_delay. </p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM maximal_queue_lifetime 5d
|
|
|
|
<p>
|
|
The maximal time a message is queued before it is sent back as
|
|
undeliverable.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is d (days).
|
|
</p>
|
|
|
|
<p>
|
|
Specify 0 when mail delivery should be tried only once.
|
|
</p>
|
|
|
|
%PARAM message_size_limit 10240000
|
|
|
|
<p>
|
|
The maximal size in bytes of a message, including envelope information.
|
|
</p>
|
|
|
|
%PARAM minimal_backoff_time 1000s
|
|
|
|
<p>
|
|
The minimal time between attempts to deliver a deferred message.
|
|
This parameter also limits the time an unreachable destination is
|
|
kept in the short-term, in-memory, destination status cache.
|
|
</p>
|
|
|
|
<p> This parameter should be set greater than or equal to
|
|
$queue_run_delay. See also $maximal_backoff_time. </p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM multi_recipient_bounce_reject_code 550
|
|
|
|
<p>
|
|
The numerical Postfix SMTP server response code when a remote SMTP
|
|
client request is blocked by the reject_multi_recipient_bounce
|
|
restriction.
|
|
</p>
|
|
|
|
<p>
|
|
Do not change this unless you have a complete understanding of RFC 821.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM mydestination $myhostname, localhost.$mydomain, localhost
|
|
|
|
<p> The list of domains that are delivered via the $local_transport
|
|
mail delivery transport. By default this is the Postfix local(8)
|
|
delivery agent which looks up all recipients in /etc/passwd and
|
|
/etc/aliases. The SMTP server validates recipient addresses with
|
|
$local_recipient_maps and rejects non-existent recipients. See also
|
|
the local domain class in the ADDRESS_CLASS_README file.
|
|
</p>
|
|
|
|
<p>
|
|
The default mydestination value specifies names for the local
|
|
machine only. On a mail domain gateway, you should also include
|
|
$mydomain.
|
|
</p>
|
|
|
|
<p>
|
|
The $local_transport delivery method is also selected for mail
|
|
addressed to user@[the.net.work.address] of the mail system (the
|
|
IP addresses specified with the inet_interfaces and proxy_interfaces
|
|
parameters).
|
|
</p>
|
|
|
|
<p>
|
|
Warnings:
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li><p>Do not specify the names of virtual domains - those domains
|
|
are specified elsewhere. See VIRTUAL_README for more information. </p>
|
|
|
|
<li><p>Do not specify the names of domains that this machine is
|
|
backup MX host for. See STANDARD_CONFIGURATION_README for how to
|
|
set up backup MX hosts. </p>
|
|
|
|
<li><p>By default, the Postfix SMTP server rejects mail for recipients
|
|
not listed with the local_recipient_maps parameter. See the
|
|
postconf(5) manual for a description of the local_recipient_maps
|
|
and unknown_local_recipient_reject_code parameters. </p>
|
|
|
|
</ul>
|
|
|
|
<p>
|
|
Specify a list of host or domain names, "/file/name" or "type:table"
|
|
patterns, separated by commas and/or whitespace. A "/file/name"
|
|
pattern is replaced by its contents; a "type:table" lookup table
|
|
is matched when a name matches a lookup key (the lookup result is
|
|
ignored). Continue long lines by starting the next line with
|
|
whitespace. </p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
mydestination = $myhostname, localhost.$mydomain $mydomain
|
|
mydestination = $myhostname, localhost.$mydomain www.$mydomain, ftp.$mydomain
|
|
</pre>
|
|
|
|
%PARAM mydomain see "postconf -d" output
|
|
|
|
<p>
|
|
The internet domain name of this mail system. The default is to
|
|
use $myhostname minus the first component. $mydomain is used as
|
|
a default value for many other configuration parameters.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
mydomain = domain.tld
|
|
</pre>
|
|
|
|
%PARAM myhostname see "postconf -d" output
|
|
|
|
<p>
|
|
The internet hostname of this mail system. The default is to use
|
|
the fully-qualified domain name from gethostname(). $myhostname is
|
|
used as a default value for many other configuration parameters.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
myhostname = host.domain.tld
|
|
</pre>
|
|
|
|
%PARAM mynetworks see "postconf -d" output
|
|
|
|
<p>
|
|
The list of "trusted" SMTP clients that have more privileges than
|
|
"strangers".
|
|
</p>
|
|
|
|
<p>
|
|
In particular, "trusted" SMTP clients are allowed to relay mail
|
|
through Postfix. See the smtpd_recipient_restrictions parameter
|
|
description in the postconf(5) manual.
|
|
</p>
|
|
|
|
<p>
|
|
You can specify the list of "trusted" network addresses by hand
|
|
or you can let Postfix do it for you (which is the default).
|
|
See the description of the mynetworks_style parameter for more
|
|
information.
|
|
</p>
|
|
|
|
<p>
|
|
If you specify the mynetworks list by hand,
|
|
Postfix ignores the mynetworks_style setting.
|
|
</p>
|
|
|
|
<p> Specify a list of network addresses or network/netmask patterns,
|
|
separated by commas and/or whitespace. Continue long lines by
|
|
starting the next line with whitespace. </p>
|
|
|
|
<p> The netmask specifies the number of bits in the network part
|
|
of a host address. You can also specify "/file/name" or "type:table"
|
|
patterns. A "/file/name" pattern is replaced by its contents; a
|
|
"type:table" lookup table is matched when a table entry matches a
|
|
lookup string (the lookup result is ignored). </p>
|
|
|
|
<p> The list is matched left to right, and the search stops on the
|
|
first match. Specify "!pattern" to exclude an address or network
|
|
block from the list. </p>
|
|
|
|
<p> Note: IP version 6 address information must be specified inside
|
|
<tt>[]</tt> in the mynetworks value, and in files specified with
|
|
"/file/name". IP version 6 addresses contain the ":" character,
|
|
and would otherwise be confused with a "type:table" pattern. </p>
|
|
|
|
<p> Examples: </p>
|
|
|
|
<pre>
|
|
mynetworks = 127.0.0.0/8 168.100.189.0/28
|
|
mynetworks = !192.168.0.1, 192.168.0.0/28
|
|
mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64
|
|
mynetworks = $config_directory/mynetworks
|
|
mynetworks = hash:/etc/postfix/network_table
|
|
</pre>
|
|
|
|
%PARAM myorigin $myhostname
|
|
|
|
<p>
|
|
The domain name that locally-posted mail appears to come
|
|
from, and that locally posted mail is delivered to. The default,
|
|
$myhostname, is adequate for small sites. If you run a domain with
|
|
multiple machines, you should (1) change this to $mydomain and (2)
|
|
set up a domain-wide alias database that aliases each user to
|
|
user@that.users.mailhost.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
myorigin = $mydomain
|
|
</pre>
|
|
|
|
%PARAM notify_classes resource, software
|
|
|
|
<p>
|
|
The list of error classes that are reported to the postmaster. The
|
|
default is to report only the most serious problems. The paranoid
|
|
may wish to turn on the policy (UCE and mail relaying) and protocol
|
|
error (broken mail software) reports.
|
|
</p>
|
|
|
|
<p>
|
|
The error classes are:
|
|
</p>
|
|
|
|
<dl>
|
|
|
|
<dt><b>bounce</b> (also implies <b>2bounce</b>)</dt>
|
|
|
|
<dd>Send the postmaster copies of the headers of bounced mail, and
|
|
send transcripts of SMTP sessions when Postfix rejects mail. The
|
|
notification is sent to the address specified with the
|
|
bounce_notice_recipient configuration parameter (default: postmaster).
|
|
</dd>
|
|
|
|
<dt><b>2bounce</b></dt>
|
|
|
|
<dd>Send undeliverable bounced mail to the postmaster. The notification
|
|
is sent to the address specified with the 2bounce_notice_recipient
|
|
configuration parameter (default: postmaster). </dd>
|
|
|
|
<dt><b>delay</b></dt>
|
|
|
|
<dd>Send the postmaster copies of the headers of delayed mail. The
|
|
notification is sent to the address specified with the
|
|
delay_notice_recipient configuration parameter (default: postmaster).
|
|
</dd>
|
|
|
|
<dt><b>policy</b></dt>
|
|
|
|
<dd>Send the postmaster a transcript of the SMTP session when a
|
|
client request was rejected because of (UCE) policy. The notification
|
|
is sent to the address specified with the error_notice_recipient
|
|
configuration parameter (default: postmaster). </dd>
|
|
|
|
<dt><b>protocol</b></dt>
|
|
|
|
<dd>Send the postmaster a transcript of the SMTP session in case
|
|
of client or server protocol errors. The notification is sent to
|
|
the address specified with the error_notice_recipient configuration
|
|
parameter (default: postmaster). </dd>
|
|
|
|
<dt><b>resource</b></dt>
|
|
|
|
<dd>Inform the postmaster of mail not delivered due to resource
|
|
problems. The notification is sent to the address specified with
|
|
the error_notice_recipient configuration parameter (default:
|
|
postmaster). </dd>
|
|
|
|
<dt><b>software</b></dt>
|
|
|
|
<dd>Inform the postmaster of mail not delivered due to software
|
|
problems. The notification is sent to the address specified with
|
|
the error_notice_recipient configuration parameter (default:
|
|
postmaster). </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
notify_classes = bounce, delay, policy, protocol, resource, software
|
|
notify_classes = 2bounce, resource, software
|
|
</pre>
|
|
|
|
%PARAM parent_domain_matches_subdomains see "postconf -d" output
|
|
|
|
<p>
|
|
What Postfix features match subdomains of "domain.tld" automatically,
|
|
instead of requiring an explicit ".domain.tld" pattern. This is
|
|
planned backwards compatibility: eventually, all Postfix features
|
|
are expected to require explicit ".domain.tld" style patterns when
|
|
you really want to match subdomains.
|
|
</p>
|
|
|
|
%PARAM propagate_unmatched_extensions canonical, virtual
|
|
|
|
<p>
|
|
What address lookup tables copy an address extension from the lookup
|
|
key to the lookup result.
|
|
</p>
|
|
|
|
<p>
|
|
For example, with a virtual(5) mapping of "<i>joe@domain ->
|
|
joe.user</i>", the address "<i>joe+foo@domain</i>" would rewrite
|
|
to "<i>joe.user+foo</i>".
|
|
</p>
|
|
|
|
<p>
|
|
Specify zero or more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>,
|
|
<b>forward</b>, <b>include</b> or <b>generic</b>. These cause
|
|
address extension
|
|
propagation with canonical(5), virtual(5), and aliases(5) maps,
|
|
with local(8) .forward and :include: file lookups, and with smtp(8)
|
|
generic maps, respectively. </p>
|
|
|
|
<p>
|
|
Note: enabling this feature for types other than <b>canonical</b>
|
|
and <b>virtual</b> is likely to cause problems when mail is forwarded
|
|
to other sites, especially with mail that is sent to a mailing list
|
|
exploder address.
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
propagate_unmatched_extensions = canonical, virtual, alias,
|
|
forward, include
|
|
propagate_unmatched_extensions = canonical, virtual
|
|
</pre>
|
|
|
|
%PARAM proxy_interfaces
|
|
|
|
<p>
|
|
The network interface addresses that this mail system receives mail
|
|
on by way of a proxy or network address translation unit.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
<p> You must specify your "outside" proxy/NAT addresses when your
|
|
system is a backup MX host for other domains, otherwise mail delivery
|
|
loops will happen when the primary MX host is down. </p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
proxy_interfaces = 1.2.3.4
|
|
</pre>
|
|
|
|
%PARAM qmgr_message_active_limit 20000
|
|
|
|
<p>
|
|
The maximal number of messages in the active queue.
|
|
</p>
|
|
|
|
%PARAM qmgr_message_recipient_limit 20000
|
|
|
|
<p> The maximal number of recipients held in memory by the Postfix
|
|
queue manager, and the maximal size of the size of the short-term,
|
|
in-memory "dead" destination status cache. </p>
|
|
|
|
%PARAM qmgr_message_recipient_minimum 10
|
|
|
|
<p>
|
|
The minimal number of in-memory recipients for any message. This
|
|
takes priority over any other in-memory recipient limits (i.e.,
|
|
the global qmgr_message_recipient_limit and the per transport
|
|
_recipient_limit) if necessary. The minimum value allowed for this
|
|
parameter is 1.
|
|
</p>
|
|
|
|
%PARAM qmqpd_authorized_clients
|
|
|
|
<p>
|
|
What clients are allowed to connect to the QMQP server port.
|
|
</p>
|
|
|
|
<p>
|
|
By default, no client is allowed to use the service. This is
|
|
because the QMQP server will relay mail to any destination.
|
|
</p>
|
|
|
|
<p>
|
|
Specify a list of client patterns. A list pattern specifies a host
|
|
name, a domain name, an internet address, or a network/mask pattern,
|
|
where the mask specifies the number of bits in the network part.
|
|
When a pattern specifies a file name, its contents are substituted
|
|
for the file name; when a pattern is a "type:table" table specification,
|
|
table lookup is used instead. </p>
|
|
|
|
<p>
|
|
Patterns are separated by whitespace and/or commas. In order to
|
|
reverse the result, precede a non-file name pattern with an
|
|
exclamation point (!).
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
qmqpd_authorized_clients = !192.168.0.1, 192.168.0.0/24
|
|
</pre>
|
|
|
|
%PARAM qmqpd_error_delay 1s
|
|
|
|
<p>
|
|
How long the QMQP server will pause before sending a negative reply
|
|
to the client. The purpose is to slow down confused or malicious
|
|
clients.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM qmqpd_timeout 300s
|
|
|
|
<p>
|
|
The time limit for sending or receiving information over the network.
|
|
If a read or write operation blocks for more than $qmqpd_timeout
|
|
seconds the QMQP server gives up and disconnects.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM queue_minfree 0
|
|
|
|
<p>
|
|
The minimal amount of free space in bytes in the queue file system
|
|
that is needed to receive mail. This is currently used by the SMTP
|
|
server to decide if it will accept any mail at all.
|
|
</p>
|
|
|
|
<p>
|
|
By default, the Postfix version 2.1 SMTP server rejects MAIL FROM commands
|
|
when the amount of free space is less than 1.5*$message_size_limit.
|
|
To specify a higher minimum free space limit, specify a queue_minfree
|
|
value that is at least 1.5*$message_size_limit.
|
|
</p>
|
|
|
|
<p>
|
|
With Postfix versions 2.0 and earlier, a queue_minfree value of
|
|
zero means there is no minimum required amount of free space.
|
|
</p>
|
|
|
|
%PARAM queue_run_delay 1000s
|
|
|
|
<p>
|
|
The time between deferred queue scans by the queue manager.
|
|
</p>
|
|
|
|
<p> This parameter should be set less than or equal to
|
|
$minimal_backoff_time. See also $maximal_backoff_time. </p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM rbl_reply_maps
|
|
|
|
<p>
|
|
Optional lookup tables with RBL response templates. The tables are
|
|
indexed by the RBL domain name. By default, Postfix uses the default
|
|
template as specified with the default_rbl_reply configuration
|
|
parameter. See there for a discussion of the syntax of RBL reply
|
|
templates.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM receive_override_options
|
|
|
|
<p> Enable or disable recipient validation, built-in content
|
|
filtering, or address mapping. Typically, these are specified in
|
|
master.cf as command-line arguments for the smtpd(8), qmqpd(8) or
|
|
pickup(8) daemons. </p>
|
|
|
|
<p> Specify zero or more of the following options. The options
|
|
override main.cf settings and are either implemented by smtpd(8),
|
|
qmqpd(8), or pickup(8) themselves, or they are forwarded to the
|
|
cleanup server. </p>
|
|
|
|
<dl>
|
|
|
|
<dt><b><a name="no_unknown_recipient_checks">no_unknown_recipient_checks</a></b></dt>
|
|
|
|
<dd>Do not try to reject unknown recipients (SMTP server only).
|
|
This is typically specified AFTER an external content filter.
|
|
</dd>
|
|
|
|
<dt><b><a name="no_address_mappings">no_address_mappings</a></b></dt>
|
|
|
|
<dd>Disable canonical address mapping, virtual alias map expansion,
|
|
address masquerading, and automatic BCC (blind carbon-copy)
|
|
recipients. This is typically specified BEFORE an external content
|
|
filter. </dd>
|
|
|
|
<dt><b><a name="no_header_body_checks">no_header_body_checks</a></b></dt>
|
|
|
|
<dd>Disable header/body_checks. This is typically specified AFTER
|
|
an external content filter. </dd>
|
|
|
|
<dt><b><a name="no_milters">no_milters</a></b></dt>
|
|
|
|
<dd>Disable Milter (mail filter) applications. This is typically
|
|
specified AFTER an external content filter. </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Note: when the "BEFORE content filter" receive_override_options
|
|
setting is specified in the main.cf file, specify the "AFTER content
|
|
filter" receive_override_options setting in master.cf (and vice
|
|
versa).
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
receive_override_options =
|
|
no_unknown_recipient_checks, no_header_body_checks
|
|
receive_override_options = no_address_mappings
|
|
</pre>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM recipient_bcc_maps
|
|
|
|
<p>
|
|
Optional BCC (blind carbon-copy) address lookup tables, indexed by
|
|
recipient address. The BCC address (multiple results are not
|
|
supported) is added when mail enters from outside of Postfix.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
<p>
|
|
The table search order is as follows:
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li> Look up the "user+extension@domain.tld" address including the
|
|
optional address extension.
|
|
|
|
<li> Look up the "user@domain.tld" address without the optional
|
|
address extension.
|
|
|
|
<li> Look up the "user+extension" address local part when the
|
|
recipient domain equals $myorigin, $mydestination, $inet_interfaces
|
|
or $proxy_interfaces.
|
|
|
|
<li> Look up the "user" address local part when the recipient domain
|
|
equals $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces.
|
|
|
|
<li> Look up the "@domain.tld" part.
|
|
|
|
</ul>
|
|
|
|
<p>
|
|
Specify the types and names of databases to use. After change,
|
|
run "<b>postmap /etc/postfix/recipient_bcc</b>".
|
|
</p>
|
|
|
|
<p>
|
|
Note: if mail to the BCC address bounces it will be returned to
|
|
the sender.
|
|
</p>
|
|
|
|
<p> Note: automatic BCC recipients are produced only for new mail.
|
|
To avoid mailer loops, automatic BCC recipients are not generated
|
|
for mail that Postfix forwards internally, nor for mail that Postfix
|
|
generates itself. </p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
|
|
</pre>
|
|
|
|
%PARAM recipient_canonical_maps
|
|
|
|
<p>
|
|
Optional address mapping lookup tables for envelope and header
|
|
recipient addresses.
|
|
The table format and lookups are documented in canonical(5).
|
|
</p>
|
|
|
|
<p>
|
|
Note: $recipient_canonical_maps is processed before $canonical_maps.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
|
|
</pre>
|
|
|
|
%PARAM recipient_delimiter
|
|
|
|
<p>
|
|
The separator between user names and address extensions (user+foo).
|
|
See canonical(5), local(8), relocated(5) and virtual(5) for the
|
|
effects this has on aliases, canonical, virtual, relocated and
|
|
on .forward file lookups. Basically, the software tries user+foo
|
|
and .forward+foo before trying user and .forward.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
recipient_delimiter = +
|
|
</pre>
|
|
|
|
%PARAM reject_code 554
|
|
|
|
<p>
|
|
The numerical Postfix SMTP server response code when a remote SMTP
|
|
client request is rejected by the "reject" restriction.
|
|
</p>
|
|
|
|
<p>
|
|
Do not change this unless you have a complete understanding of RFC 821.
|
|
</p>
|
|
|
|
%PARAM relay_domains $mydestination
|
|
|
|
<p> What destination domains (and subdomains thereof) this system
|
|
will relay mail to. Subdomain matching is controlled with the
|
|
parent_domain_matches_subdomains parameter. For details about how
|
|
the relay_domains value is used, see the description of the
|
|
permit_auth_destination and reject_unauth_destination SMTP recipient
|
|
restrictions. </p>
|
|
|
|
<p> Domains that match $relay_domains are delivered with the
|
|
$relay_transport mail delivery transport. The SMTP server validates
|
|
recipient addresses with $relay_recipient_maps and rejects non-existent
|
|
recipients. See also the relay domains address class in the
|
|
ADDRESS_CLASS_README file. </p>
|
|
|
|
<p> Note: Postfix will not automatically forward mail for domains
|
|
that list this system as their primary or backup MX host. See the
|
|
permit_mx_backup restriction in the postconf(5) manual page. </p>
|
|
|
|
<p> Specify a list of host or domain names, "/file/name" patterns
|
|
or "type:table" lookup tables, separated by commas and/or whitespace.
|
|
Continue long lines by starting the next line with whitespace. A
|
|
"/file/name" pattern is replaced by its contents; a "type:table"
|
|
lookup table is matched when a (parent) domain appears as lookup
|
|
key. </p>
|
|
|
|
%PARAM relay_domains_reject_code 554
|
|
|
|
<p>
|
|
The numerical Postfix SMTP server response code when a client
|
|
request is rejected by the reject_unauth_destination recipient
|
|
restriction.
|
|
</p>
|
|
|
|
<p>
|
|
Do not change this unless you have a complete understanding of RFC 821.
|
|
</p>
|
|
|
|
%PARAM relay_recipient_maps
|
|
|
|
<p> Optional lookup tables with all valid addresses in the domains
|
|
that match $relay_domains. Specify @domain as a wild-card for
|
|
domains that do not have a valid recipient list. Technically, tables
|
|
listed with $relay_recipient_maps are used as lists: Postfix needs
|
|
to know only if a lookup string is found or not, but it does not
|
|
use the result from table lookup. </p>
|
|
|
|
<p>
|
|
If this parameter is non-empty, then the Postfix SMTP server will reject
|
|
mail to unknown relay users. This feature is off by default.
|
|
</p>
|
|
|
|
<p>
|
|
See also the relay domains address class in the ADDRESS_CLASS_README
|
|
file.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
relay_recipient_maps = hash:/etc/postfix/relay_recipients
|
|
</pre>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM relayhost
|
|
|
|
<p>
|
|
The next-hop destination of non-local mail; overrides non-local
|
|
domains in recipient addresses. This information is overruled with
|
|
relay_transport, default_transport, sender_dependent_relayhost_maps
|
|
and with the transport(5) table.
|
|
</p>
|
|
|
|
<p>
|
|
On an intranet, specify the organizational domain name. If your
|
|
internal DNS uses no MX records, specify the name of the intranet
|
|
gateway host instead.
|
|
</p>
|
|
|
|
<p>
|
|
In the case of SMTP, specify a domain name, hostname, hostname:port,
|
|
[hostname]:port, [hostaddress] or [hostaddress]:port. The form
|
|
[hostname] turns off MX lookups.
|
|
</p>
|
|
|
|
<p>
|
|
If you're connected via UUCP, see the UUCP_README file for useful
|
|
information.
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
relayhost = $mydomain
|
|
relayhost = [gateway.my.domain]
|
|
relayhost = uucphost
|
|
relayhost = [an.ip.add.ress]
|
|
</pre>
|
|
|
|
%PARAM relocated_maps
|
|
|
|
<p>
|
|
Optional lookup tables with new contact information for users or
|
|
domains that no longer exist. The table format and lookups are
|
|
documented in relocated(5).
|
|
</p>
|
|
|
|
<p>
|
|
If you use this feature, run "<b>postmap /etc/postfix/relocated</b>" to
|
|
build the necessary DBM or DB file after change, then "<b>postfix
|
|
reload</b>" to make the changes visible.
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
relocated_maps = dbm:/etc/postfix/relocated
|
|
relocated_maps = hash:/etc/postfix/relocated
|
|
</pre>
|
|
|
|
%PARAM require_home_directory no
|
|
|
|
<p>
|
|
Whether or not a local(8) recipient's home directory must exist
|
|
before mail delivery is attempted. By default this test is disabled.
|
|
It can be useful for environments that import home directories to
|
|
the mail server (NOT RECOMMENDED).
|
|
</p>
|
|
|
|
%PARAM resolve_dequoted_address yes
|
|
|
|
<p> Resolve a recipient address safely instead of correctly, by
|
|
looking inside quotes. </p>
|
|
|
|
<p> By default, the Postfix address resolver does not quote the
|
|
address localpart as per RFC 822, so that additional @ or % or !
|
|
operators remain visible. This behavior is safe but it is also
|
|
technically incorrect. </p>
|
|
|
|
<p> If you specify "resolve_dequoted_address = no", then
|
|
the Postfix
|
|
resolver will not know about additional @ etc. operators in the
|
|
address localpart. This opens opportunities for obscure mail relay
|
|
attacks with user@domain@domain addresses when Postfix provides
|
|
backup MX service for Sendmail systems. </p>
|
|
|
|
%PARAM resolve_null_domain no
|
|
|
|
<p> Resolve an address that ends in the "@" null domain as if the
|
|
local hostname were specified, instead of rejecting the address as
|
|
invalid. </p>
|
|
|
|
<p> This feature is available in Postfix 2.1 and later.
|
|
Earlier versions always resolve the null domain as the local
|
|
hostname. </p>
|
|
|
|
<p> The Postfix SMTP server uses this feature to reject mail from
|
|
or to addresses that end in the "@" null domain, and from addresses
|
|
that rewrite into a form that ends in the "@" null domain. </p>
|
|
|
|
%PARAM sender_bcc_maps
|
|
|
|
<p> Optional BCC (blind carbon-copy) address lookup tables, indexed
|
|
by sender address. The BCC address (multiple results are not
|
|
supported) is added when mail enters from outside of Postfix. </p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
<p>
|
|
The table search order is as follows:
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li> Look up the "user+extension@domain.tld" address including the
|
|
optional address extension.
|
|
|
|
<li> Look up the "user@domain.tld" address without the optional
|
|
address extension.
|
|
|
|
<li> Look up the "user+extension" address local part when the
|
|
sender domain equals $myorigin, $mydestination, $inet_interfaces
|
|
or $proxy_interfaces.
|
|
|
|
<li> Look up the "user" address local part when the sender domain
|
|
equals $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces.
|
|
|
|
<li> Look up the "@domain.tld" part.
|
|
|
|
</ul>
|
|
|
|
<p>
|
|
Specify the types and names of databases to use. After change,
|
|
run "<b>postmap /etc/postfix/sender_bcc</b>".
|
|
</p>
|
|
|
|
<p>
|
|
Note: if mail to the BCC address bounces it will be returned to
|
|
the sender.
|
|
</p>
|
|
|
|
<p> Note: automatic BCC recipients are produced only for new mail.
|
|
To avoid mailer loops, automatic BCC recipients are not generated
|
|
for mail that Postfix forwards internally, nor for mail that Postfix
|
|
generates itself. </p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
sender_bcc_maps = hash:/etc/postfix/sender_bcc
|
|
</pre>
|
|
|
|
%PARAM sender_canonical_maps
|
|
|
|
<p>
|
|
Optional address mapping lookup tables for envelope and header
|
|
sender addresses.
|
|
The table format and lookups are documented in canonical(5).
|
|
</p>
|
|
|
|
<p>
|
|
Example: you want to rewrite the SENDER address "user@ugly.domain"
|
|
to "user@pretty.domain", while still being able to send mail to
|
|
the RECIPIENT address "user@ugly.domain".
|
|
</p>
|
|
|
|
<p>
|
|
Note: $sender_canonical_maps is processed before $canonical_maps.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
sender_canonical_maps = hash:/etc/postfix/sender_canonical
|
|
</pre>
|
|
|
|
%PARAM smtp_always_send_ehlo yes
|
|
|
|
<p>
|
|
Always send EHLO at the start of an SMTP session.
|
|
</p>
|
|
|
|
<p>
|
|
With "smtp_always_send_ehlo = no", Postfix sends EHLO only when
|
|
the word "ESMTP" appears in the server greeting banner (example:
|
|
220 spike.porcupine.org ESMTP Postfix).
|
|
</p>
|
|
|
|
%PARAM smtp_bind_address
|
|
|
|
<p>
|
|
An optional numerical network address that the Postfix SMTP client
|
|
should bind to when making an IPv4 connection.
|
|
</p>
|
|
|
|
<p>
|
|
This can be specified in the main.cf file for all SMTP clients, or
|
|
it can be specified in the master.cf file for a specific client,
|
|
for example:
|
|
</p>
|
|
|
|
<pre>
|
|
/etc/postfix/master.cf:
|
|
smtp ... smtp -o smtp_bind_address=11.22.33.44
|
|
</pre>
|
|
|
|
<p> Note 1: when inet_interfaces specifies no more than one IPv4
|
|
address, and that address is a non-loopback address, it is
|
|
automatically used as the smtp_bind_address. This supports virtual
|
|
IP hosting, but can be a problem on multi-homed firewalls. See the
|
|
inet_interfaces documentation for more detail. </p>
|
|
|
|
<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
|
|
but this form is not recommended here. </p>
|
|
|
|
%PARAM smtp_bind_address6
|
|
|
|
<p>
|
|
An optional numerical network address that the Postfix SMTP client
|
|
should bind to when making an IPv6 connection.
|
|
</p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
<p>
|
|
This can be specified in the main.cf file for all SMTP clients, or
|
|
it can be specified in the master.cf file for a specific client,
|
|
for example:
|
|
</p>
|
|
|
|
<pre>
|
|
/etc/postfix/master.cf:
|
|
smtp ... smtp -o smtp_bind_address6=1:2:3:4:5:6:7:8
|
|
</pre>
|
|
|
|
<p> Note 1: when inet_interfaces specifies no more than one IPv6
|
|
address, and that address is a non-loopback address, it is
|
|
automatically used as the smtp_bind_address6. This supports virtual
|
|
IP hosting, but can be a problem on multi-homed firewalls. See the
|
|
inet_interfaces documentation for more detail. </p>
|
|
|
|
<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
|
|
but this form is not recommended here. </p>
|
|
|
|
%PARAM smtp_connection_cache_time_limit 2s
|
|
|
|
<p> When SMTP connection caching is enabled, the amount of time that
|
|
an unused SMTP client socket is kept open before it is closed. Do
|
|
not specify larger values without permission from the remote sites.
|
|
</p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_connection_cache_reuse_limit 10
|
|
|
|
<p> When SMTP connection caching is enabled, the number of times that
|
|
an SMTP session may be reused before it is closed.
|
|
</p>
|
|
|
|
<p> This feature is available in Postfix 2.2. In Postfix 2.3 it is
|
|
replaced by $smtp_connection_reuse_time_limit.</p>
|
|
|
|
%PARAM smtp_connection_reuse_time_limit 300s
|
|
|
|
<p> The amount of time during which Postfix will use an SMTP
|
|
connection repeatedly. The timer starts when the connection is
|
|
initiated (i.e. it includes the connect, greeting and helo latency,
|
|
in addition to the latencies of subsequent mail delivery transactions).
|
|
</p>
|
|
|
|
<p> This feature addresses a performance stability problem with
|
|
remote SMTP servers. This problem is not specific to Postfix: it
|
|
can happen when any MTA sends large amounts of SMTP email to a site
|
|
that has multiple MX hosts. </p>
|
|
|
|
<p> The problem starts when one of a set of MX hosts becomes slower
|
|
than the rest. Even though SMTP clients connect to fast and slow
|
|
MX hosts with equal probability, the slow MX host ends up with more
|
|
simultaneous inbound connections than the faster MX hosts, because
|
|
the slow MX host needs more time to serve each client request. </p>
|
|
|
|
<p> The slow MX host becomes a connection attractor. If one MX
|
|
host becomes N times slower than the rest, it dominates mail delivery
|
|
latency unless there are more than N fast MX hosts to counter the
|
|
effect. And if the number of MX hosts is smaller than N, the mail
|
|
delivery latency becomes effectively that of the slowest MX host
|
|
divided by the total number of MX hosts. </p>
|
|
|
|
<p> The solution uses connection caching in a way that differs from
|
|
Postfix version 2.2. By limiting the amount of time during which a connection
|
|
can be used repeatedly (instead of limiting the number of deliveries
|
|
over that connection), Postfix not only restores fairness in the
|
|
distribution of simultaneous connections across a set of MX hosts,
|
|
it also favors deliveries over connections that perform well, which
|
|
is exactly what we want. </p>
|
|
|
|
<p> The default reuse time limit, 300s, is comparable to the various
|
|
smtp transaction timeouts which are fair estimates of maximum excess
|
|
latency for a slow delivery. Note that hosts may accept thousands
|
|
of messages over a single connection within the default connection
|
|
reuse time limit. This number is much larger than the default Postfix
|
|
version 2.2 limit of 10 messages per cached connection. It may prove necessary
|
|
to lower the limit to avoid interoperability issues with MTAs that
|
|
exhibit bugs when many messages are delivered via a single connection.
|
|
A lower reuse time limit risks losing the benefit of connection
|
|
reuse when the average connection and mail delivery latency exceeds
|
|
the reuse time limit. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtp_connection_cache_destinations
|
|
|
|
<p> Permanently enable SMTP connection caching for the specified
|
|
destinations. With SMTP connection caching, a connection is not
|
|
closed immediately after completion of a mail transaction. Instead,
|
|
the connection is kept open for up to $smtp_connection_cache_time_limit
|
|
seconds. This allows connections to be reused for other deliveries,
|
|
and can improve mail delivery performance. </p>
|
|
|
|
<p> Specify a comma or white space separated list of destinations
|
|
or pseudo-destinations: </p>
|
|
|
|
<ul>
|
|
|
|
<li> if mail is sent without a relay host: a domain name (the
|
|
right-hand side of an email address, without the [] around a numeric
|
|
IP address),
|
|
|
|
<li> if mail is sent via a relay host: a relay host name (without
|
|
[] or non-default TCP port), as specified in main.cf or in the
|
|
transport map,
|
|
|
|
<li> if mail is sent via a UNIX-domain socket: a pathname (without
|
|
the unix: prefix),
|
|
|
|
<li> a /file/name with domain names and/or relay host names as
|
|
defined above,
|
|
|
|
<li> a "type:table" with domain names and/or relay hosts name on
|
|
the left-hand side. The right-hand side result from "type:table"
|
|
lookups is ignored.
|
|
|
|
</ul>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_connection_cache_on_demand yes
|
|
|
|
<p> Temporarily enable SMTP connection caching while a destination
|
|
has a high volume of mail in the active queue. With SMTP connection
|
|
caching, a connection is not closed immediately after completion
|
|
of a mail transaction. Instead, the connection is kept open for
|
|
up to $smtp_connection_cache_time_limit seconds. This allows
|
|
connections to be reused for other deliveries, and can improve mail
|
|
delivery performance. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_connect_timeout 30s
|
|
|
|
<p>
|
|
The SMTP client time limit for completing a TCP connection, or
|
|
zero (use the operating system built-in time limit).
|
|
</p>
|
|
|
|
<p>
|
|
When no connection can be made within the deadline, the Postfix
|
|
SMTP client
|
|
tries the next address on the mail exchanger list. Specify 0 to
|
|
disable the time limit (i.e. use whatever timeout is implemented by
|
|
the operating system).
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM smtp_data_done_timeout 600s
|
|
|
|
<p>
|
|
The SMTP client time limit for sending the SMTP ".", and for receiving
|
|
the server response.
|
|
</p>
|
|
|
|
<p>
|
|
When no response is received within the deadline, a warning is
|
|
logged that the mail may be delivered multiple times.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM smtp_data_init_timeout 120s
|
|
|
|
<p>
|
|
The SMTP client time limit for sending the SMTP DATA command, and for
|
|
receiving the server response.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM smtp_data_xfer_timeout 180s
|
|
|
|
<p>
|
|
The SMTP client time limit for sending the SMTP message content.
|
|
When the connection makes no progress for more than $smtp_data_xfer_timeout
|
|
seconds the Postfix SMTP client terminates the transfer.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM smtp_defer_if_no_mx_address_found no
|
|
|
|
<p>
|
|
Defer mail delivery when no MX record resolves to an IP address.
|
|
</p>
|
|
|
|
<p>
|
|
The default (no) is to return the mail as undeliverable. With older
|
|
Postfix versions the default was to keep trying to deliver the mail
|
|
until someone fixed the MX record or until the mail was too old.
|
|
</p>
|
|
|
|
<p>
|
|
Note: Postfix always ignores MX records with equal or worse preference
|
|
than the local MTA itself.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM lmtp_destination_concurrency_limit $default_destination_concurrency_limit
|
|
|
|
<p> The maximal number of parallel deliveries to the same destination
|
|
via the lmtp message delivery transport. This limit is enforced by
|
|
the queue manager. The message delivery transport name is the first
|
|
field in the entry in the master.cf file. </p>
|
|
|
|
%PARAM lmtp_destination_recipient_limit $default_destination_recipient_limit
|
|
|
|
<p> The maximal number of recipients per delivery via the lmtp
|
|
message delivery transport. This limit is enforced by the queue
|
|
manager. The message delivery transport name is the first field in
|
|
the entry in the master.cf file. </p>
|
|
|
|
<p> Setting this parameter to a value of 1 changes the meaning of
|
|
lmtp_destination_concurrency_limit from concurrency per domain into
|
|
concurrency per recipient. </p>
|
|
|
|
%PARAM relay_destination_concurrency_limit $default_destination_concurrency_limit
|
|
|
|
<p> The maximal number of parallel deliveries to the same destination
|
|
via the relay message delivery transport. This limit is enforced
|
|
by the queue manager. The message delivery transport name is the
|
|
first field in the entry in the master.cf file. </p>
|
|
|
|
<p> This feature is available in Postfix 2.0 and later. </p>
|
|
|
|
%PARAM relay_destination_recipient_limit $default_destination_recipient_limit
|
|
|
|
<p> The maximal number of recipients per delivery via the relay
|
|
message delivery transport. This limit is enforced by the queue
|
|
manager. The message delivery transport name is the first field in
|
|
the entry in the master.cf file. </p>
|
|
|
|
<p> Setting this parameter to a value of 1 changes the meaning of
|
|
relay_destination_concurrency_limit from concurrency per domain
|
|
into concurrency per recipient. </p>
|
|
|
|
<p> This feature is available in Postfix 2.0 and later. </p>
|
|
|
|
%PARAM smtp_destination_concurrency_limit $default_destination_concurrency_limit
|
|
|
|
<p> The maximal number of parallel deliveries to the same destination
|
|
via the smtp message delivery transport. This limit is enforced by
|
|
the queue manager. The message delivery transport name is the first
|
|
field in the entry in the master.cf file. </p>
|
|
|
|
%PARAM smtp_destination_recipient_limit $default_destination_recipient_limit
|
|
|
|
<p> The maximal number of recipients per delivery via the smtp
|
|
message delivery transport. This limit is enforced by the queue
|
|
manager. The message delivery transport name is the first field in
|
|
the entry in the master.cf file. </p>
|
|
|
|
<p> Setting this parameter to a value of 1 changes the meaning of
|
|
smtp_destination_concurrency_limit from concurrency per domain
|
|
into concurrency per recipient. </p>
|
|
|
|
%PARAM virtual_destination_concurrency_limit $default_destination_concurrency_limit
|
|
|
|
<p> The maximal number of parallel deliveries to the same destination
|
|
via the virtual message delivery transport. This limit is enforced
|
|
by the queue manager. The message delivery transport name is the
|
|
first field in the entry in the master.cf file. </p>
|
|
|
|
%PARAM virtual_destination_recipient_limit $default_destination_recipient_limit
|
|
|
|
<p> The maximal number of recipients per delivery via the virtual
|
|
message delivery transport. This limit is enforced by the queue
|
|
manager. The message delivery transport name is the first field in
|
|
the entry in the master.cf file. </p>
|
|
|
|
<p> Setting this parameter to a value of 1 changes the meaning of
|
|
virtual_destination_concurrency_limit from concurrency per domain
|
|
into concurrency per recipient. </p>
|
|
|
|
%PARAM smtp_helo_name $myhostname
|
|
|
|
<p>
|
|
The hostname to send in the SMTP EHLO or HELO command.
|
|
</p>
|
|
|
|
<p>
|
|
The default value is the machine hostname. Specify a hostname or
|
|
[ip.add.re.ss].
|
|
</p>
|
|
|
|
<p>
|
|
This information can be specified in the main.cf file for all SMTP
|
|
clients, or it can be specified in the master.cf file for a specific
|
|
client, for example:
|
|
</p>
|
|
|
|
<pre>
|
|
/etc/postfix/master.cf:
|
|
mysmtp ... smtp -o smtp_helo_name=foo.bar.com
|
|
</pre>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM smtp_helo_timeout 300s
|
|
|
|
<p>
|
|
The SMTP client time limit for sending the HELO or EHLO command,
|
|
and for receiving the initial server response.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM smtp_host_lookup dns
|
|
|
|
<p>
|
|
What mechanisms when the Postfix SMTP client uses to look up a host's IP
|
|
address. This parameter is ignored when DNS lookups are disabled.
|
|
</p>
|
|
|
|
<p>
|
|
Specify one of the following:
|
|
</p>
|
|
|
|
<dl>
|
|
|
|
<dt><b>dns</b></dt>
|
|
|
|
<dd>Hosts can be found in the DNS (preferred). </dd>
|
|
|
|
<dt><b>native</b></dt>
|
|
|
|
<dd>Use the native naming service only (nsswitch.conf, or equivalent
|
|
mechanism). </dd>
|
|
|
|
<dt><b>dns, native</b></dt>
|
|
|
|
<dd>Use the native service for hosts not found in the DNS. </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM smtp_line_length_limit 990
|
|
|
|
<p>
|
|
The maximal length of message header and body lines that Postfix
|
|
will send via SMTP. Longer lines are broken by inserting
|
|
"<CR><LF><SPACE>". This minimizes the damage to
|
|
MIME formatted mail.
|
|
</p>
|
|
|
|
<p>
|
|
By default, the line length is limited to 990 characters, because
|
|
some server implementations cannot receive mail with long lines.
|
|
</p>
|
|
|
|
%PARAM smtp_mail_timeout 300s
|
|
|
|
<p>
|
|
The SMTP client time limit for sending the MAIL FROM command, and
|
|
for receiving the server response.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM smtp_mx_address_limit 5
|
|
|
|
<p>
|
|
The maximal number of MX (mail exchanger) IP addresses that can
|
|
result from mail exchanger lookups, or zero (no limit). Prior to
|
|
Postfix version 2.3, this limit was disabled by default.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM smtp_mx_session_limit 2
|
|
|
|
<p> The maximal number of SMTP sessions per delivery request before
|
|
giving up or delivering to a fall-back relay host, or zero (no
|
|
limit). This restriction ignores sessions that fail to complete the
|
|
SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to
|
|
complete the EHLO and TLS handshake (Postfix version 2.3 and later). </p>
|
|
|
|
<p> This feature is available in Postfix 2.1 and later. </p>
|
|
|
|
%PARAM smtp_never_send_ehlo no
|
|
|
|
<p> Never send EHLO at the start of an SMTP session. See also the
|
|
smtp_always_send_ehlo parameter. </p>
|
|
|
|
%PARAM smtp_pix_workaround_threshold_time 500s
|
|
|
|
<p>
|
|
How long a message must be queued before the PIX firewall
|
|
"<CR><LF>.<CR><LF>" bug workaround is turned
|
|
on for delivery through firewalls with "smtp fixup" mode turned on.
|
|
</p>
|
|
|
|
<p>
|
|
By default, the workaround is turned off for mail that is queued
|
|
for less than 500 seconds. In other words, the workaround is normally
|
|
turned off for the first delivery attempt.
|
|
</p>
|
|
|
|
<p>
|
|
Specify 0 to enable the PIX firewall
|
|
"<CR><LF>.<CR><LF>" bug workaround upon the
|
|
first delivery attempt.
|
|
</p>
|
|
|
|
%PARAM smtp_quit_timeout 300s
|
|
|
|
<p>
|
|
The SMTP client time limit for sending the QUIT command, and for
|
|
receiving the server response.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM smtp_quote_rfc821_envelope yes
|
|
|
|
<p>
|
|
Quote addresses in SMTP MAIL FROM and RCPT TO commands as required
|
|
by RFC 821. This includes putting quotes around an address localpart
|
|
that ends in ".".
|
|
</p>
|
|
|
|
<p>
|
|
The default is to comply with RFC 821. If you have to send mail to
|
|
a broken SMTP server, configure a special SMTP client in master.cf:
|
|
</p>
|
|
|
|
<pre>
|
|
/etc/postfix/master.cf:
|
|
broken-smtp . . . smtp -o smtp_quote_rfc821_envelope=no
|
|
</pre>
|
|
|
|
<p>
|
|
and route mail for the destination in question to the "broken-smtp"
|
|
message delivery with a transport(5) table.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM smtp_rcpt_timeout 300s
|
|
|
|
<p>
|
|
The SMTP client time limit for sending the SMTP RCPT TO command, and
|
|
for receiving the server response.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM smtp_sasl_auth_enable no
|
|
|
|
<p>
|
|
Enable SASL authentication in the Postfix SMTP client. By default,
|
|
the Postfix SMTP client uses no authentication.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
smtp_sasl_auth_enable = yes
|
|
</pre>
|
|
|
|
%PARAM smtp_sasl_password_maps
|
|
|
|
<p>
|
|
Optional SMTP client lookup tables with one username:password entry
|
|
per remote hostname or domain, or sender address when sender-dependent
|
|
authentication is enabled. If no username:password entry is found,
|
|
then the Postfix SMTP client will not
|
|
attempt to authenticate to the remote host.
|
|
</p>
|
|
|
|
<p>
|
|
The Postfix SMTP client opens the lookup table before going to
|
|
chroot jail, so you can leave the password file in /etc/postfix.
|
|
</p>
|
|
|
|
%PARAM smtp_sasl_security_options noplaintext, noanonymous
|
|
|
|
<p> SASL security options; as of Postfix 2.3 the list of available
|
|
features depends on the SASL client implementation that is selected
|
|
with <b>smtp_sasl_type</b>. </p>
|
|
|
|
<p> The following security features are defined for the <b>cyrus</b>
|
|
client SASL implementation: </p>
|
|
|
|
<p>
|
|
Specify zero or more of the following:
|
|
</p>
|
|
|
|
<dl>
|
|
|
|
<dt><b>noplaintext</b></dt>
|
|
|
|
<dd>Disallow methods that use plaintext passwords. </dd>
|
|
|
|
<dt><b>noactive</b></dt>
|
|
|
|
<dd>Disallow methods subject to active (non-dictionary) attack.
|
|
</dd>
|
|
|
|
<dt><b>nodictionary</b></dt>
|
|
|
|
<dd>Disallow methods subject to passive (dictionary) attack. </dd>
|
|
|
|
<dt><b>noanonymous</b></dt>
|
|
|
|
<dd>Disallow methods that allow anonymous authentication. </dd>
|
|
|
|
<dt><b>mutual_auth</b></dt>
|
|
|
|
<dd>Only allow methods that provide mutual authentication (not
|
|
available with SASL version 1). </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
smtp_sasl_security_options = noplaintext
|
|
</pre>
|
|
|
|
%PARAM smtp_sasl_mechanism_filter
|
|
|
|
<p>
|
|
If non-empty, a Postfix SMTP client filter for the remote SMTP
|
|
server's list of offered SASL mechanisms. Different client and
|
|
server implementations may support different mechanism lists. By
|
|
default, the Postfix SMTP client will use the intersection of the
|
|
two. smtp_sasl_mechanism_filter further restricts what server
|
|
mechanisms the client will take into consideration. </p>
|
|
|
|
<p> Specify mechanism names, "/file/name" patterns or "type:table"
|
|
lookup tables. The right-hand side result from "type:table" lookups
|
|
is ignored. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
smtp_sasl_mechanism_filter = plain, login
|
|
smtp_sasl_mechanism_filter = /etc/postfix/smtp_mechs
|
|
smtp_sasl_mechanism_filter = !gssapi, !login, static:rest
|
|
</pre>
|
|
|
|
%PARAM smtp_send_xforward_command no
|
|
|
|
<p>
|
|
Send the non-standard XFORWARD command when the Postfix SMTP server
|
|
EHLO response announces XFORWARD support.
|
|
</p>
|
|
|
|
<p>
|
|
This allows an "smtp" delivery agent, used for injecting mail into
|
|
a content filter, to forward the name, address, protocol and HELO
|
|
name of the original client to the content filter and downstream
|
|
queuing SMTP server. This can produce more useful logging than
|
|
localhost[127.0.0.1] etc.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM smtp_skip_4xx_greeting yes
|
|
|
|
<p>
|
|
Skip SMTP servers that greet with a 4XX status code (go away, try
|
|
again later).
|
|
</p>
|
|
|
|
<p>
|
|
By default, Postfix moves on the next mail exchanger. Specify
|
|
"smtp_skip_4xx_greeting = no" if Postfix should defer delivery
|
|
immediately.
|
|
</p>
|
|
|
|
<p> This feature is available in Postfix 2.0 and earlier.
|
|
Later Postfix versions always skip SMTP servers that greet with a
|
|
4XX status code. </p>
|
|
|
|
%PARAM smtp_skip_5xx_greeting yes
|
|
|
|
<p>
|
|
Skip SMTP servers that greet with a 5XX status code (go away, do
|
|
not try again later).
|
|
</p>
|
|
|
|
<p> By default, the Postfix SMTP client moves on the next mail
|
|
exchanger. Specify "smtp_skip_5xx_greeting = no" if Postfix should
|
|
bounce the mail immediately. The default setting is incorrect, but
|
|
it is what a lot of people expect to happen. </p>
|
|
|
|
%PARAM smtp_skip_quit_response yes
|
|
|
|
<p>
|
|
Do not wait for the response to the SMTP QUIT command.
|
|
</p>
|
|
|
|
%PARAM smtp_xforward_timeout 300s
|
|
|
|
<p>
|
|
The SMTP client time limit for sending the XFORWARD command, and
|
|
for receiving the server response.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM authorized_verp_clients $mynetworks
|
|
|
|
<p> What SMTP clients are allowed to specify the XVERP command.
|
|
This command requests that mail be delivered one recipient at a
|
|
time with a per recipient return address. </p>
|
|
|
|
<p> By default, only trusted clients are allowed to specify XVERP.
|
|
</p>
|
|
|
|
<p> This parameter was introduced with Postfix version 1.1. Postfix
|
|
version 2.1 renamed this parameter to smtpd_authorized_verp_clients
|
|
and changed the default to none. </p>
|
|
|
|
<p> Specify a list of network/netmask patterns, separated by commas
|
|
and/or whitespace. The mask specifies the number of bits in the
|
|
network part of a host address. You can also specify hostnames or
|
|
.domain names (the initial dot causes the domain to match any name
|
|
below it), "/file/name" or "type:table" patterns. A "/file/name"
|
|
pattern is replaced by its contents; a "type:table" lookup table
|
|
is matched when a table entry matches a lookup string (the lookup
|
|
result is ignored). Continue long lines by starting the next line
|
|
with whitespace. </p>
|
|
|
|
<p> Note: IP version 6 address information must be specified inside
|
|
<tt>[]</tt> in the authorized_verp_clients value, and in files
|
|
specified with "/file/name". IP version 6 addresses contain the
|
|
":" character, and would otherwise be confused with a "type:table"
|
|
pattern. </p>
|
|
|
|
%PARAM smtpd_authorized_verp_clients $authorized_verp_clients
|
|
|
|
<p> What SMTP clients are allowed to specify the XVERP command.
|
|
This command requests that mail be delivered one recipient at a
|
|
time with a per recipient return address. </p>
|
|
|
|
<p> By default, no clients are allowed to specify XVERP. </p>
|
|
|
|
<p> This parameter was renamed with Postfix version 2.1. The default value
|
|
is backwards compatible with Postfix version 2.0. </p>
|
|
|
|
<p> Specify a list of network/netmask patterns, separated by commas
|
|
and/or whitespace. The mask specifies the number of bits in the
|
|
network part of a host address. You can also specify hostnames or
|
|
.domain names (the initial dot causes the domain to match any name
|
|
below it), "/file/name" or "type:table" patterns. A "/file/name"
|
|
pattern is replaced by its contents; a "type:table" lookup table
|
|
is matched when a table entry matches a lookup string (the lookup
|
|
result is ignored). Continue long lines by starting the next line
|
|
with whitespace. </p>
|
|
|
|
<p> Note: IP version 6 address information must be specified inside
|
|
<tt>[]</tt> in the smtpd_authorized_verp_clients value, and in
|
|
files specified with "/file/name". IP version 6 addresses contain
|
|
the ":" character, and would otherwise be confused with a "type:table"
|
|
pattern. </p>
|
|
|
|
%PARAM smtpd_authorized_xclient_hosts
|
|
|
|
<p>
|
|
What SMTP clients are allowed to use the XCLIENT feature. This
|
|
command overrides SMTP client information that is used for access
|
|
control. Typical use is for SMTP-based content filters, fetchmail-like
|
|
programs, or SMTP server access rule testing. See the XCLIENT_README
|
|
document for details.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
<p>
|
|
By default, no clients are allowed to specify XCLIENT.
|
|
</p>
|
|
|
|
<p>
|
|
Specify a list of network/netmask patterns, separated by commas
|
|
and/or whitespace. The mask specifies the number of bits in the
|
|
network part of a host address. You can also specify hostnames or
|
|
.domain names (the initial dot causes the domain to match any name
|
|
below it), "/file/name" or "type:table" patterns. A "/file/name"
|
|
pattern is replaced by its contents; a "type:table" lookup table
|
|
is matched when a table entry matches a lookup string (the lookup
|
|
result is ignored). Continue long lines by starting the next line
|
|
with whitespace. </p>
|
|
|
|
<p> Note: IP version 6 address information must be specified inside
|
|
<tt>[]</tt> in the smtpd_authorized_xclient_hosts value, and in
|
|
files specified with "/file/name". IP version 6 addresses contain
|
|
the ":" character, and would otherwise be confused with a "type:table"
|
|
pattern. </p>
|
|
|
|
%PARAM smtpd_authorized_xforward_hosts
|
|
|
|
<p>
|
|
What SMTP clients are allowed to use the XFORWARD feature. This
|
|
command forwards information that is used to improve logging after
|
|
SMTP-based content filters. See the XFORWARD_README document for
|
|
details.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
<p>
|
|
By default, no clients are allowed to specify XFORWARD.
|
|
</p>
|
|
|
|
<p>
|
|
Specify a list of network/netmask patterns, separated by commas
|
|
and/or whitespace. The mask specifies the number of bits in the
|
|
network part of a host address. You can also specify hostnames or
|
|
.domain names (the initial dot causes the domain to match any name
|
|
below it), "/file/name" or "type:table" patterns. A "/file/name"
|
|
pattern is replaced by its contents; a "type:table" lookup table
|
|
is matched when a table entry matches a lookup string (the lookup
|
|
result is ignored). Continue long lines by starting the next line
|
|
with whitespace. </p>
|
|
|
|
<p> Note: IP version 6 address information must be specified inside
|
|
<tt>[]</tt> in the smtpd_authorized_xforward_hosts value, and in
|
|
files specified with "/file/name". IP version 6 addresses contain
|
|
the ":" character, and would otherwise be confused with a "type:table"
|
|
pattern. </p>
|
|
|
|
%PARAM smtpd_banner $myhostname ESMTP $mail_name
|
|
|
|
<p>
|
|
The text that follows the 220 status code in the SMTP greeting
|
|
banner. Some people like to see the mail version advertised. By
|
|
default, Postfix shows no version.
|
|
</p>
|
|
|
|
<p>
|
|
You MUST specify $myhostname at the start of the text. This is
|
|
required by the SMTP protocol.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
|
|
</pre>
|
|
|
|
%PARAM smtpd_client_connection_count_limit 50
|
|
|
|
<p>
|
|
How many simultaneous connections any client is allowed to
|
|
make to this service. By default, the limit is set to half
|
|
the default process limit value.
|
|
</p>
|
|
|
|
<p>
|
|
To disable this feature, specify a limit of 0.
|
|
</p>
|
|
|
|
<p>
|
|
WARNING: The purpose of this feature is to limit abuse. It must
|
|
not be used to regulate legitimate mail traffic.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.2 and later.
|
|
</p>
|
|
|
|
%PARAM smtpd_client_event_limit_exceptions $mynetworks
|
|
|
|
<p>
|
|
Clients that are excluded from connection count, connection rate,
|
|
or SMTP request rate restrictions. See the mynetworks parameter
|
|
description for the parameter value syntax.
|
|
</p>
|
|
|
|
<p>
|
|
By default, clients in trusted networks are excluded. Specify a
|
|
list of network blocks, hostnames or .domain names (the initial
|
|
dot causes the domain to match any name below it).
|
|
</p>
|
|
|
|
<p> Note: IP version 6 address information must be specified inside
|
|
<tt>[]</tt> in the smtpd_client_event_limit_exceptions value, and
|
|
in files specified with "/file/name". IP version 6 addresses
|
|
contain the ":" character, and would otherwise be confused with a
|
|
"type:table" pattern. </p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.2 and later.
|
|
</p>
|
|
|
|
%PARAM smtpd_client_connection_rate_limit 0
|
|
|
|
<p>
|
|
The maximal number of connection attempts any client is allowed to
|
|
make to this service per time unit. The time unit is specified
|
|
with the anvil_rate_time_unit configuration parameter.
|
|
</p>
|
|
|
|
<p>
|
|
By default, a client can make as many connections per time unit as
|
|
Postfix can accept.
|
|
</p>
|
|
|
|
<p>
|
|
To disable this feature, specify a limit of 0.
|
|
</p>
|
|
|
|
<p>
|
|
WARNING: The purpose of this feature is to limit abuse. It must
|
|
not be used to regulate legitimate mail traffic.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.2 and later.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_client_connection_rate_limit = 1000
|
|
</pre>
|
|
|
|
%PARAM smtpd_client_message_rate_limit 0
|
|
|
|
<p>
|
|
The maximal number of message delivery requests that any client is
|
|
allowed to make to this service per time unit, regardless of whether
|
|
or not Postfix actually accepts those messages. The time unit is
|
|
specified with the anvil_rate_time_unit configuration parameter.
|
|
</p>
|
|
|
|
<p>
|
|
By default, a client can send as many message delivery requests
|
|
per time unit as Postfix can accept.
|
|
</p>
|
|
|
|
<p>
|
|
To disable this feature, specify a limit of 0.
|
|
</p>
|
|
|
|
<p>
|
|
WARNING: The purpose of this feature is to limit abuse. It must
|
|
not be used to regulate legitimate mail traffic.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.2 and later.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_client_message_rate_limit = 1000
|
|
</pre>
|
|
|
|
%PARAM smtpd_client_recipient_rate_limit 0
|
|
|
|
<p>
|
|
The maximal number of recipient addresses that any client is allowed
|
|
to send to this service per time unit, regardless of whether or not
|
|
Postfix actually accepts those recipients. The time unit is specified
|
|
with the anvil_rate_time_unit configuration parameter.
|
|
</p>
|
|
|
|
<p>
|
|
By default, a client can make as many recipient addresses per time
|
|
unit as Postfix can accept.
|
|
</p>
|
|
|
|
<p>
|
|
To disable this feature, specify a limit of 0.
|
|
</p>
|
|
|
|
<p>
|
|
WARNING: The purpose of this feature is to limit abuse. It must
|
|
not be used to regulate legitimate mail traffic.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.2 and later.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_client_recipient_rate_limit = 1000
|
|
</pre>
|
|
|
|
%PARAM smtpd_client_new_tls_session_rate_limit 0
|
|
|
|
<p>
|
|
The maximal number of new (i.e., uncached) TLS sessions that a
|
|
remote SMTP client is allowed to negotiate with this service per
|
|
time unit. The time unit is specified with the anvil_rate_time_unit
|
|
configuration parameter.
|
|
</p>
|
|
|
|
<p>
|
|
By default, a remote SMTP client can negotiate as many new TLS
|
|
sessions per time unit as Postfix can accept.
|
|
</p>
|
|
|
|
<p>
|
|
To disable this feature, specify a limit of 0. Otherwise, specify
|
|
a limit that is at least the per-client concurrent session limit,
|
|
or else legitimate client sessions may be rejected.
|
|
</p>
|
|
|
|
<p>
|
|
WARNING: The purpose of this feature is to limit abuse. It must
|
|
not be used to regulate legitimate mail traffic.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.3 and later.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_client_new_tls_session_rate_limit = 100
|
|
</pre>
|
|
|
|
%PARAM smtpd_client_restrictions
|
|
|
|
<p>
|
|
Optional SMTP server access restrictions in the context of a client
|
|
SMTP connection request.
|
|
</p>
|
|
|
|
<p>
|
|
The default is to allow all connection requests.
|
|
</p>
|
|
|
|
<p>
|
|
Specify a list of restrictions, separated by commas and/or whitespace.
|
|
Continue long lines by starting the next line with whitespace.
|
|
Restrictions are applied in the order as specified; the first
|
|
restriction that matches wins.
|
|
</p>
|
|
|
|
<p>
|
|
The following restrictions are specific to client hostname or
|
|
client network address information.
|
|
</p>
|
|
|
|
<dl>
|
|
|
|
<dt><b><a name="check_ccert_access">check_ccert_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
|
|
|
|
<dd>When the remote SMTP client certificate is verified successfully,
|
|
use the client certificate fingerprint as lookup key for the specified
|
|
access(5) database. This feature is available with Postfix version 2.2.</dd>
|
|
|
|
<dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
|
|
|
|
<dd>Search the specified access database for the client hostname,
|
|
parent domains, client IP address, or networks obtained by stripping
|
|
least significant octets. See the access(5) manual page for details. </dd>
|
|
|
|
<dt><b><a name="permit_inet_interfaces">permit_inet_interfaces</a></b></dt>
|
|
|
|
<dd>Permit the request when the client IP address matches
|
|
$inet_interfaces. </dd>
|
|
|
|
<dt><b><a name="permit_mynetworks">permit_mynetworks</a></b></dt>
|
|
|
|
<dd>Permit the request when the client IP address matches any
|
|
network or network address listed in $mynetworks. </dd>
|
|
|
|
<dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt>
|
|
|
|
<dd> Permit the request when the client is successfully
|
|
authenticated via the RFC 2554 (AUTH) protocol. </dd>
|
|
|
|
|
|
<dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt>
|
|
|
|
<dd> Permit the request when the remote SMTP client certificate is
|
|
verified successfully. This option must be used only if a special
|
|
CA issues the certificates and only this CA is listed as trusted
|
|
CA, otherwise all clients with a recognized certificate would be
|
|
allowed to relay. This feature is available with Postfix version 2.2.</dd>
|
|
|
|
<dt><b><a name="permit_tls_clientcerts">permit_tls_clientcerts</a></b></dt>
|
|
|
|
<dd>Permit the request when the remote SMTP client certificate is
|
|
verified successfully, and the certificate fingerprint is listed
|
|
in $relay_clientcerts. This feature is available with Postfix version 2.2.</dd>
|
|
<dt><b><a name="reject_rbl_client">reject_rbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt>
|
|
|
|
<dd>Reject the request when the reversed client network address is
|
|
listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>
|
|
(Postfix version 2.1 and later only). If no "<i>=d.d.d.d</i>" is
|
|
specified, reject the request when the reversed client network
|
|
address is listed with any A record under <i>rbl_domain</i>. <br>
|
|
The maps_rbl_reject_code parameter specifies the response code for
|
|
rejected requests (default: 554), the default_rbl_reply parameter
|
|
specifies the default server reply, and the rbl_reply_maps parameter
|
|
specifies tables with server replies indexed by <i>rbl_domain</i>.
|
|
This feature is available in Postfix 2.0 and later. </dd>
|
|
|
|
<dt><b><a name="reject_rhsbl_client">reject_rhsbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt>
|
|
|
|
<dd>Reject the request when the client hostname is listed with the
|
|
A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version
|
|
2.1 and later only). If no "<i>=d.d.d.d</i>" is specified, reject
|
|
the request when the reversed client network address is listed with
|
|
any A record under <i>rbl_domain</i>. See the reject_rbl_client
|
|
description above for additional RBL related configuration parameters.
|
|
This feature is available in Postfix 2.0 and later. </dd>
|
|
|
|
<dt><b><a name="reject_unknown_client_hostname">reject_unknown_client_hostname</a></b> (with Postfix < 2.3: reject_unknown_client)</dt>
|
|
|
|
<dd>Reject the request when 1) the client IP address->name mapping
|
|
fails, 2) the name->address mapping fails, or 3) the name->address
|
|
mapping does not match the client IP address. <br> This is a
|
|
stronger restriction than the reject_unknown_reverse_client_hostname
|
|
feature, which triggers only under condition 1) above. <br> The
|
|
unknown_client_reject_code parameter specifies the response code
|
|
for rejected requests (default: 450). The reply is always 450 in
|
|
case the address->name or name->address lookup failed due to
|
|
a temporary problem. </dd>
|
|
|
|
<dt><b><a name="reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a></b></dt>
|
|
|
|
<dd>Reject the request when the client IP address has no address->name
|
|
mapping. <br> This is a weaker restriction than the
|
|
reject_unknown_client_hostname feature, which requires not only
|
|
that the address->name and name->address mappings exist, but
|
|
also that the two mappings reproduce the client IP address. <br>
|
|
The unknown_client_reject_code parameter specifies the response
|
|
code for rejected requests (default: 450). The reply is always 450
|
|
in case the address->name lookup failed due to a temporary
|
|
problem. <br> This feature is available in Postfix 2.3 and
|
|
later. </dd>
|
|
|
|
#<dt><b><a name="reject_unknown_forward_client_hostname">reject_unknown_forward_client_hostname</a></b></dt>
|
|
#
|
|
#<dd>Reject the request when the client IP address has no address->name
|
|
#or name ->address mapping. <br> This is a weaker restriction
|
|
#than the reject_unknown_client_hostname feature, which requires not
|
|
#only that the address->name and name->address mappings exist,
|
|
#but also that the two mappings reproduce the client IP address.
|
|
#<br> The unknown_client_reject_code parameter specifies the response
|
|
#code for rejected requests (default: 450). The reply is always 450
|
|
#in case the address->name or name ->address lookup failed due
|
|
#to a temporary problem. <br> This feature is available in Postfix
|
|
#version 2.3 and later. </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
In addition, you can use any of the following <a name="generic">
|
|
generic</a> restrictions. These restrictions are applicable in
|
|
any SMTP command context.
|
|
</p>
|
|
|
|
<dl>
|
|
|
|
<dt><b><a name="check_policy_service">check_policy_service <i>servername</i></a></b></dt>
|
|
|
|
<dd>Query the specified policy server. See the SMTPD_POLICY_README
|
|
document for details. This feature is available in Postfix 2.1
|
|
and later. </dd>
|
|
|
|
<dt><b><a name="defer">defer</a></b></dt>
|
|
|
|
<dd>Defer the request. The client is told to try again later. This
|
|
restriction is useful at the end of a restriction list, to make
|
|
the default policy explicit. <br> The defer_code parameter specifies
|
|
the SMTP server reply code (default: 450).</dd>
|
|
|
|
<dt><b><a name="defer_if_permit">defer_if_permit</a></b></dt>
|
|
|
|
<dd>Defer the request if some later restriction would result in an
|
|
explicit or implicit PERMIT action. This is useful when a blacklisting
|
|
feature fails due to a temporary problem. This feature is available
|
|
in Postfix version 2.1 and later. </dd>
|
|
|
|
<dt><b><a name="defer_if_reject">defer_if_reject</a></b></dt>
|
|
|
|
<dd>Defer the request if some later restriction would result in a
|
|
REJECT action. This is useful when a whitelisting feature fails
|
|
due to a temporary problem. This feature is available in Postfix
|
|
version 2.1 and later. </dd>
|
|
|
|
<dt><b><a name="permit">permit</a></b></dt>
|
|
|
|
<dd>Permit the request. This restriction is useful at the end of
|
|
a restriction list, to make the default policy explicit.</dd>
|
|
|
|
<dt><b><a name="reject_multi_recipient_bounce">reject_multi_recipient_bounce</a></b></dt>
|
|
|
|
<dd>Reject the request when the envelope sender is the null address,
|
|
and the message has multiple envelope recipients. This usage has
|
|
rare but legitimate applications: under certain conditions,
|
|
multi-recipient mail that was posted with the DSN option NOTIFY=NEVER
|
|
may be forwarded with the null sender address.
|
|
<br> Note: this restriction can only work reliably
|
|
when used in smtpd_data_restrictions or
|
|
smtpd_end_of_data_restrictions, because the total number of
|
|
recipients is not known at an earlier stage of the SMTP conversation.
|
|
Use at the RCPT stage will only reject the second etc. recipient.
|
|
<br>
|
|
The multi_recipient_bounce_reject_code parameter specifies the
|
|
response code for rejected requests (default: 550). This feature
|
|
is available in Postfix 2.1 and later. </dd>
|
|
|
|
<dt><b><a name="reject_plaintext_session">reject_plaintext_session</a></b></dt>
|
|
|
|
<dd>Reject the request when the connection is not encrypted. This
|
|
restriction should not be used before the client has had a chance
|
|
to negotiate encryption with the AUTH or STARTTLS commands.
|
|
<br>
|
|
The plaintext_reject_code parameter specifies the response
|
|
code for rejected requests (default: 450). This feature is available
|
|
in Postfix 2.3 and later. </dd>
|
|
|
|
<dt><b><a name="reject_unauth_pipelining">reject_unauth_pipelining</a></b></dt>
|
|
|
|
<dd>Reject the request when the client sends SMTP commands ahead
|
|
of time where it is not allowed, or when the client sends SMTP
|
|
commands ahead of time without knowing that Postfix actually supports
|
|
ESMTP command pipelining. This stops mail from bulk mail software
|
|
that improperly uses ESMTP command pipelining in order to speed up
|
|
deliveries. <br> Note: reject_unauth_pipelining is not useful
|
|
outside smtpd_data_restrictions when 1) the client uses ESMTP (EHLO
|
|
instead of HELO) and 2) with "smtpd_delay_reject = yes" (the
|
|
default). The use of reject_unauth_pipelining in the other
|
|
restriction contexts is therefore not recommended. </dd>
|
|
|
|
<dt><b><a name="reject">reject</a></b></dt>
|
|
|
|
<dd>Reject the request. This restriction is useful at the end of
|
|
a restriction list, to make the default policy explicit. The
|
|
reject_code configuration parameter specifies the response code to
|
|
rejected requests (default: 554).</dd>
|
|
|
|
<dt><b><a name="sleep">sleep <i>seconds</i></a></b></dt>
|
|
|
|
<dd>Pause for the specified number of seconds and proceed with
|
|
the next restriction in the list, if any. This may stop zombie
|
|
mail when used as:
|
|
|
|
<pre>
|
|
/etc/postfix/main.cf:
|
|
smtpd_client_restrictions =
|
|
sleep 1, reject_unauth_pipelining
|
|
smtpd_delay_reject = no
|
|
</pre>
|
|
This feature is available in Postfix 2.3. </dd>
|
|
|
|
<dt><b><a name="warn_if_reject">warn_if_reject</a></b></dt>
|
|
|
|
<dd>Change the meaning of the next restriction, so that it logs
|
|
a warning instead of rejecting a request (look for logfile records
|
|
that contain "reject_warning"). This is useful for testing new
|
|
restrictions in a "live" environment without risking unnecessary
|
|
loss of mail. </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Other restrictions that are valid in this context:
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li> SMTP command specific restrictions that are described under
|
|
the smtpd_helo_restrictions, smtpd_sender_restrictions or
|
|
smtpd_recipient_restrictions parameters. When helo, sender or
|
|
recipient restrictions are listed under smtpd_client_restrictions,
|
|
they have effect only with "smtpd_delay_reject = yes", so that
|
|
$smtpd_client_restrictions is evaluated at the time of the RCPT TO
|
|
command.
|
|
|
|
</ul>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname
|
|
</pre>
|
|
|
|
%CLASS smtpd-tarpit Tarpit features
|
|
|
|
<p>
|
|
When a remote SMTP client makes errors, the Postfix SMTP server
|
|
can insert delays before responding. This can help to slow down
|
|
run-away software. The behavior is controlled by an error counter
|
|
that counts the number of errors within an SMTP session that a
|
|
client makes without delivering mail.
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li><p>When the error counter is less than $smtpd_soft_error_limit the
|
|
Postfix SMTP server replies immediately (Postfix version 2.0 and earlier
|
|
delay their 4xx or 5xx error response). </p>
|
|
|
|
<li><p>When the error counter reaches $smtpd_soft_error_limit, the Postfix
|
|
SMTP server delays all its responses. </p>
|
|
|
|
<li><p>When the error counter reaches $smtpd_hard_error_limit the Postfix
|
|
SMTP server breaks the connection. </p>
|
|
|
|
</ul>
|
|
|
|
%PARAM smtpd_error_sleep_time 1s
|
|
|
|
<p>With Postfix version 2.1 and later: the SMTP server response delay after
|
|
a client has made more than $smtpd_soft_error_limit errors, and
|
|
fewer than $smtpd_hard_error_limit errors, without delivering mail.
|
|
</p>
|
|
|
|
<p>With Postfix version 2.0 and earlier: the SMTP server delay before
|
|
sending a reject (4xx or 5xx) response, when the client has made
|
|
fewer than $smtpd_soft_error_limit errors without delivering
|
|
mail. </p>
|
|
|
|
%PARAM smtpd_soft_error_limit 10
|
|
|
|
<p>
|
|
The number of errors a remote SMTP client is allowed to make without
|
|
delivering mail before the Postfix SMTP server slows down all its
|
|
responses.
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li><p>With Postfix version 2.1 and later, the Postfix SMTP server
|
|
delays all responses by $smtpd_error_sleep_time seconds. </p>
|
|
|
|
<li><p>With Postfix versions 2.0 and earlier, the Postfix SMTP
|
|
server delays all responses by (number of errors) seconds. </p>
|
|
|
|
</ul>
|
|
|
|
%PARAM smtpd_hard_error_limit 20
|
|
|
|
<p>
|
|
The maximal number of errors a remote SMTP client is allowed to
|
|
make without delivering mail. The Postfix SMTP server disconnects
|
|
when the limit is exceeded.
|
|
</p>
|
|
|
|
%PARAM smtpd_junk_command_limit 100
|
|
|
|
<p>
|
|
The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote
|
|
SMTP client can send before the Postfix SMTP server starts to
|
|
increment the error counter with each junk command. The junk
|
|
command count is reset after mail is delivered. See also the
|
|
smtpd_error_sleep_time and smtpd_soft_error_limit configuration
|
|
parameters.
|
|
</p>
|
|
|
|
%PARAM smtpd_recipient_overshoot_limit 1000
|
|
|
|
<p> The number of recipients that a remote SMTP client can send in
|
|
excess of the limit specified with $smtpd_recipient_limit, before
|
|
the Postfix SMTP server increments the per-session error count
|
|
for each excess recipient. </p>
|
|
|
|
%PARAM smtpd_etrn_restrictions
|
|
|
|
<p>
|
|
Optional SMTP server access restrictions in the context of a client
|
|
ETRN request.
|
|
</p>
|
|
|
|
<p>
|
|
The Postfix ETRN implementation accepts only destinations that are
|
|
eligible for the Postfix "fast flush" service. See the ETRN_README
|
|
file for details.
|
|
</p>
|
|
|
|
<p>
|
|
Specify a list of restrictions, separated by commas and/or whitespace.
|
|
Continue long lines by starting the next line with whitespace.
|
|
Restrictions are applied in the order as specified; the first
|
|
restriction that matches wins.
|
|
</p>
|
|
|
|
<p>
|
|
The following restrictions are specific to the domain name information
|
|
received with the ETRN command.
|
|
</p>
|
|
|
|
<dl>
|
|
|
|
<dt><b><a name="check_etrn_access">check_etrn_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
|
|
|
|
<dd>Search the specified access database for the ETRN domain name
|
|
or its parent domains. See the access(5) manual page for details.
|
|
</dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Other restrictions that are valid in this context:
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li><a href="#generic">Generic</a> restrictions that can be used
|
|
in any SMTP command context, described under smtpd_client_restrictions.
|
|
|
|
<li>SMTP command specific restrictions described under
|
|
smtpd_client_restrictions and smtpd_helo_restrictions.
|
|
|
|
</ul>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_etrn_restrictions = permit_mynetworks, reject
|
|
</pre>
|
|
|
|
%PARAM smtpd_expansion_filter see "postconf -d" output
|
|
|
|
<p>
|
|
What characters are allowed in $name expansions of RBL reply
|
|
templates. Characters not in the allowed set are replaced by "_".
|
|
Use C like escapes to specify special characters such as whitespace.
|
|
</p>
|
|
|
|
<p>
|
|
This parameter is not subjected to $parameter expansion.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM smtpd_forbidden_commands CONNECT, GET, POST
|
|
|
|
<p>
|
|
List of commands that causes the Postfix SMTP server to immediately
|
|
terminate the session with a 221 code. This can be used to disconnect
|
|
clients that obviously attempt to abuse the system. In addition to the
|
|
commands listed in this parameter, commands that follow the "Label:"
|
|
format of message headers will also cause a disconnect.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.2 and later.
|
|
</p>
|
|
|
|
%PARAM smtpd_helo_required no
|
|
|
|
<p>
|
|
Require that a remote SMTP client introduces itself at the beginning
|
|
of an SMTP session with the HELO or EHLO command.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_helo_required = yes
|
|
</pre>
|
|
|
|
%PARAM smtpd_helo_restrictions
|
|
|
|
<p>
|
|
Optional restrictions that the Postfix SMTP server applies in the
|
|
context of the SMTP HELO command.
|
|
</p>
|
|
|
|
<p>
|
|
The default is to permit everything.
|
|
</p>
|
|
|
|
<p>
|
|
Specify a list of restrictions, separated by commas and/or whitespace.
|
|
Continue long lines by starting the next line with whitespace.
|
|
Restrictions are applied in the order as specified; the first
|
|
restriction that matches wins.
|
|
</p>
|
|
|
|
<p>
|
|
The following restrictions are specific to the hostname information
|
|
received with the HELO or EHLO command.
|
|
</p>
|
|
|
|
<dl>
|
|
|
|
<dt><b><a name="check_helo_access">check_helo_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
|
|
|
|
<dd>Search the specified access(5) database for the HELO or EHLO
|
|
hostname or parent domains, and execute the corresponding action.
|
|
</dd>
|
|
|
|
<dt><b><a name="check_helo_mx_access">check_helo_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
|
|
|
|
<dd>Search the specified access(5) database for the MX hosts for
|
|
the HELO or EHLO hostname, and execute the corresponding action.
|
|
Note: a result of "OK" is not allowed for safety reasons. Instead,
|
|
use DUNNO in order to exclude specific hosts from blacklists. This
|
|
feature is available in Postfix 2.1 and later. </dd>
|
|
|
|
<dt><b><a name="check_helo_ns_access">check_helo_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
|
|
|
|
<dd>Search the specified access(5) database for the DNS servers
|
|
for the HELO or EHLO hostname, and execute the corresponding action.
|
|
Note: a result of "OK" is not allowed for safety reasons. Instead,
|
|
use DUNNO in order to exclude specific hosts from blacklists. This
|
|
feature is available in Postfix 2.1 and later. </dd>
|
|
|
|
<dt><b><a name="reject_invalid_helo_hostname">reject_invalid_helo_hostname</a></b> (with Postfix < 2.3: reject_invalid_hostname)</dt>
|
|
|
|
<dd>Reject the request when the HELO or EHLO hostname syntax is
|
|
invalid. <br> The invalid_hostname_reject_code specifies the response
|
|
code to rejected requests (default: 501).</dd>
|
|
|
|
<dt><b><a name="reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a></b> (with Postfix < 2.3: reject_non_fqdn_hostname)</dt>
|
|
|
|
<dd>Reject the request when the HELO or EHLO hostname is not in
|
|
fully-qualified domain form, as required by the RFC. <br> The
|
|
non_fqdn_reject_code parameter specifies the response code to
|
|
rejected requests (default: 504).</dd>
|
|
|
|
<dt><b><a name="reject_unknown_helo_hostname">reject_unknown_helo_hostname</a></b> (with Postfix < 2.3: reject_unknown_hostname)</dt>
|
|
|
|
<dd>Reject the request when the HELO or EHLO hostname has no DNS A
|
|
or MX record. <br> The unknown_hostname_reject_code specifies the
|
|
response code to rejected requests (default: 450). </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Other restrictions that are valid in this context:
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li> <a href="#generic">Generic</a> restrictions that can be used
|
|
in any SMTP command context, described under smtpd_client_restrictions.
|
|
|
|
<li> Client hostname or network address specific restrictions
|
|
described under smtpd_client_restrictions.
|
|
|
|
<li> SMTP command specific restrictions described under
|
|
smtpd_sender_restrictions or smtpd_recipient_restrictions. When
|
|
sender or recipient restrictions are listed under smtpd_helo_restrictions,
|
|
they have effect only with "smtpd_delay_reject = yes", so that
|
|
$smtpd_helo_restrictions is evaluated at the time of the RCPT TO
|
|
command.
|
|
|
|
</ul>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname
|
|
smtpd_helo_restrictions = permit_mynetworks, reject_unknown_helo_hostname
|
|
</pre>
|
|
|
|
%PARAM smtpd_history_flush_threshold 100
|
|
|
|
<p>
|
|
The maximal number of lines in the Postfix SMTP server command history
|
|
before it is flushed upon receipt of EHLO, RSET, or end of DATA.
|
|
</p>
|
|
|
|
%PARAM smtpd_noop_commands
|
|
|
|
<p>
|
|
List of commands that the Postfix SMTP server replies to with "250
|
|
Ok", without doing any syntax checks and without changing state.
|
|
This list overrides any commands built into the Postfix SMTP server.
|
|
</p>
|
|
|
|
%PARAM smtpd_proxy_ehlo $myhostname
|
|
|
|
<p>
|
|
How the Postfix SMTP server announces itself to the proxy filter.
|
|
By default, the Postfix hostname is used.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%CLASS smtpd-proxy SMTP Proxy filter
|
|
|
|
<p>
|
|
As of Postfix version 2.1, the SMTP server can forward all incoming
|
|
mail to a content filtering proxy server that inspects all mail
|
|
BEFORE it is stored in the Postfix mail queue.
|
|
</p>
|
|
|
|
<p>
|
|
WARNING: the proxy filter must reply within a fixed deadline or
|
|
else the remote SMTP client times out and mail duplication happens.
|
|
This becomes a problem as mail load increases so that fewer and
|
|
fewer CPU cycles remain available to mead the fixed deadline.
|
|
</p>
|
|
|
|
%PARAM smtpd_proxy_filter
|
|
|
|
<p> The hostname and TCP port of the mail filtering proxy server.
|
|
The proxy receives all mail from the Postfix SMTP server, and is
|
|
supposed to give the result to another Postfix SMTP server process.
|
|
</p>
|
|
|
|
<p> Specify "host:port" or "inet:host:port" for a TCP endpoint, or
|
|
"unix:pathname" for a UNIX-domain endpoint. The host can be specified
|
|
as an IP address or as a symbolic name; no MX lookups are done.
|
|
When no "host" or "host:" are specified, the local machine is
|
|
assumed. Pathname interpretation is relative to the Postfix queue
|
|
directory. </p>
|
|
|
|
<p> This feature is available in Postfix 2.1 and later. </p>
|
|
|
|
<p> The "inet:" and "unix:" prefixes are available in Postfix 2.3
|
|
and later. </p>
|
|
|
|
%PARAM smtpd_proxy_timeout 100s
|
|
|
|
<p>
|
|
The time limit for connecting to a proxy filter and for sending or
|
|
receiving information. When a connection fails the client gets a
|
|
generic error message while more detailed information is logged to
|
|
the maillog file.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM smtpd_recipient_limit 1000
|
|
|
|
<p>
|
|
The maximal number of recipients that the Postfix SMTP server
|
|
accepts per message delivery request.
|
|
</p>
|
|
|
|
%PARAM smtpd_recipient_restrictions permit_mynetworks, reject_unauth_destination
|
|
|
|
<p>
|
|
The access restrictions that the Postfix SMTP server applies in
|
|
the context of the RCPT TO command.
|
|
</p>
|
|
|
|
<p>
|
|
By default, the Postfix SMTP server accepts:
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li> Mail from clients whose IP address matches $mynetworks, or:
|
|
|
|
<li> Mail to remote destinations that match $relay_domains, except
|
|
for addresses that contain sender-specified routing
|
|
(user@elsewhere@domain), or:
|
|
|
|
<li> Mail to local destinations that match $inet_interfaces
|
|
or $proxy_interfaces, $mydestination, $virtual_alias_domains, or
|
|
$virtual_mailbox_domains.
|
|
|
|
</ul>
|
|
|
|
<p>
|
|
IMPORTANT: If you change this parameter setting, you must specify
|
|
at least one of the following restrictions. Otherwise Postfix will
|
|
refuse to receive mail:
|
|
</p>
|
|
|
|
<pre>
|
|
reject, defer, defer_if_permit, reject_unauth_destination
|
|
</pre>
|
|
|
|
<p>
|
|
Specify a list of restrictions, separated by commas and/or whitespace.
|
|
Continue long lines by starting the next line with whitespace.
|
|
Restrictions are applied in the order as specified; the first
|
|
restriction that matches wins.
|
|
</p>
|
|
|
|
<p>
|
|
The following restrictions are specific to the recipient address
|
|
that is received with the RCPT TO command.
|
|
</p>
|
|
|
|
<dl>
|
|
|
|
<dt><b><a name="check_recipient_access">check_recipient_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
|
|
|
|
<dd>Search the specified access(5) database for the resolved RCPT
|
|
TO address, domain, parent domains, or localpart@, and execute the
|
|
corresponding action. </dd>
|
|
|
|
<dt><b><a name="check_recipient_mx_access">check_recipient_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
|
|
|
|
<dd>Search the specified access(5) database for the MX hosts for
|
|
the RCPT TO address, and execute the corresponding action. Note:
|
|
a result of "OK" is not allowed for safety reasons. Instead, use
|
|
DUNNO in order to exclude specific hosts from blacklists. This
|
|
feature is available in Postfix 2.1 and later. </dd>
|
|
|
|
<dt><b><a name="check_recipient_ns_access">check_recipient_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
|
|
|
|
<dd>Search the specified access(5) database for the DNS servers
|
|
for the RCPT TO address, and execute the corresponding action.
|
|
Note: a result of "OK" is not allowed for safety reasons. Instead,
|
|
use DUNNO in order to exclude specific hosts from blacklists. This
|
|
feature is available in Postfix 2.1 and later. </dd>
|
|
|
|
<dt><b><a name="permit_auth_destination">permit_auth_destination</a></b></dt>
|
|
|
|
<dd>Permit the request when one of the following is true:
|
|
|
|
<ul>
|
|
|
|
<li> Postfix is mail forwarder: the resolved RCPT TO address matches
|
|
$relay_domains or a subdomain thereof, and the address contains no
|
|
sender-specified routing (user@elsewhere@domain),
|
|
|
|
<li> Postfix is the final destination: the resolved RCPT TO address
|
|
matches $mydestination, $inet_interfaces, $proxy_interfaces,
|
|
$virtual_alias_domains, or $virtual_mailbox_domains, and the address
|
|
contains no sender-specified routing (user@elsewhere@domain).
|
|
|
|
</ul></dd>
|
|
|
|
<dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt>
|
|
|
|
<dd>Permit the request when the local mail system is backup MX for
|
|
the RCPT TO address, or when the address is an authorized destination
|
|
(see permit_auth_destination for definition).
|
|
|
|
<ul>
|
|
|
|
<li> Safety: permit_mx_backup does not accept addresses that have
|
|
sender-specified routing information (example: user@elsewhere@domain).
|
|
|
|
<li> Safety: permit_mx_backup can be vulnerable to mis-use when
|
|
access is not restricted with permit_mx_backup_networks.
|
|
|
|
<li> Safety: as of Postfix version 2.3, permit_mx_backup no longer
|
|
accepts the address when the local mail system is primary MX for
|
|
the recipient domain. Exception: permit_mx_backup accepts the address
|
|
when it specifies an authorized destination (see permit_auth_destination
|
|
for definition).
|
|
|
|
<li> Limitation: mail may be rejected in case of a temporary DNS
|
|
lookup problem with Postfix prior to version 2.0.
|
|
|
|
</ul></dd>
|
|
|
|
<dt><b><a name="reject_non_fqdn_recipient">reject_non_fqdn_recipient</a></b></dt>
|
|
|
|
<dd>Reject the request when the RCPT TO address is not in
|
|
fully-qualified domain form, as required by the RFC. <br> The
|
|
non_fqdn_reject_code parameter specifies the response code to
|
|
rejected requests (default: 504). </dd>
|
|
|
|
<dt><b><a name="reject_rhsbl_recipient">reject_rhsbl_recipient <i>rbl_domain=d.d.d.d</i></a></b></dt>
|
|
|
|
<dd>Reject the request when the RCPT TO domain is listed with the
|
|
A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version
|
|
2.1 and later only). If no "<i>=d.d.d.d</i>" is specified, reject
|
|
the request when the reversed client network address is listed with
|
|
any A record under <i>rbl_domain</i>. <br> The maps_rbl_reject_code
|
|
parameter specifies the response code for rejected requests (default:
|
|
554); the default_rbl_reply parameter specifies the default server
|
|
reply; and the rbl_reply_maps parameter specifies tables with server
|
|
replies indexed by <i>rbl_domain</i>. This feature is available
|
|
in Postfix version 2.0 and later.</dd>
|
|
|
|
<dt><b><a name="reject_unauth_destination">reject_unauth_destination</a></b></dt>
|
|
|
|
<dd>Reject the request unless one of the following is true:
|
|
|
|
<ul>
|
|
|
|
<li> Postfix is mail forwarder: the resolved RCPT TO address matches
|
|
$relay_domains or a subdomain thereof, and contains no sender-specified
|
|
routing (user@elsewhere@domain),
|
|
|
|
<li> Postfix is the final destination: the resolved RCPT TO address
|
|
matches $mydestination, $inet_interfaces, $proxy_interfaces,
|
|
$virtual_alias_domains, or $virtual_mailbox_domains, and contains
|
|
no sender-specified routing (user@elsewhere@domain).
|
|
|
|
</ul> The relay_domains_reject_code parameter specifies the response
|
|
code for rejected requests (default: 554). </dd>
|
|
|
|
<dt><b><a name="reject_unknown_recipient_domain">reject_unknown_recipient_domain</a></b></dt>
|
|
|
|
<dd>Reject the request when Postfix is not final destination for
|
|
the recipient address, and the RCPT TO address has no DNS A or MX
|
|
record, or when it has a malformed MX record such as a record with
|
|
a zero-length MX hostname (Postfix version 2.3 and later). <br> The
|
|
unknown_address_reject_code parameter specifies the response code
|
|
for rejected requests (default: 450). The response is always 450
|
|
in case of a temporary DNS error.</dd>
|
|
|
|
<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b> (with Postfix version 2.0: check_recipient_maps)</dt>
|
|
|
|
<dd> Reject the request when the RCPT TO address is not listed in
|
|
the list of valid recipients for its domain class. See the
|
|
smtpd_reject_unlisted_recipient parameter description for details.
|
|
This feature is available in Postfix 2.1 and later.</dd>
|
|
|
|
<dt><b><a name="reject_unverified_recipient">reject_unverified_recipient</a></b></dt>
|
|
|
|
<dd>Reject the request when mail to the RCPT TO address is known
|
|
to bounce, or when the recipient address destination is not reachable.
|
|
Address verification information is managed by the verify(8) server;
|
|
see the ADDRESS_VERIFICATION_README file for details. <br> The
|
|
unverified_recipient_reject_code parameter specifies the response
|
|
when an address is known to bounce (default: 450, change into 550
|
|
when you are confident that it is safe to do so). Postfix replies
|
|
with 450 when an address probe failed due to a temporary problem.
|
|
This feature is available in Postfix 2.1 and later. </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Other restrictions that are valid in this context:
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li><a href="#generic">Generic</a> restrictions that can be used
|
|
in any SMTP command context, described under smtpd_client_restrictions.
|
|
|
|
<li>SMTP command specific restrictions described under
|
|
smtpd_client_restrictions, smtpd_helo_restrictions and
|
|
smtpd_sender_restrictions.
|
|
|
|
</ul>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
|
|
</pre>
|
|
|
|
%CLASS sasl-auth SASL Authentication
|
|
|
|
<p>
|
|
Postfix SASL support (RFC 2554) can be used to authenticate remote
|
|
SMTP clients to the Postfix SMTP server, and to authenticate the
|
|
Postfix SMTP client to a remote SMTP server.
|
|
See the SASL_README document for details.
|
|
</p>
|
|
|
|
%PARAM smtpd_sasl_auth_enable no
|
|
|
|
<p>
|
|
Enable SASL authentication in the Postfix SMTP server. By default,
|
|
the Postfix SMTP server does not use authentication.
|
|
</p>
|
|
|
|
<p>
|
|
If a remote SMTP client is authenticated, the permit_sasl_authenticated
|
|
access restriction can be used to permit relay access, like this:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_recipient_restrictions =
|
|
permit_mynetworks, permit_sasl_authenticated, ...
|
|
</pre>
|
|
|
|
<p> To reject all SMTP connections from unauthenticated clients,
|
|
specify "smtpd_delay_reject = yes" (which is the default) and use:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_client_restrictions = permit_sasl_authenticated, reject
|
|
</pre>
|
|
|
|
<p>
|
|
See the SASL_README file for SASL configuration and operation details.
|
|
</p>
|
|
|
|
%PARAM smtpd_sasl_authenticated_header no
|
|
|
|
<p> Report the SASL authenticated user name in the smtpd(8) Received
|
|
message header. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtpd_sasl_exceptions_networks
|
|
|
|
<p>
|
|
What SMTP clients Postfix will not offer AUTH support to.
|
|
</p>
|
|
|
|
<p>
|
|
Some clients (Netscape 4 at least) have a bug that causes them to
|
|
require a login and password whenever AUTH is offered, whether it's
|
|
necessary or not. To work around this, specify, for example,
|
|
$mynetworks to prevent Postfix from offering AUTH to local clients.
|
|
</p>
|
|
|
|
<p>
|
|
Specify a list of network/netmask patterns, separated by commas
|
|
and/or whitespace. The mask specifies the number of bits in the
|
|
network part of a host address. You can also "/file/name" or
|
|
"type:table" patterns. A "/file/name" pattern is replaced by its
|
|
contents; a "type:table" lookup table is matched when a table entry
|
|
matches a lookup string (the lookup result is ignored). Continue
|
|
long lines by starting the next line with whitespace. </p>
|
|
|
|
<p> Note: IP version 6 address information must be specified inside
|
|
<tt>[]</tt> in the smtpd_sasl_exceptions_networks value, and in
|
|
files specified with "/file/name". IP version 6 addresses contain
|
|
the ":" character, and would otherwise be confused with a "type:table"
|
|
pattern. </p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_sasl_exceptions_networks = $mynetworks
|
|
</pre>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM smtpd_sasl_local_domain
|
|
|
|
<p>
|
|
The name of the local SASL authentication realm.
|
|
</p>
|
|
|
|
<p>
|
|
By default, the local authentication realm name is the null string.
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_sasl_local_domain = $mydomain
|
|
smtpd_sasl_local_domain = $myhostname
|
|
</pre>
|
|
|
|
%PARAM smtpd_sasl_security_options noanonymous
|
|
|
|
<p> SASL security options; as of Postfix 2.3 the list of available
|
|
features depends on the SASL server implementation that is selected
|
|
with <b>smtpd_sasl_type</b>. </p>
|
|
|
|
<p> The following security features are defined for the <b>cyrus</b>
|
|
server SASL implementation: </p>
|
|
|
|
<p>
|
|
Restrict what authentication mechanisms the Postfix SMTP server
|
|
will offer to the client. The list of available authentication
|
|
mechanisms is system dependent.
|
|
</p>
|
|
|
|
<p>
|
|
Specify zero or more of the following:
|
|
</p>
|
|
|
|
<dl>
|
|
|
|
<dt><b>noplaintext</b></dt>
|
|
|
|
<dd>Disallow methods that use plaintext passwords. </dd>
|
|
|
|
<dt><b>noactive</b></dt>
|
|
|
|
<dd>Disallow methods subject to active (non-dictionary) attack. </dd>
|
|
|
|
<dt><b>nodictionary</b></dt>
|
|
|
|
<dd>Disallow methods subject to passive (dictionary) attack. </dd>
|
|
|
|
<dt><b>noanonymous</b></dt>
|
|
|
|
<dd>Disallow methods that allow anonymous authentication. </dd>
|
|
|
|
<dt><b>mutual_auth</b></dt>
|
|
|
|
<dd>Only allow methods that provide mutual authentication (not available
|
|
with SASL version 1). </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
By default, the Postfix SMTP server accepts plaintext passwords but
|
|
not anonymous logins.
|
|
</p>
|
|
|
|
<p>
|
|
Warning: it appears that clients try authentication methods in the
|
|
order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5)
|
|
which means that if you disable plaintext passwords, clients will
|
|
log in anonymously, even when they should be able to use CRAM-MD5.
|
|
So, if you disable plaintext logins, disable anonymous logins too.
|
|
Postfix treats anonymous login as no authentication.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_sasl_security_options = noanonymous, noplaintext
|
|
</pre>
|
|
|
|
%PARAM smtpd_sender_login_maps
|
|
|
|
<p>
|
|
Optional lookup table with the SASL login names that own sender
|
|
(MAIL FROM) addresses.
|
|
</p>
|
|
|
|
<p>
|
|
Specify zero or more "type:table" lookup tables. With lookups from
|
|
indexed files such as DB or DBM, or from networked tables such as
|
|
NIS, LDAP or SQL, the following search operations are done with a
|
|
sender address of <i>user@domain</i>: </p>
|
|
|
|
<dl>
|
|
|
|
<dt> 1) <i>user@domain</i> </dt>
|
|
|
|
<dd>This table lookup is always done and has the highest precedence. </dd>
|
|
|
|
<dt> 2) <i>user</i> </dt>
|
|
|
|
<dd>This table lookup is done only when the <i>domain</i> part of the
|
|
sender address matches $myorigin, $mydestination, $inet_interfaces
|
|
or $proxy_interfaces. </dd>
|
|
|
|
<dt> 3) <i>@domain</i> </dt>
|
|
|
|
<dd>This table lookup is done last and has the lowest precedence. </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
In all cases the result of table lookup must be either "not found"
|
|
or a list of SASL login names separated by comma and/or whitespace.
|
|
</p>
|
|
|
|
%PARAM smtpd_sender_restrictions
|
|
|
|
<p>
|
|
Optional restrictions that the Postfix SMTP server applies in the
|
|
context of the MAIL FROM command.
|
|
</p>
|
|
|
|
<p>
|
|
The default is to permit everything.
|
|
</p>
|
|
|
|
<p>
|
|
Specify a list of restrictions, separated by commas and/or whitespace.
|
|
Continue long lines by starting the next line with whitespace.
|
|
Restrictions are applied in the order as specified; the first
|
|
restriction that matches wins.
|
|
</p>
|
|
|
|
<p>
|
|
The following restrictions are specific to the sender address
|
|
received with the MAIL FROM command.
|
|
</p>
|
|
|
|
<dl>
|
|
|
|
<dt><b><a name="check_sender_access">check_sender_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
|
|
|
|
<dd>Search the specified access(5) database for the MAIL FROM
|
|
address, domain, parent domains, or localpart@, and execute the
|
|
corresponding action. </dd>
|
|
|
|
<dt><b><a name="check_sender_mx_access">check_sender_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
|
|
|
|
<dd>Search the specified access(5) database for the MX hosts for
|
|
the MAIL FROM address, and execute the corresponding action. Note:
|
|
a result of "OK" is not allowed for safety reasons. Instead, use
|
|
DUNNO in order to exclude specific hosts from blacklists. This
|
|
feature is available in Postfix 2.1 and later. </dd>
|
|
|
|
<dt><b><a name="check_sender_ns_access">check_sender_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
|
|
|
|
<dd>Search the specified access(5) database for the DNS servers
|
|
for the MAIL FROM address, and execute the corresponding action.
|
|
Note: a result of "OK" is not allowed for safety reasons. Instead,
|
|
use DUNNO in order to exclude specific hosts from blacklists. This
|
|
feature is available in Postfix 2.1 and later. </dd>
|
|
|
|
<dt><b><a name="reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></b></dt>
|
|
|
|
<dd>Enforces the reject_sender_login_mismatch restriction for
|
|
authenticated clients only. This feature is available in
|
|
Postfix version 2.1 and later. </dd>
|
|
|
|
<dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt>
|
|
|
|
<dd>Reject the request when the MAIL FROM address is not in
|
|
fully-qualified domain form, as required by the RFC. <br> The
|
|
non_fqdn_reject_code parameter specifies the response code to
|
|
rejected requests (default: 504). </dd>
|
|
|
|
<dt><b><a name="reject_rhsbl_sender">reject_rhsbl_sender <i>rbl_domain=d.d.d.d</i></a></b></dt>
|
|
|
|
<dd>Reject the request when the MAIL FROM domain is listed with
|
|
the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix
|
|
version 2.1 and later only). If no "<i>=d.d.d.d</i>" is specified,
|
|
reject the request when the reversed client network address is
|
|
listed with any A record under <i>rbl_domain</i>. <br> The
|
|
maps_rbl_reject_code parameter specifies the response code for
|
|
rejected requests (default: 554); the default_rbl_reply parameter
|
|
specifies the default server reply; and the rbl_reply_maps parameter
|
|
specifies tables with server replies indexed by <i>rbl_domain</i>.
|
|
This feature is available in Postfix 2.0 and later.</dd>
|
|
|
|
<dt><b><a name="reject_sender_login_mismatch">reject_sender_login_mismatch</a></b></dt>
|
|
|
|
<dd>Reject the request when $smtpd_sender_login_maps specifies an
|
|
owner for the MAIL FROM address, but the client is not (SASL) logged
|
|
in as that MAIL FROM address owner; or when the client is (SASL)
|
|
logged in, but the client login name doesn't own the MAIL FROM
|
|
address according to $smtpd_sender_login_maps.</dd>
|
|
|
|
<dt><b><a name="reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></b></dt>
|
|
|
|
<dd>Enforces the reject_sender_login_mismatch restriction for
|
|
unauthenticated clients only. This feature is available in
|
|
Postfix version 2.1 and later. </dd>
|
|
|
|
<dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt>
|
|
|
|
<dd>Reject the request when Postfix is not final destination for
|
|
the sender address, and the MAIL FROM address has no DNS A or MX
|
|
record, or when it has a malformed MX record such as a record with
|
|
a zero-length MX hostname (Postfix version 2.3 and later). <br> The
|
|
unknown_address_reject_code parameter specifies the response code
|
|
for rejected requests (default: 450). The response is always 450
|
|
in case of a temporary DNS error. </dd>
|
|
|
|
<dt><b><a name="reject_unlisted_sender">reject_unlisted_sender</a></b></dt>
|
|
|
|
<dd>Reject the request when the MAIL FROM address is not listed in
|
|
the list of valid recipients for its domain class. See the
|
|
smtpd_reject_unlisted_sender parameter description for details.
|
|
This feature is available in Postfix 2.1 and later.</dd>
|
|
|
|
<dt><b><a name="reject_unverified_sender">reject_unverified_sender</a></b></dt>
|
|
|
|
<dd>Reject the request when mail to the MAIL FROM address is known to
|
|
bounce, or when the sender address destination is not reachable.
|
|
Address verification information is managed by the verify(8) server;
|
|
see the ADDRESS_VERIFICATION_README file for details. <br> The
|
|
unverified_sender_reject_code parameter specifies the response when
|
|
an address is known to bounce (default: 450, change into 550 when
|
|
you are confident that it is safe to do so). Postfix replies with
|
|
450 when an address probe failed due to a temporary problem. This
|
|
feature is available in Postfix 2.1 and later. </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Other restrictions that are valid in this context:
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li> <a href="#generic">Generic</a> restrictions that can be used
|
|
in any SMTP command context, described under smtpd_client_restrictions.
|
|
|
|
<li> SMTP command specific restrictions described under
|
|
smtpd_client_restrictions and smtpd_helo_restrictions.
|
|
|
|
<li> SMTP command specific restrictions described under
|
|
smtpd_recipient_restrictions. When recipient restrictions are listed
|
|
under smtpd_sender_restrictions, they have effect only with
|
|
"smtpd_delay_reject = yes", so that $smtpd_sender_restrictions is
|
|
evaluated at the time of the RCPT TO command.
|
|
|
|
</ul>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_sender_restrictions = reject_unknown_sender_domain
|
|
smtpd_sender_restrictions = reject_unknown_sender_domain,
|
|
check_sender_access hash:/etc/postfix/access
|
|
</pre>
|
|
|
|
%PARAM smtpd_timeout 300s
|
|
|
|
<p>
|
|
The time limit for sending a Postfix SMTP server response and for
|
|
receiving a remote SMTP client request.
|
|
</p>
|
|
|
|
<p>
|
|
Note: if you set SMTP time limits to very large values you may have
|
|
to update the global ipc_timeout parameter.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM soft_bounce no
|
|
|
|
<p>
|
|
Safety net to keep mail queued that would otherwise be returned to
|
|
the sender. This parameter disables locally-generated bounces,
|
|
and prevents the Postfix SMTP server from rejecting mail permanently,
|
|
by changing 5xx reply codes into 4xx. However, soft_bounce is no
|
|
cure for address rewriting mistakes or mail routing mistakes.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
soft_bounce = yes
|
|
</pre>
|
|
|
|
%PARAM stale_lock_time 500s
|
|
|
|
<p>
|
|
The time after which a stale exclusive mailbox lockfile is removed.
|
|
This is used for delivery to file or mailbox.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM strict_rfc821_envelopes no
|
|
|
|
<p>
|
|
Require that addresses received in SMTP MAIL FROM and RCPT TO
|
|
commands are enclosed with <>, and that those addresses do
|
|
not contain RFC 822 style comments or phrases. This stops mail
|
|
from poorly written software.
|
|
</p>
|
|
|
|
<p>
|
|
By default, the Postfix SMTP server accepts RFC 822 syntax in MAIL
|
|
FROM and RCPT TO addresses.
|
|
</p>
|
|
|
|
%PARAM swap_bangpath yes
|
|
|
|
<p>
|
|
Enable the rewriting of "site!user" into "user@site". This is
|
|
necessary if your machine is connected to UUCP networks. It is
|
|
enabled by default.
|
|
</p>
|
|
|
|
<p> Note: with Postfix version 2.2, message header address rewriting
|
|
happens only when one of the following conditions is true: </p>
|
|
|
|
<ul>
|
|
|
|
<li> The message is received with the Postfix sendmail(1) command,
|
|
|
|
<li> The message is received from a network client that matches
|
|
$local_header_rewrite_clients,
|
|
|
|
<li> The message is received from the network, and the
|
|
remote_header_rewrite_domain parameter specifies a non-empty value.
|
|
|
|
</ul>
|
|
|
|
<p> To get the behavior before Postfix version 2.2, specify
|
|
"local_header_rewrite_clients = static:all". </p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
swap_bangpath = no
|
|
</pre>
|
|
|
|
%PARAM syslog_facility mail
|
|
|
|
<p>
|
|
The syslog facility of Postfix logging. Specify a facility as
|
|
defined in syslog.conf(5). The default facility is "mail".
|
|
</p>
|
|
|
|
<p>
|
|
Warning: a non-default syslog_facility setting takes effect only
|
|
after a Postfix process has completed initialization. Errors during
|
|
process initialization will be logged with the default facility.
|
|
Examples are errors while parsing the command line arguments, and
|
|
errors while accessing the Postfix main.cf configuration file.
|
|
</p>
|
|
|
|
%PARAM syslog_name postfix
|
|
|
|
<p>
|
|
The mail system name that is prepended to the process name in syslog
|
|
records, so that "smtpd" becomes, for example, "postfix/smtpd".
|
|
</p>
|
|
|
|
<p>
|
|
Warning: a non-default syslog_name setting takes effect only after
|
|
a Postfix process has completed initialization. Errors during
|
|
process initialization will be logged with the default name. Examples
|
|
are errors while parsing the command line arguments, and errors
|
|
while accessing the Postfix main.cf configuration file.
|
|
</p>
|
|
|
|
%PARAM transport_maps
|
|
|
|
<p>
|
|
Optional lookup tables with mappings from recipient address to
|
|
(message delivery transport, next-hop destination). See transport(5)
|
|
for details.
|
|
</p>
|
|
|
|
<p>
|
|
Specify zero or more "type:table" lookup tables. If you use this
|
|
feature with local files, run "<b>postmap /etc/postfix/transport</b>"
|
|
after making a change. </p>
|
|
|
|
<p> For safety reasons, as of Postfix 2.3 this feature does not
|
|
allow $number substitutions in regular expression maps. </p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
transport_maps = dbm:/etc/postfix/transport
|
|
transport_maps = hash:/etc/postfix/transport
|
|
</pre>
|
|
|
|
%PARAM transport_retry_time 60s
|
|
|
|
<p>
|
|
The time between attempts by the Postfix queue manager to contact
|
|
a malfunctioning message delivery transport.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM trigger_timeout 10s
|
|
|
|
<p>
|
|
The time limit for sending a trigger to a Postfix daemon (for
|
|
example, the pickup(8) or qmgr(8) daemon). This time limit prevents
|
|
programs from getting stuck when the mail system is under heavy
|
|
load.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM unknown_address_reject_code 450
|
|
|
|
<p>
|
|
The numerical Postfix SMTP server response code when a sender or
|
|
recipient address is rejected by the reject_unknown_sender_domain
|
|
or reject_unknown_recipient_domain restriction.
|
|
</p>
|
|
|
|
<p>
|
|
Do not change this unless you have a complete understanding of RFC 821.
|
|
</p>
|
|
|
|
%PARAM unknown_client_reject_code 450
|
|
|
|
<p>
|
|
The numerical Postfix SMTP server response code when a client
|
|
without valid address <=> name mapping is rejected by the
|
|
reject_unknown_client_hostname restriction. The SMTP server always replies
|
|
with 450 when the mapping failed due to a temporary error condition.
|
|
</p>
|
|
|
|
<p>
|
|
Do not change this unless you have a complete understanding of RFC 821.
|
|
</p>
|
|
|
|
%PARAM unknown_hostname_reject_code 450
|
|
|
|
<p>
|
|
The numerical Postfix SMTP server response code when the hostname
|
|
specified with the HELO or EHLO command is rejected by the
|
|
reject_unknown_helo_hostname restriction.
|
|
</p>
|
|
|
|
<p>
|
|
Do not change this unless you have a complete understanding of RFC 821.
|
|
</p>
|
|
|
|
%PARAM unknown_local_recipient_reject_code 550
|
|
|
|
<p>
|
|
The numerical Postfix SMTP server response code when a recipient
|
|
address is local, and $local_recipient_maps specifies a list of
|
|
lookup tables that does not match the recipient. A recipient
|
|
address is local when its domain matches $mydestination,
|
|
$proxy_interfaces or $inet_interfaces.
|
|
</p>
|
|
|
|
<p>
|
|
The default setting is 550 (reject mail) but it is safer to initially
|
|
use 450 (try again later) so you have time to find out if your
|
|
local_recipient_maps settings are OK.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
unknown_local_recipient_reject_code = 450
|
|
</pre>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM unverified_recipient_reject_code 450
|
|
|
|
<p>
|
|
The numerical Postfix SMTP server response when a recipient address
|
|
is rejected by the reject_unverified_recipient restriction.
|
|
</p>
|
|
|
|
<p>
|
|
Unlike elsewhere in Postfix, you can specify 250 in order to
|
|
accept the address anyway.
|
|
</p>
|
|
|
|
<p>
|
|
Do not change this unless you have a complete understanding of RFC 821.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM unverified_sender_reject_code 450
|
|
|
|
<p>
|
|
The numerical Postfix SMTP server response code when a recipient
|
|
address is rejected by the reject_unverified_sender restriction.
|
|
</p>
|
|
|
|
<p>
|
|
Unlike elsewhere in Postfix, you can specify 250 in order to
|
|
accept the address anyway.
|
|
</p>
|
|
|
|
<p>
|
|
Do not change this unless you have a complete understanding of RFC 821.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM virtual_alias_domains $virtual_alias_maps
|
|
|
|
<p> Postfix is final destination for the specified list of virtual
|
|
alias domains, that is, domains for which all addresses are aliased
|
|
to addresses in other local or remote domains. The SMTP server
|
|
validates recipient addresses with $virtual_alias_maps and rejects
|
|
non-existent recipients. See also the virtual alias domain class
|
|
in the ADDRESS_CLASS_README file </p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later. The default
|
|
value is backwards compatible with Postfix version 1.1.
|
|
</p>
|
|
|
|
<p>
|
|
The default value is $virtual_alias_maps so that you can keep all
|
|
information about virtual alias domains in one place. If you have
|
|
many users, it is better to separate information that changes more
|
|
frequently (virtual address -> local or remote address mapping)
|
|
from information that changes less frequently (the list of virtual
|
|
domain names).
|
|
</p>
|
|
|
|
<p> Specify a list of host or domain names, "/file/name" or
|
|
"type:table" patterns, separated by commas and/or whitespace. A
|
|
"/file/name" pattern is replaced by its contents; a "type:table"
|
|
lookup table is matched when a table entry matches a lookup string
|
|
(the lookup result is ignored). Continue long lines by starting
|
|
the next line with whitespace. </p>
|
|
|
|
<p>
|
|
See also the VIRTUAL_README and ADDRESS_CLASS_README documents
|
|
for further information.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
virtual_alias_domains = virtual1.tld virtual2.tld
|
|
</pre>
|
|
|
|
%PARAM virtual_alias_expansion_limit 1000
|
|
|
|
<p>
|
|
The maximal number of addresses that virtual alias expansion produces
|
|
from each original recipient.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM virtual_alias_maps $virtual_maps
|
|
|
|
<p>
|
|
Optional lookup tables that alias specific mail addresses or domains
|
|
to other local or remote address. The table format and lookups
|
|
are documented in virtual(5). For an overview of Postfix address
|
|
manipulations see the ADDRESS_REWRITING_README document.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later. The default
|
|
value is backwards compatible with Postfix version 1.1.
|
|
</p>
|
|
|
|
<p>
|
|
If you use this feature with indexed files, run "<b>postmap
|
|
/etc/postfix/virtual</b>" after changing the file.
|
|
</p>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
virtual_alias_maps = dbm:/etc/postfix/virtual
|
|
virtual_alias_maps = hash:/etc/postfix/virtual
|
|
</pre>
|
|
|
|
%PARAM virtual_alias_recursion_limit 1000
|
|
|
|
<p>
|
|
The maximal nesting depth of virtual alias expansion. Currently
|
|
the recursion limit is applied only to the left branch of the
|
|
expansion graph, so the depth of the tree can in the worst case
|
|
reach the sum of the expansion and recursion limits. This may
|
|
change in the future.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%CLASS trouble-shooting Trouble shooting
|
|
|
|
<p>
|
|
The DEBUG_README document describes how to debug parts of the
|
|
Postfix mail system. The methods vary from making the software log
|
|
a lot of detail, to running some daemon processes under control of
|
|
a call tracer or debugger.
|
|
</p>
|
|
|
|
%PARAM debugger_command
|
|
|
|
<p>
|
|
The external command to execute when a Postfix daemon program is
|
|
invoked with the -D option.
|
|
</p>
|
|
|
|
<p>
|
|
Use "command .. & sleep 5" so that the debugger can attach before
|
|
the process marches on. If you use an X-based debugger, be sure to
|
|
set up your XAUTHORITY environment variable before starting Postfix.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
debugger_command =
|
|
PATH=/usr/bin:/usr/X11R6/bin
|
|
xxgdb $daemon_directory/$process_name $process_id & sleep 5
|
|
</pre>
|
|
|
|
%PARAM 2bounce_notice_recipient postmaster
|
|
|
|
<p> The recipient of undeliverable mail that cannot be returned to
|
|
the sender. This feature is enabled with the notify_classes
|
|
parameter. </p>
|
|
|
|
%PARAM address_verify_service_name verify
|
|
|
|
<p>
|
|
The name of the verify(8) address verification service. This service
|
|
maintains the status of sender and/or recipient address verification
|
|
probes, and generates probes on request by other Postfix processes.
|
|
</p>
|
|
|
|
%PARAM alternate_config_directories
|
|
|
|
<p>
|
|
A list of non-default Postfix configuration directories that may
|
|
be specified with "-c config_directory" on the command line, or
|
|
via the MAIL_CONFIG environment parameter.
|
|
</p>
|
|
|
|
<p>
|
|
This list must be specified in the default Postfix configuration
|
|
directory, and is used by set-gid Postfix commands such as postqueue(1)
|
|
and postdrop(1).
|
|
</p>
|
|
|
|
%PARAM append_at_myorigin yes
|
|
|
|
<p>
|
|
With locally submitted mail, append the string "@$myorigin" to mail
|
|
addresses without domain information. With remotely submitted mail,
|
|
append the string "@$remote_header_rewrite_domain" instead.
|
|
</p>
|
|
|
|
<p>
|
|
Note 1: this feature is enabled by default and must not be turned off.
|
|
Postfix does not support domain-less addresses.
|
|
</p>
|
|
|
|
<p> Note 2: with Postfix version 2.2, message header address rewriting
|
|
happens only when one of the following conditions is true: </p>
|
|
|
|
<ul>
|
|
|
|
<li> The message is received with the Postfix sendmail(1) command,
|
|
|
|
<li> The message is received from a network client that matches
|
|
$local_header_rewrite_clients,
|
|
|
|
<li> The message is received from the network, and the
|
|
remote_header_rewrite_domain parameter specifies a non-empty value.
|
|
|
|
</ul>
|
|
|
|
<p> To get the behavior before Postfix version 2.2, specify
|
|
"local_header_rewrite_clients = static:all". </p>
|
|
|
|
%PARAM append_dot_mydomain yes
|
|
|
|
<p>
|
|
With locally submitted mail, append the string ".$mydomain" to
|
|
addresses that have no ".domain" information. With remotely submitted
|
|
mail, append the string ".$remote_header_rewrite_domain"
|
|
instead.
|
|
</p>
|
|
|
|
<p>
|
|
Note 1: this feature is enabled by default. If disabled, users will not be
|
|
able to send mail to "user@partialdomainname" but will have to
|
|
specify full domain names instead.
|
|
</p>
|
|
|
|
<p> Note 2: with Postfix version 2.2, message header address rewriting
|
|
happens only when one of the following conditions is true: </p>
|
|
|
|
<ul>
|
|
|
|
<li> The message is received with the Postfix sendmail(1) command,
|
|
|
|
<li> The message is received from a network client that matches
|
|
$local_header_rewrite_clients,
|
|
|
|
<li> The message is received from the network, and the
|
|
remote_header_rewrite_domain parameter specifies a non-empty value.
|
|
|
|
</ul>
|
|
|
|
<p> To get the behavior before Postfix version 2.2, specify
|
|
"local_header_rewrite_clients = static:all". </p>
|
|
|
|
%PARAM application_event_drain_time 100s
|
|
|
|
<p>
|
|
How long the postkick(1) command waits for a request to enter the
|
|
server's input buffer before giving up.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM authorized_flush_users static:anyone
|
|
|
|
<p>
|
|
List of users who are authorized to flush the queue.
|
|
</p>
|
|
|
|
<p>
|
|
By default, all users are allowed to flush the queue. Access is
|
|
always granted if the invoking user is the super-user or the
|
|
$mail_owner user. Otherwise, the real UID of the process is looked
|
|
up in the system password file, and access is granted only if the
|
|
corresponding login name is on the access list. The username
|
|
"unknown" is used for processes whose real UID is not found in the
|
|
password file. </p>
|
|
|
|
<p>
|
|
Specify a list of user names, "/file/name" or "type:table" patterns,
|
|
separated by commas and/or whitespace. The list is matched left to
|
|
right, and the search stops on the first match. Specify "!name" to
|
|
exclude a name from the list. A "/file/name" pattern is replaced
|
|
by its contents; a "type:table" lookup table is matched when a name
|
|
matches a lookup key (the lookup result is ignored). Continue long
|
|
lines by starting the next line with whitespace. </p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.2 and later.
|
|
</p>
|
|
|
|
%PARAM authorized_mailq_users static:anyone
|
|
|
|
<p>
|
|
List of users who are authorized to view the queue.
|
|
</p>
|
|
|
|
<p>
|
|
By default, all users are allowed to view the queue. Access is
|
|
always granted if the invoking user is the super-user or the
|
|
$mail_owner user. Otherwise, the real UID of the process is looked
|
|
up in the system password file, and access is granted only if the
|
|
corresponding login name is on the access list. The username
|
|
"unknown" is used for processes whose real UID is not found in the
|
|
password file. </p>
|
|
|
|
<p>
|
|
Specify a list of user names, "/file/name" or "type:table" patterns,
|
|
separated by commas and/or whitespace. The list is matched left to
|
|
right, and the search stops on the first match. Specify "!name" to
|
|
exclude a name from the list. A "/file/name" pattern is replaced
|
|
by its contents; a "type:table" lookup table is matched when a name
|
|
matches a lookup key (the lookup result is ignored). Continue long
|
|
lines by starting the next line with whitespace. </p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.2 and later.
|
|
</p>
|
|
|
|
%PARAM authorized_submit_users static:anyone
|
|
|
|
<p>
|
|
List of users who are authorized to submit mail with the sendmail(1)
|
|
command (and with the privileged postdrop(1) helper command).
|
|
</p>
|
|
|
|
<p>
|
|
By default, all users are allowed to submit mail. Otherwise, the
|
|
real UID of the process is looked up in the system password file,
|
|
and access is granted only if the corresponding login name is on
|
|
the access list. The username "unknown" is used for processes
|
|
whose real UID is not found in the password file. To deny mail
|
|
submission access to all users specify an empty list. </p>
|
|
|
|
<p>
|
|
Specify a list of user names, "/file/name" or "type:table" patterns,
|
|
separated by commas and/or whitespace. The list is matched left to right,
|
|
and the search stops on the first match. Specify "!name" to exclude a
|
|
name from the list. A "/file/name" pattern is replaced by its contents;
|
|
a "type:table" lookup table is matched when a name matches a lookup key
|
|
(the lookup result is ignored). Continue long lines by starting the
|
|
next line with whitespace. </p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
authorized_submit_users = !www, static:all
|
|
</pre>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.2 and later.
|
|
</p>
|
|
|
|
%PARAM backwards_bounce_logfile_compatibility yes
|
|
|
|
<p>
|
|
Produce additional bounce(8) logfile records that can be read by
|
|
Postfix versions before 2.0. The current and more extensible "name =
|
|
value" format is needed in order to implement more sophisticated
|
|
functionality.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM bounce_notice_recipient postmaster
|
|
|
|
<p>
|
|
The recipient of postmaster notifications with the message headers
|
|
of mail that Postfix did not deliver and of SMTP conversation
|
|
transcripts of mail that Postfix did not receive. This feature is
|
|
enabled with the notify_classes parameter. </p>
|
|
|
|
%PARAM bounce_service_name bounce
|
|
|
|
<p>
|
|
The name of the bounce(8) service. This service maintains a record
|
|
of failed delivery attempts and generates non-delivery notifications.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM broken_sasl_auth_clients no
|
|
|
|
<p>
|
|
Enable inter-operability with SMTP clients that implement an obsolete
|
|
version of the AUTH command (RFC 2554). Examples of such clients
|
|
are MicroSoft Outlook Express version 4 and MicroSoft Exchange
|
|
version 5.0.
|
|
</p>
|
|
|
|
<p>
|
|
Specify "broken_sasl_auth_clients = yes" to have Postfix advertise
|
|
AUTH support in a non-standard way.
|
|
</p>
|
|
|
|
%PARAM cleanup_service_name cleanup
|
|
|
|
<p>
|
|
The name of the cleanup(8) service. This service rewrites addresses
|
|
into the standard form, and performs canonical(5) address mapping
|
|
and virtual(5) aliasing.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM anvil_status_update_time 600s
|
|
|
|
<p>
|
|
How frequently the anvil(8) connection and rate limiting server
|
|
logs peak usage information.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.2 and later.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM enable_errors_to no
|
|
|
|
<p> Report mail delivery errors to the address specified with the
|
|
non-standard Errors-To: message header, instead of the envelope
|
|
sender address (this feature is removed with Postfix version 2.2, is
|
|
turned off by default with Postfix version 2.1, and is always turned on
|
|
with older Postfix versions). </p>
|
|
|
|
%PARAM extract_recipient_limit 10240
|
|
|
|
<p>
|
|
The maximal number of recipient addresses that Postfix will extract
|
|
from message headers when mail is submitted with "<b>sendmail -t</b>".
|
|
</p>
|
|
|
|
<p>
|
|
This feature was removed in Postfix version 2.1.
|
|
</p>
|
|
|
|
%PARAM anvil_rate_time_unit 60s
|
|
|
|
<p>
|
|
The time unit over which client connection rates and other rates
|
|
are calculated.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is implemented by the anvil(8) service which is not
|
|
part of the stable Postfix version 2.1 release.
|
|
</p>
|
|
|
|
<p>
|
|
The default interval is relatively short. Because of the high
|
|
frequency of updates, the anvil(8) server uses volatile memory
|
|
only. Thus, information is lost whenever the process terminates.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM command_expansion_filter see "postconf -d" output
|
|
|
|
<p>
|
|
Restrict the characters that the local(8) delivery agent allows in
|
|
$name expansions of $mailbox_command. Characters outside the
|
|
allowed set are replaced by underscores.
|
|
</p>
|
|
|
|
%PARAM content_filter
|
|
|
|
<p>
|
|
The name of a mail delivery transport that filters mail after
|
|
it is queued.
|
|
</p>
|
|
|
|
<p>
|
|
This parameter uses the same syntax as the right-hand side of a
|
|
Postfix transport(5) table. This setting has a lower precedence
|
|
than a content filter that is specified with an access(5) table or
|
|
in a header_checks(5) or body_checks(5) table.
|
|
</p>
|
|
|
|
%PARAM default_delivery_slot_discount 50
|
|
|
|
<p>
|
|
The default value for transport-specific _delivery_slot_discount
|
|
settings.
|
|
</p>
|
|
|
|
<p>
|
|
This parameter speeds up the moment when a message preemption can
|
|
happen. Instead of waiting until the full amount of delivery slots
|
|
required is available, the preemption can happen when
|
|
transport_delivery_slot_discount percent of the required amount
|
|
plus transport_delivery_slot_loan still remains to be accumulated.
|
|
Note that the full amount will still have to be accumulated before
|
|
another preemption can take place later.
|
|
</p>
|
|
|
|
%PARAM default_delivery_slot_loan 3
|
|
|
|
<p>
|
|
The default value for transport-specific _delivery_slot_loan
|
|
settings.
|
|
</p>
|
|
|
|
<p>
|
|
This parameter speeds up the moment when a message preemption can
|
|
happen. Instead of waiting until the full amount of delivery slots
|
|
required is available, the preemption can happen when
|
|
transport_delivery_slot_discount percent of the required amount
|
|
plus transport_delivery_slot_loan still remains to be accumulated.
|
|
Note that the full amount will still have to be accumulated before
|
|
another preemption can take place later.
|
|
</p>
|
|
|
|
%CLASS verp VERP Support
|
|
|
|
<p>
|
|
With VERP style delivery, each recipient of a message receives a
|
|
customized copy of the message with his/her own recipient address
|
|
encoded in the envelope sender address. The VERP_README file
|
|
describes configuration and operation details of Postfix support
|
|
for variable envelope return path addresses. VERP style delivery
|
|
is requested with the SMTP XVERP command or with the "<b>sendmail
|
|
-V</b>" command-line option and is available in Postfix
|
|
1.1 and later.
|
|
</p>
|
|
|
|
%PARAM default_verp_delimiters +=
|
|
|
|
<p> The two default VERP delimiter characters. These are used when
|
|
no explicit delimiters are specified with the SMTP XVERP command
|
|
or with the "<b>sendmail -V</b>" command-line option. Specify
|
|
characters that are allowed by the verp_delimiter_filter setting.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 1.1 and later.
|
|
</p>
|
|
|
|
%PARAM defer_service_name defer
|
|
|
|
<p>
|
|
The name of the defer service. This service is implemented by the
|
|
bounce(8) daemon and maintains a record
|
|
of failed delivery attempts and generates non-delivery notifications.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM delay_notice_recipient postmaster
|
|
|
|
<p>
|
|
The recipient of postmaster notifications with the message headers
|
|
of mail that cannot be delivered within $delay_warning_time time
|
|
units. </p>
|
|
|
|
<p>
|
|
This feature is enabled with the delay_warning_time parameter.
|
|
</p>
|
|
|
|
%PARAM delay_warning_time 0h
|
|
|
|
<p>
|
|
The time after which the sender receives the message headers of
|
|
mail that is still queued.
|
|
</p>
|
|
|
|
<p>
|
|
To enable this feature, specify a non-zero time value (an integral
|
|
value plus an optional one-letter suffix that specifies the time
|
|
unit).
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is h (hours).
|
|
</p>
|
|
|
|
%PARAM disable_dns_lookups no
|
|
|
|
<p>
|
|
Disable DNS lookups in the Postfix SMTP and LMTP clients. When
|
|
disabled, hosts are looked up with the gethostbyname() system
|
|
library routine which normally also looks in /etc/hosts.
|
|
</p>
|
|
|
|
<p>
|
|
DNS lookups are enabled by default.
|
|
</p>
|
|
|
|
%CLASS mime MIME Processing
|
|
|
|
<p>
|
|
MIME processing is available in Postfix as of version 2.0. Older
|
|
Postfix versions do not recognize MIME headers inside the message
|
|
body.
|
|
</p>
|
|
|
|
%PARAM disable_mime_input_processing no
|
|
|
|
<p>
|
|
Turn off MIME processing while receiving mail. This means that no
|
|
special treatment is given to Content-Type: message headers, and
|
|
that all text after the initial message headers is considered to
|
|
be part of the message body.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
<p>
|
|
Mime input processing is enabled by default, and is needed in order
|
|
to recognize MIME headers in message content.
|
|
</p>
|
|
|
|
%PARAM disable_mime_output_conversion no
|
|
|
|
<p>
|
|
Disable the conversion of 8BITMIME format to 7BIT format. Mime
|
|
output conversion is needed when the destination does not advertise
|
|
8BITMIME support.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM disable_verp_bounces no
|
|
|
|
<p>
|
|
Disable sending one bounce report per recipient.
|
|
</p>
|
|
|
|
<p>
|
|
The default, one per recipient, is what ezmlm needs.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 1.1 and later.
|
|
</p>
|
|
|
|
%PARAM dont_remove 0
|
|
|
|
<p>
|
|
Don't remove queue files and save them to the "saved" mail queue.
|
|
This is a debugging aid. To inspect the envelope information and
|
|
content of a Postfix queue file, use the postcat(1) command.
|
|
</p>
|
|
|
|
%PARAM empty_address_recipient MAILER-DAEMON
|
|
|
|
<p>
|
|
The recipient of mail addressed to the null address. Postfix does
|
|
not accept such addresses in SMTP commands, but they may still be
|
|
created locally as the result of configuration or software error.
|
|
</p>
|
|
|
|
%PARAM error_notice_recipient postmaster
|
|
|
|
<p> The recipient of postmaster notifications about mail delivery
|
|
problems that are caused by policy, resource, software or protocol
|
|
errors. These notifications are enabled with the notify_classes
|
|
parameter. </p>
|
|
|
|
%PARAM error_service_name error
|
|
|
|
<p>
|
|
The name of the error(8) pseudo delivery agent. This service always
|
|
returns mail as undeliverable.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM expand_owner_alias no
|
|
|
|
<p>
|
|
When delivering to an alias "aliasname" that has an "owner-aliasname"
|
|
companion alias, set the envelope sender address to the expansion
|
|
of the "owner-aliasname" alias. Normally, Postfix sets the envelope
|
|
sender address to the name of the "owner-aliasname" alias.
|
|
</p>
|
|
|
|
%PARAM fallback_transport
|
|
|
|
<p>
|
|
Optional message delivery transport that the local(8) delivery
|
|
agent should use for names that are not found in the aliases(5)
|
|
or UNIX password database.
|
|
</p>
|
|
|
|
<p> The precedence of local(8) delivery features from high to low
|
|
is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
|
|
mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
|
|
fallback_transport_maps, fallback_transport and luser_relay. </p>
|
|
|
|
%PARAM fault_injection_code 0
|
|
|
|
<p>
|
|
Force specific internal tests to fail, to test the handling of
|
|
errors that are difficult to reproduce otherwise.
|
|
</p>
|
|
|
|
%PARAM flush_service_name flush
|
|
|
|
<p>
|
|
The name of the flush(8) service. This service maintains per-destination
|
|
logfiles with the queue file names of mail that is queued for those
|
|
destinations.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM forward_expansion_filter see "postconf -d" output
|
|
|
|
<p>
|
|
Restrict the characters that the local(8) delivery agent allows in
|
|
$name expansions of $forward_path. Characters outside the
|
|
allowed set are replaced by underscores.
|
|
</p>
|
|
|
|
%PARAM header_address_token_limit 10240
|
|
|
|
<p>
|
|
The maximal number of address tokens are allowed in an address
|
|
message header. Information that exceeds the limit is discarded.
|
|
The limit is enforced by the cleanup(8) server.
|
|
</p>
|
|
|
|
%PARAM helpful_warnings yes
|
|
|
|
<p>
|
|
Log warnings about problematic configuration settings, and provide
|
|
helpful suggestions.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM lmtp_cache_connection yes
|
|
|
|
<p>
|
|
Keep Postfix LMTP client connections open for up to $max_idle
|
|
seconds. When the LMTP client receives a request for the same
|
|
connection the connection is reused.
|
|
</p>
|
|
|
|
<p>
|
|
The effectiveness of cached connections will be determined by the
|
|
number of LMTP servers in use, and the concurrency limit specified
|
|
for the LMTP client. Cached connections are closed under any of
|
|
the following conditions:
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li> The LMTP client idle time limit is reached. This limit is
|
|
specified with the Postfix max_idle configuration parameter.
|
|
|
|
<li> A delivery request specifies a different destination than the
|
|
one currently cached.
|
|
|
|
<li> The per-process limit on the number of delivery requests is
|
|
reached. This limit is specified with the Postfix max_use
|
|
configuration parameter.
|
|
|
|
<li> Upon the onset of another delivery request, the LMTP server
|
|
associated with the current session does not respond to the RSET
|
|
command.
|
|
|
|
</ul>
|
|
|
|
<p>
|
|
Most of these limitations will be removed after Postfix implements
|
|
a connection cache that is shared among multiple LMTP client
|
|
programs.
|
|
</p>
|
|
|
|
%PARAM lmtp_sasl_auth_enable no
|
|
|
|
<p>
|
|
Enable SASL authentication in the Postfix LMTP client.
|
|
</p>
|
|
|
|
%PARAM lmtp_sasl_password_maps
|
|
|
|
<p>
|
|
Optional LMTP client lookup tables with one username:password entry
|
|
per host or domain. If a remote host or domain has no username:password
|
|
entry, then the Postfix LMTP client will not attempt to authenticate
|
|
to the remote host.
|
|
</p>
|
|
|
|
%PARAM lmtp_sasl_security_options noplaintext, noanonymous
|
|
|
|
<p> SASL security options; as of Postfix 2.3 the list of available
|
|
features depends on the SASL client implementation that is selected
|
|
with <b>lmtp_sasl_type</b>. </p>
|
|
|
|
<p> The following security features are defined for the <b>cyrus</b>
|
|
client SASL implementation: </p>
|
|
|
|
<dl>
|
|
|
|
<dt><b>noplaintext</b></dt>
|
|
|
|
<dd>Disallow authentication methods that use plaintext passwords. </dd>
|
|
|
|
<dt><b>noactive</b></dt>
|
|
|
|
<dd>Disallow authentication methods that are vulnerable to non-dictionary
|
|
active attacks. </dd>
|
|
|
|
<dt><b>nodictionary</b></dt>
|
|
|
|
<dd>Disallow authentication methods that are vulnerable to passive
|
|
dictionary attack. </dd>
|
|
|
|
<dt><b>noanonymous</b></dt>
|
|
|
|
<dd>Disallow anonymous logins. </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
lmtp_sasl_security_options = noplaintext
|
|
</pre>
|
|
|
|
%PARAM lmtp_tcp_port 24
|
|
|
|
<p>
|
|
The default TCP port that the Postfix LMTP client connects to.
|
|
</p>
|
|
|
|
%PARAM mail_release_date see "postconf -d" output
|
|
|
|
<p>
|
|
The Postfix release date, in "YYYYMMDD" format.
|
|
</p>
|
|
|
|
%PARAM mailbox_command_maps
|
|
|
|
<p>
|
|
Optional lookup tables with per-recipient external commands to use
|
|
for local(8) mailbox delivery. Behavior is as with mailbox_command.
|
|
</p>
|
|
|
|
<p> The precedence of local(8) delivery features from high to low
|
|
is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
|
|
mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
|
|
fallback_transport_maps, fallback_transport and luser_relay. </p>
|
|
|
|
%PARAM mailbox_delivery_lock see "postconf -d" output
|
|
|
|
<p>
|
|
How to lock a UNIX-style local(8) mailbox before attempting delivery.
|
|
For a list of available file locking methods, use the "<b>postconf
|
|
-l</b>" command.
|
|
</p>
|
|
|
|
<p>
|
|
This setting is ignored with <b>maildir</b> style delivery,
|
|
because such deliveries are safe without explicit locks.
|
|
</p>
|
|
|
|
<p>
|
|
Note: The <b>dotlock</b> method requires that the recipient UID or
|
|
GID has write access to the parent directory of the mailbox file.
|
|
</p>
|
|
|
|
<p>
|
|
Note: the default setting of this parameter is system dependent.
|
|
</p>
|
|
|
|
%PARAM mailbox_transport
|
|
|
|
<p>
|
|
Optional message delivery transport that the local(8) delivery
|
|
agent should use for mailbox delivery to all local recipients,
|
|
whether or not they are found in the UNIX passwd database.
|
|
</p>
|
|
|
|
<p> The precedence of local(8) delivery features from high to low
|
|
is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
|
|
mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
|
|
fallback_transport_maps, fallback_transport and luser_relay. </p>
|
|
|
|
%PARAM mailq_path see "postconf -d" output
|
|
|
|
<p>
|
|
Sendmail compatibility feature that specifies where the Postfix
|
|
mailq(1) command is installed. This command can be used to
|
|
list the Postfix mail queue.
|
|
</p>
|
|
|
|
%PARAM manpage_directory see "postconf -d" output
|
|
|
|
<p>
|
|
Where the Postfix manual pages are installed.
|
|
</p>
|
|
|
|
%PARAM maps_rbl_domains
|
|
|
|
<p>
|
|
Obsolete feature: use the reject_rbl_client feature instead.
|
|
</p>
|
|
|
|
%PARAM mime_boundary_length_limit 2048
|
|
|
|
<p>
|
|
The maximal length of MIME multipart boundary strings. The MIME
|
|
processor is unable to distinguish between boundary strings that
|
|
do not differ in the first $mime_boundary_length_limit characters.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM mime_header_checks $header_checks
|
|
|
|
<p>
|
|
Optional lookup tables for content inspection of MIME related
|
|
message headers, as described in the header_checks(5) manual page.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM mime_nesting_limit 100
|
|
|
|
<p>
|
|
The maximal recursion level that the MIME processor will handle.
|
|
Postfix refuses mail that is nested deeper than the specified limit.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM mynetworks_style subnet
|
|
|
|
<p>
|
|
The method to generate the default value for the mynetworks parameter.
|
|
This is the list of trusted networks for relay access control etc.
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li><p>Specify "mynetworks_style = host" when Postfix should
|
|
"trust" only the local machine. </p>
|
|
|
|
<li><p>Specify "mynetworks_style = subnet" when Postfix
|
|
should "trust" SMTP clients in the same IP subnetworks as the local
|
|
machine. On Linux, this works correctly only with interfaces
|
|
specified with the "ifconfig" command. </p>
|
|
|
|
<li><p>Specify "mynetworks_style = class" when Postfix should
|
|
"trust" SMTP clients in the same IP class A/B/C networks as the
|
|
local machine. Don't do this with a dialup site - it would cause
|
|
Postfix to "trust" your entire provider's network. Instead, specify
|
|
an explicit mynetworks list by hand, as described with the mynetworks
|
|
configuration parameter. </p>
|
|
|
|
</ul>
|
|
|
|
%PARAM nested_header_checks $header_checks
|
|
|
|
<p>
|
|
Optional lookup tables for content inspection of non-MIME message
|
|
headers in attached messages, as described in the header_checks(5)
|
|
manual page.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM newaliases_path see "postconf -d" output
|
|
|
|
<p>
|
|
Sendmail compatibility feature that specifies the location of the
|
|
newaliases(1) command. This command can be used to rebuild the
|
|
local(8) aliases(5) database.
|
|
</p>
|
|
|
|
%PARAM non_fqdn_reject_code 504
|
|
|
|
<p>
|
|
The numerical Postfix SMTP server reply code when a client request
|
|
is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender
|
|
or reject_non_fqdn_recipient restriction.
|
|
</p>
|
|
|
|
%PARAM owner_request_special yes
|
|
|
|
<p>
|
|
Give special treatment to owner-listname and listname-request
|
|
address localparts: don't split such addresses when the
|
|
recipient_delimiter is set to "-". This feature is useful for
|
|
mailing lists.
|
|
</p>
|
|
|
|
%PARAM permit_mx_backup_networks
|
|
|
|
<p>
|
|
Restrict the use of the permit_mx_backup SMTP access feature to
|
|
only domains whose primary MX hosts match the listed networks.
|
|
</p>
|
|
|
|
%PARAM pickup_service_name pickup
|
|
|
|
<p>
|
|
The name of the pickup(8) service. This service picks up local mail
|
|
submissions from the Postfix maildrop queue.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM prepend_delivered_header command, file, forward
|
|
|
|
<p> The message delivery contexts where the Postfix local(8) delivery
|
|
agent prepends a Delivered-To: message header with the address
|
|
that the mail was delivered to. This information is used for mail
|
|
delivery loop detection. </p>
|
|
|
|
<p>
|
|
By default, the Postfix local delivery agent prepends a Delivered-To:
|
|
header when forwarding mail and when delivering to file (mailbox)
|
|
and command. Turning off the Delivered-To: header when forwarding
|
|
mail is not recommended.
|
|
</p>
|
|
|
|
<p>
|
|
Specify zero or more of <b>forward</b>, <b>file</b>, or <b>command</b>.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
prepend_delivered_header = forward
|
|
</pre>
|
|
|
|
%PARAM process_name read-only
|
|
|
|
<p>
|
|
The process name of a Postfix command or daemon process.
|
|
</p>
|
|
|
|
%PARAM process_id read-only
|
|
|
|
<p>
|
|
The process ID of a Postfix command or daemon process.
|
|
</p>
|
|
|
|
%PARAM process_id_directory pid
|
|
|
|
<p>
|
|
The location of Postfix PID files relative to $queue_directory.
|
|
This is a read-only parameter.
|
|
</p>
|
|
|
|
%PARAM proxy_read_maps see "postconf -d" output
|
|
|
|
<p>
|
|
The lookup tables that the proxymap(8) server is allowed to access.
|
|
Table references that don't begin with proxy: are ignored. The
|
|
proxymap(8) table accesses are read-only.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM qmgr_clog_warn_time 300s
|
|
|
|
<p>
|
|
The minimal delay between warnings that a specific destination is
|
|
clogging up the Postfix active queue. Specify 0 to disable.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is enabled with the helpful_warnings parameter.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM qmgr_fudge_factor 100
|
|
|
|
<p>
|
|
Obsolete feature: the percentage of delivery resources that a busy
|
|
mail system will use up for delivery of a large mailing list
|
|
message.
|
|
</p>
|
|
|
|
<p>
|
|
This feature exists only in the oqmgr(8) old queue manager. The
|
|
current queue manager solves the problem in a better way.
|
|
</p>
|
|
|
|
%PARAM queue_directory see "postconf -d" output
|
|
|
|
<p>
|
|
The location of the Postfix top-level queue directory. This is the
|
|
root directory of Postfix daemon processes that run chrooted.
|
|
</p>
|
|
|
|
%PARAM queue_file_attribute_count_limit 100
|
|
|
|
<p>
|
|
The maximal number of (name=value) attributes that may be stored
|
|
in a Postfix queue file. The limit is enforced by the cleanup(8)
|
|
server.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM queue_service_name qmgr
|
|
|
|
<p>
|
|
The name of the qmgr(8) service. This service manages the Postfix
|
|
queue and schedules delivery requests.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM html_directory see "postconf -d" output
|
|
|
|
<p>
|
|
The location of Postfix HTML files that describe how to build,
|
|
configure or operate a specific Postfix subsystem or feature.
|
|
</p>
|
|
|
|
%PARAM readme_directory see "postconf -d" output
|
|
|
|
<p>
|
|
The location of Postfix README files that describe how to build,
|
|
configure or operate a specific Postfix subsystem or feature.
|
|
</p>
|
|
|
|
%PARAM relay_transport relay
|
|
|
|
<p>
|
|
The default mail delivery transport and next-hop destination for
|
|
remote delivery to domains listed with $relay_domains. In order of
|
|
decreasing precedence, the nexthop destination is taken from
|
|
$relay_transport, $sender_dependent_relayhost_maps, $relayhost, or
|
|
from the recipient domain. This information can be overruled with
|
|
the transport(5) table.
|
|
</p>
|
|
|
|
<p>
|
|
Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
|
|
is the name of a mail delivery transport defined in master.cf.
|
|
The <i>:nexthop</i> part is optional. For more details see the
|
|
transport(5) manual page.
|
|
</p>
|
|
|
|
<p>
|
|
See also the relay domains address class in the ADDRESS_CLASS_README
|
|
file.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM rewrite_service_name rewrite
|
|
|
|
<p>
|
|
The name of the address rewriting service. This service rewrites
|
|
addresses to standard form and resolves them to a (delivery method,
|
|
next-hop host, recipient) triple.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM sample_directory /etc/postfix
|
|
|
|
<p>
|
|
The name of the directory with example Postfix configuration files.
|
|
</p>
|
|
|
|
%PARAM sender_based_routing no
|
|
|
|
<p>
|
|
This parameter should not be used. It was replaced by sender_dependent_relayhost_maps
|
|
in Postfix version 2.3.
|
|
</p>
|
|
|
|
%PARAM sendmail_path see "postconf -d" output
|
|
|
|
<p>
|
|
A Sendmail compatibility feature that specifies the location of
|
|
the Postfix sendmail(1) command. This command can be used to
|
|
submit mail into the Postfix queue.
|
|
</p>
|
|
|
|
%PARAM service_throttle_time 60s
|
|
|
|
<p>
|
|
How long the Postfix master(8) waits before forking a server that
|
|
appears to be malfunctioning.
|
|
</p>
|
|
|
|
<p>
|
|
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
|
|
The default time unit is s (seconds).
|
|
</p>
|
|
|
|
%PARAM setgid_group postdrop
|
|
|
|
<p>
|
|
The group ownership of set-gid Postfix commands and of group-writable
|
|
Postfix directories. When this parameter value is changed you need
|
|
to re-run "<b>postfix set-permissions</b>" (with Postfix version 2.0 and
|
|
earlier: "<b>/etc/postfix/post-install set-permissions</b>".
|
|
</p>
|
|
|
|
%PARAM show_user_unknown_table_name yes
|
|
|
|
<p>
|
|
Display the name of the recipient table in the "User unknown"
|
|
responses. The extra detail makes trouble shooting easier but also
|
|
reveals information that is nobody elses business.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM showq_service_name showq
|
|
|
|
<p>
|
|
The name of the showq(8) service. This service produces mail queue
|
|
status reports.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM smtp_pix_workaround_delay_time 10s
|
|
|
|
<p>
|
|
How long the Postfix SMTP client pauses before sending
|
|
".<CR><LF>" in order to work around the PIX firewall
|
|
"<CR><LF>.<CR><LF>" bug.
|
|
</p>
|
|
|
|
<p>
|
|
Choosing a too short time makes this workaround ineffective when
|
|
sending large messages over slow network connections.
|
|
</p>
|
|
|
|
%PARAM smtp_randomize_addresses yes
|
|
|
|
<p>
|
|
Randomize the order of equal-preference MX host addresses. This
|
|
is a performance feature of the Postfix SMTP client.
|
|
</p>
|
|
|
|
%PARAM smtp_rset_timeout 20s
|
|
|
|
<p> The SMTP client time limit for sending the RSET command, and
|
|
for receiving the server response. The SMTP client sends RSET in
|
|
order to finish a recipient address probe, or to verify that a
|
|
cached session is still usable. </p>
|
|
|
|
<p> This feature is available in Postfix 2.1 and later. </p>
|
|
|
|
%PARAM smtpd_data_restrictions
|
|
|
|
<p>
|
|
Optional access restrictions that the Postfix SMTP server applies
|
|
in the context of the SMTP DATA command.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
<p>
|
|
Specify a list of restrictions, separated by commas and/or whitespace.
|
|
Continue long lines by starting the next line with whitespace.
|
|
Restrictions are applied in the order as specified; the first
|
|
restriction that matches wins.
|
|
</p>
|
|
|
|
<p>
|
|
The following restrictions are valid in this context:
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li><a href="#generic">Generic</a> restrictions that can be used
|
|
in any SMTP command context, described under smtpd_client_restrictions.
|
|
|
|
<li>SMTP command specific restrictions described under
|
|
smtpd_client_restrictions, smtpd_helo_restrictions,
|
|
smtpd_sender_restrictions or smtpd_recipient_restrictions.
|
|
|
|
</ul>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<pre>
|
|
smtpd_data_restrictions = reject_unauth_pipelining
|
|
smtpd_data_restrictions = reject_multi_recipient_bounce
|
|
</pre>
|
|
|
|
%PARAM smtpd_end_of_data_restrictions
|
|
|
|
<p> Optional access restrictions that the Postfix SMTP server
|
|
applies in the context of the SMTP END-OF-DATA command. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
<p> See smtpd_data_restrictions for syntax details. </p>
|
|
|
|
%PARAM smtpd_delay_reject yes
|
|
|
|
<p>
|
|
Wait until the RCPT TO command before evaluating
|
|
$smtpd_client_restrictions, $smtpd_helo_restrictions and
|
|
$smtpd_sender_restrictions, or wait until the ETRN command before
|
|
evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is turned on by default because some clients apparently
|
|
mis-behave when the Postfix SMTP server rejects commands before
|
|
RCPT TO.
|
|
</p>
|
|
|
|
<p>
|
|
The default setting has one major benefit: it allows Postfix to log
|
|
recipient address information when rejecting a client name/address
|
|
or sender address, so that it is possible to find out whose mail
|
|
is being rejected.
|
|
</p>
|
|
|
|
%PARAM smtpd_null_access_lookup_key <>
|
|
|
|
<p>
|
|
The lookup key to be used in SMTP access(5) tables instead of the
|
|
null sender address.
|
|
</p>
|
|
|
|
%CLASS smtpd-policy SMTP server policy delegation
|
|
|
|
<p>
|
|
The Postfix SMTP server has a number of built-in mechanisms to
|
|
block or accept mail at specific SMTP protocol stages. As of version
|
|
2.1 Postfix can be configured to delegate policy decisions to an
|
|
external server that runs outside Postfix. See the file
|
|
SMTPD_POLICY_README for more information.
|
|
</p>
|
|
|
|
%PARAM smtpd_policy_service_max_idle 300s
|
|
|
|
<p>
|
|
The time after which an idle SMTPD policy service connection is
|
|
closed.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM smtpd_policy_service_max_ttl 1000s
|
|
|
|
<p>
|
|
The time after which an active SMTPD policy service connection is
|
|
closed.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM smtpd_policy_service_timeout 100s
|
|
|
|
<p>
|
|
The time limit for connecting to, writing to or receiving from a
|
|
delegated SMTPD policy server.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM smtpd_reject_unlisted_recipient yes
|
|
|
|
<p>
|
|
Request that the Postfix SMTP server rejects mail for unknown
|
|
recipient addresses, even when no explicit reject_unlisted_recipient
|
|
access restriction is specified. This prevents the Postfix queue
|
|
from filling up with undeliverable MAILER-DAEMON messages.
|
|
</p>
|
|
|
|
<ul>
|
|
|
|
<li> The recipient domain matches $mydestination, $inet_interfaces
|
|
or $proxy_interfaces, but the recipient is not listed in
|
|
$local_recipient_maps, and $local_recipient_maps is not null.
|
|
|
|
<li> The recipient domain matches $virtual_alias_domains but the
|
|
recipient is not listed in $virtual_alias_maps.
|
|
|
|
<li> The recipient domain matches $virtual_mailbox_domains but the
|
|
recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
|
|
is not null.
|
|
|
|
<li> The recipient domain matches $relay_domains but the recipient
|
|
is not listed in $relay_recipient_maps, and $relay_recipient_maps
|
|
is not null.
|
|
|
|
</ul>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM smtpd_reject_unlisted_sender no
|
|
|
|
<p> Request that the Postfix SMTP server rejects mail from unknown
|
|
sender addresses, even when no explicit reject_unlisted_sender
|
|
access restriction is specified. This can slow down an explosion
|
|
of forged mail from worms or viruses. </p>
|
|
|
|
<ul>
|
|
|
|
<li> The sender domain matches $mydestination, $inet_interfaces or
|
|
$proxy_interfaces, but the sender is not listed in
|
|
$local_recipient_maps, and $local_recipient_maps is not null.
|
|
|
|
<li> The sender domain matches $virtual_alias_domains but the sender
|
|
is not listed in $virtual_alias_maps.
|
|
|
|
<li> The sender domain matches $virtual_mailbox_domains but the
|
|
sender is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
|
|
is not null.
|
|
|
|
<li> The sender domain matches $relay_domains but the sender is
|
|
not listed in $relay_recipient_maps, and $relay_recipient_maps is
|
|
not null.
|
|
|
|
</ul>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM smtpd_restriction_classes
|
|
|
|
<p>
|
|
User-defined aliases for groups of access restrictions. The aliases
|
|
can be specified in smtpd_recipient_restrictions etc., and on the
|
|
right-hand side of a Postfix access(5) table.
|
|
</p>
|
|
|
|
<p>
|
|
One major application is for implementing per-recipient UCE control.
|
|
See the RESTRICTION_CLASS_README document for other examples.
|
|
</p>
|
|
|
|
%PARAM smtpd_sasl_application_name smtpd
|
|
|
|
<p>
|
|
The application name used for SASL server initialization. This
|
|
controls the name of the SASL configuration file. The default value
|
|
is <b>smtpd</b>, corresponding to a SASL configuration file named
|
|
<b>smtpd.conf</b>.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3
|
|
it was renamed to smtpd_sasl_path.
|
|
</p>
|
|
|
|
%PARAM strict_7bit_headers no
|
|
|
|
<p>
|
|
Reject mail with 8-bit text in message headers. This blocks mail
|
|
from poorly written applications.
|
|
</p>
|
|
|
|
<p>
|
|
This feature should not be enabled on a general purpose mail server,
|
|
because it is likely to reject legitimate email.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM strict_8bitmime no
|
|
|
|
<p>
|
|
Enable both strict_7bit_headers and strict_8bitmime_body.
|
|
</p>
|
|
|
|
<p>
|
|
This feature should not be enabled on a general purpose mail server,
|
|
because it is likely to reject legitimate email.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM strict_8bitmime_body no
|
|
|
|
<p>
|
|
Reject 8-bit message body text without 8-bit MIME content encoding
|
|
information. This blocks mail from poorly written applications.
|
|
</p>
|
|
|
|
<p>
|
|
Unfortunately, this also rejects majordomo approval requests when
|
|
the included request contains valid 8-bit MIME mail, and it rejects
|
|
bounces from mailers that do not MIME encapsulate 8-bit content
|
|
(for example, bounces from qmail or from old versions of Postfix).
|
|
</p>
|
|
|
|
<p>
|
|
This feature should not be enabled on a general purpose mail server,
|
|
because it is likely to reject legitimate email.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM strict_mime_encoding_domain no
|
|
|
|
<p>
|
|
Reject mail with invalid Content-Transfer-Encoding: information
|
|
for the message/* or multipart/* MIME content types. This blocks
|
|
mail from poorly written software.
|
|
</p>
|
|
|
|
<p>
|
|
This feature should not be enabled on a general purpose mail server,
|
|
because it will reject mail after a single violation.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM sun_mailtool_compatibility no
|
|
|
|
<p>
|
|
Obsolete SUN mailtool compatibility feature. Instead, use
|
|
"mailbox_delivery_lock = dotlock".
|
|
</p>
|
|
|
|
%PARAM trace_service_name trace
|
|
|
|
<p>
|
|
The name of the trace service. This service is implemented by the
|
|
bounce(8) daemon and maintains a record
|
|
of mail deliveries and produces a mail delivery report when verbose
|
|
delivery is requested with "<b>sendmail -v</b>".
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.1 and later.
|
|
</p>
|
|
|
|
%PARAM undisclosed_recipients_header To: undisclosed-recipients:;
|
|
|
|
<p>
|
|
Message header that the Postfix cleanup(8) server inserts when a
|
|
message contains no To: or Cc: message header. </p>
|
|
|
|
%PARAM unknown_relay_recipient_reject_code 550
|
|
|
|
<p>
|
|
The numerical Postfix SMTP server reply code when a recipient
|
|
address matches $relay_domains, and relay_recipient_maps specifies
|
|
a list of lookup tables that does not match the recipient address.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM unknown_virtual_alias_reject_code 550
|
|
|
|
<p>
|
|
The SMTP server reply code when a recipient address matches
|
|
$virtual_alias_domains, and $virtual_alias_maps specifies a list
|
|
of lookup tables that does not match the recipient address.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM unknown_virtual_mailbox_reject_code 550
|
|
|
|
<p>
|
|
The SMTP server reply code when a recipient address matches
|
|
$virtual_mailbox_domains, and $virtual_mailbox_maps specifies a list
|
|
of lookup tables that does not match the recipient address.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM verp_delimiter_filter -=+
|
|
|
|
<p>
|
|
The characters Postfix accepts as VERP delimiter characters on the
|
|
Postfix sendmail(1) command line and in SMTP commands.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 1.1 and later.
|
|
</p>
|
|
|
|
%PARAM virtual_gid_maps
|
|
|
|
<p>
|
|
Lookup tables with the per-recipient group ID for virtual(8) mailbox
|
|
delivery.
|
|
</p>
|
|
|
|
<p>
|
|
In a lookup table, specify a left-hand side of "@domain.tld" to
|
|
match any user in the specified domain that does not have a specific
|
|
"user@domain.tld" entry.
|
|
</p>
|
|
|
|
<p>
|
|
When a recipient address has an optional address extension
|
|
(user+foo@domain.tld), the virtual(8) delivery agent looks up
|
|
the full address first, and when the lookup fails, it looks up the
|
|
unextended address (user@domain.tld).
|
|
</p>
|
|
|
|
<p>
|
|
Note 1: for security reasons, the virtual(8) delivery agent disallows
|
|
regular expression substitution of $1 etc. in regular expression
|
|
lookup tables, because that would open a security hole.
|
|
</p>
|
|
|
|
<p>
|
|
Note 2: for security reasons, the virtual(8) delivery agent will
|
|
silently ignore requests to use the proxymap(8) server. Instead
|
|
it will open the table directly. Before Postfix version 2.2, the
|
|
virtual(8) delivery agent will terminate with a fatal error.
|
|
</p>
|
|
|
|
%PARAM virtual_mailbox_base
|
|
|
|
<p>
|
|
A prefix that the virtual(8) delivery agent prepends to all pathname
|
|
results from $virtual_mailbox_maps table lookups. This is a safety
|
|
measure to ensure that an out of control map doesn't litter the
|
|
file system with mailboxes. While virtual_mailbox_base could be
|
|
set to "/", this setting isn't recommended.
|
|
</p>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
virtual_mailbox_base = /var/mail
|
|
</pre>
|
|
|
|
%PARAM virtual_mailbox_domains $virtual_mailbox_maps
|
|
|
|
<p> Postfix is final destination for the specified list of domains;
|
|
mail is delivered via the $virtual_transport mail delivery transport.
|
|
By default this is the Postfix virtual(8) delivery agent. The SMTP
|
|
server validates recipient addresses with $virtual_mailbox_maps
|
|
and rejects mail for non-existent recipients. See also the virtual
|
|
mailbox domain class in the ADDRESS_CLASS_README file. </p>
|
|
|
|
<p> This parameter expects the same syntax as the mydestination
|
|
configuration parameter. </p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later. The default
|
|
value is backwards compatible with Postfix version 1.1.
|
|
</p>
|
|
|
|
%PARAM virtual_mailbox_limit 51200000
|
|
|
|
<p>
|
|
The maximal size in bytes of an individual mailbox or maildir file,
|
|
or zero (no limit).
|
|
</p>
|
|
|
|
%PARAM virtual_mailbox_lock see "postconf -d" output
|
|
|
|
<p>
|
|
How to lock a UNIX-style virtual(8) mailbox before attempting
|
|
delivery. For a list of available file locking methods, use the
|
|
"<b>postconf -l</b>" command.
|
|
</p>
|
|
|
|
<p>
|
|
This setting is ignored with <b>maildir</b> style delivery, because
|
|
such deliveries are safe without application-level locks.
|
|
</p>
|
|
|
|
<p>
|
|
Note 1: the <b>dotlock</b> method requires that the recipient UID
|
|
or GID has write access to the parent directory of the recipient's
|
|
mailbox file.
|
|
</p>
|
|
|
|
<p>
|
|
Note 2: the default setting of this parameter is system dependent.
|
|
</p>
|
|
|
|
%PARAM virtual_mailbox_maps
|
|
|
|
<p>
|
|
Optional lookup tables with all valid addresses in the domains that
|
|
match $virtual_mailbox_domains.
|
|
</p>
|
|
|
|
<p>
|
|
In a lookup table, specify a left-hand side of "@domain.tld" to
|
|
match any user in the specified domain that does not have a specific
|
|
"user@domain.tld" entry.
|
|
</p>
|
|
|
|
<p>
|
|
The virtual(8) delivery agent uses this table to look up the
|
|
per-recipient mailbox or maildir pathname. If the lookup result
|
|
ends in a slash ("/"), maildir-style delivery is carried out,
|
|
otherwise the path is assumed to specify a UNIX-style mailbox file.
|
|
Note that $virtual_mailbox_base is unconditionally prepended to
|
|
this path.
|
|
</p>
|
|
|
|
<p>
|
|
When a recipient address has an optional address extension
|
|
(user+foo@domain.tld), the virtual(8) delivery agent looks up
|
|
the full address first, and when the lookup fails, it looks up the
|
|
unextended address (user@domain.tld).
|
|
</p>
|
|
|
|
<p>
|
|
Note 1: for security reasons, the virtual(8) delivery agent disallows
|
|
regular expression substitution of $1 etc. in regular expression
|
|
lookup tables, because that would open a security hole.
|
|
</p>
|
|
|
|
<p>
|
|
Note 2: for security reasons, the virtual(8) delivery agent will
|
|
silently ignore requests to use the proxymap(8) server. Instead
|
|
it will open the table directly. Before Postfix version 2.2, the
|
|
virtual(8) delivery agent will terminate with a fatal error.
|
|
</p>
|
|
|
|
%PARAM virtual_minimum_uid 100
|
|
|
|
<p>
|
|
The minimum user ID value that the virtual(8) delivery agent accepts
|
|
as a result from $virtual_uid_maps table lookup. Returned
|
|
values less than this will be rejected, and the message will be
|
|
deferred.
|
|
</p>
|
|
|
|
%PARAM virtual_transport virtual
|
|
|
|
<p>
|
|
The default mail delivery transport and next-hop destination for
|
|
final delivery to domains listed with $virtual_mailbox_domains.
|
|
This information can be overruled with the transport(5) table.
|
|
</p>
|
|
|
|
<p>
|
|
Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
|
|
is the name of a mail delivery transport defined in master.cf.
|
|
The <i>:nexthop</i> part is optional. For more details see the
|
|
transport(5) manual page.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.0 and later.
|
|
</p>
|
|
|
|
%PARAM virtual_uid_maps
|
|
|
|
<p>
|
|
Lookup tables with the per-recipient user ID that the virtual(8)
|
|
delivery agent uses while writing to the recipient's mailbox.
|
|
</p>
|
|
|
|
<p>
|
|
In a lookup table, specify a left-hand side of "@domain.tld"
|
|
to match any user in the specified domain that does not have a
|
|
specific "user@domain.tld" entry.
|
|
</p>
|
|
|
|
<p>
|
|
When a recipient address has an optional address extension
|
|
(user+foo@domain.tld), the virtual(8) delivery agent looks up
|
|
the full address first, and when the lookup fails, it looks up the
|
|
unextended address (user@domain.tld).
|
|
</p>
|
|
|
|
<p>
|
|
Note 1: for security reasons, the virtual(8) delivery agent disallows
|
|
regular expression substitution of $1 etc. in regular expression
|
|
lookup tables, because that would open a security hole.
|
|
</p>
|
|
|
|
<p>
|
|
Note 2: for security reasons, the virtual(8) delivery agent will
|
|
silently ignore requests to use the proxymap(8) server. Instead
|
|
it will open the table directly. Before Postfix version 2.2, the
|
|
virtual(8) delivery agent will terminate with a fatal error.
|
|
</p>
|
|
|
|
%PARAM config_directory see "postconf -d" output
|
|
|
|
<p> The default location of the Postfix main.cf and master.cf
|
|
configuration files. This can be overruled via the following
|
|
mechanisms: </p>
|
|
|
|
<ul>
|
|
|
|
<li> <p> The MAIL_CONFIG environment variable (daemon processes
|
|
and commands). </p>
|
|
|
|
<li> <p> The "-c" command-line option (commands only). </p>
|
|
|
|
</ul>
|
|
|
|
<p> With Postfix command that run with set-gid privileges, a
|
|
config_directory override requires either root privileges, or it
|
|
requires that the directory is listed with the alternate_config_directories
|
|
parameter in the default main.cf file. </p>
|
|
|
|
%PARAM virtual_maps
|
|
|
|
<p> Optional lookup tables with a) names of domains for which all
|
|
addresses are aliased to addresses in other local or remote domains,
|
|
and b) addresses that are aliased to addresses in other local or
|
|
remote domains. Available before Postfix version 2.0. With Postfix
|
|
version 2.0 and later, this is replaced by separate controls: virtual_alias_domains
|
|
and virtual_alias_maps. </p>
|
|
|
|
%PARAM smtp_discard_ehlo_keywords
|
|
|
|
<p> A case insensitive list of EHLO keywords (pipelining, starttls,
|
|
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
|
|
response from a remote SMTP server. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
<p> Notes: </p>
|
|
|
|
<ul>
|
|
|
|
<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent
|
|
this action from being logged. </p>
|
|
|
|
<li> <p> Use the smtp_discard_ehlo_keyword_address_maps feature to
|
|
discard EHLO keywords selectively. </p>
|
|
|
|
</ul>
|
|
|
|
%PARAM smtpd_discard_ehlo_keywords
|
|
|
|
<p> A case insensitive list of EHLO keywords (pipelining, starttls,
|
|
auth, etc.) that the SMTP server will not send in the EHLO response
|
|
to a remote SMTP client. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
<p> Notes: </p>
|
|
|
|
<ul>
|
|
|
|
<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent
|
|
this action from being logged. </p>
|
|
|
|
<li> <p> Use the smtpd_discard_ehlo_keyword_address_maps feature
|
|
to discard EHLO keywords selectively. </p>
|
|
|
|
</ul>
|
|
|
|
%PARAM smtp_discard_ehlo_keyword_address_maps
|
|
|
|
<p> Lookup tables, indexed by the remote SMTP server address, with
|
|
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
|
|
etc.) that the Postfix SMTP client will ignore in the EHLO response from a
|
|
remote SMTP server. See smtp_discard_ehlo_keywords for details. The
|
|
table is not indexed by hostname for consistency with
|
|
smtpd_discard_ehlo_keyword_address_maps. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtpd_discard_ehlo_keyword_address_maps
|
|
|
|
<p> Lookup tables, indexed by the remote SMTP client address, with
|
|
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
|
|
etc.) that the SMTP server will not send in the EHLO response to a
|
|
remote SMTP client. See smtpd_discard_ehlo_keywords for details.
|
|
The table is not searched by hostname for robustness reasons. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM connection_cache_service scache
|
|
|
|
<p> The name of the scache(8) connection cache service. This service
|
|
maintains a limited pool of cached sessions. </p>
|
|
|
|
%PARAM connection_cache_ttl_limit 2s
|
|
|
|
<p> The maximal time-to-live value that the scache(8) connection
|
|
cache server
|
|
allows. Requests that specify a larger TTL will be stored with the
|
|
maximum allowed TTL. The purpose of this additional control is to
|
|
protect the infrastructure against careless people. The cache TTL
|
|
is already bounded by $max_idle. </p>
|
|
|
|
%PARAM connection_cache_status_update_time 600s
|
|
|
|
<p> How frequently the scache(8) server logs usage statistics with
|
|
connection cache hit and miss rates for logical destinations and for
|
|
physical endpoints. </p>
|
|
|
|
%PARAM remote_header_rewrite_domain
|
|
|
|
<p> Don't rewrite message headers from remote clients at all when
|
|
this parameter is empty; otherwise, rewrite message headers and
|
|
append the specified domain name to incomplete addresses. The
|
|
local_header_rewrite_clients parameter controls what clients Postfix
|
|
considers local. </p>
|
|
|
|
<p> Examples: </p>
|
|
|
|
<p> The safe setting: append "domain.invalid" to incomplete header
|
|
addresses from remote SMTP clients, so that those addresses cannot
|
|
be confused with local addresses. </p>
|
|
|
|
<pre>
|
|
remote_header_rewrite_domain = domain.invalid
|
|
</pre>
|
|
|
|
<p> The default, purist, setting: don't rewrite headers from remote
|
|
clients at all. </p>
|
|
|
|
<pre>
|
|
remote_header_rewrite_domain =
|
|
</pre>
|
|
|
|
%PARAM local_header_rewrite_clients permit_inet_interfaces
|
|
|
|
<p> Rewrite message header addresses in mail from these clients and
|
|
update incomplete addresses with the domain name in $myorigin or
|
|
$mydomain; either don't rewrite message headers from other clients
|
|
at all, or rewrite message headers and update incomplete addresses
|
|
with the domain specified in the remote_header_rewrite_domain
|
|
parameter. </p>
|
|
|
|
<p> See the append_at_myorigin and append_dot_mydomain parameters
|
|
for details of how domain names are appended to incomplete addresses.
|
|
</p>
|
|
|
|
<p> Specify a list of zero or more of the following: </p>
|
|
|
|
<dl>
|
|
|
|
<dt> <b> permit_inet_interfaces </b></dt>
|
|
|
|
<dd> Append the domain name in $myorigin or $mydomain when the
|
|
client IP address matches $inet_interfaces. This is enabled by
|
|
default. </dd>
|
|
|
|
<dt> <b> permit_mynetworks </b></dt>
|
|
|
|
<dd> Append the domain name in $myorigin or $mydomain when the
|
|
client IP address matches any network or network address listed in
|
|
$mynetworks. This setting will not prevent remote mail header
|
|
address rewriting when mail from a remote client is forwarded by
|
|
a neighboring system. </dd>
|
|
|
|
<dt><b> permit_sasl_authenticated </b></dt>
|
|
|
|
<dd> Append the domain name in $myorigin or $mydomain when the
|
|
client is successfully authenticated via the RFC 2554 (AUTH)
|
|
protocol. </dd>
|
|
|
|
<dt><b> permit_tls_clientcerts </b></dt>
|
|
|
|
<dd> Append the domain name in $myorigin or $mydomain when the
|
|
client TLS certificate is successfully verified, and the client
|
|
certificate fingerprint is listed in $relay_clientcerts. </dd>
|
|
|
|
<dt><b> permit_tls_all_clientcerts </b></dt>
|
|
|
|
<dd> Append the domain name in $myorigin or $mydomain when the
|
|
client TLS certificate is successfully verified, regardless of
|
|
whether it is listed on the server, and regardless of the certifying
|
|
authority. </dd>
|
|
|
|
<dt><b> <a name="check_address_map">check_address_map</a> <i><a href="DATABASE_README.html">type:table</a></i> </b></dt>
|
|
|
|
<dt><b> <i><a href="DATABASE_README.html">type:table</a></i> </b></dt>
|
|
|
|
<dd> Append the domain name in $myorigin or $mydomain when the
|
|
client IP address matches the specified lookup table.
|
|
The lookup result is ignored, and no subnet lookup is done. This
|
|
is suitable for, e.g., pop-before-smtp lookup tables. </dd>
|
|
|
|
</dl>
|
|
|
|
<p> Examples: </p>
|
|
|
|
<p> The Postfix < 2.2 backwards compatible setting: always rewrite
|
|
message headers, and always append my own domain to incomplete
|
|
header addresses. </p>
|
|
|
|
<pre>
|
|
local_header_rewrite_clients = static:all
|
|
</pre>
|
|
|
|
<p> The purist (and default) setting: rewrite headers only in mail
|
|
from Postfix sendmail and in SMTP mail from this machine. </p>
|
|
|
|
<pre>
|
|
local_header_rewrite_clients = permit_inet_interfaces
|
|
</pre>
|
|
|
|
<p> The intermediate setting: rewrite header addresses and append
|
|
$myorigin or $mydomain information only with mail from Postfix
|
|
sendmail, from local clients, or from authorized SMTP clients. </p>
|
|
|
|
<p> Note: this setting will not prevent remote mail header address
|
|
rewriting when mail from a remote client is forwarded by a neighboring
|
|
system. </p>
|
|
|
|
<pre>
|
|
local_header_rewrite_clients = permit_mynetworks,
|
|
permit_sasl_authenticated permit_tls_clientcerts
|
|
check_address_map hash:/etc/postfix/pop-before-smtp
|
|
</pre>
|
|
|
|
%PARAM smtpd_tls_cert_file
|
|
|
|
<p> File with the Postfix SMTP server RSA certificate in PEM format.
|
|
This file may also contain the server private key. </p>
|
|
|
|
<p> Public Internet MX hosts without certificates signed by a "reputable"
|
|
CA must generate, and be prepared to present to most clients, a
|
|
self-signed or private-CA signed certificate. The client will not be
|
|
able to authenticate the server, but unless it is running Postfix 2.3 or
|
|
similar software, it will still insist on a server certificate. </p>
|
|
|
|
<p> For servers that are <b>not</b> public Internet MX hosts, Postfix
|
|
2.3 supports configurations with no certificates. This entails the
|
|
use of just the anonymous TLS ciphers, which are not supported by
|
|
typical SMTP clients. Since such clients will not, as a rule, fall
|
|
back to plain text after a TLS handshake failure, the server will
|
|
be unable to receive email from TLS enabled clients. To avoid
|
|
accidental configurations with no certificates, Postfix 2.3 enables
|
|
certificate-less operation only when the administrator explicitly
|
|
sets "smtpd_tls_cert_file = none". This ensures that new Postfix
|
|
configurations will not accidentally run with no certificates. </p>
|
|
|
|
<p> Both RSA and DSA certificates are supported. When both types
|
|
are present, the cipher used determines which certificate will be
|
|
presented to the client. For Netscape and OpenSSL clients without
|
|
special cipher choices the RSA certificate is preferred. </p>
|
|
|
|
<p> In order to verify a certificate, the CA certificate (in case
|
|
of a certificate chain, all CA certificates) must be available.
|
|
You should add these certificates to the server certificate, the
|
|
server certificate first, then the issuing CA(s). </p>
|
|
|
|
<p> Example: the certificate for "server.dom.ain" was issued by
|
|
"intermediate CA" which itself has a certificate of "root CA".
|
|
Create the server.pem file with "cat server_cert.pem intermediate_CA.pem
|
|
root_CA.pem > server.pem". </p>
|
|
|
|
<p> If you want to accept certificates issued by these CAs yourself,
|
|
you can also add the CA certificates to the smtpd_tls_CAfile, in
|
|
which case it is not necessary to have them in the smtpd_tls_dcert_file
|
|
or smtpd_tls_cert_file. </p>
|
|
|
|
<p> A certificate supplied here must be usable as SSL server
|
|
certificate and hence pass the "openssl verify -purpose sslserver
|
|
..." test. </p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
smtpd_tls_cert_file = /etc/postfix/server.pem
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtpd_tls_key_file $smtpd_tls_cert_file
|
|
|
|
<p> File with the Postfix SMTP server RSA private key in PEM format.
|
|
This file may be combined with the server certificate file specified
|
|
with $smtpd_tls_cert_file. </p>
|
|
|
|
<p> The private key must not be encrypted. In other words, the key
|
|
must be accessible without password. </p>
|
|
|
|
%PARAM smtpd_tls_dcert_file
|
|
|
|
<p> File with the Postfix SMTP server DSA certificate in PEM format.
|
|
This file may also contain the server private key. <p>
|
|
|
|
<p> See the discussion under smtpd_tls_cert_file for more details.
|
|
</p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
smtpd_tls_dcert_file = /etc/postfix/server-dsa.pem
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtpd_tls_dkey_file $smtpd_tls_dcert_file
|
|
|
|
<p> File with the Postfix SMTP server DSA private key in PEM format.
|
|
This file may be combined with the server certificate file specified
|
|
with $smtpd_tls_dcert_file. </p>
|
|
|
|
<p> The private key must not be encrypted. In other words, the key
|
|
must be accessible without password. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtpd_tls_CAfile
|
|
|
|
<p> The file with the certificate of the certification authority
|
|
(CA) that issued the Postfix SMTP server certificate. This is
|
|
needed only when the CA certificate is not already present in the
|
|
server certificate file. This file may also contain the CA
|
|
certificates of other trusted CAs. You must use this file for the
|
|
list of trusted CAs if you want to use chroot-mode. </p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
smtpd_tls_CAfile = /etc/postfix/CAcert.pem
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtpd_tls_CApath
|
|
|
|
<p> Directory with PEM format certificate authority certificates
|
|
that the Postfix SMTP server offers to remote SMTP clients for the
|
|
purpose of client certificate verification. Do not forget to create
|
|
the necessary "hash" links with, for example, "$OPENSSL_HOME/bin/c_rehash
|
|
/etc/postfix/certs". </p>
|
|
|
|
<p> To use this option in chroot mode, this directory (or a copy)
|
|
must be inside the chroot jail. Please note that in this case the
|
|
CA certificates are not offered to the client, so that e.g. Netscape
|
|
clients might not offer certificates issued by them. Use of this
|
|
feature is therefore not recommended. </p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
smtpd_tls_CApath = /etc/postfix/certs
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtpd_tls_loglevel 0
|
|
|
|
<p> Enable additional Postfix SMTP server logging of TLS activity.
|
|
Each logging level also includes the information that is logged at
|
|
a lower logging level. </p>
|
|
|
|
<dl compact>
|
|
|
|
<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd>
|
|
|
|
<dt> </dt> <dd> 1 Log TLS handshake and certificate information. </dd>
|
|
|
|
<dt> </dt> <dd> 2 Log levels during TLS negotiation. </dd>
|
|
|
|
<dt> </dt> <dd> 3 Log hexadecimal and ASCII dump of TLS negotiation
|
|
process. </dd>
|
|
|
|
<dt> </dt> <dd> 4 Also log hexadecimal and ASCII dump of complete
|
|
transmission after STARTTLS. </dd>
|
|
|
|
</dl>
|
|
|
|
<p> Use "smtpd_tls_loglevel = 3" only in case of problems. Use of
|
|
loglevel 4 is strongly discouraged. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtpd_tls_received_header no
|
|
|
|
<p> Request that the Postfix SMTP server produces Received: message
|
|
headers that include information about the protocol and cipher used,
|
|
as well as the client CommonName and client certificate issuer
|
|
CommonName. This is disabled by default, as the information may
|
|
be modified in transit through other mail servers. Only information
|
|
that was recorded by the final destination can be trusted. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtpd_use_tls no
|
|
|
|
<p> Opportunistic TLS: announce STARTTLS support to SMTP clients,
|
|
but do not require that clients use TLS encryption. </p>
|
|
|
|
<p> Note: when invoked via "<b>sendmail -bs</b>", Postfix will never offer
|
|
STARTTLS due to insufficient privileges to access the server private
|
|
key. This is intended behavior. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. With
|
|
Postfix 2.3 and later use smtpd_tls_security_level instead. </p>
|
|
|
|
%PARAM smtpd_enforce_tls no
|
|
|
|
<p> Mandatory TLS: announce STARTTLS support to SMTP clients,
|
|
and require that clients use TLS encryption. According to RFC 2487
|
|
this MUST NOT be applied in case of a publicly-referenced SMTP
|
|
server. This option is off by default and should be used only on
|
|
dedicated servers. </p>
|
|
|
|
<p> Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes". </p>
|
|
|
|
<p> Note 2: when invoked via "<b>sendmail -bs</b>", Postfix will never offer
|
|
STARTTLS due to insufficient privileges to access the server private
|
|
key. This is intended behavior. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. With
|
|
Postfix 2.3 and later use smtpd_tls_security_level instead. </p>
|
|
|
|
%PARAM smtpd_tls_wrappermode no
|
|
|
|
<p> Run the Postfix SMTP server in the non-standard "wrapper" mode,
|
|
instead of using the STARTTLS command. </p>
|
|
|
|
<p> If you want to support this service, enable a special port in
|
|
master.cf, and specify "-o smtpd_tls_wrappermode=yes" on the SMTP
|
|
server's command line. Port 465 (smtps) was once chosen for this
|
|
purpose. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtpd_tls_ask_ccert no
|
|
|
|
<p> Ask a remote SMTP client for a client certificate. This
|
|
information is needed for certificate based mail relaying with,
|
|
for example, the permit_tls_clientcerts feature. </p>
|
|
|
|
<p> Some clients such as Netscape will either complain if no
|
|
certificate is available (for the list of CAs in $smtpd_tls_CAfile)
|
|
or will offer multiple client certificates to choose from. This
|
|
may be annoying, so this option is "off" by default. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtpd_tls_req_ccert no
|
|
|
|
<p> With mandatory TLS encryption, require a remote SMTP client
|
|
certificate in order to allow TLS connections to proceed. This
|
|
option implies "smtpd_tls_ask_ccert = yes". </p>
|
|
|
|
<p> When TLS encryption is optional, this setting is ignored with
|
|
a warning written to the mail log. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtpd_tls_ccert_verifydepth 5
|
|
|
|
<p> The verification depth for remote SMTP client certificates. A
|
|
depth of 1 is sufficient if the issuing CA is listed in a local CA
|
|
file. The default value should also suffice for longer chains (the
|
|
root CA issues special CA which then issues the actual certificate...).
|
|
</p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtpd_tls_auth_only no
|
|
|
|
<p> When TLS encryption is optional in the Postfix SMTP server, do
|
|
not announce or accept SASL authentication over unencrypted
|
|
connections. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtpd_tls_session_cache_database
|
|
|
|
<p> Name of the file containing the optional Postfix SMTP server
|
|
TLS session cache. Specify a database type that supports enumeration,
|
|
such as <b>btree</b> or <b>sdbm</b>; there is no need to support
|
|
concurrent access. The file is created if it does not exist. The smtpd(8)
|
|
daemon does not use this parameter directly, rather the cache is
|
|
implemented indirectly in the tlsmgr(8) daemon. This means that
|
|
per-smtpd-instance master.cf overrides of this parameter are not
|
|
effective. Note, that each of the cache databases supported by tlsmgr(8)
|
|
daemon: $smtpd_tls_session_cache_database, $smtp_tls_session_cache_database
|
|
(and with Postfix 2.3 and later $lmtp_session_cache_database), needs to be
|
|
stored separately, it is not at this time possible to store multiple
|
|
caches in a single database. </p>
|
|
|
|
<p> Note: <b>dbm</b> databases are not suitable. TLS
|
|
session objects are too large. </p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_scache
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtpd_tls_session_cache_timeout 3600s
|
|
|
|
<p> The expiration time of Postfix SMTP server TLS session cache
|
|
information. A cache cleanup is performed periodically
|
|
every $smtpd_tls_session_cache_timeout seconds. As with
|
|
$smtpd_tls_session_cache_database, this parameter is implemented in the
|
|
tlsmgr(8) daemon and therefore per-smtpd-instance master.cf overrides
|
|
are not possible. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM relay_clientcerts
|
|
|
|
<p> The list of remote SMTP client certificates for which the
|
|
Postfix SMTP server will allow access with the permit_tls_clientcerts
|
|
feature. This feature does not use certificate names, because
|
|
Postfix list manipulation routines treat whitespace and some other
|
|
characters as special. Instead we use certificate fingerprints as
|
|
they are difficult to fake but easy to use for lookup. </p>
|
|
|
|
<p> Postfix lookup tables are in the form of (key, value) pairs.
|
|
Since we only need the key, the value can be chosen freely, e.g.
|
|
the name of the user or host:
|
|
D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home </p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
relay_clientcerts = hash:/etc/postfix/relay_clientcerts
|
|
</pre>
|
|
|
|
<p>For more fine-grained control, use check_ccert_access to select
|
|
an appropriate access(5) policy for each client.
|
|
See RESTRICTION_CLASS_README.</p>
|
|
|
|
<p>This feature is available with Postfix version 2.2.</p>
|
|
|
|
%PARAM smtpd_tls_cipherlist
|
|
|
|
<p> Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS
|
|
cipher list. It is easy to create inter-operability problems by choosing
|
|
a non-default cipher list. Do not use a non-default TLS cipherlist for
|
|
MX hosts on the public Internet. Clients that begin the TLS handshake,
|
|
but are unable to agree on a common cipher, may not be able to send any
|
|
email to the SMTP server. Using a restricted cipher list may be more
|
|
appropriate for a dedicated MSA or an internal mailhub, where one can
|
|
exert some control over the TLS software and settings of the connecting
|
|
clients. </p>
|
|
|
|
<p> <b>Note:</b> do not use "" quotes around the parameter value. </p>
|
|
|
|
<p>This feature is available with Postfix version 2.2. It is not used with
|
|
Postfix 2.3 and later; use smtpd_tls_mandatory_ciphers instead. </p>
|
|
|
|
%PARAM smtpd_tls_dh1024_param_file
|
|
|
|
<p> File with DH parameters that the Postfix SMTP server should
|
|
use with EDH ciphers. </p>
|
|
|
|
<p> Instead of using the exact same parameter sets as distributed
|
|
with other TLS packages, it is more secure to generate your own
|
|
set of parameters with something like the following command: </p>
|
|
|
|
<pre>
|
|
openssl gendh -out /etc/postfix/dh_1024.pem -2 -rand /var/run/egd-pool 1024
|
|
</pre>
|
|
|
|
<p> Your actual source for entropy may differ. Some systems have
|
|
/dev/random; on other system you may consider using the "Entropy
|
|
Gathering Daemon EGD", available at http://egd.sourceforge.net/
|
|
</p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
|
|
</pre>
|
|
|
|
<p>This feature is available with Postfix version 2.2.</p>
|
|
|
|
%PARAM smtpd_tls_dh512_param_file
|
|
|
|
<p> File with DH parameters that the Postfix SMTP server should
|
|
use with EDH ciphers. </p>
|
|
|
|
<p> See also the discussion under the smtpd_tls_dh1024_param_file
|
|
configuration parameter. </p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
|
|
</pre>
|
|
|
|
<p>This feature is available with Postfix version 2.2.</p>
|
|
|
|
%PARAM smtpd_starttls_timeout 300s
|
|
|
|
<p> The time limit for Postfix SMTP server write and read operations
|
|
during TLS startup and shutdown handshake procedures. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_tls_cert_file
|
|
|
|
<p> File with the Postfix SMTP client RSA certificate in PEM format.
|
|
This file may also contain the client private key, and these may
|
|
be the same as the server certificate and key file. </p>
|
|
|
|
<p> Do not configure client certificates unless you <b>must</b> present
|
|
client TLS certificates to one or more servers. Client certificates are
|
|
not usually needed, and can cause problems in configurations that work
|
|
well without them. The recommended setting is to let the defaults stand: </p>
|
|
|
|
<blockquote>
|
|
<pre>
|
|
smtp_tls_cert_file =
|
|
smtp_tls_dcert_file =
|
|
smtp_tls_key_file =
|
|
smtp_tls_dkey_file =
|
|
</pre>
|
|
</blockquote>
|
|
|
|
<p> The best way to use the default settings is to comment out the above
|
|
parameters in main.cf if present. </p>
|
|
|
|
<p> In order to verify certificates, the CA certificate (in case
|
|
of a certificate chain, all CA certificates) must be available.
|
|
You should add these certificates to the server certificate, the
|
|
server certificate first, then the issuing CA(s). </p>
|
|
|
|
<p> Example: the certificate for "client.dom.ain" was issued by
|
|
"intermediate CA" which itself has a certificate of "root CA".
|
|
Create the client.pem file with "cat client_cert.pem intermediate_CA.pem
|
|
root_CA.pem > client.pem". </p>
|
|
|
|
<p> If you want to accept remote SMTP server certificates issued
|
|
by these CAs yourself, you can also add the CA certificates to the
|
|
smtp_tls_CAfile, in which case it is not necessary to have them in
|
|
the smtp_tls_cert_file or smtp_tls_dcert_file. </p>
|
|
|
|
<p> A certificate supplied here must be usable as SSL client certificate and
|
|
hence pass the "openssl verify -purpose sslclient ..." test. </p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
smtp_tls_cert_file = /etc/postfix/client.pem
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_tls_key_file $smtp_tls_cert_file
|
|
|
|
<p> File with the Postfix SMTP client RSA private key in PEM format.
|
|
This file may be combined with the client certificate file specified
|
|
with $smtp_tls_cert_file. </p>
|
|
|
|
<p> The private key must not be encrypted. In other words, the key
|
|
must be accessible without password. </p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
smtp_tls_key_file = $smtp_tls_cert_file
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_tls_CAfile
|
|
|
|
<p> The file with the certificate of the certification authority
|
|
(CA) that issued the Postfix SMTP client certificate. This is
|
|
needed only when the CA certificate is not already present in the
|
|
client certificate file. </p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
smtp_tls_CAfile = /etc/postfix/CAcert.pem
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_tls_CApath
|
|
|
|
<p> Directory with PEM format certificate authority certificates
|
|
that the Postfix SMTP client uses to verify a remote SMTP server
|
|
certificate. Don't forget to create the necessary "hash" links
|
|
with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
|
|
</p>
|
|
|
|
<p> To use this option in chroot mode, this directory (or a copy)
|
|
must be inside the chroot jail. </p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
smtp_tls_CApath = /etc/postfix/certs
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_tls_loglevel 0
|
|
|
|
<p> Enable additional Postfix SMTP client logging of TLS activity.
|
|
Each logging level also includes the information that is logged at
|
|
a lower logging level. </p>
|
|
|
|
<dl compact>
|
|
|
|
<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd>
|
|
|
|
<dt> </dt> <dd> 1 Log TLS handshake and certificate information. </dd>
|
|
|
|
<dt> </dt> <dd> 2 Log levels during TLS negotiation. </dd>
|
|
|
|
<dt> </dt> <dd> 3 Log hexadecimal and ASCII dump of TLS negotiation
|
|
process. </dd>
|
|
|
|
<dt> </dt> <dd> 4 Log hexadecimal and ASCII dump of complete
|
|
transmission after STARTTLS. </dd>
|
|
|
|
</dl>
|
|
|
|
<p> Use "smtp_tls_loglevel = 3" only in case of problems. Use of
|
|
loglevel 4 is strongly discouraged. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_tls_session_cache_database
|
|
|
|
<p> Name of the file containing the optional Postfix SMTP client
|
|
TLS session cache. Specify a database type that supports enumeration,
|
|
such as <b>btree</b> or <b>sdbm</b>; there is no need to support
|
|
concurrent access. The file is created if it does not exist. The smtp(8)
|
|
daemon does not use this parameter directly, rather the cache is
|
|
implemented indirectly in the tlsmgr(8) daemon. This means that
|
|
per-smtp-instance master.cf overrides of this parameter are not effective.
|
|
Note, that each of the cache databases supported by tlsmgr(8) daemon:
|
|
$smtpd_tls_session_cache_database, $smtp_tls_session_cache_database
|
|
(and with Postfix 2.3 and later $lmtp_session_cache_database), needs to
|
|
be stored separately, it is not at this time possible to store multiple
|
|
caches in a single database. </p>
|
|
|
|
<p> Note: <b>dbm</b> databases are not suitable. TLS
|
|
session objects are too large. </p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_scache
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_tls_session_cache_timeout 3600s
|
|
|
|
<p> The expiration time of Postfix SMTP client TLS session cache
|
|
information. A cache cleanup is performed periodically
|
|
every $smtp_tls_session_cache_timeout seconds. As with
|
|
$smtp_tls_session_cache_database, this parameter is implemented in the
|
|
tlsmgr(8) daemon and therefore per-smtp-instance master.cf overrides
|
|
are not possible. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_use_tls no
|
|
|
|
<p> Opportunistic mode: use TLS when a remote SMTP server announces
|
|
STARTTLS support, otherwise send the mail in the clear. Beware:
|
|
some SMTP servers offer STARTTLS even if it is not configured. With
|
|
Postfix < 2.3, if the TLS handshake fails, and no other server is
|
|
available, delivery is deferred and mail stays in the queue. If this
|
|
is a concern for you, use the smtp_tls_per_site feature instead. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. With
|
|
Postfix 2.3 and later use smtp_tls_security_level instead. </p>
|
|
|
|
%PARAM smtp_enforce_tls no
|
|
|
|
<p> Enforcement mode: require that remote SMTP servers use TLS
|
|
encryption, and never send mail in the clear. This also requires
|
|
that the remote SMTP server hostname matches the information in
|
|
the remote server certificate, and that the remote SMTP server
|
|
certificate was issued by a CA that is trusted by the Postfix SMTP
|
|
client. If the certificate doesn't verify or the hostname doesn't
|
|
match, delivery is deferred and mail stays in the queue. </p>
|
|
|
|
<p> The server hostname is matched against all names provided as
|
|
dNSNames in the SubjectAlternativeName. If no dNSNames are specified,
|
|
the CommonName is checked. The behavior may be changed with the
|
|
smtp_tls_enforce_peername option. </p>
|
|
|
|
<p> This option is useful only if you are definitely sure that you
|
|
will only connect to servers that support RFC 2487 _and_ that
|
|
provide valid server certificates. Typical use is for clients that
|
|
send all their email to a dedicated mailhub. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. With
|
|
Postfix 2.3 and later use smtp_tls_security_level instead. </p>
|
|
|
|
%PARAM smtp_tls_enforce_peername yes
|
|
|
|
<p> With mandatory TLS encryption, require that the remote SMTP
|
|
server hostname matches the information in the remote SMTP server
|
|
certificate. As of RFC 2487 the requirements for hostname checking
|
|
for MTA clients are not specified. </p>
|
|
|
|
<p> This option can be set to "no" to disable strict peer name
|
|
checking. This setting has no effect on sessions that are controlled
|
|
via the smtp_tls_per_site table. </p>
|
|
|
|
<p> Disabling the hostname verification can make sense in closed
|
|
environment where special CAs are created. If not used carefully,
|
|
this option opens the danger of a "man-in-the-middle" attack (the
|
|
CommonName of this attacker will be logged). </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. With
|
|
Postfix 2.3 and later use smtp_tls_security_level instead. </p>
|
|
|
|
%PARAM smtp_tls_per_site
|
|
|
|
<p> Optional lookup tables with the Postfix SMTP client TLS usage
|
|
policy by next-hop destination and by remote SMTP server hostname.
|
|
When both lookups succeed, the more specific per-site policy (NONE,
|
|
MUST, etc) overrides the less specific one (MAY), and the more secure
|
|
per-site policy (MUST, etc) overrides the less secure one (NONE).
|
|
With Postfix 2.3 and later smtp_tls_per_site is strongly discouraged:
|
|
use smtp_tls_policy_maps instead. </p>
|
|
|
|
<p> Use of the bare hostname as the per-site table lookup key is
|
|
discouraged. Always use the full destination nexthop (enclosed in
|
|
[] with a possible ":port" suffix). A recipient domain or MX-enabled
|
|
transport next-hop with no port suffix may look like a bare hostname,
|
|
but is still a suitable <i>destination</i>. </p>
|
|
|
|
<p> Specify a next-hop destination or server hostname on the left-hand
|
|
side; no wildcards are allowed. The next-hop destination is either
|
|
the recipient domain, or the destination specified with a transport(5)
|
|
table, the relayhost parameter, or the relay_transport parameter.
|
|
On the right hand side specify one of the following keywords: </p>
|
|
|
|
<dl>
|
|
|
|
<dt> NONE </dt> <dd> Don't use TLS at all. This overrides a less
|
|
specific <b>MAY</b> lookup result from the alternate host or next-hop
|
|
lookup key, and overrides the global smtp_use_tls, smtp_enforce_tls,
|
|
and smtp_tls_enforce_peername settings. </dd>
|
|
|
|
<dt> MAY </dt> <dd> Try to use TLS if the server announces support,
|
|
otherwise use the unencrypted connection. This has less precedence
|
|
than a more specific result (including <b>NONE</b>) from the alternate
|
|
host or next-hop lookup key, and has less precedence than the more
|
|
specific global "smtp_enforce_tls = yes" or "smtp_tls_enforce_peername
|
|
= yes". </dd>
|
|
|
|
<dt> MUST_NOPEERMATCH </dt> <dd> Require TLS encryption, but do not
|
|
require that the remote SMTP server hostname matches the information
|
|
in the remote SMTP server certificate, or that the server certificate
|
|
was issued by a trusted CA. This overrides a less secure <b>NONE</b>
|
|
or a less specific <b>MAY</b> lookup result from the alternate host
|
|
or next-hop lookup key, and overrides the global smtp_use_tls,
|
|
smtp_enforce_tls and smtp_tls_enforce_peername settings. </dd>
|
|
|
|
<dt> MUST </dt> <dd> Require TLS encryption, require that the remote
|
|
SMTP server hostname matches the information in the remote SMTP
|
|
server certificate, and require that the remote SMTP server certificate
|
|
was issued by a trusted CA. This overrides a less secure <b>NONE</b>
|
|
and <b>MUST_NOPEERMATCH</b> or a less specific <b>MAY</b> lookup
|
|
result from the alternate host or next-hop lookup key, and overrides
|
|
the global smtp_use_tls, smtp_enforce_tls and smtp_tls_enforce_peername
|
|
settings. </dd>
|
|
|
|
</dl>
|
|
|
|
<p> The above keywords correspond to the "none", "may", "encrypt" and
|
|
"verify" security levels for the new smtp_tls_security_level parameter
|
|
introduced in Postfix 2.3. Starting with Postfix 2.3, and independently
|
|
of how the policy is specified, the smtp_tls_mandatory_ciphers and
|
|
smtp_tls_mandatory_protocols parameters only apply when TLS encryption
|
|
is mandatory. Connections for which encryption is optional enable
|
|
all "export" grade and better ciphers. </p>
|
|
|
|
<p> As long as no secure DNS lookup mechanism is available, false
|
|
hostnames in MX or CNAME responses can change the server hostname
|
|
that Postfix uses for TLS policy lookup and server certificate
|
|
verification. Even with a perfect match between the server hostname and
|
|
the server certificate, there is no guarantee that Postfix is connected
|
|
to the right server. See TLS_README (Closing a DNS loophole with obsolete
|
|
per-site TLS policies) for a possible work-around. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. With
|
|
Postfix 2.3 and later use smtp_tls_policy_maps instead. </p>
|
|
|
|
%PARAM smtp_tls_scert_verifydepth 5
|
|
|
|
<p> The verification depth for remote SMTP server certificates. A
|
|
depth of 1 is sufficient, if the certificate is directly issued by
|
|
a CA listed in the CA files. The default value (5) should suffice
|
|
for longer chains (the root CA issues special CA which then issues
|
|
the actual certificate...). </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_tls_note_starttls_offer no
|
|
|
|
<p> Log the hostname of a remote SMTP server that offers STARTTLS,
|
|
when TLS is not already enabled for that server. </p>
|
|
|
|
<p> The logfile record looks like: </p>
|
|
|
|
<pre>
|
|
postfix/smtp[pid]: Host offered STARTTLS: [name.of.host]
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_tls_cipherlist
|
|
|
|
<p> Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
|
|
cipher list. As this feature applies to all TLS security levels, it is easy
|
|
to create inter-operability problems by choosing a non-default cipher
|
|
list. Do not use a non-default TLS cipher list on hosts that deliver email
|
|
to the public Internet: you will be unable to send email to servers that
|
|
only support the ciphers you exclude. Using a restricted cipher list
|
|
may be more appropriate for an internal MTA, where one can exert some
|
|
control over the TLS software and settings of the peer servers. </p>
|
|
|
|
<p> <b>Note:</b> do not use "" quotes around the parameter value. </p>
|
|
|
|
<p> This feature is available in Postfix version 2.2. It is not used with
|
|
Postfix 2.3 and later; use smtp_tls_mandatory_ciphers instead. </p>
|
|
|
|
%PARAM smtp_starttls_timeout 300s
|
|
|
|
<p> Time limit for Postfix SMTP client write and read operations
|
|
during TLS startup and shutdown handshake procedures. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_tls_dkey_file $smtp_tls_dcert_file
|
|
|
|
<p> File with the Postfix SMTP client DSA private key in PEM format.
|
|
The private key must not be encrypted. In other words, the key must
|
|
be accessible without password. </p>
|
|
|
|
<p> This file may be combined with the server certificate file
|
|
specified with $smtp_tls_cert_file. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_tls_dcert_file
|
|
|
|
<p> File with the Postfix SMTP client DSA certificate in PEM format.
|
|
This file may also contain the server private key. </p>
|
|
|
|
<p> See the discussion under smtp_tls_cert_file for more details.
|
|
</p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
smtp_tls_dcert_file = /etc/postfix/client-dsa.pem
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM tls_random_exchange_name ${config_directory}/prng_exch
|
|
|
|
<p> Name of the pseudo random number generator (PRNG) state file
|
|
that is maintained by tlsmgr(8). The file is created when it does
|
|
not exist, and its length is fixed at 1024 bytes. </p>
|
|
|
|
<p> Since this file is modified by Postfix, it should probably be
|
|
kept in the /var file system, instead of under $config_directory.
|
|
The location should not be inside the chroot jail. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM tls_random_source see "postconf -d" output
|
|
|
|
<p> The external entropy source for the in-memory tlsmgr(8) pseudo
|
|
random number generator (PRNG) pool. Be sure to specify a non-blocking
|
|
source. If this source is not a regular file, the entropy source
|
|
type must be prepended: egd:/path/to/egd_socket for a source with
|
|
EGD compatible socket interface, or dev:/path/to/device for a
|
|
device file. </p>
|
|
|
|
<p> Note: on OpenBSD systems specify /dev/arandom when /dev/urandom
|
|
gives timeout errors. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM tls_random_bytes 32
|
|
|
|
<p> The number of bytes that tlsmgr(8) reads from $tls_random_source
|
|
when (re)seeding the in-memory pseudo random number generator (PRNG)
|
|
pool. The default of 32 bytes (256 bits) is good enough for 128bit
|
|
symmetric keys. If using EGD or a device file, a maximum of 255
|
|
bytes is read. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM tls_random_reseed_period 3600s
|
|
|
|
<p> The maximal time between attempts by tlsmgr(8) to re-seed the
|
|
in-memory pseudo random number generator (PRNG) pool from external
|
|
sources. The actual time between re-seeding attempts is calculated
|
|
using the PRNG, and is between 0 and the time specified. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM tls_random_prng_update_period 3600s
|
|
|
|
<p> The time between attempts by tlsmgr(8) to save the state of
|
|
the pseudo random number generator (PRNG) to the file specified
|
|
with $tls_random_exchange_name. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM tls_daemon_random_bytes 32
|
|
|
|
<p> The number of pseudo-random bytes that an smtp(8) or smtpd(8)
|
|
process requests from the tlsmgr(8) server in order to seed its
|
|
internal pseudo random number generator (PRNG). The default of 32
|
|
bytes (equivalent to 256 bits) is sufficient to generate a 128bit
|
|
(or 168bit) session key. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_sasl_tls_security_options $smtp_sasl_security_options
|
|
|
|
<p> The SASL authentication security options that the Postfix SMTP
|
|
client uses for TLS encrypted SMTP sessions. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtpd_sasl_tls_security_options $smtpd_sasl_security_options
|
|
|
|
<p> The SASL authentication security options that the Postfix SMTP
|
|
server uses for TLS encrypted SMTP sessions. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM smtp_generic_maps empty
|
|
|
|
<p> Optional lookup tables that perform address rewriting in the
|
|
SMTP client, typically to transform a locally valid address into
|
|
a globally valid address when sending mail across the Internet.
|
|
This is needed when the local machine does not have its own Internet
|
|
domain name, but uses something like <i>localdomain.local</i>
|
|
instead. </p>
|
|
|
|
<p> The table format and lookups are documented in generic(5);
|
|
examples are shown in the ADDRESS_REWRITING_README and
|
|
STANDARD_CONFIGURATION_README documents. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2 and later. </p>
|
|
|
|
%PARAM message_reject_characters empty
|
|
|
|
<p> The set of characters that Postfix will reject in message
|
|
content. The usual C-like escape sequences are recognized: <tt>\a
|
|
\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
|
|
<tt>\\</tt>. </p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
message_reject_characters = \0
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM message_strip_characters empty
|
|
|
|
<p> The set of characters that Postfix will remove from message
|
|
content. The usual C-like escape sequences are recognized: <tt>\a
|
|
\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
|
|
<tt>\\</tt>. </p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
message_strip_characters = \0
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM frozen_delivered_to yes
|
|
|
|
<p> Update the local(8) delivery agent's idea of the Delivered-To:
|
|
address (see prepend_delivered_header) only once, at the start of
|
|
a delivery attempt; do not update the Delivered-To: address while
|
|
expanding aliases or .forward files. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. With older
|
|
Postfix releases, the behavior is as if this parameter is set to
|
|
"no". The old setting can be expensive with deeply nested aliases
|
|
or .forward files. When an alias or .forward file changes the
|
|
Delivered-To: address, it ties up one queue file and one cleanup
|
|
process instance while mail is being forwarded. </p>
|
|
|
|
%PARAM smtpd_peername_lookup yes
|
|
|
|
<p> Attempt to look up the remote SMTP client hostname, and verify that
|
|
the name matches the client IP address. A client name is set to
|
|
"unknown" when it cannot be looked up or verified, or when name
|
|
lookup is disabled. Turning off name lookup reduces delays due to
|
|
DNS lookup and increases the maximal inbound delivery rate. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM delay_logging_resolution_limit 2
|
|
|
|
<p> The maximal number of digits after the decimal point when logging
|
|
sub-second delay values. Specify a number in the range 0..6. </p>
|
|
|
|
<p> Large delay values are rounded off to an integral number seconds;
|
|
delay values below the delay_logging_resolution_limit are logged
|
|
as "0", and small delay values are logged with at most two-digit
|
|
precision. </p>
|
|
|
|
<p> The format of the "delays=a/b/c/d" logging is as follows: </p>
|
|
|
|
<ul>
|
|
|
|
<li> a = time before the queue manager, including message transmission
|
|
|
|
<li> b = time in queue manager
|
|
|
|
<li> c = time in connection setup, including DNS, EHLO and TLS
|
|
|
|
<li> d = time in message transmission
|
|
|
|
</ul>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM bounce_template_file empty
|
|
|
|
<p> Pathname of a configuration file with bounce message templates.
|
|
These override the built-in templates of delivery status notification
|
|
(DSN) messages for undeliverable mail, for delayed mail, successful
|
|
delivery, or delivery verification. The bounce(5) manual page
|
|
describes how to edit and test template files. </p>
|
|
|
|
<p> Template message body text may contain $name references to
|
|
Postfix configuration parameters. The result of $name expansion can
|
|
be previewed with "<b>postconf -b <i>file_name</i></b>" before the file
|
|
is placed into the Postfix configuration directory. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM sender_dependent_relayhost_maps empty
|
|
|
|
<p> A sender-dependent override for the global relayhost parameter
|
|
setting. The tables are searched by the sender address and by the
|
|
@domain. This information is overruled with relay_transport,
|
|
default_transport and with the transport(5) table. </p>
|
|
|
|
<p> For safety reasons, this feature does not allow $number
|
|
substitutions in regular expression maps. </p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.3 and later.
|
|
</p>
|
|
|
|
%PARAM address_verify_sender_dependent_relayhost_maps empty
|
|
|
|
<p>
|
|
Overrides the sender_dependent_relayhost_maps parameter setting for address
|
|
verification probes.
|
|
</p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.3 and later.
|
|
</p>
|
|
|
|
%PARAM smtp_sender_dependent_authentication no
|
|
|
|
<p>
|
|
Enable sender-dependent authentication in the Postfix SMTP client; this is
|
|
available only with SASL authentication, and disables SMTP connection
|
|
caching to ensure that mail from different senders will use the
|
|
appropriate credentials. </p>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.3 and later.
|
|
</p>
|
|
|
|
%PARAM lmtp_lhlo_name $myhostname
|
|
|
|
<p>
|
|
The hostname to send in the LMTP LHLO command.
|
|
</p>
|
|
|
|
<p>
|
|
The default value is the machine hostname. Specify a hostname or
|
|
[ip.add.re.ss].
|
|
</p>
|
|
|
|
<p>
|
|
This information can be specified in the main.cf file for all LMTP
|
|
clients, or it can be specified in the master.cf file for a specific
|
|
client, for example:
|
|
</p>
|
|
|
|
<pre>
|
|
/etc/postfix/master.cf:
|
|
mylmtp ... lmtp -o lmtp_lhlo_name=foo.bar.com
|
|
</pre>
|
|
|
|
<p>
|
|
This feature is available in Postfix 2.3 and later.
|
|
</p>
|
|
|
|
%PARAM lmtp_discard_lhlo_keyword_address_maps
|
|
|
|
<p> Lookup tables, indexed by the remote LMTP server address, with
|
|
case insensitive lists of LHLO keywords (pipelining, starttls,
|
|
auth, etc.) that the LMTP client will ignore in the LHLO response
|
|
from a remote LMTP server. See lmtp_discard_lhlo_keywords for
|
|
details. The table is not indexed by hostname for consistency with
|
|
smtpd_discard_ehlo_keyword_address_maps. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_discard_lhlo_keywords $myhostname
|
|
|
|
<p> A case insensitive list of LHLO keywords (pipelining, starttls,
|
|
auth, etc.) that the LMTP client will ignore in the LHLO response
|
|
from a remote LMTP server. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
<p> Notes: </p>
|
|
|
|
<ul>
|
|
|
|
<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent
|
|
this action from being logged. </p>
|
|
|
|
<li> <p> Use the lmtp_discard_lhlo_keyword_address_maps feature to
|
|
discard LHLO keywords selectively. </p>
|
|
|
|
</ul>
|
|
|
|
%PARAM lmtp_lhlo_timeout 300s
|
|
|
|
<p> The LMTP client time limit for sending the LHLO command, and
|
|
for receiving the initial server response. </p>
|
|
|
|
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
|
|
(weeks). The default time unit is s (seconds). </p>
|
|
|
|
%PARAM lmtp_sasl_tls_security_options $lmtp_sasl_security_options
|
|
|
|
<p> The LMTP-specific version of the smtp_sasl_tls_security_options
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_sasl_mechanism_filter
|
|
|
|
<p> The LMTP-specific version of the smtp_sasl_mechanism_filter
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_bind_address
|
|
|
|
<p> The LMTP-specific version of the smtp_bind_address configuration
|
|
parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_bind_address6
|
|
|
|
<p> The LMTP-specific version of the smtp_bind_address6 configuration
|
|
parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_host_lookup dns
|
|
|
|
<p> The LMTP-specific version of the smtp_host_lookup configuration
|
|
parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_connection_cache_destinations
|
|
|
|
<p> The LMTP-specific version of the smtp_connection_cache_destinations
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_per_site
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_per_site configuration
|
|
parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_generic_maps
|
|
|
|
<p> The LMTP-specific version of the smtp_generic_maps configuration
|
|
parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_pix_workaround_threshold_time 500s
|
|
|
|
<p> The LMTP-specific version of the smtp_pix_workaround_threshold_time
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_pix_workaround_delay_time 10s
|
|
|
|
<p> The LMTP-specific version of the smtp_pix_workaround_delay_time
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_connection_reuse_time_limit 300s
|
|
|
|
<p> The LMTP-specific version of the smtp_connection_reuse_time_limit
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_starttls_timeout 300s
|
|
|
|
<p> The LMTP-specific version of the smtp_starttls_timeout configuration
|
|
parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_line_length_limit 990
|
|
|
|
<p> The LMTP-specific version of the smtp_line_length_limit
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_mx_address_limit 5
|
|
|
|
<p> The LMTP-specific version of the smtp_mx_address_limit configuration
|
|
parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_mx_session_limit 2
|
|
|
|
<p> The LMTP-specific version of the smtp_mx_session_limit configuration
|
|
parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_scert_verifydepth 5
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_scert_verifydepth
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_skip_5xx_greeting yes
|
|
|
|
<p> The LMTP-specific version of the smtp_skip_5xx_greeting
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_randomize_addresses yes
|
|
|
|
<p> The LMTP-specific version of the smtp_randomize_addresses
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_quote_rfc821_envelope yes
|
|
|
|
<p> The LMTP-specific version of the smtp_quote_rfc821_envelope
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_defer_if_no_mx_address_found no
|
|
|
|
<p> The LMTP-specific version of the smtp_defer_if_no_mx_address_found
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_connection_cache_on_demand yes
|
|
|
|
<p> The LMTP-specific version of the smtp_connection_cache_on_demand
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_use_tls no
|
|
|
|
<p> The LMTP-specific version of the smtp_use_tls configuration
|
|
parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_enforce_tls no
|
|
|
|
<p> The LMTP-specific version of the smtp_enforce_tls configuration
|
|
parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_enforce_peername yes
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_enforce_peername
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_note_starttls_offer no
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_note_starttls_offer
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_sender_dependent_authentication no
|
|
|
|
<p> The LMTP-specific version of the smtp_sender_dependent_authentication
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM connection_cache_protocol_timeout 5s
|
|
|
|
<p> Time limit for connection cache connect, send or receive
|
|
operations. The time limit is enforced in the client. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtpd_sasl_type cyrus
|
|
|
|
<p> The SASL plug-in type that the Postfix SMTP server should use
|
|
for authentication. The available types are listed with the
|
|
"<b>postconf -a</b>" command. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtp_sasl_type cyrus
|
|
|
|
<p> The SASL plug-in type that the Postfix SMTP client should use
|
|
for authentication. The available types are listed with the
|
|
"<b>postconf -A</b>" command. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
|
|
%PARAM lmtp_sasl_type cyrus
|
|
|
|
<p> The SASL plug-in type that the Postfix LMTP client should use
|
|
for authentication. The available types are listed with the
|
|
"<b>postconf -A</b>" command. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtpd_sasl_path smtpd
|
|
|
|
<p> Implementation-specific information that is passed through to
|
|
the SASL plug-in implementation that is selected with
|
|
<b>smtpd_sasl_type</b>. Typically this specifies the name of a
|
|
configuration file or rendezvous point. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. In earlier
|
|
releases it was called smtpd_sasl_application. </p>
|
|
|
|
%PARAM smtp_sasl_path
|
|
|
|
<p> Implementation-specific information that is passed through to
|
|
the SASL plug-in implementation that is selected with
|
|
<b>smtp_sasl_type</b>. Typically this specifies the name of a
|
|
configuration file or rendezvous point. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_sasl_path
|
|
|
|
<p> Implementation-specific information that is passed through to
|
|
the SASL plug-in implementation that is selected with
|
|
<b>lmtp_sasl_type</b>. Typically this specifies the name of a
|
|
configuration file or rendezvous point. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM plaintext_reject_code 450
|
|
|
|
<p>
|
|
The numerical Postfix SMTP server response code when a request
|
|
is rejected by the <b>reject_plaintext_session</b> restriction.
|
|
</p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM resolve_numeric_domain no
|
|
|
|
<p> Resolve "user@ipaddress" as "user@[ipaddress]", instead of
|
|
rejecting the address as invalid. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later.
|
|
|
|
%PARAM mailbox_transport_maps
|
|
|
|
<p> Optional lookup tables with per-recipient message delivery
|
|
transports to use for local(8) mailbox delivery, whether or not the
|
|
recipients are found in the UNIX passwd database. </p>
|
|
|
|
<p> The precedence of local(8) delivery features from high to low
|
|
is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
|
|
mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
|
|
fallback_transport_maps, fallback_transport and luser_relay. </p>
|
|
|
|
<p> For safety reasons, this feature does not allow $number
|
|
substitutions in regular expression maps. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM fallback_transport_maps
|
|
|
|
<p> Optional lookup tables with per-recipient message delivery
|
|
transports for recipients that the local(8) delivery agent could
|
|
not find in the aliases(5) or UNIX password database. </p>
|
|
|
|
<p> The precedence of local(8) delivery features from high to low
|
|
is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
|
|
mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
|
|
fallback_transport_maps, fallback_transport and luser_relay. </p>
|
|
|
|
<p> For safety reasons, this feature does not allow $number
|
|
substitutions in regular expression maps. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtp_cname_overrides_servername version dependent
|
|
|
|
<p> Allow DNS CNAME records to override the servername that the
|
|
Postfix SMTP client uses for logging, SASL password lookup, TLS
|
|
policy decisions, or TLS certificate verification. The value "no"
|
|
hardens Postfix smtp_tls_per_site hostname-based policies against
|
|
false hostname information in DNS CNAME records, and makes SASL
|
|
password file lookups more predictable. This is the default setting
|
|
as of Postfix 2.3. </p>
|
|
|
|
<p> This feature is available in Postfix 2.2.9 and later. </p>
|
|
|
|
%PARAM lmtp_cname_overrides_servername yes
|
|
|
|
<p> The LMTP-specific version of the smtp_cname_overrides_servername
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtp_sasl_tls_verified_security_options $smtp_sasl_tls_security_options
|
|
|
|
<p> The SASL authentication security options that the Postfix SMTP
|
|
client uses for TLS encrypted SMTP sessions with a verified server
|
|
certificate. This feature is still under construction. It will not be
|
|
included in the Postfix 2.3 release. </p>
|
|
|
|
<p> This feature should be available in Postfix 2.4 and later. </p>
|
|
|
|
%PARAM lmtp_sasl_tls_verified_security_options $lmtp_sasl_tls_security_options
|
|
|
|
<p> The LMTP-specific version of the
|
|
smtp_sasl_tls_verified_security_options configuration parameter.
|
|
See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_connection_cache_time_limit 2s
|
|
|
|
<p> The LMTP-specific version of the
|
|
smtp_connection_cache_time_limit configuration parameter.
|
|
See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtpd_delay_open_until_valid_rcpt yes
|
|
|
|
<p> Postpone the start of an SMTP mail transaction until a valid
|
|
RCPT TO command is received. Specify "no" to create a mail transaction
|
|
as soon as the SMTP server receives a valid MAIL FROM command. </p>
|
|
|
|
<p> With sites that reject lots of mail, the default setting reduces
|
|
the use of
|
|
disk, CPU and memory resources. The downside is that rejected
|
|
recipients are logged with NOQUEUE instead of a mail transaction
|
|
ID. This complicates the logfile analysis of multi-recipient mail.
|
|
</p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_cert_file
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_cert_file
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_key_file $lmtp_tls_cert_file
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_key_file
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_dcert_file
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_dcert_file
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_dkey_file $lmtp_tls_dcert_file
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_dkey_file
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_CAfile
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_CAfile
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_CApath
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_CApath
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_loglevel 0
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_loglevel
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_session_cache_database
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_session_cache_database
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_session_cache_timeout 3600s
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_session_cache_timeout
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtp_tls_policy_maps
|
|
|
|
<p> Optional lookup tables with the Postfix SMTP client TLS security
|
|
policy by next-hop destination; when a non-empty value is specified,
|
|
this overrides the obsolete smtp_tls_per_site parameter. See
|
|
TLS_README for a more detailed discussion of TLS security levels.
|
|
</p>
|
|
|
|
<p> The TLS policy table is indexed by the full next-hop destination,
|
|
which is either the recipient domain, or the verbatim next-hop
|
|
specified in the transport table, $local_transport, $virtual_transport,
|
|
$relay_transport or $default_transport. This includes any enclosing
|
|
square brackets and any non-default destination server port suffix. The
|
|
LMTP socket type prefix (inet: or unix:) is not included in the lookup
|
|
key. </p>
|
|
|
|
<p> Only the next-hop domain, or $myhostname with LMTP over UNIX-domain
|
|
sockets, is used as the nexthop name for certificate verification. The
|
|
port and any enclosing square brackets are used in the table lookup key,
|
|
but are not used for server name verification. </p>
|
|
|
|
<p> When the lookup key is a domain name without enclosing square brackets
|
|
or any <i>:port</i> suffix (typically the recipient domain), and the full
|
|
domain is not found in the table, just as with the transport(5) table,
|
|
the parent domain starting with a leading "." is matched recursively. This
|
|
allows one to specify a security policy for a recipient domain and all
|
|
its sub-domains. </p>
|
|
|
|
<p> The lookup result is a security level, followed by an optional list
|
|
of whitespace and/or comma separated name=value attributes that override
|
|
related main.cf settings. The TLS security levels in order of increasing
|
|
security are: </p>
|
|
|
|
<dl>
|
|
|
|
<dt><b>none</b></dt>
|
|
<dd>No TLS. No additional attributes are supported at this level. </dd>
|
|
|
|
<dt><b>may</b></dt>
|
|
<dd>Opportunistic TLS. No additional attributes are supported at this
|
|
level. Since sending in the clear is acceptable, demanding stronger
|
|
than default TLS security parameters merely reduces inter-operability.
|
|
Postfix 2.3 and later ignore the smtp_tls_mandatory_ciphers and
|
|
smtp_tls_mandatory_protocols parameters at this security level; all
|
|
protocols are allowed and "export" grade or better ciphers are used.
|
|
When TLS handshakes fail, the connection is retried with TLS disabled.
|
|
This allows mail delivery to sites with non-interoperable TLS
|
|
implementations.</dd>
|
|
|
|
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. At this level
|
|
and higher the optional "ciphers" attribute overrides the main.cf
|
|
smtp_tls_mandatory_ciphers parameter and the optional "protocols"
|
|
keyword overrides the main.cf smtp_tls_mandatory_protocols parameter.
|
|
In the policy table, multiple protocols must be separated by colons,
|
|
as attribute values may not contain whitespace or commas. </p>
|
|
|
|
<dt><b>verify</b></dt> <dd>Mandatory TLS verification. At this security
|
|
level, DNS MX lookups are trusted to be secure enough, and the name
|
|
verified in the server certificate is usually obtained indirectly via
|
|
unauthenticated DNS MX lookups. The optional "match" attribute overrides
|
|
the main.cf smtp_tls_verify_cert_match parameter. In the policy table,
|
|
multiple match patterns and strategies must be separated by colons.
|
|
In practice explicit control over matching is more common with the
|
|
"secure" policy, described below. </dd>
|
|
|
|
<dt><b>secure</b></dt> <dd>Secure-channel TLS. At this security level, DNS
|
|
MX lookups, though potentially used to determine the candidate next-hop
|
|
gateway IP addresses, are <b>not</b> trusted to be secure enough for TLS
|
|
peername verification. Instead, the default name verified in the server
|
|
certificate is obtained directly from the next-hop, or is explicitly
|
|
specified via the optional <b>match</b> attribute which overrides the
|
|
main.cf smtp_tls_secure_cert_match parameter. In the policy table,
|
|
multiple match patterns and strategies must be separated by colons.
|
|
The match attribute is most useful when multiple domains are supported by
|
|
common server, the policy entries for additional domains specify matching
|
|
rules for the primary domain certificate. While transport table overrides
|
|
routing the secondary domains to the primary nexthop also allow secure
|
|
verification, they risk delivery to the wrong destination when domains
|
|
change hands or are re-assigned to new gateways. With the "match"
|
|
attribute approach, routing is not perturbed, and mail is deferred if
|
|
verification of a new MX host fails. </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Example:
|
|
</p>
|
|
|
|
<pre>
|
|
main.cf:
|
|
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
|
|
</pre>
|
|
<pre>
|
|
tls_policy:
|
|
example.edu none
|
|
example.mil may
|
|
example.gov encrypt protocols=TLSv1
|
|
example.com verify ciphers=high
|
|
example.net secure
|
|
.example.net secure match=.example.net:example.net
|
|
[mail.example.org]:587 secure match=nexthop
|
|
</pre>
|
|
|
|
<p> <b>Note:</b> The <b>hostname</b> strategy if listed in a non-default
|
|
setting of smtp_tls_secure_cert_match or in the <b>match</b> attribute
|
|
in the policy table can render the <b>secure</b> level vulnerable to
|
|
DNS forgery. Do not use the <b>hostname</b> strategy for secure-channel
|
|
configurations in environments where DNS security is not assured. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtp_tls_mandatory_protocols SSLv3, TLSv1
|
|
|
|
<p> List of TLS protocols that the Postfix SMTP client will use
|
|
with mandatory TLS encryption. In main.cf the values
|
|
are separated by whitespace, commas or colons. In the policy table
|
|
(see smtp_tls_policy_maps) the only valid separator is colon. An
|
|
empty value means allow all protocols. The valid protocol names,
|
|
(see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and
|
|
"TLSv1". </p>
|
|
|
|
<p> Since SSL version 2 has known protocol weaknesses and
|
|
is now deprecated, the default setting only lists "SSLv3" and
|
|
"TLSv1". This means that by default, SSL version 2 will not be used
|
|
at the "encrypt" security level and higher. </p>
|
|
|
|
<p> See the documentation of the smtp_tls_policy_maps parameter and
|
|
TLS_README for more information about security levels. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtp_tls_verify_cert_match hostname
|
|
|
|
<p> The server certificate peername verification method for the
|
|
"verify" TLS security level. In a "verify" TLS policy table
|
|
($smtp_tls_policy_maps) entry the optional "match" attribute
|
|
overrides this main.cf setting. </p>
|
|
|
|
<p> This parameter specifies one or more patterns or strategies separated
|
|
by commas, whitespace or colons. In the policy table the only valid
|
|
separator is the colon character. </p>
|
|
|
|
<p> Patterns specify domain names, or domain name suffixes: </p>
|
|
|
|
<dl>
|
|
|
|
<dt><i>example.com</i></dt> <dd> Match the <i>example.com</i> domain,
|
|
i.e. one of the names the server certificate must be <i>example.com</i>,
|
|
upper and lower case distinctions are ignored. </dd>
|
|
|
|
<dt><i>.example.com</i></dt>
|
|
<dd> Match subdomains of the <i>example.com</i> domain, i.e. match
|
|
a name in the server certificate that consists of a non-zero number of
|
|
labels followed by a <i>.example.com</i> suffix. Case distinctions are
|
|
ignored.</dd>
|
|
|
|
</dl>
|
|
|
|
<p> Strategies specify a transformation from the next-hop domain
|
|
to the expected name in the server certificate: </p>
|
|
|
|
<dl>
|
|
|
|
<dt>nexthop</dt>
|
|
<dd> Match against the next-hop domain, which is either the recipient
|
|
domain, or the transport next-hop configured for the domain stripped of
|
|
any optional socket type prefix, enclosing square brackets and trailing
|
|
port. When MX lookups are not suppressed, this is the original nexthop
|
|
domain prior to the MX lookup, not the result of the MX lookup. For
|
|
LMTP delivery via UNIX-domain sockets, the verified next-hop name is
|
|
$myhostname. This strategy is suitable for use with the "secure"
|
|
policy. Case is ignored.</dd>
|
|
|
|
<dt>dot-nexthop</dt>
|
|
<dd> As above, but match server certificate names that are subdomains
|
|
of the next-hop domain. Case is ignored.</dd>
|
|
|
|
<dt>hostname</dt> <dd> Match against the hostname of the server, often
|
|
obtained via an unauthenticated DNS MX lookup. For LMTP delivery via
|
|
UNIX-domain sockets, the verified name is $myhostname. This matches
|
|
the verification strategy of the "MUST" keyword in the obsolete
|
|
smtp_tls_per_site table, and is suitable for use with the "verify"
|
|
security level. When the next-hop name is enclosed in square brackets
|
|
to suppress MX lookups, the "hostname" strategy is the same as the
|
|
"nexthop" strategy. Case is ignored.</dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Sample main.cf setting:
|
|
</p>
|
|
|
|
<pre>
|
|
smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop
|
|
</pre>
|
|
|
|
<p>
|
|
Sample policy table override:
|
|
</p>
|
|
|
|
<pre>
|
|
example.com verify match=hostname:nexthop
|
|
.example.com verify match=example.com:.example.com:hostname
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtp_tls_secure_cert_match nexthop, dot-nexthop
|
|
|
|
<p> The server certificate peername verification method for the
|
|
"secure" TLS security level. In a "secure" TLS policy table
|
|
($smtp_tls_policy_maps) entry the optional "match" attribute
|
|
overrides this main.cf setting. </p>
|
|
|
|
<p> This parameter specifies one or more patterns or strategies separated
|
|
by commas, whitespace or colons. In the policy table the only valid
|
|
separator is the colon character. </p>
|
|
|
|
<p> For a description of the pattern and strategy syntax see the
|
|
smtp_tls_verify_cert_match parameter. The "hostname" strategy should
|
|
be avoided in this context, as in the absence of a secure global DNS, using
|
|
the results of MX lookups in certificate verification is not immune to active
|
|
(man-in-the-middle) attacks on DNS. </p>
|
|
|
|
<p>
|
|
Sample main.cf setting:
|
|
</p>
|
|
|
|
<pre>
|
|
smtp_tls_secure_cert_match = nexthop
|
|
</pre>
|
|
|
|
<p>
|
|
Sample policy table override:
|
|
</p>
|
|
|
|
<pre>
|
|
example.net secure match=example.com:.example.com
|
|
.example.net secure match=example.com:.example.com
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_policy_maps
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_policy_maps
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_mandatory_protocols SSLv3, TLSv1
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_mandatory_protocols
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_verify_cert_match hostname
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_verify_cert_match
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_secure_cert_match nexthop
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_secure_cert_match
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtpd_tls_mandatory_protocols SSLv3, TLSv1
|
|
|
|
<p> The TLS protocols accepted by the Postfix SMTP server with
|
|
mandatory TLS encryption. With opportunistic TLS encryption, all
|
|
protocols are always accepted. If the list is empty, the server
|
|
supports all available TLS protocol versions. A non-empty value
|
|
is a list of protocol names separated by whitespace, commas or
|
|
colons. The supported protocol names are "SSLv2", "SSLv3" and
|
|
"TLSv1", and are not case sensitive. </p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<pre>
|
|
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtp_tls_security_level
|
|
|
|
<p> The default SMTP TLS security level for the Postfix SMTP client;
|
|
when a non-empty value is specified, this overrides the obsolete
|
|
parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
|
|
</p>
|
|
|
|
<p> Specify one of the following security levels: </p>
|
|
|
|
<dl>
|
|
|
|
<dt><b>none</b></dt> <dd> TLS will not be used unless enabled for specific
|
|
destinations via smtp_tls_policy_maps. </dd>
|
|
|
|
<dt><b>may</b></dt>
|
|
<dd> Opportunistic TLS. TLS will be used if supported by the server. Since
|
|
sending in the clear is acceptable, demanding stronger than default TLS
|
|
security parameters merely reduces inter-operability. Postfix 2.3 and
|
|
later ignore the smtp_tls_mandatory_ciphers and
|
|
smtp_tls_mandatory_protocols parameters at this security level; all
|
|
protocols are allowed and "export" grade or better ciphers are used.
|
|
When TLS handshakes fail, the connection is retried with TLS disabled.
|
|
This allows mail delivery to sites with non-interoperable TLS
|
|
implementations. </dd>
|
|
|
|
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. Since a minimum
|
|
level of security is intended, it reasonable to be specific about
|
|
sufficiently secure protocol versions and ciphers. At this security level
|
|
and higher, the main.cf parameters smtp_tls_mandatory_protocols and
|
|
smtp_tls_mandatory_ciphers specify the TLS protocols and minimum
|
|
cipher grade which the administrator considers secure enough for
|
|
mandatory encrypted sessions. This security level is not an appropriate
|
|
default for systems delivering mail to the Internet. </dd>
|
|
|
|
<dt><b>verify</b></dt> <dd>Mandatory TLS verification. At this security
|
|
level, DNS MX lookups are trusted to be secure enough, and the name
|
|
verified in the server certificate is usually obtained indirectly
|
|
via unauthenticated DNS MX lookups. The smtp_tls_verify_cert_match
|
|
parameter controls how the server name is verified. In practice explicit
|
|
control over matching is more common at the "secure" level, described
|
|
below. This security level is not an appropriate default for systems
|
|
delivering mail to the Internet. </dd>
|
|
|
|
<dt><b>secure</b></dt> <dd>Secure-channel TLS. At this security level,
|
|
DNS MX lookups, though potentially used to determine the candidate
|
|
next-hop gateway IP addresses, are <b>not</b> trusted to be secure enough
|
|
for TLS peername verification. Instead, the default name verified in
|
|
the server certificate is obtained from the next-hop domain as specified
|
|
in the smtp_tls_secure_cert_match configuration parameter. The default
|
|
matching rule is that a server certificate matches when its name is equal
|
|
to or is a sub-domain of the nexthop domain. This security level is not
|
|
an appropriate default for systems delivering mail to the Internet. </dd>
|
|
|
|
</dl>
|
|
|
|
<p>
|
|
Examples:
|
|
</p>
|
|
|
|
<p>No TLS, old-style: smtp_use_tls=no and smtp_enforce_tls=no.</p>
|
|
<pre>
|
|
main.cf:
|
|
smtp_tls_security_level = none
|
|
</pre>
|
|
|
|
<p>Opportunistic TLS:</p>
|
|
<pre>
|
|
main.cf:
|
|
smtp_tls_security_level = may
|
|
</pre>
|
|
|
|
<p>Mandatory (high-grade) TLS encryption:</p>
|
|
<pre>
|
|
main.cf:
|
|
smtp_tls_security_level = encrypt
|
|
smtp_tls_mandatory_ciphers = high
|
|
</pre>
|
|
|
|
<p>Mandatory TLS verification, of hostname or nexthop domain:</p>
|
|
<pre>
|
|
main.cf:
|
|
smtp_tls_security_level = verify
|
|
smtp_tls_mandatory_ciphers = high
|
|
smtp_tls_verify_cert_match = hostname, nexthop, dot-nexthop
|
|
</pre>
|
|
|
|
<p>Secure channel TLS with exact nexthop name matching:</p>
|
|
<pre>
|
|
main.cf:
|
|
smtp_tls_security_level = secure
|
|
smtp_tls_mandatory_protocols = TLSv1
|
|
smtp_tls_mandatory_ciphers = high
|
|
smtp_tls_secure_cert_match = nexthop
|
|
</pre>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtpd_milters empty
|
|
|
|
<p> A list of Milter (mail filter) applications for new mail that
|
|
arrives via the Postfix smtpd(8) server. See the MILTER_README
|
|
document for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM non_smtpd_milters empty
|
|
|
|
<p> A list of Milter (mail filter) applications for new mail that
|
|
does not arrive via the Postfix smtpd(8) server. This includes local
|
|
submission via the sendmail(1) command line, new mail that arrives
|
|
via the Postfix qmqpd(8) server, and old mail that is re-injected
|
|
into the queue with "postsuper -r". See the MILTER_README document
|
|
for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM milter_protocol 2
|
|
|
|
<p> The mail filter protocol version and optional protocol extensions
|
|
for communication with a Milter (mail filter) application. This
|
|
information should match the protocol that is expected by the actual
|
|
mail filter application. </p>
|
|
|
|
<p>Protocol versions: </p>
|
|
|
|
<dl compact>
|
|
|
|
<dt>2</dt> <dd>Use Sendmail 8 mail filter protocol version 2.</dd>
|
|
|
|
<dt>3</dt> <dd>Use Sendmail 8 mail filter protocol version 3.</dd>
|
|
|
|
<dt>4</dt> <dd>Use Sendmail 8 mail filter protocol version 4.</dd>
|
|
|
|
</dl>
|
|
|
|
<p>Protocol extensions: </p>
|
|
|
|
<dl compact>
|
|
|
|
<dt>no_header_reply</dt> <dd> Specify this when the Milter application
|
|
will not reply for each individual message header.</dd>
|
|
|
|
</dl>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM milter_default_action tempfail
|
|
|
|
<p> The default action when a Milter (mail filter) application is
|
|
unavailable or mis-configured. Specify one of the following: </p>
|
|
|
|
<dl compact>
|
|
|
|
<dt>accept</dt> <dd>Proceed as if the mail filter was not present.
|
|
</dd>
|
|
|
|
<dt>reject</dt> <dd>Reject all further commands in this session
|
|
with a permanent status code.</dd>
|
|
|
|
<dt>tempfail</dt> <dd>Reject all further commands in this session
|
|
with a temporary status code. </dd>
|
|
|
|
</dl>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM milter_connect_timeout 30s
|
|
|
|
<p> The time limit for connecting to a Milter (mail filter)
|
|
application, and for negotiating protocol options. </p>
|
|
|
|
<p> Specify a non-zero time value (an integral value plus an optional
|
|
one-letter suffix that specifies the time unit). </p>
|
|
|
|
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
|
|
(weeks). The default time unit is s (seconds). </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM milter_command_timeout 30s
|
|
|
|
<p> The time limit for sending an SMTP command to a Milter (mail
|
|
filter) application, and for receiving the response. </p>
|
|
|
|
<p> Specify a non-zero time value (an integral value plus an optional
|
|
one-letter suffix that specifies the time unit). </p>
|
|
|
|
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
|
|
(weeks). The default time unit is s (seconds). </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM milter_content_timeout 300s
|
|
|
|
<p> The time limit for sending message content to a Milter (mail
|
|
filter) application, and for receiving the response. </p>
|
|
|
|
<p> Specify a non-zero time value (an integral value plus an optional
|
|
one-letter suffix that specifies the time unit). </p>
|
|
|
|
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
|
|
(weeks). The default time unit is s (seconds). </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM milter_connect_macros see postconf -n output
|
|
|
|
<p> The macros that are sent to Milter (mail filter) applications
|
|
after completion of an SMTP connection. See MILTER_README
|
|
for a list of available macro names and their meanings. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM milter_helo_macros see postconf -n output
|
|
|
|
<p> The macros that are sent to Milter (mail filter) applications
|
|
after the SMTP HELO or EHLO command. See
|
|
MILTER_README for a list of available macro names and their meanings.
|
|
</p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM milter_mail_macros see postconf -n output
|
|
|
|
<p> The macros that are sent to Milter (mail filter) applications
|
|
after the SMTP MAIL FROM command. See MILTER_README
|
|
for a list of available macro names and their meanings. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM milter_rcpt_macros see postconf -n output
|
|
|
|
<p> The macros that are sent to Milter (mail filter) applications
|
|
after the SMTP RCPT TO command. See MILTER_README
|
|
for a list of available macro names and their meanings. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM milter_data_macros see postconf -n output
|
|
|
|
<p> The macros that are sent to version 4 or higher Milter (mail
|
|
filter) applications after the SMTP DATA command. See MILTER_README
|
|
for a list of available macro names and their meanings. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM milter_end_of_data_macros see postconf -n output
|
|
|
|
<p> The macros that are sent to Milter (mail filter) applications
|
|
after the message end-of-data. See MILTER_README for a list of
|
|
available macro names and their meanings. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM milter_unknown_command_macros see postconf -n output
|
|
|
|
<p> The macros that are sent to version 3 or higher Milter (mail
|
|
filter) applications after an unknown SMTP command. See MILTER_README
|
|
for a list of available macro names and their meanings. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM milter_macro_daemon_name $myhostname
|
|
|
|
<p> The {daemon_name} macro value for Milter (mail filter) applications.
|
|
See MILTER_README for a list of available macro names and their
|
|
meanings. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM milter_macro_v $mail_name $mail_version
|
|
|
|
<p> The {v} macro value for Milter (mail filter) applications.
|
|
See MILTER_README for a list of available macro names and their
|
|
meanings. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtpd_tls_mandatory_ciphers medium
|
|
|
|
<p> The minimum TLS cipher grade that the Postfix SMTP server will
|
|
use with mandatory
|
|
TLS encryption. Cipher types listed in smtpd_tls_mandatory_exclude_ciphers
|
|
or smtpd_tls_exclude_ciphers are excluded from the base definition
|
|
of the selected cipher grade. With opportunistic TLS encryption,
|
|
the "export" grade is used unconditionally with exclusions specified
|
|
only via smtpd_tls_exclude_ciphers. </p>
|
|
|
|
<p> The following cipher grades are supported: </p>
|
|
|
|
<dl>
|
|
<dt><b>export</b></dt>
|
|
<dd> Enable the mainstream "EXPORT" grade or better OpenSSL ciphers.
|
|
This is the most appropriate setting for public MX hosts, and is always
|
|
used with opportunistic TLS encryption. The underlying cipherlist
|
|
is specified via the tls_export_cipherlist configuration parameter,
|
|
which you are strongly encouraged to not change. The default value
|
|
of tls_export_cipherlist includes anonymous ciphers, but these are
|
|
automatically filtered out if the server is configured to ask for
|
|
client certificates. If you must always exclude anonymous ciphers,
|
|
set "smtpd_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers
|
|
only when TLS is enforced, set "smtpd_tls_mandatory_exclude_ciphers =
|
|
aNULL". </dd>
|
|
|
|
<dt><b>low</b></dt>
|
|
<dd> Enable the mainstream "LOW" grade or better OpenSSL ciphers. The
|
|
underlying cipherlist is specified via the tls_low_cipherlist
|
|
configuration parameter, which you are strongly encouraged to
|
|
not change. The default value of tls_low_cipherlist includes
|
|
anonymous ciphers, but these are automatically filtered out if the
|
|
server is configured to ask for client certificates. If you must
|
|
always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
|
|
aNULL". To exclude anonymous ciphers only when TLS is enforced, set
|
|
"smtpd_tls_mandatory_exclude_ciphers = aNULL". </dd>
|
|
|
|
<dt><b>medium</b></dt>
|
|
<dd> Enable the mainstream "MEDIUM" grade or better OpenSSL ciphers. These
|
|
are essentially the 128-bit or stronger ciphers. This is the default
|
|
minimum strength for mandatory TLS encryption. MSAs that enforce
|
|
TLS and have clients that do not support any "MEDIUM" or "HIGH"
|
|
grade ciphers, may need to configure a weaker ("low" or "export")
|
|
minimum cipher grade. The underlying cipherlist is specified via the
|
|
tls_medium_cipherlist configuration parameter, which you are strongly
|
|
encouraged to not change. The default value of tls_medium_cipherlist
|
|
includes anonymous ciphers, but these are automatically filtered out if
|
|
the server is configured to ask for client certificates. If you must
|
|
always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
|
|
aNULL". To exclude anonymous ciphers only when TLS is enforced, set
|
|
"smtpd_tls_mandatory_exclude_ciphers = aNULL". </dd>
|
|
|
|
<dt><b>high</b></dt>
|
|
<dd> Enable only the mainstream "HIGH" grade OpenSSL ciphers. The
|
|
underlying cipherlist is specified via the tls_high_cipherlist
|
|
configuration parameter, which you are strongly encouraged to
|
|
not change. The default value of tls_high_cipherlist includes
|
|
anonymous ciphers, but these are automatically filtered out if the
|
|
server is configured to ask for client certificates. If you must
|
|
always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
|
|
aNULL". To exclude anonymous ciphers only when TLS is enforced, set
|
|
"smtpd_tls_mandatory_exclude_ciphers = aNULL". </dd>
|
|
|
|
<dt><b>null</b></dt>
|
|
<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication
|
|
without encryption. This setting is only appropriate in the rare
|
|
case that all clients are prepared to use NULL ciphers (not normally
|
|
enabled in TLS clients). The underlying cipherlist is specified via the
|
|
tls_null_cipherlist configuration parameter, which you are strongly
|
|
encouraged to not change. The default value of tls_null_cipherlist
|
|
excludes anonymous ciphers (OpenSSL 0.9.8 has NULL ciphers that offer
|
|
data integrity without encryption or authentication). </dd>
|
|
|
|
</dl>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtpd_tls_exclude_ciphers
|
|
|
|
<p> List of ciphers or cipher types to exclude from the SMTP server
|
|
cipher list at all TLS security levels. Excluding valid ciphers
|
|
can create interoperability problems. DO NOT exclude ciphers unless it
|
|
is essential to do so. This is not an OpenSSL cipherlist; it is a simple
|
|
list separated by whitespace and/or commas. The elements are a single
|
|
cipher, or one or more "+" separated cipher properties, in which case
|
|
only ciphers matching <b>all</b> the properties are excluded. </p>
|
|
|
|
<p> Examples (some of these will cause problems): </p>
|
|
|
|
<pre>
|
|
smtpd_tls_exclude_ciphers = aNULL
|
|
smtpd_tls_exclude_ciphers = MD5, DES
|
|
smtpd_tls_exclude_ciphers = DES+MD5
|
|
smtpd_tls_exclude_ciphers = AES256-SHA, DES-CBC3-MD5
|
|
smtpd_tls_exclude_ciphers = kEDH+aRSA
|
|
</pre>
|
|
|
|
<p> The first setting disables anonymous ciphers. The next setting
|
|
disables ciphers that use the MD5 digest algorithm or the (single) DES
|
|
encryption algorithm. The next setting disables ciphers that use MD5 and
|
|
DES together. The next setting disables the two ciphers "AES256-SHA"
|
|
and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH"
|
|
key exchange with RSA authentication. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtpd_tls_mandatory_exclude_ciphers
|
|
|
|
<p> Additional list of ciphers or cipher types to exclude from the
|
|
SMTP server cipher list at mandatory TLS security levels. This list
|
|
works in addition to the exclusions listed with smtpd_tls_exclude_ciphers
|
|
(see there for syntax details). </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtp_tls_mandatory_ciphers medium
|
|
|
|
<p> The minimum TLS cipher grade that the Postfix SMTP client will
|
|
use with
|
|
mandatory TLS encryption. The default value "medium" is suitable
|
|
for most destinations with which you may want to enforce TLS, and
|
|
is beyond the reach of today's crypt-analytic methods. See
|
|
smtp_tls_policy_maps for information on how to configure ciphers
|
|
on a per-destination basis. </p>
|
|
|
|
<p> The following cipher grades are supported: </p>
|
|
|
|
<dl>
|
|
<dt><b>export</b></dt>
|
|
<dd> Enable the mainstream "EXPORT" grade or better OpenSSL
|
|
ciphers. This is always used for opportunistic encryption. It is
|
|
not recommended for mandatory encryption unless you must enforce TLS
|
|
with "crippled" peers. The underlying cipherlist is specified via the
|
|
tls_export_cipherlist configuration parameter, which you are strongly
|
|
encouraged to not change. The default value of tls_export_cipherlist
|
|
includes anonymous ciphers, but these are automatically filtered out if
|
|
the client is configured to verify server certificates. If you must
|
|
exclude anonymous ciphers also at the "encrypt" security level, set
|
|
"smtp_tls_mandatory_exclude_ciphers = aNULL". </dd>
|
|
|
|
<dt><b>low</b></dt>
|
|
<dd> Enable the mainstream "LOW" grade or better OpenSSL ciphers. This
|
|
setting is only appropriate for internal mail servers. The underlying
|
|
cipherlist is specified via the tls_low_cipherlist configuration
|
|
parameter, which you are strongly encouraged to not change. The default
|
|
value of tls_low_cipherlist includes anonymous ciphers, but these are
|
|
automatically filtered out if the client is configured to verify server
|
|
certificates. If you must exclude anonymous ciphers also at the "encrypt"
|
|
security level, set "smtp_tls_mandatory_exclude_ciphers = aNULL". </dd>
|
|
|
|
<dt><b>medium</b></dt>
|
|
<dd> Enable the mainstream "MEDIUM" grade or better OpenSSL ciphers.
|
|
The underlying cipherlist is specified via the tls_medium_cipherlist
|
|
configuration parameter, which you are strongly encouraged to not change.
|
|
The default value of tls_medium_cipherlist includes anonymous ciphers,
|
|
but these are automatically filtered out if the client is configured to
|
|
verify server certificates. If you must exclude anonymous ciphers also
|
|
at the "encrypt" security level, set "smtp_tls_mandatory_exclude_ciphers
|
|
= aNULL". </dd>
|
|
|
|
<dt><b>high</b></dt>
|
|
<dd> Enable only the mainstream "HIGH" grade OpenSSL ciphers. This
|
|
setting is appropriate when all mandatory TLS destinations support
|
|
some of "HIGH" grade ciphers, this is not uncommon. The underlying
|
|
cipherlist is specified via the tls_high_cipherlist configuration
|
|
parameter, which you are strongly encouraged to not change. The default
|
|
value of tls_high_cipherlist includes anonymous ciphers, but these are
|
|
automatically filtered out if the client is configured to verify server
|
|
certificates. If you must exclude anonymous ciphers also at the "encrypt"
|
|
security level, set "smtp_tls_mandatory_exclude_ciphers = aNULL". </dd>
|
|
|
|
<dt><b>null</b></dt>
|
|
<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication
|
|
without encryption. This setting is only appropriate in the rare case
|
|
that all servers are prepared to use NULL ciphers (not normally enabled
|
|
in TLS servers). A plausible use-case is an LMTP server listening on a
|
|
UNIX-domain socket that is configured to support "NULL" ciphers. The
|
|
underlying cipherlist is specified via the tls_null_cipherlist
|
|
configuration parameter, which you are strongly encouraged to not
|
|
change. The default value of tls_null_cipherlist excludes anonymous
|
|
ciphers (OpenSSL 0.9.8 has NULL ciphers that offer data integrity without
|
|
encryption or authentication). </dd>
|
|
|
|
</dl>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtp_tls_exclude_ciphers
|
|
|
|
<p> List of ciphers or cipher types to exclude from the Postfix
|
|
SMTP client cipher
|
|
list at all TLS security levels. This is not an OpenSSL cipherlist, it is
|
|
a simple list separated by whitespace and/or commas. The elements are a
|
|
single cipher, or one or more "+" separated cipher properties, in which
|
|
case only ciphers matching <b>all</b> the properties are excluded. </p>
|
|
|
|
<p> Examples (some of these will cause problems): </p>
|
|
|
|
<pre>
|
|
smtp_tls_exclude_ciphers = aNULL
|
|
smtp_tls_exclude_ciphers = MD5, DES
|
|
smtp_tls_exclude_ciphers = DES+MD5
|
|
smtp_tls_exclude_ciphers = AES256-SHA, DES-CBC3-MD5
|
|
smtp_tls_exclude_ciphers = kEDH+aRSA
|
|
</pre>
|
|
|
|
<p> The first setting, disables anonymous ciphers. The next setting
|
|
disables ciphers that use the MD5 digest algorithm or the (single) DES
|
|
encryption algorithm. The next setting disables ciphers that use MD5 and
|
|
DES together. The next setting disables the two ciphers "AES256-SHA"
|
|
and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH"
|
|
key exchange with RSA authentication. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtp_tls_mandatory_exclude_ciphers
|
|
|
|
<p> Additional list of ciphers or cipher types to exclude from the
|
|
SMTP client cipher list at mandatory TLS security levels. This list
|
|
works in addition to the exclusions listed with smtp_tls_exclude_ciphers
|
|
(see there for syntax details). </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM tls_high_cipherlist !EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH
|
|
|
|
<p> The OpenSSL cipherlist for "HIGH" grade ciphers. This defines
|
|
the meaning of the "high" setting in smtpd_tls_mandatory_ciphers,
|
|
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
|
|
strongly encouraged to not change this setting. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM tls_medium_cipherlist !EXPORT:!LOW:ALL:+RC4:@STRENGTH
|
|
|
|
<p> The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This
|
|
defines the meaning of the "medium" setting in smtpd_tls_mandatory_ciphers,
|
|
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is
|
|
the default cipherlist for mandatory TLS encryption in the TLS
|
|
client (with anonymous ciphers disabled when verifying server
|
|
certificates). You are strongly encouraged to not change this
|
|
setting. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM tls_low_cipherlist !EXPORT:ALL:+RC4:@STRENGTH
|
|
|
|
<p> The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
|
|
the meaning of the "low" setting in smtpd_tls_mandatory_ciphers,
|
|
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
|
|
strongly encouraged to not change this setting. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM tls_export_cipherlist ALL:+RC4:@STRENGTH
|
|
|
|
<p> The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This
|
|
defines the meaning of the "export" setting in smtpd_tls_mandatory_ciphers,
|
|
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is
|
|
the cipherlist for the opportunistic ("may") TLS client security
|
|
level and is the default cipherlist for the SMTP server. You are
|
|
strongly encouraged to not change this setting. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM tls_null_cipherlist !aNULL:eNULL+kRSA
|
|
|
|
<p> The OpenSSL cipherlist for "NULL" grade ciphers that provide
|
|
authentication without encryption. This defines the meaning of the "null"
|
|
setting in smtpd_mandatory_tls_ciphers, smtp_tls_mandatory_ciphers and
|
|
lmtp_tls_mandatory_ciphers. You are strongly encouraged to not
|
|
change this setting. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_mandatory_ciphers
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_mandatory_ciphers
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_exclude_ciphers
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_exclude_ciphers
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM lmtp_tls_mandatory_exclude_ciphers
|
|
|
|
<p> The LMTP-specific version of the smtp_tls_mandatory_exclude_ciphers
|
|
configuration parameter. See there for details. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtpd_tls_security_level
|
|
|
|
<p> The SMTP TLS security level for the Postfix SMTP server; when
|
|
a non-empty value is specified, this overrides the obsolete parameters
|
|
smtpd_use_tls and smtpd_enforce_tls. This parameter is ignored with
|
|
"smtpd_tls_wrappermode = yes". </p>
|
|
|
|
<p> Specify one of the following security levels: </p>
|
|
|
|
<dl>
|
|
|
|
<dt><b>none</b></dt> <dd> TLS will not be used. </dd>
|
|
|
|
<dt><b>may</b></dt> <dd> Opportunistic TLS: announce STARTTLS support
|
|
to SMTP clients, but do not require that clients use TLS encryption.
|
|
</dd>
|
|
|
|
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce
|
|
STARTTLS support to SMTP clients, and require that clients use TLS
|
|
encryption. According to RFC 2487 this MUST NOT be applied in case
|
|
of a publicly-referenced SMTP server. Instead, this option should
|
|
be used only on dedicated servers. </dd>
|
|
|
|
</dl>
|
|
|
|
<p> Note 1: the "verify" and "secure" levels are not supported.
|
|
The Postfix SMTP server logs a warning and uses "encrypt" instead.
|
|
To verify SMTP client certificates, see TLS_README for a discussion
|
|
of the smtpd_tls_ask_ccert, smtpd_tls_req_ccert, and permit_tls_clientcerts
|
|
features. </p>
|
|
|
|
<p> Note 2: The parameter setting "smtpd_tls_security_level =
|
|
encrypt" implies "smtpd_tls_auth_only = yes".</p>
|
|
|
|
<p> Note 3: when invoked via "sendmail -bs", Postfix will never
|
|
offer STARTTLS due to insufficient privileges to access the server
|
|
private key. This is intended behavior.</p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM internal_mail_filter_classes
|
|
|
|
<p> What categories of Postfix-generated mail are subject to
|
|
before-queue content inspection by non_smtpd_milters, header_checks
|
|
and body_checks. Specify zero or more of the following, separated
|
|
by whitespace or comma. </p>
|
|
|
|
<dl>
|
|
|
|
<dt> <b> bounce </b> </dt> <dd> Inspect the content of delivery
|
|
status notifications. </dd>
|
|
|
|
<dt> <b> notify </b> </dt> <dd> Inspect the content of postmaster
|
|
notifications by the smtp(8) and smtpd(8) processes. </dd>
|
|
|
|
</dl>
|
|
|
|
<p> NOTE: It's generally not safe to enable content inspection of
|
|
Postfix-generated email messages. The user is warned. </p>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|
|
|
|
%PARAM smtpd_tls_always_issue_session_ids yes
|
|
|
|
<p> Force the Postfix SMTP server to issue a TLS session id, even
|
|
when TLS session caching is turned off (smtpd_tls_session_cache_database
|
|
is empty). This behavior is compatible with Postfix < 2.3. </p>
|
|
|
|
<p> With Postfix 2.3 and later the Postfix SMTP server can disable
|
|
session id generation when TLS session caching is turned off. This
|
|
keeps clients from caching sessions that almost certainly cannot
|
|
be re-used. </p>
|
|
|
|
<p> By default, the Postfix SMTP server always generates TLS session
|
|
ids. This works around a known defect in mail client applications
|
|
such as MS Outlook, and may also prevent interoperability issues
|
|
with other MTAs. </p>
|
|
|
|
<p> Example: </p>
|
|
|
|
<blockquote>
|
|
<pre>
|
|
smtpd_tls_always_issue_session_ids = no
|
|
</pre>
|
|
</blockquote>
|
|
|
|
<p> This feature is available in Postfix 2.3 and later. </p>
|